1 network architecture and design security & authentication in wlan state of the art and...

Network Architecture and Design 1

Security & Authentication in WLAN

State of the Art and Evolution


Organizations and Groups WECA The Wireless Ethernet Compatibility Alliance

certifies compliance with the IEEE 802.11 standards. Awards the WiFi (Wireless Fidelity).

IEEE 802.1X defines changes to the MAC Bridge in order to provide Port based network access control capability.

IEEE 802.11i defining MAC enhancements to provide enhanced security for 802.11. This is a work in progress, and 802.1X is an important part of this. (end of 2002)


First Generation WLAN Security

Virtual Private Network-VPN Ensures privacy through encryption. Runs transparently over a WLAN Use of a VPN is independent of any native WLAN

security scheme, thus is not mentioned here.



Service Set Identifier-SSID Analogous to a common network name. Serves to logically segment users and APs. Is a piece of information advertised or

preconfigured at the station. SSID may be requested when joining a

WLAN. SSID is not secure, because an AP

advertises its SSID in its beacons.



Wired Equivalent Privacy-WEP Optional implementation for IEEE 802.11b.

A WECA requirement of at least 40 bit encryption for WiFi certification.

Goals Deny access to users that do not possess the

appropriate WEP key. Prevent the decoding of traffic that is WEP encrypted

without the possession of the WEP key.



Wired Equivalent Privacy-WEP WEP is a symmetric encryption mechanism.

IEEE 802.11b has chosen 40-bit keys.

Some vendors use 128-bit WEP encryption.

Key distribution or negotiation is not mentioned in the standard.


First Generation Process Authentication: Is the process of verifying the credentials of a

client desiring to join a WLAN.

Open System Authentication: Process in clear text.

Shared Key Authentication: Uses a key to encrypt a challenge text.

Association: Is the process of associating a client with a given AP in the WLAN.


First Generation Process Probe Phase

1.- When initialization, the client sends a probe request

packet out on all the channels.

2.- The APs that hear this packet send a probe response

packet back to the station.

This probe response packet contains some information such

as SSID, which is used to determine which AP associate.


First Generation Process Authentication Phase

Shared key mode.

The WEP key is already configured in the client.


First Generation Process Association Phase

After being authenticated, the client sends an association request to the AP.


IEEE 802.11WEP Key Management

Key distribution or negotiation is not mentioned in the standard.

The standard provides two mechanisms to select a key to encrypt a frame. Four default keys shared by all clients.

Secure communication between users with default keys. Once keys become widely distributed, they are more

compromised.‒ “Key mapping” relationship with another station.

More secure operation since fewer stations have the keys. Distribution of such unicast keys is problematic as group

increases.


WEP Deficiencies

WEP uses RC4; using a shared secret key, generates an arbitrarily long sequence of bytes from a pseudorandom number.

This stream is XORed with the plaintext to produce the encrypted ciphertext. It works well in SSL.

802.11b uses 40-bit keys Hackers can crack them in hours, but takes so

much to crack 104-bit keys. But…Easy to break RC4 encryption with keystream reuse.


802.11 Security Weaknesses

Physical Hardware loss, without user identification,

Authentication, Accounting and Auditing. Impersonation

Does not identify users, just hardware. No mutual authentication, enables Rogue AP’s.

Integrity WEP supports per packet encryption but not

authentication. Possibility to recover the RC4 stream.


802.11 Security Weaknesses

Disclosure Can be obtained both MAC address, time of

association/disassociation. Problems with static global keys.

Secret by more than two is not a secret Enables rogue AP attacks. Permits that anyone into the network to decrypt other

conversations. Dictionary attacks.

Denial of Service Disassociation attacks.


IEEE 802.1X Security in 802.11 can be broken in

Authentication framework Authentication algorithm/protocol Encryption

• Is a standard–Scalable.–Centralized Framework for Authentication.–Deploys a variety of authentication protocols.–Still in development.

IEEE 802.1X


How 802.1X Addresses 802.11 Security Issues

Extensible Authentication Protocol-EAP framework.

User ID and strong authentication. Dynamic key derivation. Mutual authentication. Per-packet authentication.


EAP Framework EAP provides a flexible link layer security

framework Simple encapsulation protocol for IETF authentication

standards Transport Level Security–TLS (Windows). Internet Key Exchange–IKE (Certicom-Lucent). GSS_API (Kerberos). Other mutual authentications schemes (Cisco LEAP).

Run over lossy or lossless media and any link layer (PPP,802.3)

Does not assume physical secure link.


EAP Architecture


Identification & Authentication

Users identified by usernames, not MAC addresses.

Supports extended authentication. Non password based authentication.

Public key certificates and smartcards. IKE Biometrics Token cards

Password based One-time passwords Any GSS_API (Kerberos)


Per-User Per-Session Keys 802.1X enables secure derivation of per-user

session key. Provides ability to securely change global keys.

WEP keys are dynamically derived at the client when log-on.

Global key, such as broadcast WEP key, is sent from AP to client, encrypted using the unicast session key.

Makes per-user WEP keys easy to administer.


Mutual Authentication 802.1X needs EAP methods supporting mutual

authentication. Guarantees right key transfers Prevents Man-in-the-middle, Rogue Server attacks

Mutual Authentication EAP methods. TLS: Supply certificate, prove possession of private

key. IKE: Server demonstrates possession of pre-shared

key or private key. GSS_API (Kerberos):server must demonstrate

knowledge of the session key.


Per-Packet Authentication EAP supports per packet authentication

& integrity. But not to all messages TLS, IKE derive session key, with this the

negotiations are authenticated and integrity protected.

Using WEP, session key can be used to encrypt, authenticate and integrity protect some messages as: Success & Failure.


WLAN Security Topics Coming

Temporal Key Integrity Protocol – TKIP Initially referred as WEP2. Solve the key

reuse in WEP. 128-bit shared temporal key. Combines

Temporal key Client’s MAC address Adds 16-octet initialization vector.To produce a key to encrypt the data.

Temporal key change every 10,000 packets.


WLAN Security Topics Coming

Advanced Encryption Standard – AES AES offers much stronger encryption. Replaces the aging Data Encryption Standard

(DES) in NIST. Solves the problem of stronger encryption needed

by 802.11. AES requires a coprocessor (additional hardware). Companies need to replace existing access points

and client NICs. 802.11i standard will likely include AES.


Cisco Implementation EAP describes an extensible packet exchange to allow

the passing of authentication information between the client and the PPP server.

WLAN is not a PPP. 802.1X EAP over LAN (EAPOL) defines how encapsulate EAP in Ethernet or token ring packets.

EAPOW – EAP over Wireless LAN, is EAPOL but when used in wireless networks.

Is also used EAP over Radius to encapsulate within RADIUS packets.


Protocols used to encapsulate EAP


Cisco Implementation - LEAP

Cisco-Lightweight Extensible Authentication Protocol. Aironet client adapters that supports EAP-LEAP

authentication (FW 4.10). Cisco Aironet Series APs supporting 802.1x EAP

authenticator (Ver 11.0). Secure Access Control Server used for AAA and EAP

RADIUS services (Ver 2.6 running in Win NT/2000 server).

Lightweight because: Minimal support from client CPU while mutual authentication. Supports embedded systems (printers). Runs on OS without support for native EAP authentication. Support popular OS (Windows, Linux, MacOS).


Cisco Implementation The entire authentication and key distribution process

is accomplished in three phases: Start, Authenticate, and Finish


Start Phase


The authenticate sequence varies based on the mutual authentication method chosen.

If we were using Transport Level Security (TLS) to transfer certificates in a PKI implementation, then EAP-TLS messages would be used.

Authenticate Phase


Authenticate Phase

AP is in the middle acting solely as a transport vehicle


Finish Phase


Finish Phase Both derive the session key from the user's password. AP sends an EAPOW-KEY message to the client

supplying the key length. The key value (or actual WEP key) is not sent since

the client has already derived it on its own. AP encrypts with the session key (unicast) a full-

length derived multicast key and sends to client. The client and AP activate WEP and use this session

multicast WEP key for all communications.


Tentative Applications

Handoff Client is assumed authenticated. Just update multicast key on the adjacent AP.

Ad Hoc Mode 802.1x can be used. User credentials are stored in each station. New EAP method for this purpose must be

designed.


References Mishra A, Arbaugh W.; “An Initial Security Analysis of the IEEE 802.1X

Standard”. This article shows some weaknesses of the 802.1X protocol. William A. Arbaugh, Narendar Shankar, and Y.C. Justin Wan, "Your

802.11 Wireless Network Has No Clothes“; one of the first articles that shows the 802.11b security problems

Nikita Borisov, Ian Goldberg, and David Wagner, "Intercepting Mobile Communications: The Insecurity of 802.11“

D.Simon, B. Aboba, T. Moore; IEEE 802.11 Security and 802.1X. This presentation explains the security problems on 802.11 and how 802.1X helps to fix them.

Steinke Steve; “Security and 802.11 Wireless Networks”; this article explains WEP deficiencies.

Security for Next Generation Wireless LANs; A Cisco paper that describes the first generation WLAN security.


References Scott Fluhrer, Itsik Mantin and Adi Shamir; Weaknesses in the Key

Scheduling Algorithm of RC4 , this paper presents several weaknesses in the key scheduling algorithm of RC4 and describes their cryptanalytic significance.

AirSnort one of the best-known WEP cracking tools, which employs the RC4 weaknesses to attack WLAN networks. AirSnort recovers encryption keys, operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

Wireless LAN at Risk: An article that tells how easy can be to access a WLAN if even the minimal wireless security basics and precautions are not taken into account.

Sean Whalen, Analysis of WEP and RC4 Algorithms; This paper explains briefly the WEP encryption mechanism and some ways to crack it.


End of Ninth Lecture

1 network architecture and design security & authentication in wlan state of the art and...

Documents

network architecture

design ieee

design security authentication

common network

appropriate wep key

wep encryption

design organizations

wlan use