security issues of ieee 802.11b
DESCRIPTION
Security Issues of IEEE 802.11bTRANSCRIPT
Security Issues of IEEE 802.11b Wireless Local Area Networks
Issues | Analysis | Suggestions | Solutions | Adaptations
Seminar on Security Issues of 802.11b presented on 21-10-2008 bySreekanth G S,
274, R7, Computer Science,Sree Chitra Thirunal College of Engineering
Quick Note :Local Area Networks need not scale only up to a building or a particular location. Present scenarios represent Local Area Networks connecting offices across the continents using methods such as VPN (Virtual Private Network).
Local Area NetworkDefinitionScopeExpansion
Wireless Local Area NetworkDifference from conventional LANCurrent IEEE StandardsPrimitivism of IEEE802.11bScalability of WLANHotspots – Wi-Fi (Wireless Fidelity)
Quick Note :99% of the world’s Wi-Fi network issues are caused by interference and most of them from cordless telephones. This issue is termed as Wi-Fi band exploitation and device makers consortium has repeatedly requested IEEE to issue a new freq. band.
Wireless Local Area NetworkReleased – October 1999Frequency band – 2.4GHzData rate – 4.5 Mbit/s (Typical)Data rate – 11 Mbit/s (Maximum)Range - ~38m (Indoor)
802.11b devices suffer interference from other products operating in the 2.4 GHz band. Devices operating in the 2.4 GHz range include: microwave ovens, Bluetooth devices, baby monitors and cordless telephones.
Quick Note :OFDM - Orthogonal Frequency-Division MultiplexingDSSS - Direct-Sequence Spread Spectrum Mod. – Modulation techniquerin. - Range Indoor, rout. – Range Outdoor
Quick Note :Wi-Fi is not an easy word to wireless deployment of LAN or WLAN. Any solution which addresses all or some of the above mentioned seven security problems need not be an ideal solution to the deployment problems faced by most of the companies.
Seven Security ProblemsEasy Access“Rogue” Access PointsUnauthorized Use of ServiceService and Performance ConstraintsMAC Spoofing and Session HijackingTraffic Analysis and EavesdroppingHigher Level Attacks
Quick Note :Our College is an excellent example of Wi-Fi Easy Access.SSID is broadcasted.Key level encryption is used.
1. Easy AccesWireless LANs are easy to find.All wireless networks need to announce their existence.The information needed to join a network is also the information needed to launch an attack on a network.Your 802.11 network and its parameters are available for anybody with an 802.11 card.Short of moving into heavily-shielded office space that does not allow RF signals to escape, there is no solution for this problem.The best you can do is to mitigate the risk by using strong access control and encryption solutions.
Quick Note :Any Wi-Fi Router (Example: Linksys WRT54GL) can act as a Wireless AP.AP login with Credentials can make Client login without credentials.Management staff “can” go rogue….
2. “Rogue” Access PointsEasy access to wireless LANs is coupled with easy deployment.Any user can run to a nearby computer store, purchase an access point, and connect it to the corporate network without authorization.End users are not security experts, and may not be aware of the risks posed by wireless LANs.Tools like NetStumbler allow network administrators to wander their building looking for unauthorized access points, but it is expensive to devote time to wandering the building looking for new access points.
Quick Note :VPN – Virtual Private NetworkWEP – Wired Equivalent Privacyn/w – Network
3. Unauthorized Use of ServiceNearly all of the access points running with default configurations have not activated WEP (Wired Equivalent Privacy) or have a default key used by all the vendor's products out of the box. Without WEP, network access is usually there for the taking.If you have deployed a VPN to protect the network from wireless clients, it probably has strong authentication capabilities already built-in.For corporate users extending wired networks, access to wireless networks must be as tightly controlled. Strong authentication is a must before granting access to the n/w.
Quick Note :LAN – Local Area NetworkMAC – Media Access Control (Burned In Address)Access Point – Wireless Service Providing Machine
4. Service and Performance ConstraintsWireless LANs have limited transmission capacity.This capacity is shared between all the users associated with an access point. Due to MAC-layer overhead, the actual effective throughput tops out at roughly half of the nominal bit rate.Attackers could also inject traffic into the radio network without being attached to a wireless access point.Addressing performance problems starts with monitoring and discovering them.No enterprise-class wireless network management system has yet emerged.
Quick Note :In cryptography, the man-in-the-middle attack is a form of active
eavesdropping in which the attacker makes independent connections with the victims, relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker.
5. MAC Spoofing and Session Hijacking802.11 networks do not authenticate frames.Attackers can use spoofed frames to redirect traffic and corrupt ARP tables.Access points are identified by their broadcasts of Beacon frames.You must deploy a cryptographic protocol on top of 802.11 to protect against hijacking.Attackers can, however, easily pretend to be an access point because nothing in 802.11 requires an access point to prove it really is an access point. (Man-in-the-Middle Attack)
Quick Note :SSH – Secure ShellSSL – Secure Socket LayerIPSec – IP (Internet Protocol) Security
6. Traffic Analysis and Eavesdropping802.11 provides no protection against attacks that passively observe traffic.A great deal has been written about the flaws in WEP.Early WEP implementations are vulnerable to cracking by tools such as AirSnort and WEPCrack.Strong cryptographic solutions like SSH, SSL, and IPSec were designed to transmit data securely over public channels.It protects only the initial association with the network and user data frames.
Quick Note :Many networks have a hard outer shell composed of perimeter security devices that are carefully configured and meticulously monitored. Inside the shell, though, is a soft, vulnerable (and tasty?) center.
7. Higher Level AttacksOnce an attacker gains access to a wireless network, it can serve as a launch point for attacks on other systems.Wireless LANs can be deployed quickly if they are directly connected to the vulnerable backbone, but that exposes the network to attack.The solution is straightforward in theory: treat the wireless network as something outside the security perimeter, but with special access to the inside of the network.
Quick Note :Access Control – ACL – Access Control ListsConfidentiality – Encryption Algorithms, CryptographyData Integrity – CRC Checks, Parity Checks, Checksum, MD5 Values
WEP and its FunctionalityWEP’s security goals are
Access control: protecting the wireless network from unauthorized access. Confidentiality: to prevent eavesdropping.Data integrity: to prevent tampering with transmitted messages.
Quick Note :Plaintext = Message + CRC (Cycic Redundancy Check)IV – Initialization VectorXOR – Exclusive ORRC4 – Encryption Method
WEP’s security flawsWEP relies on an encryption algorithm called RC4.
Making of PlaintextGeneration of RC4 KeystreamXOR of Plaintext and KeyMaking of CiphertextSending of Ciphertext with IV
Quick Note :Ciphertext – Incoming Encrypted MessageKeyStream – RC4(v,k) where v is IV transmitted with CiphertextCRC – Cyclic Redundancy CheckIV – Initialization Vector
WEP’s security flaws (contd…)
Stripping out IVGeneration of key kReassembling of keystreamXOR with CiphertextObtaining of Plaintext
Quick Note :Why do we need Re-Usable Keystream? Why not 256 bits IV?Starting from the beginning? Resetting IV on Initialization?
Key Stream Re-UseThe IV is only 24 bits long.Exhaustion of IV Field.No other choice but to Re-Use.Two packets will be encrypted using same k and IV.Key Stream Re-Use is a major vulnerability.
Quick Note :Public Key/ Private Key Encryption ModelIV – Initialization VectorXOR – 1101 XOR 1001 = 0100
RC4 Hacking in DetailDone using two fields, k and IV.Secret Key – kPublic Key – IVSecret Key k is constant.Hence, two or more packets are encrypted using same IV.Means, both packets were encrypted in the very same way.They can be XORed to cancel out two key streams.Results in XOR of two original unencrypted packets.Knowing bit stream in one of the packet gives out the other.Hence, key k is identified.
Quick Note :TKIP – Temporal Key Integrity ProtocolWPA – Wi-Fi Protected AccessIEEE 802.11i-2004, or 802.11i, is an amendment to the IEEE 802.11 standard
specifying security mechanisms for wireless networks.
Solutions to Key Stream Re-UseIncreasing the size of IV field.A 24 bits to 48 bits increase = 16.7 million to 281 trillion IVs.Decreases very likelihood of Key Stream Re-Use.Making secret key ‘k’ dynamic.Improvement to WPA.Implementation of TKIP.Enhancements including per packet key mixing function.Message Integrity Check called Michael.Extended IV with sequencing rules and Re-Keying mech.Mandatory in upcoming 802.11i
Quick Note :KSA – Key Scheduling AlgorithmPRGA – Pseudo Random Generation AlgorithmA pseudorandom process is a process that appears random but is not.
RC4 AlgorithmRC4 generates a pseudorandom stream of bits (a keystream) which, for encryption, is combined with the plaintext using bit-wise exclusive-or; decryption is performed the same way (since exclusive-or is a symmetric operation). To generate the keystream, the cipher makes use of a secret internal state which consists of two parts:
1.A permutation of all 256 possible bytes (denoted "S" below). 2.Two 8-bit index-pointers (denoted "i" and "j").
The permutation is initialized with a variable length key, typically between 40 and 256 bits, using the key-scheduling algorithm (KSA). Once this has been completed, the stream of bits is generated using the pseudo-random generation algorithm (PRGA).
Quick Note :Pseudorandom sequences typically exhibit statistical randomness while being
generated by an entirely deterministic causal process. Such a process is easier to produce than a genuine random one, and has the benefit that it can be used again and again to produce exactly the same numbers, useful for testing and fixing software.
RC4 Algorithm (contd…)The key-scheduling algorithm (KSA)The key-scheduling algorithm is used to initialize the permutation in the array "S". "keylength" is defined as the number of bytes in the key and can be in the range 1 ≤ keylength ≤ 256, corresponding to a key length of 40 – 128 bits. First, the array "S" is initialized to the identity permutation. S is then processed for 256 iterations.
for i from 0 to 255 S[i] := i
endfor j := 0 for i from 0 to 255
j := (j + S[i] + key[i mod keylength]) mod 256 Swap (S[i],S[j])
endfor
for i from 0 to 255 S[i] := i
endfor j := 0 for i from 0 to 255
j := (j + S[i] + key[i mod keylength]) mod 256 Swap (S[i],S[j])
endfor
Quick Note :For such applications as cryptography, the use of pseudorandom number generators is insecure. When random values are required , the goal is to make a
message as hard to crack as possible, by eliminating or obscuring the parameters used to encrypt the message from the message itself or from the context in which it is carried.
RC4 Algorithm (contd…)The pseudo-random generation algorithm (PRGA)For as many iterations as are needed, the PRGA modifies the state and outputs a byte of the keystream. In each iteration, the PRGA increments i, adds the value of S pointed to by i to j, exchanges the values of S[i] and S[j], and then outputs the value of S at the location S[i] + S[j] (modulo 256). Each value of S is swapped at least once every 256 iterations.
i := 0 j := 0 while GeneratingOutput:
i := (i + 1) mod 256 j := (j + S[i]) mod 256 Swap(S[i],S[j]) Output S[(S[i] + S[j]) mod 256] ^ input[i]
endwhile
i := 0 j := 0 while GeneratingOutput:
i := (i + 1) mod 256 j := (j + S[i]) mod 256 Swap(S[i],S[j]) Output S[(S[i] + S[j]) mod 256] ^ input[i]
endwhile
Quick Note :RC4 Using Streams - WEP, WPA , BitTorrent protocol encryption , Microsoft Point-to-Point Encryption , Secure Sockets Layer , Secure shell , Remote Desktop Client (RDC over RDP) , Kerberos , SASL Mechanism Digest-MD5 .
RC4 Algorithm (contd…)Test VectorsSample test vectors are provided below:
RC4( "Key", "Plaintext" ) == BBF316E8D940AF0AD3 RC4( "Wiki", "pedia" ) == 1021BF0420 RC4( "Secret", "Attack at dawn" ) == 45A01F645FC35B383552544B9BF5
OR In Plain/Text: Password: Text: Output: RC4( "24g3", "24z0") == nhnW RC4( "24g3", "24z2") == nhnU RC4( "5ybdt", "5ybu8") == XJrkp
RC4( "Key", "Plaintext" ) == BBF316E8D940AF0AD3 RC4( "Wiki", "pedia" ) == 1021BF0420 RC4( "Secret", "Attack at dawn" ) == 45A01F645FC35B383552544B9BF5
OR In Plain/Text: Password: Text: Output: RC4( "24g3", "24z0") == nhnW RC4( "24g3", "24z2") == nhnU RC4( "5ybdt", "5ybu8") == XJrkp
Quick Note :L2TP – Layer 2 Tunneling ProtocolRADIUS – Remote Authentication Dial In User ServiceSHA – Secure Hash AlgorithmLDAP – Lightweight Directory Access Protocol
VPN, Kerberos, IPSec…..Virtual Private Network, a n/w within a n/w.Kerberos Authentication with RADIUS Servers.IPSec Implementations with L2TP.Firewalls, Monitors, Sniffing Detectors.Better Encryption Algorithms like SHA.Round Robin Based Key Modifying Methods.Domain Based Auth Systems.LDAP Authentication Methods.BSSID Usages.Understanding of Security Issues.
Thank you for your patience and co-operation.This seminar presentation is also available on
References:
IEEEExplore – http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1345023
Wikipedia - http://en.wikipedia.org/wiki/802.11 http://en.wikipedia.org/wiki/RC4
Seven Security Problems – O’Reilly Media -http://www.oreillynet.com/pub/a/wireless/2002/05/24/wlan.html?page=1
Based On: Security issues of the IEEE 802.11b wireless LAN
Boland, H. Mousavi, H. Carleton University, Ottawa, Ont., Canada
IEEE Canadian Conference on Electrical and Computer Engineering, 2-5 May 2004
Special Thanks To: Subu Surendran Sir, SCT College of Engineering, Trivandrum Students of R7(05-09), SCT College of Engineering, Trivandrum
http://www.slideshare.net/sreekanth/slideshows
http://[email protected]+91.9446384450