Wireless LAN Security

Wireless LAN Wireless LAN SecuritySecurity

Yen-Cheng Chen

Department of Information Management

National Chi Nan University

ycchen@ncnu.edu.tw

Outline

1. Introduction2. WLAN Authentication3. WEP (Wired Equivalent Privacy)4. IEEE 802.1x5. Conclusion

1. Introduction

Increasing popularity of IEEE 802.11 Wireless LANs (WLANs)

More laptops and PDAs equipped with WLAN interface. (Intel Centrinotm) By 2005, over 80 percent of professional notebook

PCs will have an WLAN interface. Public Wireless LAN Hotspots

ISPs provide WLAN access services at airports, coffee shops, conference centers, shopping malls, …

Comparisons among 802.11 Versions

InternetInternet

: Access Point

CoffeeShop Airport

ConferenceCenter

Wireless LAN Hotspots

WLANAdapter

Internet/Intranet

RouterSwitch

Router

Switch

WLANAdapter

+

PDANotebook PC

Typical Wireless LAN Configuration

Access Point

IEEE 802.11 Association Services

Three association services defined in 802.11 Association ServiceAssociation Service:

Before a mobile client is allowed to send a data message via an AP, it shall first become associated with the AP.

Reassociation ServiceReassociation Service: The reassociation service is invoked to “move” a current a

ssociation from one AP to another. Disassociation ServiceDisassociation Service:

The disassociation service is invoked whenever an existing association is to be terminated.

A Scenario

Internet

Internet

AP #1 AP #2

AssociateAssociate(1)ReassociateReassociate

(2)

DisassociateDisassociate(3)

move leave

(1) Association(2) Reassociation(3) Disassociation

WiredNetwork

802.11 Client Authentication

802.11 Client Authentication

1. Client broadcasts a probe request frame on every channel2. Access points within range respond with a probe respons

e frame3. The client decides which access point (AP) is the best for

access and sends an authentication request4. The access point will send an authentication reply5. Upon successful authentication, the client will send an as

sociation request frame to the access point6. The access point will reply with an association response7. The client is now able to pass traffic to the access point

Security Threats

Data transmitted can be easily intercepted. Signal coverage area cannot be well limited. Intentional and non-intentional interference.

User authentication to prevent unauthorized

access to network resources Data privacy to protect the integrity and

privacy of transmitted data

2. WLAN Authentication

SSIDs (Service Set IDs) Open Authentication Shared Key Authentication MAC Address Authentication

SSIDs (Service Set IDs)

SSIDs (Service Set IDs)

Vulnerability of Using SSIDs SSID can be obtained by

eavesdropping.

Open Authentication

Null authentication Some hand-held devices do not have

capabilities for complex authentication algorithms.

Any device that knows the SSID can gain access to the WLAN.

Open Authentication with Differing WEP Keys

Shared Key Authentication

1. The client sends an authentication request to the access point requesting shared key authentication

2. The access point responds with an authentication response containing challenge text

3. The client uses its locally configured WEP key to encrypt the challenge text and reply with a subsequent authentication request

4. If the access point can decrypt the authentication request and retrieve the original challenge text, then it responds with an authentication response that grants the client access

Shared Key Authentication• Use of WEP key• Key distribution and

management

Shared Key Authentication Vulnerabilities

Stealing Key stream WEP uses RC4

Man-in-the-Middle Attack

C = P RC4(K)

C P = P RC4(K) P = RC4(K)

Deriving Key Stream

MAC Address Authentication

Not specified in 802.11 Many AP products support MAC

address authentication. MAC address authentication verifies

the client’s MAC address against a locally configured list of allowed addresses or against an external authentication server.

MAC Address Filtering in APs

MAC Authentication via RADIUS

MAC Address Authentication Vulnerabilities

MAC Address Spoofing Valid MAC addresses can be observed by a pr

otocol analyzer. The MACs of some WLAN NICs can be overwrit

ten.

3. WEP (Wired Equivalent Privacy)

IEEE 802.11 Std. Goals

Confidentiality Access Control Data Integrity

WEP Key: 64-bit, 128-bit

WEP (Wired Equivalent Privacy)

-- 4 Keys-- 104-bit key + 24-bit IV

104 bits

(104 bits) (128 bits)

(104 bits) (128 bits)

WEP Vulnerabilities

Key attacks Statistical key derivation – Several IVs

can reveal key bytes after statistical analysis.

Secret key problems Confidentiality attacks Integrity attacks Authentication attack

IV Replay Attack

Growing a Key Stream

Keystream Reuse in WEP

Keystream Reuse in WEP WEP standard recommends that IV be

changed after every packet. Many WLAN cards reset the IV to 0

each time they were re-initialized, and then incremented the IV by one after each packet transmitted.

IV is only 24 bits wide.1500 byte packets, 5 Mbps bandwidthhalf of a day

4. IEEE 802.1X

Port-Based Network Access Control To provide a means of authenticating and authori

zing devices attached to a LAN port that has point-to-point connection characteristics

To prevent access to that port in cases in which the authentication and authorization process fails.

802.1X requires three entities: The supplicant—resides on the wireless LAN client The authenticator—resides on the access point The authentication server—EAP server, mostly RADIUS

server

802.1X in LANs

EAP: Extended Authentication ProtocolRADIUS:Remote Authentication Dial In User Service

• EAP-MD5• EAP-TLS

Supplicant, Authenticator, and Authentication Server

PAE: port access entity

Supplicant Authentication Server

Challenge Text

MD5 (Password + Challenge Text)

Accept / Reject

EAP-MD5

EAP-TLS

TLS: Transport Layer Security Use TLS public key certification

mechanism within EAP. Digital certificate signed by CA Mutual Authentication

Client Certificate Server Certificate

Key exchange / Dynamic session key

Man-In-The-Middle Attack

Absence of Mutual Authentication

Session Hijacking

5. Conclusion IEEE 802.11i

TKIP: Temporal Key Integrity Protocol AES: Advanced Encryption Standard

Certificate based authentication EAP-TLS, EAP-TTLS, PEAP

Password authentication LEAP, Diffie-Hellman exchange, SPEKE: ZKPP(Zero Knowledge Password Proo

f)

““A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite”Wireless Security Suite”http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.pdfhttp://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.pdf

““Intercepting Mobile Communications: the Insecurity of 802.11”Intercepting Mobile Communications: the Insecurity of 802.11”, Borisov, N., Goldberg, I., and Wagner, D., Proc. Of the 7th ACM International Conference on Mobile Computing and Networking, Rome, July 2001.

““An Initial Analysis of the IEEE 802.1X Standard”An Initial Analysis of the IEEE 802.1X Standard”, Mishra, A., Arbaugh, W. A., University of Maryland, February 2002.

““IEEE Std 802.11 Wireless LAN Medium Access Control and Physical LayeIEEE Std 802.11 Wireless LAN Medium Access Control and Physical Layer Specifications”r Specifications”IEEE, 1999

Reference