Beruflich Dokumente
Kultur Dokumente
Wireless Networks
Justin Steffy
Brad Moore
Outline
z Motivation for using wireless
z Wireless challenges
z Common myths
z WEP - does it work?
z WPA and beyond
z Summary
1
Motivation to use wireless
z Its mobile
z Don’t
be trapped at your desk
z How many of you are using it now?
z Its cheap
z No more messy wires running all through your
building
z Easy to retrofit an older building
2
Common security myths
z Hidden SSID
z Don’t broadcast the SSID beacon
z Attackers can listen to network traffic
Outline
z Motivation for using wireless
z Wireless challenges
z Common myths
z WEP - does it work?
z WPA and beyond
z Summary
3
Getting closer to secure - WEP
z The Wired Equivalency Protocol (WEP)
z Introduced with 802.11 to provide security for
wireless traffic
z Employs the RC4 stream cipher algorithm.
z Uses a shared key
z All
clients have the same shared key
z Keys must be configured manually on all clients
Ciphertext - 101101111
4
RC4 Encryption
z RC4 relies on the fact the every key
stream is unique
z Uses an IV of 24 bits
z IV + Shared Key is used to generate Key
Stream
z IV is sent in plain text for decryption
http://www.informit.com/articles/article.asp?p=27666&seqNum=10
5
The problem with this?
z IV’s can be reused
z Nothing in the specification says how to deal
with selecting an IV
z Must be able to accept duplicate IV’s
z IV space is relatively small and can be used
up quickly
z Reused IV gives you access to the XOR of
the plaintexts
6
Generating Traffic
z To speed up the process, you can
generate your own traffic
z More traffic means a better chance of weak
IV’s and reused IV’s being used
z How can we generate our own traffic without
the secret key?
An associated Machine
Associated
7
Disassociate it
Disassociate
Ask to associate
8
Listen to the challenge text
Ciphertext reply
9
What do we have now?
z The plaintext challenge text
z The ciphertext of that challenge text
z An IV used to encrypt it
10
But I don’t want to implement
that…
z Don’t despair, its already done
z WEPcrack
z AirSnort
z NetStumbler
z Aerosol
AirSnort
11
Outline
z Motivation for using wireless
z Wireless challenges
z Common myths
z WEP - does it work?
z WPA and beyond
z Summary
Fixing WEP
z Long-term solution, 802.11i
z Short-term, WPA (WiFi Protected Access)
z Subsetof 802.11i
z Forwards compatible
z Released, 2003
12
WPA
WPA
z 2 Types: PSK and Enterprise
z WPA-PSK
z Uses a Shared Key between AP and User
z Authentication is the shared key
z WPA Enterprise
z Uses 802.1X and EAP to authenticate user
z Requires an authentication server
z Not practical for home users
13
Fixing WEP Encryption
z TKIP – wrapper for WEP (uses RC4)
z Utilizessequence numbers (unique IV and
stops replay attack)
z 128-bit key (stronger key)
z Per packet key
z Based off MAC address and shared key for WPA-WPA-
PSK
z Based off of authentication credentials for enterpise
WPA
Providing Authentication
z 802.1X
z Protocol for restricting access to LAN ports in
public, semi-public locations
z Specifies a way to restrict access to
authenticated users
z Authentication method is Extensible
Authentication Protocol (EAP) – a specification
for a broad class of authentication methods
14
802.1X
802.1X
15
802.1X
802.1X
16
After Authentication
z Both Supplicant and AS have Master Key
z Reflects successful authentication
z Both Supplicant and AS derive Pairwise-
Master Key (PMK)
z AS sends PMK to AP
z Supplicant and AP derive Pairwise-
Transient Key for session encryption
17
EAP-TLS
z Basis for other EAP protocols
z PEAP, EAP-TTLS, EAP-FAST
z Uses digital certificates to authenticate AS
to Supplicant
z Uses Public Key/Private Key to establish an
encrypted channel between Supplicant and
AS
z Once channel is establish, many methods
can be used to authenticate Supplicant to
AS
802.11i/WPA2/RSN
z State of the art protocol for wireless security
z Differences from WPA
z Encryption
z Pre-Authentication
18
Encryption
z Support for WPA TKIP
z Added support for AES-CCMP
z Government replacement for DES
z Supports 128, 192, 256 bit keys
z Only open source “Top Secret” protocol
z Requires more hardware, more complicated
algorithm
z WRAP – replaced by AES-CCMP
Fast Roaming
z Clients can cache PMK
z Clients can pre-authenticate
z Access Points may share the same PMK
19
Summary
z WEP can stop your neighbor from using
your internet, but it is technically broken
z WPA is a necessary upgrade for WEP
z 802.11i is the future, but it hasn’t withstood
the test of time
z Isit good enough for corporate networks?
z How long will it take to crack it?
z Bottom Line: wireless security is evolving
and becoming a legitimate option
References
z Fluhrer,
Fluhrer, S., Mantin,
Mantin, I., and Shamir,
Shamir, A. “Weakness in the
key scheduling algorithm of RC4.”
RC4.” Either Annual
Workshop on Selected Areas in Cryptography (August
2001).
z Stubblefield, A., Ioannidis, J., and Rubin, A. D. Using
the fluhrer,
fluhrer, mantin and shamir attack to break WEP.
Technical Report TD-TD-4ZCPZZ, AT&T Labs, August
2001.
z Wong, Stanley. “The evolution of wireless security in
802.11 networks: WEP, WPA and 802.11 standards.”
standards.”
GSEC Practical v1.4b, 20, May, 2003.
z Potter, Bruce. “Wireless Security’
Security’s Future.”
Future.” IEEE
Security & Privacy, 2003.
20