Implementing Wireless LAN Security

Objectives
List wireless security solutions Tell the components of the transitional security model Describe the personal security model List the components that make up the enterprise security model

Wireless Security Solutions

IEEE 802.11a and 802.11b standards included WEP specification
Vulnerabilities quickly realized Organizations implemented quick fixes
Did not adequately address encryption and authentication

IEEE and Wi-Fi Alliance started working on comprehensive solutions

IEEE 802.11i and Wi-Fi Protected Access (WPA)
Foundations of todays wireless security

WEP2
Attempted to overcome WEP limitations by adding two new security enhancements
WEP key increased to 128 bits Kerberos authentication
User issued ticket by Kerberos server Presents ticket to network for a service Used to authenticate user

No more secure than WEP

Collisions still occur New dictionary-based attacks available

Dynamic WEP
Solves weak IV problem by rotating keys frequently
More difficult to crack encrypted packet

Uses different keys for unicast and broadcast traffic

Unicast WEP key unique to each users session
Dynamically generated and changed frequently

Broadcast WEP key must be same for all users on a particular subnet and AP

Dynamic WEP (continued)

B Should be B

Should be A

Dynamic WEP (continued)

Can be implemented without upgrading device drivers or AP firmware
No-cost and minimal effort to deploy

Does not protect against man-in-the-middle attacks Susceptible to DoS attacks

IEEE 802.11i
Provides solid wireless security model
Robust security network (RSN) Addresses both encryption and authentication

Encryption accomplished by replacing RC4 with a block cipher

Manipulates entire block of plaintext at one time

Block cipher used is Advanced Encryption Standard (AES)

Three step process Second step consists of multiple rounds of encryption

IEEE 802.11i (continued)

IEEE 802.11i (continued)

IEEE 802.11i authentication and key management is accomplished by IEEE 802.1x standard
Implements port security Blocks all traffic on port-by-port basis until client authenticated using credentials stored on authentication server

Key-caching: Stores information from a device on the network, for faster re-authentication (In the case when a user roams away and returns) Pre-authentication: Allows a device to become authenticated to an AP before moving to it (Current AP will forward authentication info to the roamed-to AP

IEEE 802.11i (continued)

Wi-Fi Protected Access (WPA)

Subset of 802.11i that addresses encryption and authentication Temporal Key Integrity Protocol (TKIP): Replaces WEPs encryption key with 128-bit perpacket key
Dynamically generates new key for each packet
Prevents collisions

Authentication server can use 802.1x to produce unique master key for user sessions Creates automated key hierarchy and management system

Wi-Fi Protected Access (continued)

Message Integrity Check (MIC): Designed to prevent attackers from capturing, altering, and resending data packets
Replaces CRC from WEP CRC does not adequately protect data integrity

Authentication accomplished via IEEE 802.1x or pre-shared key (PSK) technology

PSK passphase serves as seed for generating keys

Wi-Fi Protected Access (continued)

Message Integrity Check (MIC)

Wi-Fi Protected Access 2 (WPA2)

Second generation of WPA security
Based on final IEEE 802.11i standard Uses AES for data encryption Supports IEEE 802.1x authentication or PSK technology Allows both AES and TKIP clients to operate in same WLAN (This is useful is case of having legacy devices that can not support AES).

Summary of Wireless Security Solutions

Wi-Fi Alliance categorizes WPA and WPA2 by modes that apply to personal use and to larger enterprises

Security timeline

Summary of Wireless Security Solutions (continued)

Wi-Fi modes

AES

802.1x

Wireless security solutions

Transitional Security Model

Transitional wireless implementation
Should be temporary
Until migration to stronger wireless security possible

Should implement basic level of security for a WLAN

Including authentication and encryption

Authentication: Shared Key Authentication

Uses WEP keys Networks that support multiple devices should use all four keys
Same key should not be designated as default on each device

Authentication: SSID Beaconing

Turn off SSID beaconing by configuring APs to not include it
Beaconing the SSID is default mode for all APs

Good practice to use cryptic SSID

Should not provide any information about the location or type of equipment to attackers

Authentication: MAC Address Filtering

MAC address filter

WEP Encryption
Although vulnerabilities exist, should be turned on if no other options for encryption are available
Use longest WEP key available May prevent script kiddies or casual eavesdroppers from attacking

Transitional security model

Personal Security Model

Designed for single users or small office home office (SOHO) settings
Generally 10 or fewer wireless devices

Two sections:
WPA: Older equipment WPA2: Newer equipment

WPA Personal Security: PSK Authentication

Uses passphrase (PSK) that is manually entered to generate the encryption key
PSK used a seed for creating encryption keys

Key must be created and entered in AP and also on any wireless device (shared) prior to (pre) the devices communicating with AP

WPA Personal Security: TKIP Encryption

TKIP is a substitute for WEP encryption
Fits into WEP procedure with minimal change

Device starts with two keys:

128-bit temporal key 64-bit MIC

Three major components to address vulnerabilities:

MIC IV sequence TKIP key mixing

TKIP required in WPA

WPA Personal Security: TKIP Encryption (continued)

TKIP/MIC process

WPA2 Personal Security: PSK Authentication

PSK intended for personal and SOHO users without enterprise authentication server
Provides strong degree of authentication protection

PSK keys automatically changed (rekeyed) and authenticated between devices after specified period of time or after set number of packets transmitted (rekey interval) Employs consistent method for creating keys
Uses shared secret entered at AP and devices
Random sequence of at least 20 characters or 24 hexadecimal digits

WPA2 Personal Security: AES-CCMP Encryption

WPA2 personal security model encryption accomplished via AES AES-CCMP: Encryption protocol in 802.11i
CCMP based on Counter Mode with CBC-MAC of AES encryption algorithm Cipher Block Chaining-Message Authentication Code CBC-MAC provides data integrity

AES processes blocks of 128 bits

Cipher key length can be 128, 192 and 256 bits Number of rounds can be 10, 12, and 14

WPA2 Personal Security: AES-CCMP Encryption (continued)

AES encryption/decryption computationally intensive
Better to perform in hardware

Personal security model

Enterprise Security Model

Most secure level of security that can be achieved today for wireless LANs
Designed for medium to large-size organizations Intended for setting with authentication server

Like personal security model, divided into sections for WPA and WPA2 Additional security tools available to increase network protection

WPA Enterprise Security: IEEE 802.1x Authentication

Uses port-based authentication mechanisms Network supporting 802.1x standard should consist of three elements:
Supplicant: Wireless device which requires secure network access Authenticator: Intermediary device accepting requests from supplicant
Can be an AP or a switch

Authentication Server: Accepts requests from authenticator, grants or denies access

WPA Enterprise Security: IEEE 802.1x Authentication (continued)

802.1x protocol

WPA Enterprise Security: IEEE 802.1x Authentication (continued)

Supplicant is software on a client implementing 802.1x framework Authentication server stores list of names and credentials of authorized users
Remote Authentication Dial-In User Service (RADIUS) typically used
Allows user profiles to be maintained in central database that all remote servers can share

WPA Enterprise Security: IEEE 802.1x Authentication (continued)

802.1x based on Extensible Authentication Protocol (EAP)
Several variations:
EAP-Transport Layer Security (EAP-TLS) Lightweight EAP (LEAP) EAP-Tunneled TLS (EAP-TTLS) Protected EAP (PEAP) Flexible Authentication via Secure Tunneling (FAST)

Each maps to different types of user logons, credentials, and databases used in authentication

WPA Enterprise Security: TKIP Encryption

TKIP is a wrapper around WEP
Provides adequate encryption mechanism for WPA enterprise security Dovetails into existing WEP mechanism

Vulnerabilities may be exposed in the future

WPA2 Enterprise Security: IEEE 802.1x Authentication

Enterprise security model using WPA2 provides most secure level of authentication and encryption available on a WLAN IEEE 802.1x is strongest type of wireless authentication currently available Wi-Fi Alliance certifies WPA and WPA2 enterprise products using EAP-TLS (Transport Layer Security)

WPA2 Enterprise Security: AESCCMP Encryption

AES: Block cipher that uses same key for encryption and decryption
Bits encrypted in blocks of plaintext
Calculated independently

block size of 128 bits Three possible key lengths: 128, 192, and 256 bits WPA2/802.11i uses128-bit key length Includes four stages that make up one round
Each round is iterated 10 times

WPA2 Enterprise Security: AESCCMP Encryption (continued)

Enterprise security model

Other Enterprise Security Tools: Virtual Private Network (VPN)

Virtual private network (VPN): Uses a public, unsecured network as if it were private, secured network Two common types:
Remote-access VPN: User-to-LAN connection used by remote users Site-to-site VPN: Multiple sites can connect to other sites over Internet

VPN transmissions are achieved through communicating with endpoints

Other Enterprise Security Tools: Virtual Private Network (continued)

Endpoint: End of tunnel between VPN devices
Can local software, dedicated hardware device, or even a firewall

VPNs can be used in WLAN setting

Tunnel though WLAN for added security

Enterprise trusted gateway: Extension of VPN

Pairs of devices create trusted VPN connection between themselves Can protect unencrypted packets better than a VPN endpoint

Other Enterprise Security Tools: Wireless Gateway

AP equipped with additional functionality
Most APs are wireless gateways
Combine functionality of AP, router, network address translator, firewall, and switch

On enterprise level, wireless gateway may combine functionality of a VPN and an authentication server
Can provide increased security for connected APs

Other Enterprise Security Tools: Wireless Intrusion Detection System (WIDS)

Intrusion-detection system (IDS): Monitors activity on network and what the packets are doing
May perform specific function when attack detected May only report information, and not take action

Wireless IDS (WIDS): Constantly monitors RF frequency for attacks

Based on database of attack signatures or on abnormal behavior Wireless sensors lie at heart of WIDS Hardware-based have limited coverage, softwarebased have extended coverage

Other Enterprise Security Tools: Captive Portal

Web page that wireless users are forced to visit before they are granted access to Internet Used in one of the following ways:
Notify users of wireless policies and rules Advertise to users specific services or products Authenticate users against a RADIUS server

Often used in public hotspots

Summary
IEEE 802.11i and Wi-Fi Protected Access (WPA), have become the foundations of todays wireless security Dynamic WEP attempts to solve the weak initialization vector (IV) problem by rotating the keys frequently, making it much more difficult to crack the encrypted packet The IEEE 802.11i standard provided a more solid wireless security model, such as the block cipher Advanced Encryption Standard (AES) and IEEE 802.1x port security

Summary (continued)
WPA is a subset of 802.11i and addresses both encryption and authentication The transitional security model uses shared key authentication, turning off SSID beaconing, and implementing MAC address filtering The personal security model is designed for single users or small office home office (SOHO) settings of generally 10 or fewer wireless devices and does not include an authentication server

Summary (continued)
The enterprise security model is intended for settings in which an authentication server is available; if an authentication server is not available the highest level of the personal security model should be used instead Additional security tools that can supplement the enterprise security model to provide even a higher degree of security include virtual private networks, wireless gateways, wireless intrusion detection systems (WIDS), and captive portals