Beruflich Dokumente
Kultur Dokumente
Networks*
Mario agalj
University of Split
2013/2014.
LANs (2004)
Specifies robust security mechanisms for WLANs
Defines Transition Security Network (TSN)
Called WiFi-Protected Access (WPA) by WiFi-Alliance
Based on new TKIP (that uses old RC4 like WEP)
Backward compatibility (with old RC4-only hardware)
IEEE 802.1X authentication framework
(RSN)
Called WiFi-Protected Access 2 (WPA2) by WiFi-Alliance
Based on AES and optionally TKIP
Also uses IEEE 802.1X authentication framework
WPA
Tajnost podataka
(enkripcija)
WEP (RC4)
TKIP (RC4)
Integritet podataka
TKIP-MIC
Autentikacija i
kontrola pristupa
Shared Key
Authentication
IEEE 802.1X/EAP
IEEE 802.11i
(WPA2)
AES,
(opcija TKIP)
AES-MAC
(opcija TKIP-MIC)
IEEE 802.1X/EAP
AP
LAN
(Internet)
Autentifikacijski
server
Mobilni klijent
Slobodan
(otvoren) port
Vulnerabilities of home
networks
Assembled from different sources: Walker,
Lehembre Buttyan, ...
PSK)
PSK
(umjesto PMK)
Otkrivanje sigurnosnih
funkcionalnosti
IEEE 802.1X key management
(Provjera PSK/PTK 4-way handshake)
Zatita podataka
(TKIP, CCMP/AES)
this AP
PTK
10
Vulnerabilities of 4-way
handshake (1/3)
Affects both WPA and WPA2
Password-to-Key Mapping
Uses PKCS #5 v2.0 PBKDF2 to generate a 256-bit PSK from an ASCII
password
PMK=PSK = PBKDF2 (Password, SSID, SSIDlength, 4096, 256)
Salt = SSID, so PSK different for different SSIDs
4096 is the number of hashes used in this process
Password length between 8 and 63 printable ASCII characters
Vulnerability
The PTK used in 4-way handshake derived from PSK and
PSK=f(PWD)
4-way handshake protected with PTK
4-way handshake messages transmited over a public radio
channel
11
Vulnerabilities of 4-way
handshake (2/3)
The strenght of PTK relies on the PSK
Vulnerabilities of 4-way
handshake (3/3)
handshake
Use fake disassociation control packets (not protected by IEEE 802.11i)
13
Attack complexity
Depends on the entropy of passwords
Weak passwords easy to crack
Strong passwords
E.g., a random passphrase of 13 characters (selected from the set of
characters!
14
This part is
PSKtest = PBKDF2 (PWDtest, SSID, SSIDlength,
slow 4096, 256)
2. calculates
15
tables)
Your PWD is strong enough (sufficiently long and random
:-)
17
Vulnerabilities of enterprise
networks
Assembled from different sources: Walker,
Lehembre Buttyan, ...
AP
LAN
(Internet)
Autentifikacijski
server
Mobilni klijent
Slobodan
(otvoren) port
19
Otkrivanje sigurnosnih
funkcionalnosti
Rezultat: M i AS
-generiraju Master Key (MK)
-izvedu Pairwise MK (PMK)
802.1X autentifikacija
Rezultat: M i AP
802.1X key management
-provjere PMK
-izvedu Paiwise Transient Key (PTK)
-PTK vezan uz ovaj M i ovu AP
Zatita podataka
(TKIP, CCMP/AES)
CCMP = Counter-Mode / Cipher Block Chaining 20
Message Authentication Code Protocol based on
TTLS)
Provides protection for initial authentication messages (plaintext
passwords,<-----------certificate---------->
e.g. PAP used by FESB)
<--no trust-->
<--trust-->
<--trust-->
TTLS server
Autentifikacijski
server (AS)
Authentication
WLAN master
session key
Data traffic
on secured link
21
validation
Trusted issuing authority, matching certificate owners Common
Name (CN)
Many PEAP (EAP-TTLS) deployments fail to properly deploy
Malicious authentication server gains access to inner authentication
controlled by the attacker (Rogue AP)
methods
PEAP: MS-CHAPv2
<--no trust-->
<--trust-->
TTLS: MS-CHAPv2,
CHAP, PAP,
etc.
Mobilni klijent (M)
<--trust-->
TTLS server
Record session
22
23
the client)
Near-Field-Communication Method (bring the client close to the AP)
USB Method
In December 2011 researcher Stefan Viehbck reported a design and
network
The only effective workaround is to disable WPS
Impossible on some APs
24