You are on page 1of 85

Wireless Security

New Standards for 802.11 Encryption and Authentication

Kazi Khaled Al-Zahid

Wired vs. Wireless

Wired networks offer more and better security options than wireless More thoroughly established standards with wired networks Wireless networks are much more equipment dependent than wired networks Easier to implement security policies on wired networks

802.11b Overview

Standard for wireless networks

Approved by IEEE in 1999

Two modes: infrastructure and ad hoc

IBSS (ad hoc) mode

BSS (infrastructure) mode


802.11 Standards 802.11 The original WLAN Standard. Supports 1 Mbps to 2 Mbps. 802.11a High speed WLAN standard for 5 Ghz band. Supports 54 Mbps. 802.11b WLAN standard for 2.4 Ghz band. Supports 11 Mbps. 802.11e Address quality of service requirements for all IEEE WLAN radio interfaces. 802.11f Defines inter-access point communications to facilitate multiple vendor-distributed WLAN networks. 802.11g Establishes an additional modulation technique for 2.4 Ghz band. Intended to provide speeds up to 54 Mbps. Includes much greater security. 802.11h Defines the spectrum management of the 5 Ghz band for use in Europe and in Asia Pacific. 802.11i Address the current security weaknesses for both authentication and encryption protocols. The standard encompasses 802.1X, TKIP, and AES protocols.

Wireless Security?

Hacking is no longer the esoteric domain of the techno-elite. Most often done by young males ages 15-25 that have extensive computer programming knowledge. Variety of reasons from simple curiosity all the way to achieving terrorist ideals.

Most often used for identity theft and industrial espionage.

Security Risks of Wireless LANs

Easier for unauthorized devices to attach to wireless network

- Dont need physical access

- Many organizations dont apply security

- Presence of free wireless hacking tools

Internal systems are usually not as secure as external or DMZ systems

Business Risks of Wireless LANs

A wireless attacker could affect you business in the following ways: Ability to destroy data Ability to steal proprietary data from client workstations and servers Disruption of network service through corruption of network devices

RISK: Inability to meet core business and customer needs that could lead to loss of revenue

Security Risks INTRODUCED by Wireless Technology

Rogue Access Points Clients Communicating in Ad Hoc Mode

Computerworld survey estimate at least 30 percent of businesses have rogue wireless LANs.

Original 802.11 Security

Service set identifier (SSID)

A simple code that identifies the WLAN.

Clients must be configured with the correct SSID to access their WLAN.

Media access control (MAC)

MAC address filtering restricts WLAN access to computers that are on a list you create for each access point on your WLAN.

Wired equivalent privacy (WEP)

Encryption and authentication scheme that protects WLAN data streams between clients and access points (AP) This was discovered to have flaws.

Access Point SSID

Service Set Identifier (SSID) differentiates one access point from another
By default, access point broadcasts its SSID in plaintext beacon frames every few seconds

Default SSIDs are easily guessable

Linksys defaults to linksys, Cisco to tsunami, etc. This gives away the fact that access point is active

Access point settings can be changed to prevent it from announcing its presence in beacon frames and from using an easily guessable SSID
But then every user must know SSID in advance

Wired Equivalent Protocol (WEP)

Special-purpose protocol for 802.11b

Intended to make wireless as secure as wired network

Goals: confidentiality, integrity, authentication

Assumes that a secret key is shared between access point and client

Uses RC4 stream cipher seeded with 24-bit initialization vector and 40-bit key
Terrible design choice for wireless environment In SSL, we will see how RC4 can be used properly


WEP Flaws

Two basic flaws undermined its use for protection against other than the casual browser - eavesdropper
No defined method for encryption key refresh or distribution Pre-shared keys were set once at installation and rarely if ever changed

Use of RC4 which was designed to be a one-time cipher not intended for multiple message use
But because the pre-shared key is rarely changed, same key used over and over

Attacker monitors traffic and finds enough examples to work out the plaintext from message context
With knowledge of the cipertext and plaintext, can compute the key


WEP Flaw
Takes about 10,000 packets to discover the key

Large amounts of known data is the fastest way of determining as many keystreams as possible
The information may be as innocuous as the fields in the protocol header or the DNS name query

Monitoring is passive so undetectable

Simple tools and instructions freely available to spit out the key Legal experts postulate this type of monitoring may not be illegal


Other Problems

SSID (service set identifier)

Identifies the 802.11 devices that belong to a Basic Service Set (BSS). A BSS is analogous to a LAN segment in wired terms SSID is meant as a method to identify what Service Set you want to communicate with; not as a security layer authentication Even when using WEP, the SSID remains fully visible Some mgfr even allow the WLAN cards to poll for the SSID and self configure


Other Problems

MAC (media access control)

Possible to restrict access by MAC address on many AP (access points) by means of an ACL All standards compliant NIC cards, including WLAN cards, should have unique MAC, some software allow this address to be spoofed

Spoofing Wireless
Is easy Unlike internet devices which have routing issues to overcome, IP addresses of wireless devices can be manually changed at will Some networks systems serve up the IP address dynamically


Do Not Do This
[courtesy of Brian Lee]

Ingredients: Laptop (with 802.11b card, GPS, Netstumbler, Airsnort, Ethereal) and the car of your choice

Drive around, use Netstumbler to map out active wireless networks and (using GPS) their access points If network is encrypted, park the car, start Airsnort, leave it be for a few hours
Airsnort will passively listen to encrypted network traffic and, after 5-10 million packets, extract the encryption key

Once the encryption key is compromised, connect to the network as if there is no encryption at all
Alternative: use Ethereal (or packet sniffer of your choice) to listen to decrypted traffic and analyze

Many networks are even less secure


Weak Countermeasures

Run VPN on top of wireless

Treat wireless as you would an insecure wired network VPNs have their own security and performance issues Compromise of one client may compromise entire network

Hide SSID of your access point

Still, raw packets will reveal SSID (it is not encrypted!)

Have each access point maintain a list of network cards addresses that are allowed to connect to it
Infeasible for large networks Attacker can sniff a packet from a legitimate card, then re-code (spoof) his card to use a legitimate address


Fixing the Problem

Extensible Authentication Protocol (EAP)

Developers can choose their own authentication method Cisco EAP-LEAP (passwords), Microsoft EAP-TLS (public-key certificates), PEAP (passwords OR certificates), etc.

802.11i standard fixes 802.11b problems

Patch: TKIP. Still RC4, but encrypts IVs and establishes new shared keys for every 10 KBytes transmitted No keystream re-use, prevents exploitation of RC4 weaknesses Use same network card, only upgrade firmware

Long-term: AES in CCMP mode, 128-bit keys, 48-bit IVs

Block cipher (in special mode) instead of stream cipher Requires new network card hardware

Improved Security Standards

802.1x Authentication (2001)

WPA (Wi-Fi Protected Access) (2002)

802.11i (2003-4)


802.1X Authentication and EAP

Framework to control port access between devices, AP, and servers

Uses Extensible Authentication Protocol (EAP) (RFC 2284)

Uses dynamic keys instead of the WEP authentication static key Requires mutual authentication protocol Users transmission must go thru WLAN AP to reach authentication server performing the authentication Permits number of authentication methods RADIUS is the market de facto standard

EAP Types

EAP-TLS (RFC 2716)

EAP is extension of PPP providing for additional authentication methods TLS provides for mutual authentication and session key exchange Negotiated mutual key becomes Master-Key for 802.11 TKIP Requires client & server certificates (PKI based) Deployed by Microsoft for its corporate network Shipping in Windows 2000 and XP


Other EAP Types

Tunneled TLS -- -- uses two TLS sessions Outer--TLS session with Server certificate for server authentication Inner Inner--TLS session using certificates at both ends and password Protects users identity from intermediary entities

Similar to EAP-TTLS, but only allows EAP for authentication Server authentication via Server certificate

Users password delivered through SSL protected channel

Session continues when users password verified Client-side certificate optional

WPA Interim 802.11 Security

Wi-Fi Protected Access (WPA) Interim Solution between WEP and 802.11i
Plugs holes in legacy 802.11 devices; typically requires firmware or driver upgrade, but not new hardware
Subset of the 802.11i and is forward compatible

Sponsored by the Wi-Fi Alliance

Will require WPA for current certifications

Support announced by Microsoft, Intel, others

Agere Atheros Athnel Colubris Funk Sftw Intesil Proxim Resonext TI


Improves WEP encryption Based on TKIP protocol and algorithm

Changes the way keys are derived
Refreshes keys more often Adds message integrity control to prevent packet forgeries

Encryption weakness improved but not solved Some concern that TKIP may degrade WLAN performance without hardware accelerator But protects current device investment Will be available sooner than 802.11i


Works similarly to 802.1X authentication

Both Clients and AP must be WPA enabled for encryption to and from 802.1X EAP server Key in a pass phrase (master key) in both client and AP If pass phrase matches, then AP allows entry to the network

Pass phrase remains constant, but a new encryption key is generated for each session



Temporal Key Integrity Protocol

Quick fix to overcome the the reuse of encryption key problem with WEP Combines the pre-shared key with the clients MAC and and larger IV to ensure each client uses different key stream Still uses WEP RC4, but changes temporal key every 10K packets Mandates use of MIC (Michael) to prevent packet forgery

Uses existing device calculation capabilities to perform the encryption operations
Improves security, but is still only a short-term fix

New 802.11i Security

Addresses the main problems of WEP and Shared-Key Authentication

Temporal Key Integrity Protocol (TKIP) Message Integrity Control ~ Michael AES Encryption replacement for RC4 Robust Security Network (RSN)

Require new wireless hardware Ratification ~ YE 2003


Robust Security Network

RSN uses Dynamic Negotiation

For authentication and encryption algorithms between AP and client devices Authentication is based on 802.1X and EAP AES Encryption


How RSN Works

1. 2. 3.


Access Point 4

WLAN Switch

Ethernet Switch


1. Client sends request for association and security negotiation to AP, which forward to WLAN switch. 2. WLAN switch passes request to Authentication Server (RADIUS). 3. RADIUS authenticates client. 4. Switch and client initiate 4 way key negotiation to create unique session key. Switch pushes key, which is AES encrypted to AP. AES encrypts all data traffic.


Final Words

802.11 is truly useful technology Wireless networking will continue to expand As the networking standards change so will the security issues Network security specialists need to understand wireless networking; and vice versa

Start evaluating and deploying new security standards

SANS Institute Information Security Reading Room

NIST Wireless Network Security



Works at 40mhz, in the 5ghz range THEORETICAL transfer rates of up to 54mpbs ACTUAL transfer rates of about 26.4mbps Limited in use because it is almost a line of sight transmittal which necessitates multiple WAPs (wireless access points) Cannot operate in same range as 802.11b/g Absorbed more easily than other wireless implementations


802.11b WiFi

Operates at 20mhz, in the 2.4ghz range Most widely used and accepted form of wireless networking THEORETICAL speeds of up to 11mbps

ACTUAL speeds depend on implementation

5.9mbps when TCP (Transmission Control Protocol) is used (error checking) 7.1mbps when UDP (User Datagram Protocol) is used

(no error checking)

Can transmit up to 8km in the city; rural environments may be longer if a line of sight can be established


802.11b - WiFi (cont.)

Not as easily absorbed as 802.11a signal Can cause or receive interference from:
Microwave ovens (microwaves in general) Wireless telephones Other wireless appliances operating in the same frequency


802.11g - Super G

Operates at the same frequency range as 802.11b THEORETICAL throughput of 54mpbs ACTUAL transmission rate is dependent on several factors, but averages 24.7mbps Logical upgrade from 802.11b wireless networks backwards compatibility Suffers from same limitations as 802.11b network System may suffer significant decrease in network speeds if network is not completely upgraded from 802.11b


802.11n (Ultranet)

Standards in discussion now; should be completed by the end of 2006 REAL throughput of at least 100mbps
4 5 times faster than 802.11g/a 20 times faster than 802.11b!

Better distance than 802.11a/b/g Being designed with speed and security in mind Perfect compliment for WWW2


Wireless Networking Categories

Personal Area Networking

Bluetooth, UWB

Local Area Networking

IEEE 802.11 (a, b, g) HomeRF Packet Radio 900mhz ISM

Wide Area Networking

2.5-3G cellular Blackberry


Rogue Device Threat

Can make your network vulnerable

Even with a secure wireless network

Even if you have no wireless network

Both Access Points and Clients are dangerous

Goal Protect network jacks

Identify unauthorized wireless devices




Wireless Tools

Types of Monitoring tools



Hacking tools
WEP Cracking ARP Spoofing


Stumbling Tools
Stumbling tools identify the presence of wireless networks. They look for beacons from access points, and also broadcast client probes and wait for access points to respond.


Free Window based Very simple GUI GPS capable


Free Linux based Supports many wireless cards GPS capable


Other Stumbling Tools

MacStumbler (MAC)

MiniStumbler (PocketPC)

Mognet (JAVA)

BSD-AirTools dstumbler (BSD)


Sniffing Tools
Sniffing tools capture the traffic from a wireless network and can view the data passed across the air.


Free Linux based GPS capable


Must pay for it Windows based Real time packet decoding


Other Sniffing Tools

AirTraf (Linux)

Ethereal (All OSs)

Sniffer Wireless (Windows, PocketPC)

BSD-AirTools - Prism2dump (BSD)


Handheld Tools
Handheld tools are more portable and provide wireless network identification and network status monitoring.


Pocket PC based


Waverunner veRunner/Overview.html
Linux kernal on iPaq


Other Handheld Tools

Kismet (Linux, Sharp Zaurus)

IBM Wireless Security Auditor (Linux, iPaq)


Hacking Tools
Hacking tools are for pointed attacks to gain access to secured wireless networks.


WEP Cracking Tools



BSD-Tools dweputils


ARP Spoofing MitM Tools






Wireless Security Monitoring

Need For Wireless Security Monitoring

To protect the Wired network from Wireless Technology:

To Identify and locate wireless devices within the organization Provide method of response


Effective Wireless Security Monitoring

Complete area coverage 24/7 monitoring

Remote distributed sensors

Central data aggregation and analysis Integration into enterprise network management Scalability


Wireless Monitoring Product Types

Products that Scan Wired Network for Access Points

ISS Internet Scanner

Foundstone Foundscan




Wireless Clients (laptop or PDA) walked around facility




Air Magnet


Enterprise Wireless Monitoring Solutions

Air Defense

IBM Distributed Wireless Security Auditor


NETSEC Wireless Security Monitoring Service


Wireless Security Answer

Wireless can be Secure

Apply all security features of products Require Authentication and Authorization and Encryption Use the same well known network security solutions as wired networks including:
Network segmentation

Use of personal firewalls

Well defined, trainable, and enforceable security policy

Perform Wireless Security Monitoring


My Favorite Wireless URLs

Wireless Security Links

Wireless Industry News

Wireless Blogs

Mailing Lists

Limitation of Wireless Networks

Availability Environmental Adding



Wireless becoming more and more available as time passes Wireless data networks are growing at roughly the same rate as cellular telephone networks with comparable coverage Does not rely on laying cables for connectivity Network cannot be accessed in situations where RF signals have interference Largely inaccessible in rural areas



Rain, lightening affect RF signals Solar flares

RF interference from ambient sources or other RF devices

Microwave towers Radio towers

Electromagnetic interference
Generators Power plants


Adding Devices

Extending range requires additional WAPs Not always a viable option Possible conflicts between 802.11b and 802.11g cause significant speed decrease in network Opens network up to more attacks Non-conflicting SSIDs (Service Set Identifiers)
SSIDs are numbers that identify wireless devices on a network. When SSIDs are not set dynamically


Security Issues


vs. Wireless and Cracking of Attacks

Hacking Types Open


Wired vs. Wireless

Wired networks offer more and better security options than wireless More thoroughly established standards with wired networks Wireless networks are much more equipment dependent than wired networks Easier to implement security policies on wired networks


Hacking and Cracking

Wired networks less susceptible to hackers/crackers RF signals allow for more unauthorized attempts Ubiquitous wireless networking devices allow access Hacking
Gaining unauthorized access to networks/devices by algorithms or penetration programs

Extending the use of devices past original intentions


Common Hacking & Cracking Techniques and Devices

Referred to as Wardrivers or Warchalkers Use PDAs, laptops, scanners, tablets or any WiFi enabled devices Underground networks list and update open networks that are waiting to be exploited Attack weak keys or sniff messages going over the network to determine SSID range


Types of Attacks

Man in the Middle Attacks

Attacker intercepts identification information of the sending and receiving parties. Substitutes own key in both situations Gives access to all information passed between parties

Denial of Service or Distributed Denial of Service

TCP SYN ACK Flood or Buffer Overrun Typical DoS Illicit servers used to set up zombie machines for a DDoS

Social Engineering

Most prevalent form of network attacks

Hardest to defend against because it involves human nature


Types of Attacks (cont.)

Weak key attacks

Involve algorithms in RC4 hashing algorithm and WEP (Wired Equivalent Privacy) Both implementations use easily broken algorithms WEP has been broken in under 2 hours

Dictionary attacks
Attackers use pre-populated list of frequently used passwords and regular words

Birthday attacks
A complicated algorithmic attack


Open Networks

Most often associated with home networks Networks are the target of hackers that wardrive. Result of wireless networks that are either unsecured entirely or are using weak WEP keys Effects can be devastating


Mitigating Risks on a Wireless Network


How I learned to love WLANS and stop fearing the Wardrivers

Wireless Networks

Ensure all unused ports are closed

Any open ports must be justified Pessimistic network view

Enforce the rule of least access Ensure SSIDs are changed regularly Ensure insurance and authentication standards created and enforced


Encryption and Data Insurance


SHA-1 (Secure Hashing Algorithm)

End to End Encryption

Initiate encryption at user and end at server that is behind the firewall, outside the DMZ

Treat WLANs as untrusted networks that must operate inside the DMZ

Access trusted network via VPN and two-factor authentication

Increase application security
Possibly through use of an enterprise application system Minimally through increased encryption


Encryption and Data Insurance

Do not, under any circumstances, allow ad hoc WLANS Embrace and employ the 802.11i IEEE security standard
Native per user access control Native strong authentication (tokens, smartcards and certificates)

Native strong encryption

Best bet for new wireless networks


Wireless Future To the future and beyond!! -Buzz Lightyear

IPv4 Moving to IPv6

IPv4 changing to IPv6

US currently using IPv4; consists of four 8 bit fields (

When initially created, US received lion share of IP addresses; Europe and Asia left with remainder

IPv6 is the future

Already in use in Asia and Europe

Limited implementation in use

(RFIDs and shipping ports)

New devices currently on market

Netgear Cisco


Pros of IPv6

Eliminates the need for SSIDs

Every device will have its own IP address Billions of unique IP addresses

Eliminates the need for NAT (natural address translation)

Can accept a range of IP addresses Minimizes hackers/crackers ability to penetrate networks Increases scalability



Cost of Change Over

Current infrastructure cannot be used unless it is already IPv6 compliant New hardware required

Network Changes
Re-addressing of current IPv4 hardware/clients

Compatibility with existing wireless infrastructure


Parting Thoughts

Wireless Networking while great in theory has significant problems that are not easily addressed Upgrades to wireless technology that are on the horizon make changing over/integrating far less attractive