WLAN Security Antti Miettinen (modified by JJ) What is WLAN? • A wireless data communication system implemented as an extension to, or alternative for, a wired local area network. • Operates at uncontrolled ISM (Industrial, Scientific and Medical) band 24.7.2016 2 What is WLAN? (cont.) • Standards by IEEE for 802.11 – 802.11 First standard, up to 2Mbps@2.4Ghz – 802.11a Accepted standard, up to 54Mbps@5GHz – 802.11b Accepted standard, up to 11Mbps@2.4GHz – 802.11d MAC Enhancements for wider use of 802.11 24.7.2016 3 What is WLAN? (cont.) • Standards by IEEE for 802.11 (cont.) – 802.11e MAC Enhancements for Quality of Service – 802.11f Recommended Practice for Inter Access Point Protocol = Roaming & hand over – 802.11g Accepted standard, up to 54Mbps@2.4Ghz – 802.11i Improved WEP and EAP (802.1X) 24.7.2016 4 What is WLAN? (cont.) • Standards by ETSI – HiperLAN/1 23,5Mbps@5GHz • published 1999 – HiperLAN/2 54Mbps@5Ghz (http://www.hiperlan2.com/) • Asynchronous data communication • Support for QoS (real-time voice & video) • support Transmit Power Control and Dynamic Frequency Selection (required in Europe at 5GHz) • Uses 56 bit to 168 bit key encryption (DES) 24.7.2016 5 WLAN structure • Two possibility, either ad-hoc or Access Point BSS or ESS ad-hoc network IBSS IBSS: Independent Basic Service Set (ad hoc BSS: (Infrastructure) Basic Service Set ESS: Extended Service Set AP: Access Point Access Point network Fix to: http://www.comlab.hut.fi/opetus/423/2002/9 24.7.2016 6 802.11 WLAN security features • DSSS (Direct sequence Spread Spectrum) – Isn’t very secure, although theoretically it could be a good security feature. AP transmits the hop sequence in plain. • ESSID (Extended Service Set Identifier) – By default all stations are broadcasting ESSID – Can be passively received, when legitimate user associates with Access Point • WEP (Wired Equivalent Privacy) – By default is turned off – Includes flaws (AirSnort attack: collect weak initialization vectors) • MAC-address controlled authorization to Access Point – MAC-address is easy to spoof (command line) 24.7.2016 7 WEP • Goals – Access control: To prevent unauthorized users who lack a correct WEP key from gaining access to the network. – Privacy: To protect wireless LAN data streams by encrypting them and allowing decryption only by users with the correct WEP keys. • Includes security flaws! 24.7.2016 8 WEP Authentication • Access request by client • Challenge text sent to client by AP • Challenge text encoded by client using a shared secret then sent to AP • If challenge text encoded properly AP allows access else denied 24.7.2016 9 WEP (cont.) • Based on symmetric RC4-encryption algorithm • Support 40bit and 104bit encryption • All clients and AP’s in wireless network share the same encryption key (weakness) • No protocol for encryption key distribution (weakness) • Initialization Vector (IV) transmitted in the clear (weakness) 24.7.2016 10 WEP overview • A master key k0 (either 40 or 104 bits) is shared between two parties wishing to communicate a priori. • Each 802.11 packet (header|data) is then protected by: – An integrity check field IC = h(header|data) – A random initialization vector (IV) • The master key and IV are used to generate a keystream using RC4 in stream cypher mode k = RC4(k0, IV) • The data and IC are then encrypted by this keystream Ek(m) = m k 24.7.2016 11 WEP packet header data IC RC4 generated keystream header IV encrypted 802.11 packet random packet = header | IV | Ek(data | IC) 24.7.2016 12 Possible Attacks • War-driving, war-walking etc. – Moving around the city and scanning the WLANs – Many of the WLANs are without protection! • (about in 50% of present WLANs WEP isn’t enabled) – Usually used to find networks, not to penetrate them • Monitoring – Just listening the traffic 24.7.2016 13 Possible Attacks (cont.) • DOS-attack – Use high power 2,45Ghz (or 5GHz) signal generator • for instance, a microwave oven – Send continuous streams of CLS (clear-to-send) frames to a fictitious user • Legitimate users won’t be able to access the medium – Send deassociate frame in name of others (MACaddress can be faked) • It is possible! – Take the Access Point down! 24.7.2016 14 Possible Attacks (cont.) • Man-in-the-middle attack – If WEP is used, the secret key must first be solved – Set up fake Access Point • No authentication required (from Access Points) • Legitimate users change their Access Point to yours, if it has better SNR. You can e.g. deassociate them from the real Access Point. 24.7.2016 15 Why is WLAN still used? • It is fast and easy to set up • It supports mobility • Reduced installation time and costs compared with cable • Broadband connection, up to 54Mbps 24.7.2016 16 WLAN is fast Transmission rate (kbit/s) 100 000 Fixed LAN 50 000 10 000 802.11a, 802.11g and HiperLAN2 802.11b/WiFi 1000 500 Bluetooth UMTS GPRS 50 GSM Stationary 24.7.2016 Walking speed Source: Public Wireless LAN Access: A Threat to Mobile Operators, Analysys Research, 2001 Driving speed 17 How to check security of your WLAN-network? • AirSnort (http://airsnort.shmoo.com/) – For Linux and Windows – Recovers encryption keys – Operates by passively • WEPCrack (http://wepcrack.sourceforge.net/) – Open source tool for breaking 802.11 WEP secret keys – For Linux only 24.7.2016 18 How to check security of your WLAN-network? • Other software: – Netstumbler (http://www.netstumbler.com/) • Only for Windows – Dstumbler (http://www.dachb0den.com/projects/dstumb ler.html) • Only for Linux – Kismet (http://www.kismetwireless.net/) • Only for Linux 24.7.2016 19 WLAN security • To Be Continued… 24.7.2016 20