Wireless Security
Chapter 24 Wireless Network
Security
Objectives
The student shall be able to:
• Define the main function of the IEEE standards: 802.11a, 802.11b,
802.11g, 802.11i, 802.11n
• Define Access Point, BSS, ESS, WEP, WPA2
• Describe how a man-in-the-middle attack could occur within a wireless
network, and how sniffing could be used by an attacker.
• Define 3 main protections for WLAN protocol configurations.
• Define 3 additional protections that will help safeguard an access point or
station.
• Define the purposes of the phases of WLAN connections: discovery,
authentication, key exchange, protected data transfer.
IEEE 802.11 - WIFI
802.11a - Wireless network bearer operating in the 5 GHz ISM band with data rate up to 54 Mbps
802.11b - Wireless network bearer operating in the 2.4 GHz ISM band with data rates up to 11 Mbps
802.11e - Quality of service and prioritisation
802.11f - Handover
802.11g - Wireless network bearer operating in 2.4 GHz ISM band with data rates up to 54 Mbps
802.11h - Power control
802.11i - Authentication and encryption
802.11j - Interworking
802.11k - Measurement reporting
802.11n - Wireless network bearer operating in the 2.4 and 5 GHz ISM bands with data rates up to
600 Mbps
802.11s - Mesh networking
802.11ac - Wireless network bearer operating below 6GHz to provide data rates of at least 1Gbps per
second for multi-station operation and 500 Mbps on a single link
802.11ad - Wireless network bearer providing very high throughput at frequencies up to 60GHz
802.11af - Wi-Fi in TV spectrum white spaces (often called White-Fi)
Typical Configuration
Security Issues:
Shared Medium
Offsite access: War Driving
WIFI Protocol Stack
Physical Layer: Transmits bits
MAC Layer: Discards packets
received with errors
LLC Layer: An optional layer
retransmits if necessary
IEEE 802.11 Extended
Service Set
Access Point (AP):
• Provides access to the distribution
system
• Can serve as the coordination
function, which controls when
stations are permitted to transmit.
Basic Service Set (BSS): Set of stations
controlled by a single coordination
function (AP)
Extended Service Set (ESS): A set of 1
or more interconnected BSSs/LANs
that appear to the LLC as a single BSS.
Distribution System: A system which
internconnects a set of BSSs/LANs into
an ESS
Man-in-the-Middle Attack
10.1.1.1
10.1.1.3
(2) Login
(1) Login
(4) Password
(3) Password
10.1.1.2
Wireless Attacks
Eavesdrop Attacks
• Accidental Association:
Connecting through the
wrong Access Point
• Malicious Association:
Connecting through a
Spoofed Access Point
• Ad hoc Network:
Connecting through another
Station
Active Attacks
• Nontraditional Networks:
Other protocols (Bluetooth,
PDAs) may be insecure
• Identity Theft: Impersonation
of MAC address
• Denial of Service:
Bombarding a WLAN with
messages
• Network Injection: Attacker
inject packets to affect
connection or network
configuration
Securing Wireless Transmissions
• Hide Service Set Identifier (SSID)
– Do not broadcast SSID
– Assign cryptic name
• Reduce External Signal Strength
– Reduce power level
– Position AP in innermost building
– Use directional antennas
– Use signal-shielding techniques
• Encrypt all transmissions (WPA2 best)
MAC: Broadcast SSID
Secure Wireless AP
• Use Firewall
• Use Anti-virus/Anti-spyware software
• Change Router Standard Configuration
– Change default password
– Change default router identifier
• Configure for Specific MAC Addresses
– Harder but not impossible to break in
Secure Station
• Stolen Device
– Encrypt disk
– Backup data
• Malware – Malicious App
– Antivirus – Antispyware software
• Firewall
• Secure other interfaces (e.g., Bluetooth)
• Secure authentication
Insecure WEP Protocol
Problems:
All devices in a network
share a secret key
No mutual authentication
Key is static
Key is limited in size and
scope
Robust Security Network
Five 802.11i Phases
Discovery:
• AP & STA negotiate cipher suite and
authentication method
Authentication:
• AP & STA mutually authenticate
• Authentication: Can you prove you
are who you say you are?
Key Management:
• Keys are generated and distributed to
AP/STA.
Protected Data Transfer:
• Encrypted transmissions
Connection Termination:
• Secure connection torn down
Discovery Phase
Discovery Phase: Negotiation of:
• Encryption & Integrity Cipher
Suite
•
•
•
•
WEP
TKIP
CCMP
Vendor Specific
• Authentication & Key Mgmt
•
•
•
IEEE 802.1X
Pre-shared Key
Vendor-Specific
• Key management approach
Discovery Phase: 3 Stages
Network & Security Capability
Discovery:
• What device and security
capabilities exist?
• AP broadcasts Beacons to advertise
network & security policies
(Optional)
• STA sends Probe <-> and gets Probe
Response back
Open System Authentication
• STA & AP exchange identifiers
• Simple for backward compatibility
Association
• Agree on set of security capabilities
• Association Request (STA)
• Association Response (AP)
MAC:MAC:
Probe
Beacon
Request
w. Security
(w. Security)
MAC:
MAC: Probe
Probe Request
Request
MAC:
Probe
Probe
Response,
Response
Cont’d
cont’d
Probe
MAC: Response,
Probe Response
cont’dw.
w.Security
security
MAC: Authentication
MAC: Association Response
MAC: Ack (Negotiation)
Authentication Phase
Mutual authentication between an
STA and Authentication Server
Before Authentication:
Uncontrolled
• All packets go to the
Authentication Server
After Authentication: Controlled
• STA packets can go to other BSS
or DS.
Authentication Phase Stages
Connect to AS (Authentication
Server)
• STA -> AS: Connection Request
• AP acknowledges & forwards
request
EAP Exchange
• Extensive Authentication
Protocol (EAP)
•
IEEE 802.1X Port-Based
Network Access Control
• The STA and AS authentication
each other
Secure Key Delivery
• AS -> STA: Master Session Key
• Relies on EAP for secure
exchange
MAC: QoS Data
Key Management Phase:
Two Types of Keys
Pairwise Keys: Unicast(AP<->STA)
• Unique per STA
• Pre-Shared Key: Pre-shared before
transmission
• PTK = HMAC-SHA-1(PMK+MAC
Addresses[STA,AP]+nonce)
• Confirmation Key: Integrity &
Authenticity of control frames
• Encryption: Confidentiality of key
exchange
• Temporal key: Used for data
exchange
Group Keys: Multicast (AP<->STAs)
GTK changed when STA leaves network
Nonce: Time-related number prevents
replay
Key Management Phase
Unicast 4-Way Handshake:
STA
AP
EAPOL-key(Anonce, Unicast))
EAPOL-key(Snonce, Unicast, MIC)
(Both sides generate PTK from Anonce,
Snonce, MAC addresses, PMK)
EAPOL-key(Install PTK, Unicast, MIC))
EAPOL-Key(Unicast, MIC)
Group Key Distribution
EAPOL-key(GTK,MIC)
EAPOL-Key(MIC)
Notes
Anonce, Snonce: Timed values & Local MAC
Addresses
MIC=Message Integrity Code (HMAC-MD5 or
HMAC-SHA-1-128)
Data Transfer Phase
IEEE 802.11i
Temporal Key Integrity Protocol (TKIP)
• WEP-Compatible
• Message Integrity Code (MIC) = 64
bits
•
•
•
Calculated from MAC addresses +
data + key material
Data Confidentiality: Uses RC4 to
encrypt MPDU+MIC
Sequence number prevents replay
Counter Mode CBC MAC Protocol
(CCMP)
• Integrity: Cipher-block-chaining
Message Auth. Code (CBC-MAC)
• Confidentiality: AES CTR block
cipher mode.
MAC: DeAuthentication
Pseudo-Random Function
Generator
Used for
• Nonces
• Expand Pairwise keys
Generate IEEE 802.11i PRF(K,A,B,Len)
• K=Secret key
• A=connection-specific text string
(nonce or key expansion)
• B=data specific to each case
• Len=desired # pseudorandom bits
for output
• Counter I, incrementing
Summary
Protocol Design
• A set of authentication
mechanisms from bad to
good
• Negotiated security
• Mutual authentication
before service
• Session keys
• Integrity (MAC), Nonce
(Replay), Encryption
• Multicast keys possible
Good Practices
• Hidden identity
• Low Signal Strength
• Firewall
• Avoid default configuration
(password, id)
• Encrypt transmissions
• Encrypt mobile devices
• Antivirus/Antispyware S/W