1

Wireless LAN Security

Kim W. Tracy

NEIU, University Computing

k.w.tracy@ieee.org

2

Outline

Threats to LANs & Wireless LANs Wireless LAN Security Techniques Summary

3

Fundamental Premise

Security cannot be considered in isolation and to be effective must consider the entire system

That is, network and LAN security must be: Consistent with other security mechanisms

E.g. application, data, hardware, and physical Supportive of other security mechanisms

4

Threats

5

LAN Threats

Network Traffic

Protecting Integrity

Protecting Secrecy

Protecting Availability

6

Specific LAN Threats

Availability Worms/Virus DoS Errant applications creating lots of

traffic/malformed traffic Authentication

Spying devices on LAN For example, a contractor connecting to LAN

Secrecy Sniffers being connected to the LAN to collect

passwords, etc.

7

Authentication

8

Current State of LAN Authentication

Usually none! If in the building can plug in to the LAN Can cause severe problems:

Using LAN for illegal purposes (company/person may be liable)

Can more easily compromise servers For example, send spam from your mail servers

Wireless LANs are bringing issue out

9

Authentication services

802.1X – IEEE standard for LAN authentication Can use PKI certificate-based authentication

Kerberos (closed environment) Single login (once per session) To multiple servers/domains ‘Ticket’ for each server

X.509 (open environment) Based on public key infrastructure Used in SSL, IPSEC, S/MIME, SET… One-way, two-way or three-way authentication

10

Kerberos

11

X.509 Authentication

[Ta, Ra, B, EkpubB(Kab) ] sgnA

[Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB

[Rb] sgnA

One-way

authentication

Two-way

authentication

Three-way

authentication

[Ta, Ra, B, EkpubB(Kab) ] sgnA

[Ta, Ra, B, EkpubB(Kab) ] sgnA

[Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB

A B

12

IEEE 802.1X Terminology

Controlled port

Uncontrolled port

SupplicantAuthentication

ServerAuthenticator

802.1X

• created to control access to any 802 LAN

• used as a transport for Extensible Authentication Protocol (EAP, RFC 2284)

13

802.1X Model

Associate

EAP Identity Request

EAP-Success

STAAPAP

Authentication Server

EAP Auth Response EAP Auth Response

EAP Auth Request EAP Auth Request

EAP Identity ResponseEAP Identity Response

Authentication traffic

Normal Data

Port Status:

EAP-Success

14

Wireless LAN Security

15

Introduction

802.11 standard specifies the operating parameters of wireless local area networks (WLAN)

History: 802.11, b, a, g, i Minimal security in early versions Original architecture not well suited for

modern security needs 802.11i attempts to address security issues

with WLANs

16

802.11b

Wired Equivalent Privacy (WEP) Confidentiality

Encryption 40-bit keys (increased to 104-bit by WEP2) Based on RC4 algorithm

Access Control Shared key authentication + Encryption

Data Integrity Integrity checksum computed for all messages

17

802.11b

Vulnerabilities in WEP Poorly implemented encryption

Key reuse, small keys, no keyed MIC Weak authentication No key management No interception detection

18

802.11b

Successful attacks on 802.11b Key recovery - AirSnort Man-in-the-middle Denial of service Authentication forging Known plaintext Known ciphertext

19

802.11i

Security Specifications Improved Encryption

CCMP (AES), TKIP, WRAP 2-way authentication Key management Ad-hoc network support Improved security architecture

20

802.11i Authentication

Source: Cam-Winget, Moore, Stanley and Walker

21

802.11 Encryption

Source: Cam-Winget, Moore, Stanley and Walker

22

802.11i – Potential Weaknesses

Hardware requirements Hardware upgrade needed for AES support

Strength of TKIP and Wrap questionable in the long term Authentication server needed for 2-way

authentication Complexity

The more complex a system is, the more likely it may contain an undetected backdoor

Patchwork nature of “fixing” 802.11b

23

No Control over WLAN?

Often you want to connect to a wireless LAN over which you have no control

Options: If you can, connect securely (WPA2, 802.11i, etc.) If unsecured, connect to your secure systems

securely: VPN – Virtual Private Network SSL connections to secure systems

Be careful not to expose passwords Watch for direct attacks on untrusted networks

24

WLAN Security - Going Forward

802.11i appears to be a significant improvement over 802.11b from a security standpoint

Vendors are nervous about implementing 802.11i protocols due to how quickly WEP was compromised after its release

Only time will tell how effective 802.11i actually will be

Wireless networks will not be completely secure until the standards that specify them are designed from the beginning with security in mind

25

Summary

Wireless LAN Security is not independent of the greater network security and system security

Threats to the Wireless LAN are largely in terms of being available and in providing a means to attack systems on the network That is, not many folks attack routers (yet)

26

References

ftp://ftp.prenhall.com/pub/esm/web_marketing/ptr/pfleeger/ch07.pdf - Charles & Shari Pfleeger’s chapter on network security

http://www.gocsi.com/forms/fbi/pdf.jhtml - To request the Computer Security Institute/FBI yearly survey results (widely referenced)