• No results found

Wireless Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Wireless Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger."

Copied!
21
0
0

Loading.... (view fulltext now)

Download now ( 21 Page )

Full text

(1)

Wireless Security

CSE497b - Spring 2007

Introduction Computer and Network Security Professor Jaeger

(2)
(3)

Wireless Networks

• Network supported by radio communications .. • Alphabet soup of

standards, most on 802.11 • .. destroys the illusion of a

(4)

Why you should fear Simon Byers ...

• Over the course of history radio frequencies have been enormously vulnerable to eavesdropping and manipulation.

• ASSUME: Everything you say on a wireless network is going to be heard and potentially manipulated by your adversaries.

(5)

Wireless LANs

• Access point networks (ranging to about 300 feet) • All devices connect to the central access point

• Pro: very easy to setup and maintain, simple protocols

• Con: reliability/speed drops as you get away from AP or contention increases.

(6)

Ad hoc Networks (a.k.a peer-to-peer)

• Devices collaboratively work together to support network communication

• Network topology changes in response to moving devices, e.g., bluetooth

• Pro: highly flexible and responsive to changes in environment

• Con: complex, subject to traffic manipulation by malicious peers

(7)

Devices

• Laptops (canonical wireless devices) • Desktops, mobile phones, ....

(8)

Attacks on Wireless Networks

• DOS

• Planted devices

• Hijacked connections • Eavesdropping

(9)

Threats

• This is an open network ...

• ... to which anyone can connect. • What security is necessary?

– Authentication? – Confidentiality? – Integrity? – Privacy? – DOS Protection? – Accountability (traceability)?

(10)

Security Mechanisms

• Note: this is just a network with different threats, so implementing security is very similar to network

security

• Authentication

– Q: What are you authenticating in a wireless network? – Methods: password/passphrase, smartcard, etc.

– Tools: radius, Kerberos, PKI services ....

• Confidentiality/Integrity

– Typically implemented via some transport protocol

(11)

Wireless Security Approaches

• MAC Authentication

• WEP (Wired Equivalent Privacy)

• 802.11i (WPA - Wifi Protected Access)

• EAP/LEAP (Extensible Authentication Protocol) • WAP (Wireless Application Protocol)

(12)

MAC Authentication

• Create a list of MAC addresses

– media access layer, e.g., ether 00:0a:95:d5:74:6a – Only these devices are allowed on network

• Attack

– Listen on network for MAC address use -- laptop

– Masquerade as that MAC address (easy to do, many devices programmable)

– ... can wait for it to go off line to avoid conflict, but not necessary

• ARP Security limitations

(13)

WEP (Wired Equivalent Privacy)

• Keys

– Pass-phrase converts 40 bits from passphrase, plus 24 bit initialization vector (or)

– 26 char hexadecimal + 24-bit IV = 128-bit WEP

– Ability to send packets is essentially authentication

• integrity used as authentication

(14)

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

The WEP Flaw (greatly simplified)

Page 14

Protocol

• Passphrase Key kp

• Initialization vector ivi

• Plaintext data d1, d2 (for separate blocks 1 and 2)

• Traffic Key kti = kp||ivi

• Ciphertext = E(kti, di) = RC4(kti) ⊕ di

Attack

• Assume iv1 = iv2

• Only 17 million IVs (224), so IV of two packets can be found (≈ one in 4096)

(RC4(kt1) ⊕ d1) ⊕ (RC4(kt1) ⊕ d2) = d1 ⊕ d2

1

Protocol

• Passphrase Key kp

• Initialization vector ivi

• Plaintext data d1, d2 (for separate blocks 1 and 2)

• Traffic Key kti = kp||ivi

• Ciphertext = E(kti, di) = RC4(kti) ⊕ di

Attack

• Assume iv1 = iv2

• Only 17 million IVs (224), so IV of two packets can be found (≈ one in 4096)

(15)

802.11i (WPA - Wifi Protected Access)

• Solution to problems with WEP • Two modes of operation

– Pre-shared key mode -- WEP like, shared key derived from single network passphrase

– Server mode -- uses 802.1X authentication server to authenticate/give unique keys to users

• Protocol fixes to WEP

– increase IV size to 48 bits

– TKIP - change keys every so often -- Temporal Key

Integrity Protocol

– improved integrity (stop using CRC and start using MAC) – WPA2: AES instead of RC4

(16)

WAP (Wireless Application Protocol)

• A set of protocols for implementing applications over thin (read wireless) pipes.

• Short version: a set of protocols to implement the web over wireless links as delivered to resource limited devices

– reduce overhead and flabby content (image rich HTML) – support limited presentation and content formats

• Wireless Markup Language (XML-based language)

– reduce the footprint of the rendering engine (browser)

Security: WTLS

– SSL/TLS protocol -- public keys, key negotiation, etc.

(17)

EAP/LEAP

• Extensible Authentication Protocol

– Challenge response - auth. only

– Bolts onto other authentication mechanisms, e.g., Kerberos, RADIUS

– Passes authentication information onto other protocols (WEP, WAP)

– LEAP: Cisco implementation/modifications (security problems are possibly serious)

– Standards: EAP-MD5, EAP-TLS

– PEAP: RSA/Microsoft/Cisco standards for WPA/WPA2 protocols

(18)

Bluetooth

• A standard for building very small personal area networks (PANs)

• Connects just everything you can name: PDAs, phones, keyboards, mice, your car

• Very short range range network: 1 meter, 10 meters, 100 meters (rare)

• Advertised as solution to "too many cables" • Authentication

– "pairing" uses pass-phrase style authentication to establish relationship which is often stored

(19)

Bluetooth Security

• Everything really works off the PIN

• Attacks have progressively been successful at

identifying vulnerabilities in the way PINs are used, can be reverse engineered

• Privacy: know what is on and how public it is ... • Problem: Cambridgeshire, England

(20)

RFIDs

Radio Frequency Identification (RFID)

identity-providing transponders

Passive: no external power - backscatter (Walmart)

Active: internal power (SpeedPass)

History: a soviet listening device (1945), alied FoF (1939)

Privacy/Security anyone?

Q: How do you control who is accessing your information?

A: You don’t (currently)

Security measures

Rolling code (one time tokens)

(21)

NIST Evaluation

• Any vulnerability in a wired network is present in the wireless network

• Many new ones: protocols, systems more public and vulnerable

• Recommendations:

– Disable file and directory sharing – Turn off APs when not in use

– Use robust passwords, 128-bit encryption – Audit, audit, audit

References

Download now ( PDF - 21 Page - 4.37 MB )

Related documents

The real effects of uncertainty shocks on economic activity: theary and empirical evidence

New-Keynesian model: in this model, instead, an unexpected negative shock and consequently an increase in uncertainty generates a reduction in consumption, worked hours,

A Business Case for the Upgrade of the Kangaroo Island Airport at Kingscote

Currently, there is a high degree of international tourists visiting the Island via air travel, or a combination and air and ferry travel. Without access via air at competitive rates,

Introduction to Wireless Sensor Network Security

– Increasing the level of security especially for military networks – Preventing Homing type DoS attacks using Key

Criticality in international higher education research: A critical discourse analysis of higher education journals

The inclusion criteria included articles that (1) were published in one of the four aforementioned journals (2) was published between 2010-2016 (3) could be retrieved by

Is a Regional Trade Agreement with Balkan Countries Applicable for Turkey? A Time Series Analysis

In this respect, on the basis of Vector Error Correction (VEC) model, Granger causality analysis has been performed to make inferences about the consequences of a possible

Universal WiFi Range Extender WN2000RPT Installation Guide

To connect additional Wi-Fi devices to your Extender network, use the same network security key (passphrase) as is set on your existing wireless network/wireless router.... Option

On Wang Enyang’s Dharmalaksana Confucian Thought

 As  a  philosophical  school, Confucianism  should  have  a  coherent  use  of  basic principles. If the significances of the concept of human nature  are

Rate sensitivity in discrete dislocation plasticity in hexagonal close-packed crystals

There appear slightly stronger differences between the analytical (smooth) results and those from the numerical DDP solution here, compared with the obstacle-free model discussed