Wireless intro & history

Wireless intro & history

OUTLINES

ž     Wireless intro & history

ž     Wireless security overview

ž     Standards & techniques

ž     Threats and Best Practices

Background & Overview

ž     History

—        Developed for military use

—        Security widely noticed after Peter Shipley’s 2001 DefCon preso on WarDriving

—        DHS labeled WiFi a terrorist threat, demanded regulation

ž     Non Wi-Fi types

—        CDPD – 19.2 kbps analog

—        GPRS – 171.2 kbps digital

—        WAP – bandwidth-efficient content delivery

—        Ricochet – 176 kbps wireless broadband flop

—        Bluetooth – personal area networks, range limited only by transmit power

—        Blackberry – Use cellular & PCS networks, no authentication at console

ž     IEEE 802 series standards

—        802.11 – wireless LANs

—        802.15 – wireless personal area networks (e.g., Bluetooth)

—        802.16 – wireless broadband up to 155Mb, wireless ISPs

Organizations

ž     FCC – regulates ISM bands

—        900 Mhz, 2.4 Mhz, 5.8 Mhz

ž     IEEE – develops wireless LAN standards

ž     ETSI – IEEE for Europe

—        HiperLAN/2 similar to IEEE 802.11 standards

ž     WECA (WiFi Alliance) – regulate WiFi labeling

802.11 standards

ž     802.11a – 54 Mbps@5 Ghz

—        Not interoperable with 802.11b

—        Limited distance

—        Dual-mode APs require 2 chipsets, look like two APs to clients

—        Cisco products: Aironet 1200

ž     802.11b – 11 Mbps@2.4 Ghz

—        Full speed up to 300 feet

—        Coverage up to 1750 feet

—        Cisco products: Aironet 340, 350, 1100, 1200

ž     802.11g – 54 Mbps@2.4 Ghz

—        Same range as 802.11b

—        Backward-compatible with 802.11b

—        Speeds slower in dual-mode

—        Cisco products: Aironet 1100, 1200

802.11 standards (cont.)

ž     802.11e – QoS

—        Dubbed “Wireless MultiMedia (WMM)” by WiFi Alliance

ž     802.11i – Security

—        Adds AES encryption

—        Requires high cpu, new chips required

—        Temporal Key Integrity Protocol (TKIP) is interim solution

ž     802.11n – 100Mbps+ (in progress)

ž     Wi-Fi Protected Access (WPA)

—        Subset of 802.11i, forward-compatible with 802.11i (WPA2)

—        Encryption: Version one uses TKIP

—        AuthC: 802.1x & EAP – allows auth via RADIUS, also allows auth via PSK

Wireless security overview

802.11i – wireless security done right

ž     FIPS-140 compliant

ž     AES replaces RC4 w/TKIP

ž     Dubbed “WPA2” by WiFi Alliance

ž     Robust Security Network (RSN) for establishing secure communcations

—        Uses 802.1x for authentication

—        Replaces TKIP

ž     Counter Mode with Cipher Block Chaining (CCMP) for encryption

—        CCM mode of AES

—        128-bit keys, 48-bit IV

—        CBC-MAC provides data integrity/authentication

—        CCMP mandatory with RSN

—        Wireless Router Application Platform (WRAP) was initial selection, licensing rights/problems got in the way

802.11 security

ž     Shared media – like a network hub

—        Requires data privacy – encryption

ž     Authentication necessary

—        Can access network without physical presence in building

—        Once you connect to wireless, you are an “insider” on the network

802.11 security approaches

ž     Closed network

—        Service set identifier (SSID) can be captured with passive monitoring

ž     MAC filtering

—        MACs can be sniffed/spoofed

ž     Wired Equivalent Privacy (WEP)

—        Can be cracked online/offline given enough traffic & time

ž     Change keys frequently

—        Traffic can still be decrypted offline

ž     Place APs on DMZ

—        Requires VPN access to get back into network

ž     Use VPN

—        Doesn’t handle roaming

ž     Authentication portal

—        Example: Nocat

—        More stuff to configure

ž     WPA and/or Extensible Authentication Protocol (EAP)

Authentication methods

ž     Open systems authentication

ž     Shared key authentication

ž     EAP / 802.1x

Open system authentication

ž     Required by 802.11

ž     Just requires SSID from client

ž     Only identification required is MAC address of client

ž     WEP key not verified, but device will drop packets it can’t decrypt

Shared key authentication

ž     Utilizes challenge/response

ž     Requires & matches key

ž     Steps

—        Client requests association to AP

—        AP issues challenge to client

—        Client responds with challenge encrypted by WEP key

—        AP decrypts clients & verifies

ž     WEAK!  Attacker sniffs plain-text AND cipher-text!

802.1x authentication

ž     Encapsulates EAP traffic over LAN (aka EAPoL)

ž     EAP: Standard for securely transporting authC data

ž     Supports a variety of authentication methods

—        LEAP, EAP-TLS, etc.

ž     Port-based – only access is to authentication server until authentication succeeds

—        Similar to what’s used on Ethernet switches

ž     Originally designed for campus-wired networks

ž     Requires little overhead by access point

802.1x authentication (cont.)

ž     3 entities

—        Supplicant (e.g., laptop w/wireless card)

—        Authenticator (e.g., access point)

—        Authentication server (e.g., RADIUS)

ž     Keys

—        Unique session key for each client

—        New WEP key each time client reauthenticates

—        Broadcast key

—                    Shared by all clients

—                    Mixed with IV to generate session keys

—                    Rotated (Broadcast Key Rotation – BKR) regularly to generate new key space

Wireless security standards

Wired Equivalent Privacy (WEP)

ž     Part of 802.11 specification

ž     Shared key – 40/104 bits

ž     Initialization vector (IV) = 24 bits

ž     Uses RC4 for encryption

ž     Weaknesses/attacks

—        FMS key recovery attack – weak IVs

—                    Filter weak IVs to mitigate

—        IV too short, gets reused after 5 hours

—        IP redirection, MITM attacks

—        Traffic injection attacks

—        Bit-flip attacks

ž     WEP2 added, increases key length to 128 bits

TKIP/MIC to the rescue

ž     Fixes key reuse in WEP

ž     Same encryption as WEP (RC4)

ž     TKIP – Temporal Key Integrity Protocol

—        Protects IV by removing predictability

—        Broadcast WEP key rotation is a good alternative if you can’t support TKIP

ž     MIC – Message Integrity Code

—        Protects against bit-flip attacks by adding tamper-proof hash to messages

—        Must be implemented on clients & AP

—        Hash of random num + MAC header + sequence number + payload

—        Sequence number must be in order or packet rejected

—        Part of firmware, not O/S

ž     TKIP Steps

—        Start with shared key

—        Add MAC address to get phase 1 key

—        Mix WEP key with IV to derive per-packet keys

—        Each packet encrypted separately, fights weaknesses in RC4 key scheduling algorithm

TKIP Per-packet keying

WiFi Protected Access (WPA)

ž     Developed to replace WEP, improve authC

—        Software upgrade to existing hardware

—        Forward-compatible with 802.11i

ž     Encryption key management: TKIP

—        Doubled IV to 48-bits

—        Better protection from replay & IV collision attacks

—        Per-packet keying (PPK)

—        Protects against key-recovery attacks (AirSnort)

—        Broadcast key rotation

ž     Message integrity: Michael

—        Protects against forgery attacks

ž     Authentication:

—        802.1x and EAP

—        Mutual authentication

—        So you don’t join rogue networks and give up your credentials

WEP vs. WPA vs. WPA2

	WEP	WPA	WPA2
Encryption	RC4	RC4	AES
Key rotation	None	Dynamic session keys	Dynamic session keys
Key distribution	Manually typed into each device	Automatic distribution available	Automatic distribution available
Authentication	Uses WEP key as AuthC	Can use 802.1x & EAP	Can use 802.1x & EAP

WPA deployment modes

ž     Enterprise

—        w/RADIUS for authC

ž     Home or SOHO

—        Aka “Pre-Shared Keys (PSK)” mode

—        User enters master key on each computer

—        Master key kicks off TKIP & key rotation

ž     Mixed-mode

—        Operates in WEP-only if any non-WPA clients

EAP Types

ž     Cisco LEAP

—        Username/password authC

—        Per-user, per-session encryption keys w/WEP

—        Vulnerable to password/hash-based attacks

ž     EAP-TLS

—        Mutual authC based on X.509 certs

—        802.11i default

ž     EAP-TTLS / PEAP

—        Tunneled TLS

—        Doesn’t require client certs

ž     PEAP

—        Tunneled authentication

—        Like EAP-TTLS

ž     EAP-GTC

—        AuthC via one-time passwords

ž     EAP-FAST

—        Client & server have same key (symmetric), establishes secure tunnel

—        Authentication happens over secure tunnel

—        Like VPN authentication today

LEAP

ž     Centralized authentication messaging to RADIUS

ž     Cisco proprietary

—        Spec available only under NDA

—        Implemented by other vendors via CCX

ž     Features

—        Uses modified MS-CHAPv2 challenge/response in clear

—        Mutual authentication

○       Mitigates MITM attacks

—        Rotates WEP keys

—        Prevents use of weak IVs from AP

LEAP weaknesses

ž     Weaknesses

—        No salt in stored NT hashes (dictionary attacks)

—        Weak DES key for challenge/response (gives 2 bytes of NT hash)

—        Username is clear-text

ž     Asleap

—        Takes pcap file

—        Offline attack to crack password

ž     Defense:  Strong passwords

Threats and Best Practices

WLAN Threats

ž     Threats

—        Malicious hacking attempts

—        Rogue Access Points

—        Denial-of-Service (DoS)

—        Mobile devices

ž     Hacking Attempts

—        War driving/walking/flying

—        Disgruntled employee

—        Industrial espionage

—        Electronic warfare

Hacking methods

ž     Traffic generation

—        Flood network w/captured traffic to break WEP more quickly

—        Break 40-bit WEP in 1 hour (in lab)

—        Defense: Filter weak IVs in AP

ž     Man-in-the-middle

—        Can be used w/one-way authentication (open, shared, 802.1x)

—        Must know WEP key if WEP-protected

—        Requires signal that overpowers AP’s signal

—        Tool: hostap (advertises wireless client as host AP)

—        Can be used to collect credentials or deny service

—        Tools: Monkey-jack, AirJack

ž     Get MAC addresses to figure out default settings

ž     Web sites give defaults

—        MAC addresses

—        DHCP address ranges

—        Admin passwords/settings

ž     Some sites post WEP keys

—        Universities, especially

Rogue Access Points

ž     Probably the most serious security threat to your network

ž     No such thing as a “non-wireless company”

ž     Mitigate by

—        (1) Strong and documented WLAN security policy

—        (2) Detection

—         Radio based, client based & network based

—        (3) Provide “approved” WLAN services

—         No longer any need for rogue deployments

Cisco IT Rogue AP detection

ž     Via “wired” scanning

—        Regular full scan

—        Tool similar to “APTools”

—        Device fingerprinting

—        Includes remote networks (home)

ž     Via “wireless” scanning

—        AP or client

—        Through WLSE

Denial of Service

ž     Can be malicious or “accidental”

ž     Example: Send de-authenticate frames using MAC of AP

ž     Mitigated by:

—        IT becomes “regulator” for air-space

—        Careful radio management (WLSE)

—        Prudent AP configuration (EMAN)

—        Monitor the airwaves (WLSE)

—        Stable authentication back-end

Wireless LAN Security: Recommended Best Practices

ž     Implement Secure Management Policy for APs/Bridges

—        Disable Telnet, disable http access, disable CDP, enable SSH, and enable TACACS for Admin authentication

ž     Publicly Secure Packet Forwarding: no Inter-client communication on specific VLANs

ž     Virus Scanning + Firewall recommended on WLAN Clients

ž     RF Monitoring and Rogue AP Detection

—        Radio, client & network based scanning

—        Wireless IDS (WLSE 2.7)

ž     Select appropriate EAP mechanism

Detection

ž     Can detect active scanning tools

—        NetStumbler leaves well-known fingerprints in logs

ž     MAC spoofing

—        FakeAP – detect short time between broadcasts w/sniffer

ž     WEP reinjection

—        FCS has consistent value (would change if it were true data traffic)

ž     IDS

—        Snort-wireless

—        Snort plug-ins detects rogue APs & active scanning

—        Kismet detects active scanning, M-I-M attacks

—        WIDZ detects attacks & rogue APs

—        AirDefense detects attacks & rogue APs (commercial)

—        AirMagnet w/distributed sensors

—        Cisco SWAN deploys sensors into APs

Demo of tools

ž     Notes

—        Require setting “monitor mode” on card

—        Drivers hard to find for this

—        Linux-built drivers free, Windows drivers custom from other sites

—        expensive

ž     Monitoring tools

—        Kismet

—        AirSnort

ž     Spoofing tools

—        FakeAP

PALM PILOTS / PDAs / CELL PHONES / WIRELESS SECURITY

}        What information on the device can be compromised

}        Everything! – Contacts/clients; meetings; patient data; legal and financial information

}        Passwords – good first line defense

}        User ID/Power – passwords

◦         Alphanumeric

◦         Non alphanumeric

◦         8 Character

◦         Problems – data not encrypted

}        Security specific software

}        The lonely PDA…not for long

}        Left on a desk

}        Left on an airplane

}        Dropped from a pocket or bag

}        Stolen!

}        The PDA and all its contents immediately are released to another individual unless protected

}        SECURITY IS PARAMOUNT!

Are you Protected ?

}        Policies

}        Infrastructure/Network

}        Encryption software

}        Awareness

Mobile and wireless security issues

• Handhelds, being small, portable devices, are easily lost or stolen. About 250K PDAs were lost in US airports during 2002.(Gartner report)
• Handhelds are frequently used in hostile environments like hotspots, customer sites, business partner offices, and industry conferences.
• Attackers are drawn to locations where business travelers gather, because targets are more plentiful and it is easier to go unnoticed.
• Security features limited – Handheld devices have simpler user interfaces and less CPU, storage, memory, and network bandwidth than desktops or laptops.
• Inherently harder to manage.
  • Not continuously connected
    • More difficult to enforce security policies and monitor security events.
• Handhelds often ship with security features disabled by default.

Threats

• Handhelds are also potentially vulnerable to viruses, worms, trojans, and spyware.
• Most are Win32 viruses that can be spread from unprotected handhelds to desktops through synchronization, email, or file shares.

◦         Self-replicating worms like Bugbear, Klez, and Spida flood email and file servers, delete registry keys, kill processes, disable software, and carry trojans.

◦         Trojans can log keystrokes, launch denial of service (DoS) zombies, or let attackers assume remote control of infected hosts.

◦         Spyware in cookies and programs like Kazaa are not overtly malicious, but leak potentially sensitive information about your computing behavior.

• Mobile phones that can download games, ring tones, and other software have opened a new avenue for hackers to exploit.
• Compact flash and PCMCIA cards supported by handhelds can store 5 GB or more. These removable cards (and their contents) are easily “borrowed” or stolen.
• According to CERIAS, networked handhelds are less resistant to common TCP denial of service attacks because their limited resources are easily exhausted.

Practical Security strategis for pocket PCs

• Set power-on passwords. According to Gartner, the biggest risk associated with Pocket PCs is that no power-on password is required by default.
• Use mobile firewall to block unauthorized handheld network activity

◦         Defends against port scans, unauthorized requests, unwanted peer-to-peer connections, denial of service floods, and other network-borne attacks.

• Encrypt sensitive values, database records, key files and folders, or entire compact flash cards..
• Protect traffic sent and received by handhelds. Consider encrypted, authenticated VPN tunnels to ensure the privacy and integrity of communication between handhelds and connected networks.
• If credentials must be saved on a handheld, encrypt them.
• Detect and eradicate viruses.
• Backup handheld data regularly. Frequent backups can reduce loss of data and downtime when a Pocket PC is lost, stolen, wiped clean, or damaged beyond repair.

How Data is stored

• Digitally as tiny magnetized regions, called bits
• Hard drives store this on a platter, like a CD
• Data can be extracted from ANY electronic/digital source (floppy, cd, dvd, zip disks, removable media, hard drives, flash memory, thumb drive, usb drives, printer memory, blackberry, pda, XBOX, tivo, etc.)
• Once data is written, it remains until disk is wiped or overwritten by other information

25 august 2005 used Blackberry Contined Proprietary information

}        A man who bought a BlackBerry on eBay for $15.50 found that

}        the wireless device contained a database of over 1,000 names,

}        e-mail addresses and phone numbers of Morgan Stanley

}        executives, as well as more than 200 internal Morgan Stanley

}        e-mails.

}        The seller is a former VP of mergers and acquisitions who had left

}        the company. He said he had removed the battery months before

}        selling the BlackBerry and assumed the data had been erased.

Controls

• Information that is placed on device
• Security configuration including software used to protect the information
• Does the device synchronize with others – Admin rights?
• Modes of operation

◦         Wireless

◦         Infrared

• No upload/download via infrared or wireless while connected to desktop networked PC
• Use infrared only for authorized data transfers
• PDA”S not to be left unattended while attached to a computer
• PDA’s secured with password protection while not in use
• User takes responsible steps to prevent loss or theft of device
• Regularly sync device so that appropriate security files (virus signature) are updated

Awareness

• Physical security of device
• A strong password (eight characters, mixture of numbers, letters and special characters)
• Information to be stored on device
• Procedure to follow if device is lost or stolen
• Firewall
• Record, in the event PDA is lost or stolen:

◦         Serial number

◦         Make and model

WIRELESS DATA CONNECTIVITY GUIDELINE

http://www.telcom.arizona.edu/WLAN-Guide.html

What is this Phenomenon of Drive by hacking

• Hacker taps into a network using a wireless device.
• Got its name because a hacker can literally construct a device, that will allow them to park in front of a  building and gain access to a network while sitting in the car.
• Relative ease of uncovering this vulnerability and gaining access to a company’s unsecured network can be likened to installing a wireless LAN jack in your parking lot (access to everyone).

What does it mean to do war driving ?

• Need a device capable of receiving an 802.11b signal (the wireless standard)
• A device capable of locating itself on a map
• Software that will log data from the second when a network is detected by the first.
• You then move these devices from place to place, letting them do their job.
• Over time, you build up a database comprised of the network name, signal strength, location, and ip/namespace in use. You may even log packet samples and probe the access point for data available via SNMP.

Is this a new security vulnerability ?

• The security community has known about this vulnerability for a couple of years, but only recently has it become more widely known and popular.
• Freeware programs can be downloaded that automate finding and cracking wireless networks; combining this with the rapidly increasing use of 802.11 due to low cost components hitting the market makes it a big issue today.

Why is it  easy to get into e wireless network ?

• The most common wireless local area network is built based on a standard known as 802.11.
• The security function of this technology has been demonstrated to be inadequate when challenged by simple hacking attempts.
• In addition, products sold with this technology are often delivered with security functionality disabled.

Does a WEP encryption option built into 802.11 make me secure ?

• Not really. The 802.11 standards include a security component called Wired Equivalent Privacy, or WEP, and a second standard called Shared Key Authentication.
• WEP defines how clients and access points identify each other and communicate securely using secret keys and encryption algorithms.
• Although the algorithms used are well understood and not considered weak, the way in which they are used, in particular the way keys are managed, has resulted in a number of easily exploitable weaknesses.
• On top of this, it is estimated that approximately only 30% of 802.11 networks use WEP encryption or have turned on the option to enable WEP encryption-this is based on anecdotal evidence of war driving experiences that people have posted on the Internet.

Wll banning wireless device from our network make us more secure ?

• Wireless access points are now so affordable that people are using them for convenience everywhere.
• For example, someone may have a wireless device connected to their home computer, and that computer may also be dialed into the university network.
• This introduces a rogue access point to the corporate network that was not part of the original architecture and is likely unknown to network administrators.
• Another scenario may be that an individual or department may set up a wireless network inside the university firewall—again establishing rogue access points that you do not know about.

What can I do to make my network secure ?

• You need to layer more security on top of any wireless 802.11 system.
• By having security conscious mindset and following a few policy guidelines, a wireless network can be secure.
• By implementing a sound security policy and following with thorough enforcement of that policy, we are better equipped to face the security challenges that wireless technology presents.

Possible solution include

• Using a VPN (virtual private network).

◦         VPNs are used with digital IDs to achieve strong user identification.

◦         VPN also provides the added benefit of establishing an encrypted tunnel from a client machine right through to the server.

• The use of encryption as an added security measure can be considered.

◦         Requires user knowledge and use of an assigned key that must be changed periodically by central IT staff.

◦         Users must be notified of each key change.

◦         Nothing prevents a user from sharing the encryption key with an outsider.

◦         Research indicates wireless encryption methods are easily broken.

• Regardless of security measures, data transmitted via a wireless network can be intercepted. Users are advised to avoid the transmission of sensitive data across this network.

Wireless security data connectivity guidelines

• Describes how wireless technologies are to be:

◦         implemented

◦         administered,

◦         and supported at the University of Arizona campus.

• Supplements the guidelines in the CCIT Computer and Network Usage Policy

◦         by adding specific content addressing wireless data connectivity

◦         the resolution of interference issues that might arise during use of specific frequencies.

• Desire for campus constituencies to:

◦         deploy wireless technologies with a central administrative

◦         encourage all constituents to deploy such systems with an acceptable level of service quality and security.

Scope of service

}        Guideline defines the roles of the

}        campus units and Telecommunications

}        for deploying and administering the

}        wireless infrastructure for the campus.

Network reliability

• Function both of the level of user congestion (traffic loads) and service availability (interference and coverage).
• Guideline establishes a method for resolving conflicts that may arise from the use of the wireless spectrum.
• Approaches the shared use of the wireless radio frequencies in the same way that it manages the shared use of the wired network.
• CCIT will respond to reports of specific devices that are suspected of causing interference and disrupting the campus network.
• Where interference between the campus network and other devices cannot be resolved, Telecommunications reserves the right to restrict the use of all wireless devices in university-owned buildings and all outdoor spaces.

Security

• The maintenance of the security and integrity of the campus network requires adequate means of ensuring that only authorized users are able to use the network.
• Wireless devices utilizing the campus wired infrastructure must meet certain standards to insure only authorized and authenticated users connect to the campus network and that institutional data used by campus users and systems not be exposed to unauthorized viewers.

Campus unit responsibilities

• Responsible for adhering to Wireless Communications Guidelines.
• Responsible for managing access points within departmental space and assuring proper network security is implemented.
• Responsible for registering wireless access point hardware, software & deployments with Telecommunications.
• Responsible for informing wireless users of security and privacy guidelines & procedures related to the use of wireless communications.
• Responsible for monitoring performance and security of all wireless networks within departmental control as required to prevent unauthorized access to the campus network.

Draft wireless security standard

}        Due to the lack of privacy of network

}        communication over existing wireless network

}        technology, all wireless traffic is presumed to be

}        insecure and susceptible to unauthorized

}        examination.

• Authentication
• Security Awareness
• Monitoring and Reporting

Authentication

}        Access to wireless network connectivity should be limited to

}        authenticated users and authorized wireless client devices.

}        Authentication may be performed based on the following

}        requirements:

}        All authorized wireless network users will be required to be authenticated and operate through the campus VPN.

}        All authorized wireless network users must register the MAC address of the wireless network interface card (NIC) to the local or campus Dynamic Host Configuration Protocol (DHCP) service.

}         Wireless NICs and user accounts are not to be shared. (See Network Usage policy)

}         Users are prohibited from using wireless network technology to access critical and essential applications without the wireless network connections being appropriately encrypted.

Security awareness

All wireless network managers should be aware of the following issues:

• Authentication for wireless network access protection of passwords
• Authorized use of wireless network technology

wireless interference issues

• Privacy limitations of wireless technology
• Report wireless network service problems
• Respond to a suspected privacy violation
• Revoke DHCP registration due to termination of affiliation with University.

Monitoring and reporting

}        The use of wireless network technology is to be monitored on a

}        regular basis for security and performance.

}        Authentication, authorization and usage and wireless network

}        performance reports are to be made on an individual basis

}        Any unusual wireless network event that may reflect unauthorized

}        use of wireless network services will be immediately reported by

}        the wireless system administrator to the campus Security Incident

}        Response Team (SIRT) for review and, if appropriate, investigation.