View
222
Download
0
Category
Tags:
Preview:
Citation preview
1
Figure 2-11: 802.11 Wireless LAN (WLAN) Security
802.11 Wireless LAN Family of Standards
Basic Operation (Figure 2-12 on next slide)
Main wired network for servers (usually 802.3 Ethernet)
Wireless stations with wireless NICs
Access points
Access points are bridges that link 802.11 LANs to 802.3 Ethernet LANs
2
Figure 2-12: 802.11 Wireless LAN
NotebookWith PC CardWireless NIC
EthernetSwitch
AccessPoint
Server
802.11 FrameContaining Packet
802.3 FrameContaining Packet
(2)
(3)
Client PC
(1)
3
Figure 2-12: 802.11 Wireless LAN
NotebookWith PC CardWireless NIC
EthernetSwitch
AccessPoint
Server
802.11 FrameContaining Packet
802.3 FrameContaining Packet
(2)
(1)
Client PC
(3)
4
Figure 2-11: 802.11 Wireless LAN (WLAN) Security
Basic Operation
Propagation distance: farther for attackers than users
Attackers can have powerful antennas and amplifiers
Attackers can benefit even if they can only read some messages
Don’t be lulled into complacency by internal experiences with useable distances
5
Figure 2-13: 802.11 Wireless LAN Standards
StandardRated Speed
(a)UnlicensedRadio Band
EffectiveDistance (b)
802.11b 11 Mbps 2.4 GHz ~30-50 meters
802.11a 54 Mbps 5 GHz ~10-30 meters
802.11g 54 Mbps 2.4 GHz ?
Notes: (a) Actual speeds are much lower and decline with distance. (b) These are distances for good communication; attackers can read some signals and send attack frames from longer distances.
6
Figure 2-11: 802.11 Wireless LAN (WLAN) Security
Apparent 802.11 Security
Spread spectrum transmission does not provide security
Signal is spread over a broad range of frequencies
Methods used by military are hard to detect
802.11 spread spectrum methods are easy to detect so devices can find each other
Used in 802.11 to prevent frequency-dependent propagation problems rather than for security
7
Figure 2-11: 802.11 Wireless LAN (WLAN) Security
Apparent 802.11 Security SSIDs
Mobile devices must know the access point’s service set identifier (SSID) to talk to the access point
Usually broadcast frequently by the access point for ease of discovery, so offers no security.
Sent in the clear in messages sent between stations and access points
8
Figure 2-11: 802.11 Wireless LAN (WLAN) Security
Wired Equivalent Privacy (WEP)
Biggest security problem: Not enabled by default
40-bit encryption keys are too small Nonstandard 128-bit (really 104-bit) keys are
reasonable interoperable
Shared passwords
Access points and all stations use the same password
Difficult to change, so rarely changed
People tend to share shared passwords too widely
Flawed security algorithms Algorithms were selected by cryptographic amateurs
9
Figure 2-11: 802.11 Wireless LAN (WLAN) Security
802.1x and 802.11i (Figure 2-14)
Authentication server
User data server
Individual keys give out at access point
10
Figure 2-14: 802.1x Authentication for 802.11i WLANs
AccessPoint
Applicant(Lee)
1.Authentication
Data
2.Pass on Request to
RADIUS Server
3.Get User Lee’s Data(Optional; RADIUSServer May Store
This Data)
4. AcceptApplicant Key=XYZ
5. OKUse
Key XYZ
DirectoryServer orKerberos
Server
RADIUS Server
11
Figure 2-11: 802.11 Wireless LAN (WLAN) Security
802.1x and 802.11
Multiple authentication options (EAP) TLS
In strongest option, both client and access point must have digital certificates
Difficult to create public key infrastructure of digital certificates to implement this.
Option for only access point to have a digital certificate; no authentication for station. No protection against attacker!
12
Figure 2-11: 802.11 Wireless LAN (WLAN) Security
802.1x and 802.11 Multiple authentication options
TTLS Access point must have digital certificate Station authenticated with password or
other approach that is only moderately strong but better than nothing
MD5 CHAP authenticates only wireless station, with reusable password
Attacker can pretend to be an access point
13
Figure2-11: 802.11 Wireless LAN (WLAN) Security
802.1x and 802.11i (Figure 2-14)
Apparent security weaknesses in 802.11i; severity or ease of exploitation is not known
Temporal Key Integrity Protocol (TKIP)
Temporary stopgap method; many older systems can be upgraded
Key changed every 10,000 frames to foil data collection for key guessing
14
Figure2-11: 802.11 Wireless LAN (WLAN) Security
Virtual Private Networks (VPNs)
Add security on top of network technology to compensate for WLAN weaknesses
Discussed in Chapter 8
WLAN, etc.
VPN
15
Wi-Fi and WPA
Wi-Fi Alliance
Industry group that certifies 802.11 systems
For 2003, will require WPA for Wi-Fi certification Wi-Fi Protected Access Temporal Key Integrity Protocol (TKIP) EAP 802.1x authentication Mutual client and access point authentication Key management Eventually, products will have to ship with WPA
turned on
New:Not in Book
16
The Situation Today in Wireless Security
Wireless security is poor in most installations today
The situation is improving, and technology will soon be good
But old installations are likely to remain weak links in corporate security
Recommended