1

WLAN 보안

2

WLAN Security

• Requirements for Secure Wireless LANs–Authentication–Access Control–Data Privacy–Data Integrity–Protection Against Replay

3

WLAN Attack

• Wardriving– Driving around looking for unsecured wireless

networks.– term coined by Pete Shipley

• 워드라이빙 :– 이동수단을 이용하여 , 무인증 무선네트워크를 찾아다니는 행위– 해킹 경유지의 순차적 추적 불가능– 무선 AP 에는 접속 로그 미존재– 실시간 추적시에도 무선 AP 로부터 접속자 위치 확인 불가능– 실시간 이동 공격자에 대한 추적 대책 미흡( 핸드폰 위치추적기술과 같은 방법 개발 필요 )

4

MAC address Authentication Attack

• Strengths ( 장점 )– MAC 주소를 기반으로 AP 에 접속하고자 하는 Station 들을

제어

• Weaknesses ( 단점 )– MAC 주소는 쉽게 위조 가능– 무선랜 네트워크를 모니터링 (sniffing) 함으로써 쉽게 MAC

주소를 획득– 공격자들은 무선랜 통신을 계속 감시 가능– MAC 주소의 Brute-force 공격이 가능– Man in the middle attack 기술로 네트워크가 공격에 노출- TOOL

- WindowsAiroPeek : Wireless Network Management ToolSMAC : MAC address Changer

- LinuxKismet : Wireless Network Sniffing Toolmacchanger : MAC address Changer

5

MAC Address Attack

6

Rogue AP – Spoofing Attack

• Station 은 항상 가장 신호가 센 AP 로 접속• Attacker 는 목표 AP 와 동일한 SSID 를 사용• Attacker 는 목표 AP 보다 강한 신호를 발생시켜• Victim 이 접속하기 가장 용이한 AP 로 위장• Victim 은 아무런 의심없이 AP 에 접속• Attacker 는 정상적인 홈페이지를 위장한 가상홈페이지를

열어놓고 ID 와 PW 입력 유도

7

Rogue AP – Spoofing Attack

8

802.11 Passive Monitoring

Attacker Passive MonitoringCaptures data

Station

Access Point

Username: dziminski

Password:cleartext

9

802.11 DOS Attack

Attacker spoofs 802.11Disassociate frame

Station

Access Point

X Connection is broken

10

802.11 Man in the Middle Attack

Access Point

• Attacker broadcasts spoofed AP SSID and MAC Address • Station unknowingly connects to attacker• MIM attacks can always be established• But if strong authentication and encryption are used, attacker will be nothing more than a bridge.

AP MAC Address

Station MAC Address

AP MAC Address

Station MAC Address

Attacker

Station

11

Authentication and Encryption Standards

EAP

802.1x

WPA-TKIP 802.11i

RC4

TLS

Encryption Algorithms

Authentication Protocols

PEAP

CertificateCredentials Username/Password

Encryption Standards WEP

RC4 AES

WEP: Wired Equivalent Privacy , WPA: Wi-Fi Protected Access, TKIP: Temporal Key Integrity Protocol PEAP: Protected Extensible Authentication Protocol; uses server-side public key certificates to authenticate the server

12

Evolution of WLAN Security– WEP: not adequate– IEEE formed a Task Group “i” to develop

802.11i standard • Objective: to produce a detailed specification to

enhance the security features for WLANs

IEEE 802Working group

IEEE 802.11WLAN WG

IEEE 802.11iWLAN security

RSN TSNRobust

Security NetworkTransitionalSecurity Network

13

Evolution of WLAN Security

– Responses from Wi-Fi Alliance– The industry cannot wait for the 802.11i standard. It is

demanding a more secure wireless environment right now– Wi-Fi Alliance, together with IEEE, developed Wi-Fi Protected

Access (WPA) to offer a strong interoperable security standard to the market

• 802.11i contributed TKIP (encryption) and MIC (integrity) algorithms, which were being developed for RSN but applicable to WPA

WPA

Wi-Fi Alliance

Wi-Fi Protected AccessTKIP

+MIC

IEEE 802.11i

Temporal KeyIntegrity Protocol

MessageIntegrity Check

14

High-level Differences Between RSN and WPA

• RSN– Designed from the start,

without regards to existing WEP systems

– Will require new hardware to support new methods of encryption

– Supports options for encryption (privacy)

• TKIP

• AES

• WPA– Designed with constraints

around existing WEP systems

– Objective: use same hardware and upgrade software only

– Only supports one encryption standard: TKIP

Essentially, the two approaches are very similar and built around the same security architecture

15

WEP Encryption

IV Payload CRC-32

Encrypted with 40 or 104 bit key. RC4 Algorithm.

integrity check24 bit IV clear text

WEP has several problems1. IV is too small. At 10,000 packets per second IV repeats in 0.5

hours. - For 24 bits, an IV will be reused after 16777216 packets if IV value is incremented by 1 each time. For a device sending 10,000 packets

per second 24-bit IV takes half an hour to rollover

2. There are several “weak keys”. Those are especially vulnerable.3. No key update mechanism built in.4. Message replay attacks. DOS.

16

WPA

• Key features to address WEP vulnerabilities– Access Control and Authentication:

• Implements 802.1X EAP based authentication to enforce mutual authentication

– Encryption• Applies Temporal Key Integrity Protocol (TKIP) on existing WEP to

impose strong data encryption– Integrity

• Uses Message Integrity Check (MIC) rather than CRC-32 for message integrity

• WPA also presents some potential security issues– There are still potential encryption weaknesses in TKIP.

Fortunately, the successful crack is expected to be heavy and expensive.

– Performance may be sacrificed potentially due to a more complex and computation intensive authentication and encryption protocols.

Note: The ultimate wireless security solution is still 802.11i RSN. All products are supposed to comply with RSN standard since it is released, often under the name WPA2.

17

Wi-Fi Protected Access (WPA) TKIP-Encryption

• Wi-Fi Protected Access is an interim standard created by the Wi-Fi alliance (group of manufacturers).

• WPA-TKIP fixes problems with WEP.- IV changes to 48 bits with no weak keys. 900 years to repeat an IV at 10k packets/sec- Use IV as a replay counter- Message integrity- Per-packet keying

• Supported on many wireless card and on Windows XP (after applying 2 hot fixes).

• Uses 802.1x for key distribution.

• Can also use static keys.

18

802.11i RSN• Key features to address WEP

vulnerabilities– Access Control and Authentication

• Implements 802.1X EAP based authentication to enforce mutual authentication (same as WPA)

• WRAP: RSN includes a Wireless Robust Authentication Protocol. Uses AES in offset codebook mode (OCB) for encryption and integrity.

– Encryption• TKIP: In order to support legacy device, the 802.11i chooses

TKIP as one of the encryption options• AES: Stands for Advanced Encryption Standard, which is a

much stronger encryption algorithm. AES requires a hardware coprocessor to operate

– Integrity• Uses Michael Message Integrity Check (MIC) for message

integrity– Other security features: Secure IBSS (Ad Hoc mode), secure

fast handoff, secure de-authentication and disassociation.– Supports Roaming– Is referred to as WPA2 by the Wi-Fi Alliance

IBSS: Independent Basic Service Set

19

802.11i AES-encryption

• Ratified by the IETF in June of 04.

• Uses the AES algorithm for encryption and 802.1x for key distribution.

• Backwards compatible with TKIP to support WPA clients.

• 802.11i not in many products yet.

20

Access Control and Authentication – 802.1X / EAP

– Initially designed for wired networks but is now applicable to WLANs.

– Provides port-based access control and mutual authentication between client and APs via an authentication server.

– 802.1X standard is comprised of three elements• A supplicant: the client (laptop, PDA,…) who wants to be

authenticated• An authenticator: the AP, which acts as an intermediary

between a supplicant and an authentication server.• An authentication server: such as a RADIUS (Remote

Access Dial-In User Service) server.

StationSupplicant

Access PointAuthenticator RADIUS Server

Authorizer

21

Access Control and Authentication – 802.1X / EAP

• EAP– EAP (Extensible Authentication Protocol): protocol that 802.1X

uses to manage mutual authentication.– Initially developed for use with PPP (RFC2284)– Several EAP types depending on the authentication method

(passwords, PKI certificates,…)• EAP-MD5• EAP-TLS• EAP-TTLS• PEAP• LEAP• EAP-SIM

– The authenticator does not need to understand the details about authentication methods. It simply package and repackage EAP packets, usually between Supplicant and RADIUS

22

802.1x EAP-TLS Authentication

StationSupplicant

Access PointAuthenticator RADIUS Server

Authorizer

Client digital certFrom XYZ CA

Server Digital certFrom XYZ CA

23

802.1x PEAP authentication

StationSupplicant

Access PointAuthenticator RADIUS Server

Authorizer

Digital certFrom XYZ CA

Directory Server

Phase 1:Authenticate AP. Secure tunnelto AP using TLS

Phase 2:Password authenticationwith directory server

Username DanPassword: encrypted

Success/Fail

24

LEAP (Lightweight Extensible Authentication Protocol)

• LEAP Characteristics– Primarily developed by Cisco for Aironet WLAN

deployments.– Cisco is now licensing the software, other vendors are

now beginning to support LEAP in their wireless LAN adapters.

– Encrypts data transmissions using dynamically generated WEP keys and supports mutual authentication.

– No certificates are required– Uses bi-directional challenge-response with user

password as shared secret– Transaction sent in clear text (dictionary attacks !)

25

EAP Authentication Types Comparison Chart

802.1x EAP Types Feature / Benefit

MD5 TLS TTLS PEAP LEAP

Client side certificate required no yes no no no

Server side certificate required no yes no yes no

WEP key management no yes yes yes yes

Rogue AP detection no no no no yes

Developer

Authentication Attributes One way Mutual Mutual Mutual Mutual

Deployment Easy Difficult Moderate

Moderate Moderate

Wireless Security Poorest Highest High High High