Upload
alannah-rice
View
213
Download
0
Embed Size (px)
Citation preview
1
WLAN 보안
2
WLAN Security
• Requirements for Secure Wireless LANs–Authentication–Access Control–Data Privacy–Data Integrity–Protection Against Replay
3
WLAN Attack
• Wardriving– Driving around looking for unsecured wireless
networks.– term coined by Pete Shipley
• 워드라이빙 :– 이동수단을 이용하여 , 무인증 무선네트워크를 찾아다니는 행위– 해킹 경유지의 순차적 추적 불가능– 무선 AP 에는 접속 로그 미존재– 실시간 추적시에도 무선 AP 로부터 접속자 위치 확인 불가능– 실시간 이동 공격자에 대한 추적 대책 미흡( 핸드폰 위치추적기술과 같은 방법 개발 필요 )
4
MAC address Authentication Attack
• Strengths ( 장점 )– MAC 주소를 기반으로 AP 에 접속하고자 하는 Station 들을
제어
• Weaknesses ( 단점 )– MAC 주소는 쉽게 위조 가능– 무선랜 네트워크를 모니터링 (sniffing) 함으로써 쉽게 MAC
주소를 획득– 공격자들은 무선랜 통신을 계속 감시 가능– MAC 주소의 Brute-force 공격이 가능– Man in the middle attack 기술로 네트워크가 공격에 노출- TOOL
- WindowsAiroPeek : Wireless Network Management ToolSMAC : MAC address Changer
- LinuxKismet : Wireless Network Sniffing Toolmacchanger : MAC address Changer
5
MAC Address Attack
6
Rogue AP – Spoofing Attack
• Station 은 항상 가장 신호가 센 AP 로 접속• Attacker 는 목표 AP 와 동일한 SSID 를 사용• Attacker 는 목표 AP 보다 강한 신호를 발생시켜• Victim 이 접속하기 가장 용이한 AP 로 위장• Victim 은 아무런 의심없이 AP 에 접속• Attacker 는 정상적인 홈페이지를 위장한 가상홈페이지를
열어놓고 ID 와 PW 입력 유도
7
Rogue AP – Spoofing Attack
8
802.11 Passive Monitoring
Attacker Passive MonitoringCaptures data
Station
Access Point
Username: dziminski
Password:cleartext
9
802.11 DOS Attack
Attacker spoofs 802.11Disassociate frame
Station
Access Point
X Connection is broken
10
802.11 Man in the Middle Attack
Access Point
• Attacker broadcasts spoofed AP SSID and MAC Address • Station unknowingly connects to attacker• MIM attacks can always be established• But if strong authentication and encryption are used, attacker will be nothing more than a bridge.
AP MAC Address
Station MAC Address
AP MAC Address
Station MAC Address
Attacker
Station
11
Authentication and Encryption Standards
EAP
802.1x
WPA-TKIP 802.11i
RC4
TLS
Encryption Algorithms
Authentication Protocols
PEAP
CertificateCredentials Username/Password
Encryption Standards WEP
RC4 AES
WEP: Wired Equivalent Privacy , WPA: Wi-Fi Protected Access, TKIP: Temporal Key Integrity Protocol PEAP: Protected Extensible Authentication Protocol; uses server-side public key certificates to authenticate the server
12
Evolution of WLAN Security– WEP: not adequate– IEEE formed a Task Group “i” to develop
802.11i standard • Objective: to produce a detailed specification to
enhance the security features for WLANs
IEEE 802Working group
IEEE 802.11WLAN WG
IEEE 802.11iWLAN security
RSN TSNRobust
Security NetworkTransitionalSecurity Network
13
Evolution of WLAN Security
– Responses from Wi-Fi Alliance– The industry cannot wait for the 802.11i standard. It is
demanding a more secure wireless environment right now– Wi-Fi Alliance, together with IEEE, developed Wi-Fi Protected
Access (WPA) to offer a strong interoperable security standard to the market
• 802.11i contributed TKIP (encryption) and MIC (integrity) algorithms, which were being developed for RSN but applicable to WPA
WPA
Wi-Fi Alliance
Wi-Fi Protected AccessTKIP
+MIC
IEEE 802.11i
Temporal KeyIntegrity Protocol
MessageIntegrity Check
14
High-level Differences Between RSN and WPA
• RSN– Designed from the start,
without regards to existing WEP systems
– Will require new hardware to support new methods of encryption
– Supports options for encryption (privacy)
• TKIP
• AES
• WPA– Designed with constraints
around existing WEP systems
– Objective: use same hardware and upgrade software only
– Only supports one encryption standard: TKIP
Essentially, the two approaches are very similar and built around the same security architecture
15
WEP Encryption
IV Payload CRC-32
Encrypted with 40 or 104 bit key. RC4 Algorithm.
integrity check24 bit IV clear text
WEP has several problems1. IV is too small. At 10,000 packets per second IV repeats in 0.5
hours. - For 24 bits, an IV will be reused after 16777216 packets if IV value is incremented by 1 each time. For a device sending 10,000 packets
per second 24-bit IV takes half an hour to rollover
2. There are several “weak keys”. Those are especially vulnerable.3. No key update mechanism built in.4. Message replay attacks. DOS.
16
WPA
• Key features to address WEP vulnerabilities– Access Control and Authentication:
• Implements 802.1X EAP based authentication to enforce mutual authentication
– Encryption• Applies Temporal Key Integrity Protocol (TKIP) on existing WEP to
impose strong data encryption– Integrity
• Uses Message Integrity Check (MIC) rather than CRC-32 for message integrity
• WPA also presents some potential security issues– There are still potential encryption weaknesses in TKIP.
Fortunately, the successful crack is expected to be heavy and expensive.
– Performance may be sacrificed potentially due to a more complex and computation intensive authentication and encryption protocols.
Note: The ultimate wireless security solution is still 802.11i RSN. All products are supposed to comply with RSN standard since it is released, often under the name WPA2.
17
Wi-Fi Protected Access (WPA) TKIP-Encryption
• Wi-Fi Protected Access is an interim standard created by the Wi-Fi alliance (group of manufacturers).
• WPA-TKIP fixes problems with WEP.- IV changes to 48 bits with no weak keys. 900 years to repeat an IV at 10k packets/sec- Use IV as a replay counter- Message integrity- Per-packet keying
• Supported on many wireless card and on Windows XP (after applying 2 hot fixes).
• Uses 802.1x for key distribution.
• Can also use static keys.
18
802.11i RSN• Key features to address WEP
vulnerabilities– Access Control and Authentication
• Implements 802.1X EAP based authentication to enforce mutual authentication (same as WPA)
• WRAP: RSN includes a Wireless Robust Authentication Protocol. Uses AES in offset codebook mode (OCB) for encryption and integrity.
– Encryption• TKIP: In order to support legacy device, the 802.11i chooses
TKIP as one of the encryption options• AES: Stands for Advanced Encryption Standard, which is a
much stronger encryption algorithm. AES requires a hardware coprocessor to operate
– Integrity• Uses Michael Message Integrity Check (MIC) for message
integrity– Other security features: Secure IBSS (Ad Hoc mode), secure
fast handoff, secure de-authentication and disassociation.– Supports Roaming– Is referred to as WPA2 by the Wi-Fi Alliance
IBSS: Independent Basic Service Set
19
802.11i AES-encryption
• Ratified by the IETF in June of 04.
• Uses the AES algorithm for encryption and 802.1x for key distribution.
• Backwards compatible with TKIP to support WPA clients.
• 802.11i not in many products yet.
20
Access Control and Authentication – 802.1X / EAP
– Initially designed for wired networks but is now applicable to WLANs.
– Provides port-based access control and mutual authentication between client and APs via an authentication server.
– 802.1X standard is comprised of three elements• A supplicant: the client (laptop, PDA,…) who wants to be
authenticated• An authenticator: the AP, which acts as an intermediary
between a supplicant and an authentication server.• An authentication server: such as a RADIUS (Remote
Access Dial-In User Service) server.
StationSupplicant
Access PointAuthenticator RADIUS Server
Authorizer
21
Access Control and Authentication – 802.1X / EAP
• EAP– EAP (Extensible Authentication Protocol): protocol that 802.1X
uses to manage mutual authentication.– Initially developed for use with PPP (RFC2284)– Several EAP types depending on the authentication method
(passwords, PKI certificates,…)• EAP-MD5• EAP-TLS• EAP-TTLS• PEAP• LEAP• EAP-SIM
– The authenticator does not need to understand the details about authentication methods. It simply package and repackage EAP packets, usually between Supplicant and RADIUS
22
802.1x EAP-TLS Authentication
StationSupplicant
Access PointAuthenticator RADIUS Server
Authorizer
Client digital certFrom XYZ CA
Server Digital certFrom XYZ CA
23
802.1x PEAP authentication
StationSupplicant
Access PointAuthenticator RADIUS Server
Authorizer
Digital certFrom XYZ CA
Directory Server
Phase 1:Authenticate AP. Secure tunnelto AP using TLS
Phase 2:Password authenticationwith directory server
Username DanPassword: encrypted
Success/Fail
24
LEAP (Lightweight Extensible Authentication Protocol)
• LEAP Characteristics– Primarily developed by Cisco for Aironet WLAN
deployments.– Cisco is now licensing the software, other vendors are
now beginning to support LEAP in their wireless LAN adapters.
– Encrypts data transmissions using dynamically generated WEP keys and supports mutual authentication.
– No certificates are required– Uses bi-directional challenge-response with user
password as shared secret– Transaction sent in clear text (dictionary attacks !)
25
EAP Authentication Types Comparison Chart
802.1x EAP Types Feature / Benefit
MD5 TLS TTLS PEAP LEAP
Client side certificate required no yes no no no
Server side certificate required no yes no yes no
WEP key management no yes yes yes yes
Rogue AP detection no no no no yes
Developer
Authentication Attributes One way Mutual Mutual Mutual Mutual
Deployment Easy Difficult Moderate
Moderate Moderate
Wireless Security Poorest Highest High High High