802.11 Wireless Insecurity802.11 Wireless Insecurity

By: By: No’eau KamakaniNo’eau KamakaniRobert WhitmireRobert Whitmire

OutlineOutline

BackgroundBackground Security FeaturesSecurity Features AttacksAttacks DemonstrationsDemonstrations ConclusionConclusion

BackgroundBackground

Wireless DefinitionsWireless Definitions

802.11802.11• 802 = LANs (Local Area Network)802 = LANs (Local Area Network)• 11 = Wireless11 = Wireless

WiFiWiFi• Wireless FidelityWireless Fidelity

HotspotsHotspots• Connection point for a WiFi network Connection point for a WiFi network

hardwired to the Internethardwired to the Internet

How Does It Work?How Does It Work?

Transmits over radio frequencyTransmits over radio frequency• 2.4 – 2.483 GHz2.4 – 2.483 GHz• 5 GHz range5 GHz range

Channels (for B and G)Channels (for B and G)• Direct Sequence Spread Spectrum Direct Sequence Spread Spectrum • USA 1-11USA 1-11• Europe 1-13Europe 1-13• Japan 1-14Japan 1-14

ProtocolsProtocols

ProductsProducts

Why go wirelessWhy go wireless

Infrastructure easyInfrastructure easy• Goes thru walls, no wiringGoes thru walls, no wiring

Portability and FlexibilityPortability and Flexibility• Access from anywhereAccess from anywhere

InteroperabilityInteroperability• Compatible with all WiFi products certified by Compatible with all WiFi products certified by

Wireless Ethernet Compatibility Alliance Wireless Ethernet Compatibility Alliance (WECA)(WECA)

Increased ProductivityIncreased Productivity• Endless connectivityEndless connectivity

SecuritySecurity

WEPWEP

Wired Equivalent PrivacyWired Equivalent Privacy Secret Key for encrypting dataSecret Key for encrypting data

• Shared between mobile card and access Shared between mobile card and access pointpoint

• 40-128 bits (includes IV)40-128 bits (includes IV) Initialization Vector (IV)Initialization Vector (IV)

• 24 bit, randomly generated24 bit, randomly generated• Sent in clear textSent in clear text• FiniteFinite

RC4 Encryption AlgorithmRC4 Encryption Algorithm

Stream cipherStream cipher• Generates infinite pseudo-random Generates infinite pseudo-random

keystreamkeystream Keystream generated with key and IVKeystream generated with key and IV

• XOR’ed with message and Checksum to XOR’ed with message and Checksum to generate ciphertextgenerate ciphertext

• Receiver generates same keystream Receiver generates same keystream and XOR’s with ciphertext to get and XOR’s with ciphertext to get message and checksummessage and checksum

Visualizing RC4Visualizing RC4

CRC-32 ChecksumCRC-32 Checksum

Linear Checksum algorithmLinear Checksum algorithm• Integrity checkingIntegrity checking• A bit in message correlates directly to A bit in message correlates directly to

set of checksum bitsset of checksum bits

WEP VulnerabilitiesWEP Vulnerabilities

Relies on flawed encryption methodRelies on flawed encryption method• RC4 is crackable through statistical analysisRC4 is crackable through statistical analysis

IV’s collisions, calculate key from thisIV’s collisions, calculate key from this

• Checksum is predictableChecksum is predictable IV implemented incorrectlyIV implemented incorrectly Better than nothingBetter than nothing

• Not on as defaultNot on as default• Not end all security measureNot end all security measure

Easily Crackable (AirSnort)Easily Crackable (AirSnort)

WPAWPA

WiFi Protected AccessWiFi Protected Access Latest snapshot of 802.11iLatest snapshot of 802.11i

• Explained laterExplained later Rotating KeysRotating Keys

• Temporal Key Integrity ProtocolTemporal Key Integrity Protocol Increased IV (24-48 bits)Increased IV (24-48 bits) ChecksumChecksum Order of magnitude harder to crackOrder of magnitude harder to crack

802.1X802.1X

User not Machine AuthenticationUser not Machine Authentication Supposed to provide a vendor-Supposed to provide a vendor-

independent way to control accessindependent way to control access Authentication through EAP Authentication through EAP

(Extensible Authentication Protocol)(Extensible Authentication Protocol)• Tokens, Kerberos, one-time passwords, Tokens, Kerberos, one-time passwords,

certificates, etc..certificates, etc..

Other Security AttemptsOther Security Attempts 802.11i802.11i

• IEEE attempt to provide strong securityIEEE attempt to provide strong security• Dynamically updating WEP KeyDynamically updating WEP Key• Not completeNot complete

VPNVPN• Providing security through VPN tunneling protocolsProviding security through VPN tunneling protocols• Compatibility issues, better than WEP but not universal Compatibility issues, better than WEP but not universal

solutionsolution MAC FilteringMAC Filtering

• MAC addresses sent in clearMAC addresses sent in clear• Easy to sniffEasy to sniff• Easy to spoofEasy to spoof

AttacksAttacks

Passive attack to decrypt trafficPassive attack to decrypt traffic• Waits for keystream collisionWaits for keystream collision• Gets XORGets XOR• Statistically reveals plain textStatistically reveals plain text

Active attack to inject trafficActive attack to inject traffic• RC4(X) xor X xor Y = RC4(Y)RC4(X) xor X xor Y = RC4(Y)

Unauthorized Access Points on a NetworkUnauthorized Access Points on a Network• Attacker set up own access point on network Attacker set up own access point on network

effectively circumventing security measureseffectively circumventing security measures• Resetting access points to defaultResetting access points to default

Fun DemonstrationsFun Demonstrations

War DrivingWar Driving

War Driving Silicon ValleyWar Driving Silicon Valley

War SpyingWar Spying

Also called Also called WarviewingWarviewing

2.4 GHz wireless 2.4 GHz wireless CamerasCameras

GearGear

ConclusionConclusion

WEP is better than nothingWEP is better than nothing Never settle for default settingsNever settle for default settings Base protection level on sensitivity of Base protection level on sensitivity of

datadata Provide backup network protectionProvide backup network protection Remember, anyone can sniff your Remember, anyone can sniff your

wireless network.wireless network.

Questions?Questions?