Wireless Security

Related Chapters

• Chapter 15: Wireless Network Security

• Chapter 16: Wireless Sensor Network Security

• Chapter 17: Cellular Network Security

2

• InfraRed • BlueTooth (Piconet, PAN) • Wireless LAN

– 802.11a, 802.11b, 802.11g

• ZigBee – for home automation and

industrial control

• WiMAX – For rural area & MAN

• Mobile/Cell phone networks – Current and future generations

• Many more

Wireless Technologies

MAN Metropolitan Area Network

IEEE 02.16 WiMAX

2 miles (for “non line of

sight”

transmission)

4 MBPS (per user)

Wireless LAN IEEE 802.11

Wi-Fi 100 feet 150 MBPS

PAN Personal Area

Network

(1) IEEE 802.15 ZigBee (2) Bluetooth

30 feet (1) 0.25 MBPS (2) 3 MBPS

3

Wireless Networks

• A general term to refer to networks that communicate without the need of wire lines.

• 2 types of wireless networks:

– Cellular networks

– Wireless Ad Hoc networks.

• Main difference

– Cellular needs a fixed infrastructure, whereas Ad Hoc does not.

Wireless network

Cellular network

Wireless Ad Hoc

network

4

Cellular Networks

Figure 15.2

Cellular networking.

A cellular network comprises a fixed infrastructure and a number of mobile nodes. Mobile nodes

connect to the fixed infrastructure through wireless links. They may move around from within the

range of one base station to outside the range of the base station, and they can move into the

ranges of other base stations. 5

Cellular Networks (2)

• Fixed infrastructure and mobile nodes.

• The fixed infrastructure serves as the backbone of a cellular network.

• Mobile nodes do not communicate with each other directly without going through a base station.

• Require serious and careful topology design of the fixed infrastructures because of the static topology.

6

Main Cellular Technologies • GSM:

– Each GSM mobile phone uses a pair of frequency channels, with one channel for sending data and another for receiving data.

– Time division multiplexing (TDM) is used to share frequency pairs by multiple mobiles.

• CDMA: – allows each mobile to transmit over the

entire frequency spectrum at all times. – The core algorithm of CDMA is how to

extract data of interest from the mixed data.

• 4G LTE

Security

• Confidentiality – Such networks encryption the air link

• GSM

– Landlines are open

– NO CONFIDENTIALITY!

• User authentication – Main concern of operators

• It's all about money!

– WELL DONE, from business perspective

• Cell network authentication – Detect & prevent rogue cell towers

Cellular Phone Network Security

7

8

Rogue Cell Towers

Locations of rogue cell towers identified by GSMK Cryptophone in 8/2014

WI-FI SECURITY

9

802.11 Wireless LANs (Wi-Fi)

• Specified by the IEEE 802.11 series standard – as part of the specification for 802.11b in 1999 – range from 2 Mbits per second to 248 Mbits per second

• Two modes: Access point (AP) mode or ad hoc mode • Complications

– Medium access control in the data link layer • Distributed: relies on the Carrier Sense Multiple Access (CSMA) with

Collision Avoidance (CSMA/CA) protocol • Centralized: implemented by having base station broadcast a beacon

frame periodically and poll nodes to check whether they have data to send

10

Figure 15.3

(a) A wireless network in AP mode; (b) a wireless network in ad hoc mode.

When a wireless LAN is working in AP mode, all communication passes through a base station, called

an access point. The access point then passes the communication data to the destination node, if it is

connected to the access point, or forwards the communication data to a router for further routing and

relaying. When working in ad hoc mode, wireless LANs work in the absence of base stations. Nodes

directly communicate with other nodes within their transmission range, without depending on a base

station.

802.11 Wireless LAN Modes

11

802.11 Commonly-used sub protocols

Protocol 802.11a 802.11b 802.11g 802.11n 802.11ac 802.11ad

Frequency 5 GHz, licensed

2.4 GHz, unlicensed

2.4 & 5 GHz, both

2.4 & 5 GHz, both

5 GHz 2.4, 5 & 60 GHz

Range 50 m 50 m 50 m 70 m

Max. Data Rate

54 Mbps 11 Mbps 54 Mbps 150 Mbps 866 Mbps 6.75 Gbps

Modulation OFDM Direct sequ SS

OFDM, others

OFDM

Note 1999 1999 2003 2009 2013 Standards to be finalized in 2014

12

Security Provision

• Access Control / Authentication

– Ensure that your wireless infrastructure is not used

• Data Integrity

– Ensure that your data packets are not modified in transit.

• Confidentiality

– Ensure that the contents of your wireless traffic is not learned

Threats • Interception • Masquerading • Hijacking • DoS • Tracking • Theft • Unauthorized access • Insider attacks • Device replacement • Over powering or jamming • (tapping land lines !)

802.11 Security Provision & Threats

13

Security Protocols

• Wired Equivalent Privacy (WEP)

• Wi-Fi Protected Access (WPA)

• WPA2

• Key management for Wi-Fi in large organizations

WEP

1999

WPA

2003

WPA

2004

14

Wired Equivalent Privacy (WEP)

• Defined by the IEEE 802.11 standard.

• Designed to protect linkage-level data for wireless transmission.

• Provides confidentiality, access control, and data integrity.

• Provides secure communication between a mobile device and an access point in a 802.11 wireless LAN.

• Implemented based on shared key secrets and the RC4 stream cipher.

15

Figure 15.4

WEP implemented based on shared key secrets and the RC4 stream cipher, WEP’s encryption of a frame

includes two operations. It first produces a checksum of the data, and then it encrypts the plaintext and the checksum using RC4.

WEP encryption and decryption

16

Data Integrity Check

• WEP uses the CRC-32 checksum for message integrity – CRC-32 is common network technique to detect transmission errors

• Security Flaws: – CRC-32 is NOT a hash function!

– CRC is linear CRC(x y) = CRC(x) CRC(y)

– The linearity allows the attacker to modify a message without changing its CRC

• XOR payload of some value ∆X and then

• simply XOR the checksum with C(∆X)

17

Major Known Problems with WEP

• Default is insecure • Inadequate key management leads to possible

exploitation of – weak encryption/authentication/integrity (s.a. short 24-

bit IV, non-crypto CRC etc) – Static keys – Shared keys – Weaknesses of RC4

• one-sided auth only (AP is not authenticated by mobile devices)

• IP addresses can be forged ! 18 18

WEP WPA WPA2

• Wi-Fi Protected Access (WPA) – Targets both enterprise and consumers

– What improvements does WPA provide over WEP?

– Uses the Extensible Authentication Protocol (EAP) framework to conduct authentication

• WPA2 – TKIP and AES both mandatory

– Supports fast roaming of wireless clients migrating between wireless access points • Useful for time-sensitive applications

19

• Published in 2003 by the Wi-Fi Alliance – Based on an early version (draft 3)

of the IEEE 802.11i standard

• Three major objectives: – Address WEP’s problems – Make existing WEP hardware also

support WPA – Ensure WPA is compatible with

the 802.11i standard

• Still use the RC4 stream cipher for encryption

• Based on TKIP (Temporal Key Integrity Protocol)

WPA (Wi-Fi Protected Access)

20

WPA - Modes of Operation

• PSK (Pre-Shared Key) and Enterprise

– A “shared secret” is used for authentication to access point vulnerable to dictionary attacks

– No need of an authentication server

• Enterprise Mode:

– Requires an authentication server – RADIUS

– Use 802.1X for authentication

21

Temporal Key Integrity Protocol

• Responsible for generating the encryption key, encrypting the message and verifying its integrity

• Dynamically changes key as system is used

• Encryption key is unique for every client

• Combined with larger IV to defeat known plain text attacks – 48 bit IV (Packet sequence number)

– WEP = 24 bit IV

22

Message Integrity Check (Michael)

• Uses the Michael algorithm to generate Message Integrity Code (MIC) – 8 bytes in length

– Used to enforce data integrity

• MIC is inserted in the TKIP packet

• The sender and the receiver each compute MIC and then compare. – MIC does not match implies the data is manipulated

– Detects potential packet content altercation due to transmission error or purposeful manipulation

• Includes a frame counter to prevent replay attacks

• More secure than CRC32

23

Attacks on WPA

• Dictionary attack on pre-shared key mode

• Michael Algorithm Vulnerability – Attacker creates a message and attaches a 64-bit binary string as a MIC

and tries to find the correct MIC without knowing the secret key

– Uses a differential cryptanalysis attack to find the correct MIC

• Denial of service attack – If WPA equipment sees two packets with invalid MICs in 1 second, then:

• All clients are disassociated.

• All activity stopped for one minute.

• So two malicious packets per minute is enough to stop a wireless network.

24

WPA2

• A long term solution specified by IEEE 802.11i

• Uses the same authentication process, 4-way handshake, and key hierarchy as WPA

• Replaces TKIP with the Advance Encryption Standard (AES) CCMP protocol – AES in Counter-Mode for encryption

– AES in Cipher Block Chaining-Message Authentication Code (CBC-MAC) for integrity checking

• Require replacement of hardware devices

25

Key Generation • Same key hierarchy as WPA

– 256-bit pairwise master key (PMK)

– Four 128-bit pairwise transient keys (PTKs)

– 384-bit temporal key for CCMP in each session • Pseudorandom number generated based on SMAC, SNonce,

AMAC, Anonce

• Exchanged following the 4-way handshake protocol

• Divided into three 128-bit transient keys: – Two for connection between STA and AP

– One as a session key for AES-128

26

CCMP Encryption and MIC

• Encryption: Ctr = Ctr0

Ci = AES-128K (Ctr + 1) Mi

i = 1, 2, …, k

• Authentication and integrity check:

Ci = 0128

Ci = AES-128K (Ci–1 Mi)

i = 1, 2, …, k

27

Flawed WPS

• Wi-Fi Protected Setup (WPS) is a simplified setup for Wi-Fi security with a hardwired 8-digit PIN – 8th digit is checksum 7 effective digits

• Flaws with "external registrar": – When client supplied PIN fails during config, router sends back EAP-

NACK which allows client to infer if 1st half of the PIN is correct – Allows evil client to reduce # of attempts needed to brute force guess

the PIN: from 108 to 104 + 103 = 11,000 attempts in total ( succeed in guessing in a few hours)

• Ref: – US-CERT Vulnerability Note VU#723755 – http://code.google.com/p/reaver-wps/

28

Common Sense Security Measures • Don’t use it unless you have to • Proper configuration of AP (incl. change default

passwords, limit physical access etc) • Turn on encryption mode with WPA2 • Limit the radio coverage • Mask/disable SSID broadcasting if possible • Set up a list of acceptable MAC addresses • Rotate keys regularly if feasible • Turn off radio if not in use

29 29

LI-FI (LIGHT FIDELITY) --- THE NEXT WAVE ?

30

Features of Li-Fi

• Visible light communication – Line of sight (typically)

• Using light-emitting diodes (LEDs) • High speed switching

at nanoseconds • Data rates > 10 Gbps !

– 250 times as fast as typical broadband

• Weaving the future "Internet of Things" • Expected to be more secure than Wi-Fi • Transmitting data while illuminating the room!

31

BLUETOOTH SECURITY

32

BlueTooth (Piconet)

• First proposed by Intel, Ericsson, IBM, Toshiba & Nokia in 1998.

• Self-configured and self-organized ad-hoc wireless networks – low power consumption – within a short range (1-50 meters)

• Essentially it is a mini wireless network between communicating nodes called Piconet. – allows one master device to interconnect with up to seven

active slave devices

33

Security Concerns

• Authentication and encryption is provided at the Link Manager layer.

• The PIN is translated into a 128 bit link key which is used for authentication.

• After authentication the radios will settle on a suitable length encryption key to be used.

• Bluetooth relies on PIN codes to establish trusted relationships between devices.

34

Bluetooth Key Generation

35

Bluetooth Authentication

36

Encryption Modes

• Mode 1: No encryption on any traffic

• Mode 2: Broadcast traffic (unencrypted) Individual Traffic encrypted with individual link keys

• Mode 3: All traffic encrypted according to master link key

37

General attacks

• Attack on Authentication

– due to the PIN weakness

– authentication is based on a PIN (8-128 bits)

– a poorly chosen can be easy to guess

• Attack on Encryption

– Bluetooth supports encryption, but it's off by default, and the password is 0000 by default

– plain text attack

– stealing the unit key

• Attack on Communication

– steals information of valid users’ devices and uses it to impersonate the user

Other attacks • Bluejacking

– discover nearby devices and send unsolicited messages

– spam of Bluetooth devices • Bluesnarfing

– hacks into a Bluetooth enabled phone and copying anything stored in the memory.

• Denial-of-service (DoS) attacks – flood a Bluetooth device with so many

frames that it is unable to communicate • The Cabir Worm

– seeks out and infects Bluetooth devices, but has to be manually accepted and installed.

• Backdooring – allows the attacker to monitor activity and

exploit services without the owner’s knowledge

Attacks on BlueTooth

38