WLAN Security - cpe.ku.ac.th

1

WLAN Security

รศ. ดร. อนันต์ ผลเพิ.มAsso. Prof. Anan Phonphoem, Ph.D.

[email protected]://www.cpe.ku.ac.th/~anan

Computer Engineering DepartmentKasetsart University, Bangkok, Thailand

Wireless LANs

2

Outline• Secure Communication• Security Mechanisms• Security Threats• IEEE 802.11 Security•WLAN security management

Secure Communication

3

What is Secure Communication?

• Secrecy•Only you and me, no one else• Authentication• Identify that is real you•Message Integrity•Message is not altered

4

Secrecy• Privacy or confidentiality• Cannot block the sniffer!• Requires encryption/decryption mechanism• Encryption at the sender•Decryption at the receiver • using a public or private (secret) key to

decode the encrypted information

5

Authentication• Confirms identity of the communicating party• Assures the real sender and real receiver

6

Message Integrity• Data integrity •Data is transmitted from source to destination

without undetected alteration• Non-repudiation• Prove that a received message came from a

claimed sender

Integrity: การยึดถือหลักคุณธรรม,ความซ่ือสัตย8,ความสมบูรณ8,ความมั่นคง,ความเป?นอันหน่ึงอันเดียวกัน (honesty)

7

Wireline VS. Wireless Security

8

Wireless Magnifies Vulnerability

• Traditional wireline link•Benefits from physical security•Access to the wire is required •Access to Switch/Hub is required •Wireless link• Extended range beyond a room or a building• Easy to eavesdrop

Vulnerable: อ"อนแอ ไม"มั่นคง

9

Trust • Communicate to unseen devices• Physically hidden (End user, AP, …)• Problem on both home and foreign networks• Service provider maybe not trustable•Access points•DHCP servers• Intermediate nodes

10

End-to-End/Link SecurityEnd-to-End Security

Internet

Link Security

11

End-to-End/Link Security• End-to-end security provided by •Network layer (e.g., IPsec)•Transport layer (e.g., SSL)•Application layer (e.g., app.-specific)• Link security provided by • Link layer (e.g., IEEE 802.11 WEP, WPA, or

IEEE 802.11i)

12


þ

13

Security Mechanisms• Cryptography• Authentication

14

Cryptography

• Symmetric (private) key cryptography• Sender and receiver keys are identical (KA = KB)• Asymmetric (public) key cryptography• Sender (encryption) key (KA) is public• Receiver (decryption) key (KB ¹ KA) is private

Plaintext

EncryptionKA Ciphertext

DecryptionKB Plaintext

15

Public Key Cryptography• Unlike a private key system, one can publish the key for

encryption in a public key encryption system

Decryption

KB-Encryption

KB+

Ciphertext

KB+(m)

Plaintext

m

Plaintext

m = KB-(KB

+(m))

Public key

Private key

16

Authentication (Private Key) • Authentication can be implemented with symmetric

(private) key cryptography

Claim “A”

A B

RGenerate aone-time “nonce”

K(R)

encrypt

Rþdecrypt

nonce: ชั%วขณะหนึ%ง

17

Authentication (Public Key)• Use of public key avoids shared key problem• Vulnerable to “man-in-the-middle” attack

R

Claim “A”

A B

KA-(R)

KA+Compute KA+(KA-(R)) = Rþ

Sender must have used private key of A, so it is AKey Request

KA+: A’s public keyKA-: A’s private key

18


þþ

19

Typical WLAN Topology

LAN

Internet

20

Types of AttacksSniffing

•Eavesdrop network traffic•SSID broadcast is full text

LAN

Internet

21

Types of AttacksSpoofing

•Impersonate legitimate device credentials, like MAC address

LAN

Internet

22

Types of AttacksJamming

•Introduction of radio signals that prevent WLAN operations

LAN

Internet

23

Types of AttacksSession Hijacking•Hacker disconnects the

legitimate user but makes AP think that user is still connected

LAN

Internet

24

Types of AttacksDoS

•Flood the network with useless traffic (e.g.repeated login

requests) and eventually shut it down

LAN

Internet

25

Types of AttacksMan in the Middle

•All WLAN traffic from devices is passed through the rogue device

•Lack of strong AP level authentication

LAN

Internet

26

Types of AttacksWarDriving

Driving around town looking for unprotected WLAN connections to

get Internet access

27


þþþ

Evolution of WLAN security

28

29

Authentication & Encryption Std

EAP

802.1x

WPA-TKIP 802.11i

RC4

TLS

MSFTIETF

Encryption Algorithms

Authentication Protocols

PEAP

CSCO/MSFTIETF

CertificateCredentials Username/Password

Encryption Standards WEP

RC4 AES

Dan Ziminski & Bill Davidge

30

Built-in WLAN Security• Wired Equivalent Privacy (WEP)• Provides encryption based on RC-4 cipher• 802.1x• Provides authentication using Extensible Authentication Protocol (EAP)

• Wi-Fi Protected Access (WPA: subset of 802.11i draft)•Uses dynamic keys and advanced encryption• 802.11i à (implemented as WPA2 )•Advanced encryption and authentication

31

802.11b Security Services• Two security services provided:• Authentication• Shared Key Authentication• Encryption•Wired Equivalence Privacy

32

Wired Equivalence Privacy• Shared key between• Stations•An Access Point• Extended Service Set•All Access Points will have a same shared key• No key management• Shared key entered manually into•Stations•Access points•Key management nightmare in large wireless LANs

33

RC4• Ron’s Code number 4• Symmetric key encryption• RSA Security Inc.• Designed in 1987• Trade secret until leak in 1994• RC4 can use key sizes from 1 bit to 2048 bits• RC4 generates a stream of pseudo random bits• XORed with plaintext to create cipher text

34


EAP

802.1x

WPA-TKIP 802.11i

RC4

TLS

MSFTIETF



PEAP

CSCO/MSFTIETF



RC4 AES


WEP Block Diagram

35

WEP Frame

IntegrityAlgorithm(CRC-32)

Pseudo-RandomNumber Generator

RC-4

+

BitwiseXOR

Plain Text

Cipher Text

Integrity CheckValue (ICV)

Key Sequence

Secret Key (40-bit or 128-bit)

InitializationVector (IV)

IV

Encryption Block

Sender Site

IntegrityAlgorithm


BitwiseXOR

Cipher TextPlain Text


Key Sequence

IV


Decryption Block

Receiver Site

36

WEP – Encoding

IntegrityAlgorithm(CRC-32)


RC-4

+

BitwiseXOR

Plain Text

Cipher Text


Key Sequence


InitializationVector (IV)

IV

37

WEP – Sending• Compute Integrity Check Vector (ICV)• Provides integrity• 32 bit Cyclic Redundancy Check• Appended to message to create plaintext• Plaintext encrypted via RC4• Provides confidentiality• Plaintext XORed with long key stream of pseudo

random bits• Key stream is function of

• 40-bit secret key• 24 bit initialisation vector

• Cipher text is transmitted

38

WEP – Decryption

IntegrityAlgorithm

Pseudo-RandomNumber Generator RC-4

BitwiseXORCipher Text

Plain Text


Key Sequence

IV


39

WEP – Receiving• Cipher text is received• Cipher text decrypted via RC4• Cipher text XORed with long key stream of pseudo

random bits• Key stream is function of •40-bit secret key•24 bit initialisation vector (IV)

• Check ICV• Separate ICV from message• Compute ICV for message• Compare with received ICV

40

Shared Key Authentication• When station requests association with AP• AP sends random number to station• Station encrypts random number

• Uses RC4, 40 bit shared secret key & 24 bit IV• Encrypted random number sent to AP• AP decrypts received message

• Uses RC4, 40 bit shared secret key & 24 bit IV• AP compares decrypted random number to transmitted

random number• If numbers match, station has shared secret key

41

WEP Safeguards• Shared secret key required for:• Associating with an access point• Sending data• Receiving data• Messages are encrypted• Confidentiality• Messages have checksum• Integrity• But management traffic still broadcast in clear

containing SSID

42

Initialization Vector• IV must be different for every message transmitted• 802.1standard does not specify how IV is calculated• Wireless 1 cards use several methods• Some use a simple ascending counter for each message• Some switch between alternate ascending and

descending counters• Some use a pseudo random IV generator• If IV is the same, then two duplicate messages would

result in the same cipher text

43

Passive WEP attack• If 24 bit IV is an ascending counter,• If Access Point transmits at 11 Mbps,•All IVs are exhausted in roughly 5 hours

• Passive attack:•Attacker collects all traffic•Attacker could collect two messages:•Encrypted with same key and same IV•Statistical attacks to reveal plaintext•Plaintext XOR Ciphertext = Keystream

Passive WEP attack

44http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.htm

Initialization Vector Reuse Vulnerability

45

46

Active WEP attack• If attacker knows plaintext and ciphertext pair• Keystream is known• Attacker can create correctly encrypted messages• Access Point is deceived into accepting messages• Bitflipping• Flip a bit in ciphertext• Bit difference in CRC-32 can be computed

47

Limited WEP keys• Some vendors allow limited WEP keys• User types in a passphrase• WEP key is generated from passphrase• Passphrases creates only 21 bits of entropy in 40 bit

key• Reduces key strength to 21 bits = 2,097,152• Remaining 19 bits are predictable• 21 bit key can be brute forced in minutes

• www.lava.net/~newsham/wlan/WEP_password_cracker.ppt

48

Creating limited WEP keys

49

Brute force key attack• Capture ciphertext• IV is included in message• Search all 240 possible secret keys• 1,099,511,627,776 keys•~170 days on a modern laptop• Find which key decrypts ciphertext to

plaintext

50

128 bit WEP• Vendors have extended WEP to 128 bit keys• 104 bit secret key• 24 bit IV• Brute force takes 10^19 years for 104-bit key• Effectively safeguards against brute force attacks

51

Key Scheduling Weakness• Paper from Fluhrer, Mantin, Shamir (FMS), 2001• Two weaknesses:•Certain keys leak into key stream•Invariance weakness• If portion of PRNG input is exposed, •Analysis of initial key stream allows key to be

determined•IV weakness

52

IV weakness• WEP exposes part of PRNG input• IV is transmitted with message• Every wireless frame has reliable first byte

• Sub-network Access Protocol header (SNAP) used in logical link control layer, upper sub-layer of data link layer.

• First byte is 0xAA• Attack is:

• Capture packets with weak IV• First byte ciphertext XOR 0xAA = First byte key stream• Can determine key from initial key stream

• Practical for 40 bit and 104 bit keys• Passive attack• Non-intrusive / No warning

53

Wepcrack• First tool to demonstrate attack using IV

weakness• Open source, Anton Rager• Three components• Weaker IV generator• Search sniffer output for weaker IVs & record 1st byte• Cracker to combine weaker IVs and selected 1st bytes • Cumbersome

54

Airsnort• Automated tool• Cypher42, Minnesota, USA.• Does it all!• Sniffs• Searches for weaker IVs• Records encrypted data• Until key is derived.• 100 Mb to 1 Gb of transmitted data.• 3 to 4 hours on a very busy WLAN.

55

Avoid the weak IVs• FMS described a simple method to find weak IVs• Many manufacturers avoid those IVs after 2002• Therefore Airsnort and others may not work on recent

hardware • However David Hulton aka h1kari• Properly implemented FMS attack which shows many

more weak IVs• Identified IVs that leak into second byte of key

stream.• Second byte of SNAP header is also 0xAA• So attack still works on recent hardware• And is faster on older hardware• Dwepcrack, weplab, aircrack

56

Generating WEP traffic • Not capturing enough traffic?•Capture encrypted ARP request packets•Anecdotally lengths of 68, 118 and 368 bytes

appear appropriate•Replay encrypted ARP packets to generate

encrypted ARP replies•Aireplay implements this.

57

Wired Equivalent Privacy (WEP)

• Provides rudimentary 40-bit/128-bit encryption• RC-4 cipher• Weak Point is IV not RC-4• Static encryption keys — must be changed

manually• Attacker’s tools: Airsnort, Yellowjacket, Airfart• Encryption keys can be cracked• Default setting is “OFF”

58

802.1x — A New Hope• Provides secure access using port control• Uses EAP (Extensible Authentication Protocol)• Supports Kerberos, smart cards, one-time

passwords, and so on• Components required:• Wireless device• AP• Authentication server, typically Remote Authentication

Dial-in User Service (RADIUS)

59


EAP

802.1x

WPA-TKIP 802.11i

RC4

TLS

MSFTIETF



PEAP

CSCO/MSFTIETF



RC4 AES


How 802.1x Works

60

Wireless Device Access Point Authentication Server (RADIUS)

802.1X

61https://en.wikipedia.org/wiki/IEEE_802.1X

802.1X Key Management• 802.11i data protocols fail without “fresh” keys• Want to use 802.1X framework• Original 802.1X key management hopelessly

broken, so redesigned by 802.11i

62Intel Communications Group

802.1X Key Management• New model:• Derive a Pairwise Master Key (PMK)• AP and STA use PMK to derive

Pairwise Transient Key (PTK)• Use PTK to protect the link• Limitations:• No explicit binding to earlier association, authentication

• Relies on temporality, PMK freshness for security• Keys are only as good as back-end allows


Pairwise Key Hierarchy

64

Key Confirmation

Key (KCK) – PTK bits 0–127

Key Encryption Key (KEK) – PTK

bits 128–255

Temporal Key – PTK bits 256–n – can have cipher suite specific structure

Master Key (MK)

Pairwise Master Key (PMK) = TLS-PRF(MasterKey, “client EAP encryption” | clientHello.random | serverHello.random)

Pairwise Transient Key (PTK) = EAPoL-PRF(PMK, AP Nonce | STA Nonce | AP MAC Addr | STA MAC Addr)

Analog of the WEP key

EAPoL: Extensible Authentication Protocol (EAP) over LAN

Key Management Overview

65

Step 1: Use RADIUS to push PMK from AS to AP

Step 2: Use PMK and 4-Way Handshake to derive, bind, and verify PTK

Step 3: Use Group Key Handshake to send GTK from AP to STA

ASAPSTA

Intel Communications Group

EAPoL RADIUS

Step 1: Push PMK to AP• RADIUS: not worth talking about…


EAPoL Key Message

67

Descriptor Type – 1 octet

Key Information –2 octets

Key Length – 2 octets

Replay Counter – 8 octets

Nonce – 32 octets

IV – 16 octets

RSC – 8 octets

Key ID – 8 octets

MIC – 16 octets

Data Length – 2 octets

Data – n octets



Step 2: 4-Way Handshake

68

EAPoL-Key(Reply Required, Unicast, ANonce)

Pick Random ANonce

EAPoL-Key(Unicast, SNonce, MIC, STA RSN IE)

EAPoL-Key(Reply Required, Install PTK, Unicast, ANonce, MIC, AP RSN IE)

Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce | SNonce | AP MAC Addr | STA MAC Addr)

Derive PTK

EAPoL-Key(Unicast, MIC)

Install TK Install TK

STA

PMK PMK

Step3: Group Key Handshake

69

EAPoL-Key(All Keys Installed, ACK, Group Rx, Key Id, Group , RSC, GNonce, MIC, GTK)

Pick Random GNonce, Pick Random GTK

EAPoL-Key(Group, MIC)

Encrypt GTK with KEK

Decrypt GTK

STA

PTK PTK

unblocked data traffic unblocked data traffic


4-Way Handshake

70http://www.hitchhikersguidetolearning.com/2017/09/17/management-frame-protection-igtk/

Key Management Summary• 4-Way Handshake• Establishes a fresh pairwise key bound to STA and AP

for this session• Proves liveness of peers• Demonstrates there is no man-in-the-middle between

PTK holders if there was no man-in-the-middle holding the PMK• Synchronizes pairwise key use• Group Key Handshake provisions group key to all

STAs


Authentication Requirements• Want key tied back to authorization decision• Establish a session between AS and STA• Establish a mutually authenticated session key shared by

AS and STA• Session Þ key is fresh• Mutually authenticated Þ bound only to AS and STA

• Defend against eavesdropping, man-in-the-middle attacks, forgeries, replay, dictionary attacks against either party• Cannot expose non-public portions of credentials

• Identity protection not a goal• Can’t hide the MAC address


Authentication

73

Authentication Components

74

802.1X (EAPoL)

Authentication Server

Access Point

802.11

Wireless Station

EAP-TLS

EAP

RADIUS

UDP/IP



Authentication Overview

75

802.1X/EAP-Request Identity

802.1X/EAP-Response Identity (EAP type specific)

RADIUS Access Request/Identity

EAP type specific mutual authentication

RADIUS Accept (with PMK)

802.1X/EAP-SUCCESS

Derive Pairwise Master Key (PMK) Derive Pairwise Master Key (PMK)

AS

APSTA

802.1X RADIUS

AP 802.1X blocks port for data traffic

STA 802.1X blocks port for data traffic

EAP-TLS• EAP-TLS is not part of 802.11i; neither is any other

specific authentication method• But EAP-TLS is the de facto 802.11i authentication

method• Can meet all 802.11i requirements• Other widely deployed methods do not

• EAP-TLS = TLS Handshake over EAP• EAP-TLS defined by RFC 2716• TLS defined by RFC 2246

• Always requires provisioning AS certificate on the STA• Mutual authentication requires provisioning STA

certificates

76

Transport Layer Security (TLS)


77

802.1x EAP-TLS Authentication

StationSupplicant

Access PointAuthenticator RADIUS Server

Authorizer

Client digital certFrom XYZ CA

Server Digital certFrom XYZ CA


Example – EAP-TLS (1)

78

802.1X/EAP-Request Identity

802.1X/EAP-Response Identity (My ID)

RADIUS Access Request/EAP-Response Identity

RADIUS Access Challenge/EAP-Request802.1X/EAP-Request(TLS)

802.1X/EAP-Response(TLS ClientHello(random1))

RADIUS Access Request/EAP-Response TLS ClientHello

RADIUS Access Challenge/EAP-Request

802.1X/EAP-Request(TLS ServerHello(random2) || TLS

Certificate || TLS CertificateRequest || TLS

server_key_exchange || TLS server_done)

AP-RADIUS Key AS

APSTA


Example – EAP-TLS (2)

79

802.1X/EAP-Response(TLS client_key_exchange || TLS || TLS certificate || TLS certificateVerify ||

TLS change_cipher_suite || TLS finished

RADIUS Access Request/EAP-Response

RADIUS Access Challenge/EAP-Request

802.1X/EAP-Request(TLS change_cipher_suite || TLS

finished)

MasterKey = TLS-PRF(PreMasterKey, “master secret” || random1 || random2)

AP-RADIUS Key

802.1X/EAP-Response RADIUS Access Request/EAP-Response Identity

ASAPSTA

RADIUS Accept/EAP-Success, PMK802.1X/EAP-Success

PMK = TLS-PRF(MasterKey, “client EAP encryption” || random1 || random2)


Authentication Summary• At the end of authentication

• The AS and STA have established a session if concrete EAP method does

• The AS and STA possess a mutually authenticated Master Key if concrete EAP method does• Master Key represents decision to grant access based on

authentication• STA and AS have derived PMK• PMK is an authorization token to enforce access control decision

• AS has distributed PMK to an AP (hopefully, to the STA’s AP)

80


81

802.1x PEAP authentication

StationSupplicant

Access PointAuthenticator

Digital certFrom XYZ CA

Phase 1:Authenticate AP. Secure tunnelto AP using TLS

Phase 2:Password authenticationwith directory server

Username: ABCPassword: encrypted

Success/Fail


PEAP Overview

82

Wireless Station

Authentication Server

Step 1: Use EAP-TLS to authenticate AS to Station

Step 2: Use TLS key to protect the channel between Station, AS

Step 3: Use Legacy method protected by TLS key to authenticate Station to AS

AP


PEAP Man-in-Middle Attack

83

EAP/Identity Request EAP-Method in Tunnel

EAP/Identity Request

EAP/Identity Response (user id@realm)

WLAN Session Stolen

STA MitM AAA-H Server

PEAP ServerAP

EAP/Identity Response (anonymous@realm)

EAP/Response/ Method Response

EAP/ Request / Method Challenge

EAP/ Success

Tunnel establishment

Tunnel Keys DerivedTunnel Keys Derived

Inner EAP Method Keys Derived & Not used

Inner Method Keys Derived


84

802.1x — The Downside• Only does authentication• Encryption is still required• If used with WEP, the encryption keys are still

static even though the authentication keys change• Authenticator and device must use the same

authentication method• Only supports client-level authentication

85

WPA (Wi-Fi Protected Access)

802.1X

TKIP and AES

WPA

86

WPA (Wi-Fi Protected Access)

• WPA = 802.1X + TKIP• WPA requires authentication and encryption• 802.1X authentication choices include LEAP, PEAP, TLS• WPA has strong industry supporters• Adds to 802.1X and TKIP• Widespread adoption of WPA will add robust security

and remove the “security issue” from the WLAN industry• WPA will become accepted as the standard• It is an interim standard

87

WPA – Fixed WEP’s Problems

• IV changes to 48 bits with no weak keys (900 years to repeat an IV at 10k packets/sec)• Use IV as a replay counter•Message integrity Check (MIC)• Per-packet keying


88

TKIP – Per Packet Keying

48 bit IV16 bit lower IV32 bit upper IV

Key mixing Key mixing

Per-Packet-KeyIVIV d

Session KeyMAC Address

104 bits24 bits128 bits

Fixes the weaknesses of WEP key generation but still uses the RC4 algorithm


802.11i Overview• Confirmed Standard - 2004.6.24• Data Security (Key Management/Crypto Algorithm) • IEEE 802.1aa• Accept 802.11i Key Descriptor• Define Key exchange state machine

• IEEE 802.11i• RSN (Robust Security Network)• Access control based on 802.1X• Dynamic Key Exchange and Management

• New Crypto Algorithm • TKIP – For backward compatibility (WEP) • CCMP – AES-CCM mode

89ETRIhttp://www.ieee802.org/

802.11i Overview• User Authentication

• IEEE 802.1X • Port-Based Network Access Control • Before authentication: uncontrolled port • After authentication: controlled port open

• IEEE 802.1aa• Extra document for 802.1X• After authentication and Key exchange: controlled port open

• EAP (Extensible Authentication Protocol)• Various authentication mechanism will be acceptable • EAP-MD5, EAP-TLS, EAP-TTLS

• AAA (Authentication, Authorization and Accounting) Server • RADIUS (Remote Authentication Dial In User Service) Server - RFC 2865 • Diameter Server - RFC 3588


IEEE 802.11i - Authentication


IEEE 802.11i - Authentication & Key Exchange

92

93

802.11i and WPA• Uses 802.1x authentication• Uses Temporal Key Integrity Protocol (TKIP) to

dynamically change encryption keys after 10,000 packets are transferred• Uses Advanced Encryption Standard (AES)

encryption, which is much better than WEP• A subset of 802.11i, Wi-Fi Protected Access

(WPA) is available as a firmware upgrade today

94

802.11i and WPA Pitfalls• Keys can be cracked using much less than

10,000 packets•Michael feature — shuts down AP if it

receives two login attempts within one second. Hackers can use this to perpetrate a DoS attack.• 802.11i à WPA2

802.11i & 802.1x

95https://www.semanticscholar.org/paper/Security-enhanced-IEEE-802.1x-authentication-method-Park-Kim/c61874e7e8a5b9457fa37338357c90b3aea61091

96

Encryption Effects

Wireless Encryption

Type

Desktop Control Needed

Cost to Implement

Difficult to Manage

Vendor Support

Problems

Vulnerable to Attack

none low low low low high

WEP medium low high low medium

WPA TKIP high high high medium low

802.11i AES high high high high none

VPN high high medium low none


97

End-to-End/Link SecurityEnd-to-End Security

Internet

Link Security

98

VPN Authentication & Encryption

StationAccess Point VPN Gateway

LAN

IPSEC VPN Tunnel


99

Web Authentication

StationAccess Point Web auth

security device

LAN

HTTPSLogin page

BackendRADIUSServer


100

Authentication TypeWireless Auth

TypeDesktop Control Needed

Cost to Implement

Difficult to Manage

Vendor Support

Problems

Vulnerable to Attack

VPN high high medium low low

WEP medium low high low high

802.1x EAP TLS

ceritficates

high high high medium low

802.1x PEAP medium medium medium medium low

Web Auth low low medium low medium


101


þþþþ

102

Wireless Security Concerns

•Management of device security• Corruption of data sent to wireless devices•Malicious code (viruses, Trojans, worms)• Unauthorized users• Confidentiality of data sent wirelessly• Security of data stored on a handheld

device

103

WLAN security management• Open Access• No WEP, WPA, encryption• Broadcast Mode• Basic Security• 40-bit, 128-bit, 256-bit Static Encryption Key• Enhanced Security• Dynamic Encryption Key / Scalable Key Management • Mutual 802.1x/EAP Authentication• TKIP/WPA• Traveling Security• Virtual Private Network (VPN)

104

Wireless Policy Issues• Policy needs to dictate permitted services and

usage• Needs a means of identifying and enforcing

wireless policies• Existing organization security policies need to be

updated to cope with wireless security issues• Policy needs to indicate how access will be

controlled, for instance, time of day

105

Wireless Policy Issues• Every access needs to be logged• User compliance and standards

enforcement• Centralized control of security policies•Wireless intrusion alert issues• Process to update client software levels• Intrusion detection policies

106

Knows Your Organization

12

3

4

User Involvement, Awareness and Roles

Key Password Quality

User and Key Administration

Environment Integrity and Robustness

Network Security and Technology Issues

ClientSecurity

ApplicationSecurity

Audits and Controls, and IDS

Process Management and Standards

Weakness

Strength

Weakness

Weakness

107

More SecurityA laptop in your network connecting to a neighboring Wi-Fi network exposing your corporate data.

Neighbor’s Network

Hacker attacking your network through an internal laptop acting as an unofficial software access point.

Unofficial Access Point

Rogue Access PointHacker attacking your network through an unofficial access point connected to the network.

Hacker attacking your network through an unofficial connection with a misconfigured AP.

Misconfigured Access PointDO NOT

ENTER

DO NOT

ENTER

DO NOT

ENTER

DO NOT

ENTER

108

More Secure WLAN Topology

LAN

Internet

RADIUS

Cisco Firewall (Placement Options)

109

110

Client DifferentiationChannel: 1

SSID: Laptop VLAN: 1

Channel: 6 SSID: PDA VLAN: 2

Channel: 11 SSID: Phone VLAN: 3

802.1Q wired network with

VLANs

111

SSID: Laptop VLAN: 1SSID: PDA VLAN: 2SSID: Phone VLAN: 3

Client Differentiation802.1Q wired network with

VLANs

112

Conclusions • Wireless technology is becoming embedded• Notebooks, PDAs, cell phones, etc.• WLAN is currently unsecure• 802.11 WEP security is insufficient for the enterprise• 802.11i (WPA2) and WPA offer great improvements • People, processes, policies and architecture are

required to deploy WLAN securely

113

References• “WLAN teaching materials” by Anan Phonphoem, Computer Engineering

Dept., Kasetsart University• “Who’s Watching Your Wireless Network?” by Ian Hameroff, Computer

Associates, eTrust™ Security solutions, CA World 2003• “Wireless Configuration and Security Issues” by Greg Gabet, IBMGS, CA

world 2003• “Addressing the Challenges of Adopting Secured Mobility in the Enterprise”

by Hans-Georg Büttner, Ernst & Young IT-Security GmbH, Germany, CA World 2003

• “Wireless Local Area Network Security” by Robert Simkins, University of Derby, UK

• “WLAN Security”, Matthew Joyce, Rutherford Appleton Laboratory, CCLRC• Wireless LAN Security, Threats & Countermeasures, By Joseph Tomasone, Senior

Network Security Engineer, Fortress Technologies, Inc., Session 8, August 10, 2005, Infragard National Conference 2005

• CSG 256 Final Project Presentation, by Dan Ziminski & Bill Davidge• 802.11i Overview, Jesse Walker, Intel Corporation, [email protected]

Documents

WLAN Security - cpe.ku.ac.th