Upload
evelyn-bradley
View
217
Download
0
Embed Size (px)
Citation preview
1© 2002, Cisco Systems, Inc.
WLAN Standards and Security Solutions
Dan CusickMobility Marketing Manager
Cisco Systems, [email protected]
2© 2002, Cisco Systems, Inc.
Agenda
• 802.11 standards activities
• Wireless LAN Security – Authentication and Encryption
• Security Enhancements
• Future trends
3© 2002, Cisco Systems, Inc.
Wireless Technologies
PAN(Personal Area
Network)
LAN(Local Area Network)
WAN(Wide Area Network)
MAN(Metropolitan Area Network)
PANPAN LANLAN MANMAN WANWAN
StandardsStandards BluetoothBluetooth 802.11802.11HiperLAN2HiperLAN2
802.11802.11MMDS, LMDSMMDS, LMDS
GSM, GPRS,GSM, GPRS,CDMA, 2.5-3GCDMA, 2.5-3G
SpeedSpeed < 1Mbps< 1Mbps 11 to 54 Mbps11 to 54 Mbps 11 to 100+ Mbps11 to 100+ Mbps 10 to 384Kbps10 to 384Kbps
RangeRange ShortShort MediumMedium Medium-LongMedium-Long LongLong
ApplicationsApplications Peer-to-PeerPeer-to-PeerDevice-to-DeviceDevice-to-Device Enterprise networksEnterprise networks T1 replacement, last mile T1 replacement, last mile
accessaccessPDAs, Mobile Phones, PDAs, Mobile Phones,
cellular accesscellular access
4© 2002, Cisco Systems, Inc.
WLAN “Alphabet Soup”:IEEE 802.11 Standards Activities
• 802.11a: 5GHz, 54Mbps• 802.11b: 2.4GHz, 11Mbps• 802.11d: Multiple regulatory domains • 802.11e: Quality of Service (QoS)• 802.11f: Inter-Access Point Protocol (IAPP)• 802.11g: 2.4GHz, 54Mbps• 802.11h: Dynamic Frequency Selection
(DFS) and Transmit Power Control (TPC)• 802.11i: Security
5© 2002, Cisco Systems, Inc.
802.11a
• 5 GHz, 54 Mbps, OFDM technologyData rates supported: 54, 48, 36, 24, 12, and 6 MbpsCan “downshift” to lower data rates for longer range
• 802.11a products now available
• Worldwide compatibility issues for 5 GHz bandEffort underway to allow 802.11a operation in European countriesLong-term: Worldwide usage with adoption of Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS) per 802.11h standard
• 5 GHz band has more channels than 2.4 GHz bandUNII-1 + UNII-2 = 8 non-overlapping channels (vs. 3 channels for 2.4GHz)
• 5 GHz band subject to less interference than 2.4 GHz ISM bandHowever, 2.4GHz interference not a major problem in most business environments
6© 2002, Cisco Systems, Inc.
Europe19 Channels(*assumes noantenna gain)
1W200mW
Understanding the 5 GHz Spectrum
5.15 5.35 5.470 5.725 5.8255 GHzUNII Band
5.25
UNII-1: Indoor Use, antenna must be fixed to the radioUNII-2: Indoor/Outdoor Use, fixed or remote antennaUNII-3: Outdoor Bridging Only (EIRP limit is 52 dBm if PtP)
UNII-140mW
(22 dBm EIRP)
UNII-2200mW
(29 dBm EIRP)
US (FCC)12 Channels(*can use up to
6dBi gain antenna)
UNII-3800mW
(35 dBm EIRP)
4 Channels
*if you use a higher gain antenna, you must reduce the transmit power accordingly
4 Channels 4 Channels11 Channels
7© 2002, Cisco Systems, Inc.
802.11g
• 2.4 GHz, up to 54 Mbps, OFDM/CCK technology
• Preliminary draft standard submitted Dec. 2001; currently on 802.11g draft standard v3.0
• Goal: Full forward/backward compatibility with 802.11b
Provide upgrade path & investment protection for 802.11b users
The coming of 802.11g “future proofs” 802.11b purchases today
• Initial SOHO 802.11g products released
• 54 Mbps enterprise-class 802.11g products expected 2nd half of 2003
8© 2002, Cisco Systems, Inc.
802.11 Positioning
5GHz - 802.11a• 54Mbps• Higher expected throughput than
802.11g• 8 channels for indoor use (allows
“honeycomb” network deployment)
• 12 channels total• Global Acceptance • 5 GHz band has less interference
2.4GHz - 802.11b & g• 11Mbps 36Mbps 54Mbps• 3 channels• Worldwide• 802.11g is forward-and-backward
compatible with 802.11b• Easy upgrade path to 802.11g• 802.11b has advantages on cost, size,
& power consumption, so will continue to be popular, especially with PDA’s, phones
Both frequency bands will be successful!
9© 2002, Cisco Systems, Inc.
Agenda
• 802.11 standards activities
• Wireless LAN Security – Authentication and Encryption
• Security Enhancements
• Future trends
10© 2002, Cisco Systems, Inc.
Wireless LAN (WLAN)
Wireless LAN Security Issues
Issue• Wireless sniffer can view all
WLAN data packets• Anyone in AP coverage area
can get on WLAN
802.11 WEP Solution• Encrypt all data transmitted
between client and AP• Without encryption key, user
cannot transmit or receive data
Wired LAN
Goal: Make WLAN security equivalent to that of wired LANs (Wired Equivalent Privacy)
client access point (AP)
11© 2002, Cisco Systems, Inc.
TKIP and AES
Limitations of 802.11 WEP Security
• Shared, static WEP keysNo centralized key managementPoor protection from variety of security attacks
• No effective way to deal with lost or stolen adapter
Possessor has network accessRe-keying of all WLAN client devices is required
• No mutual authentication
• Lack of integrated user administration
Need for separate user databases; no use of RADIUSPotential to identify user only by device attribute like MAC address
• Inherent weaknesses in RC4-based WEP keys
802.1X
WPA
12© 2002, Cisco Systems, Inc.
“Business Class” Security:802.11i Task Group Recommendations
• Mutual Authentication• Dynamic Session Key• Message Integrity Check (MIC)• Temporal Key Integrity Protocol (TKIP)
— Per-packet Key Hashing— Initialization Vector Sequencing— Rapid Re-Keying
• Future— Stronger encryption schemes such as AES
14© 2002, Cisco Systems, Inc.
802.1X-based:Mutual Authentication
RADIUS server authenticates client
Client authenticates RADIUS server DerivekeyDerive
key
Mutual Authentication is required to prevent rogue clients (e.g. in the parking lot) from accessing your network, AND to prevent rogue AP’s from “stealing” data from your clients
Mutual Authentication is required to prevent rogue clients (e.g. in the parking lot) from accessing your network, AND to prevent rogue AP’s from “stealing” data from your clients
Client
EnterpriseNetwork
RADIUS ServerAccess Point
AP blocks all requests until authentication
completes
15© 2002, Cisco Systems, Inc.
802.1X Authentication Types
• LEAP (EAP Cisco Wireless)– User authentication via user ID and password– Supports Windows, CE, Linux, Mac OS, and DOS – Aggressive licensing program by Cisco to other vendors
• EAP-TLS (EAP-Transport Layer Security)– User authentication via client certificates and server certificates– Supported in XP and soon other Windows versions
• PEAP (Protected EAP)– User authentication via user ID and password or OTP– Supported by Cisco Aironet client adapters and by Microsoft in various Windows versions– Uses server-side TLS, which requires only server certificates
• EAP-TTLS– User authentication via user ID and password or OTP– Supported by Funk Software’s Odyssey– Uses server-side TLS
16© 2002, Cisco Systems, Inc.
802.1X/LEAP Mutual Authentication
clientAP
RADIUS server
Start
identity
AP blocks all requests until authentication completes
identity
RADIUS server authenticates client
Request identity
Client authenticates RADIUS server DerivekeyDerive
key
Mutual Authentication is required to prevent rogue clients (e.g. in the parking lot) from accessing your network, AND to prevent rogue AP’s from “stealing” data from your clients
Mutual Authentication is required to prevent rogue clients (e.g. in the parking lot) from accessing your network, AND to prevent rogue AP’s from “stealing” data from your clients
17© 2002, Cisco Systems, Inc.
PEAP Authentication
Use server-side EAP-TLS to authenticate RADIUS server…
user-supplied
token
userdatabase
…and buildSSL-encrypted tunnel
Use tunnel to authenticate user via token, OTPassword, or other
data
PEAP sets up a secure, encrypted tunnel between client and RADIUS server
PEAP sets up a secure, encrypted tunnel between client and RADIUS server
18© 2002, Cisco Systems, Inc.
WEP: AirSnort “Weak IV” Attack
• Attack is based on Fluhrer/Mantin/Shamir paper• Initialization vector (IV) is 24-bit field that changes with
each packet• RC4 Key Scheduling Algorithm creates IV from base key • Flaw in WEP implementation of RC4 allows creation of
“weak” IVs that give insight into base key• More packets = more weak IVs = better chance to
determine base key• To break key, hacker needs 100,000-1,000,000 packets
IV encrypted data WEP framedest addr src addr
19© 2002, Cisco Systems, Inc.
TKIP: WEP Key Hashing
IV base key
RC4
stream cipher
plaintext data
encrypted data
RC4
stream cipher
IV base key
hash
Because packet key is hash of IV and base key, IV no longer
gives insight into base key
XOR
packet keyIV
no key hashing key hashing
20© 2002, Cisco Systems, Inc.
WEP: Bit-Flipping and Replay Attack
• Hacker intercepts WEP-encrypted packet• Hacker flips bits in packet and recalculates ICV CRC32• Hacker transmits to AP bit-flipped frame with known IV• Because CRC32 is correct, AP accepts, forwards frame• Layer 3 device rejects and sends predictable response• AP encrypts response and sends it to hacker• Hacker uses response to derive key (stream cipher)
message XOR
plain text
1234
stream cipher
XXYYZZ
cipher text
XOR 1234
stream cipher
message
predicted plain text
21© 2002, Cisco Systems, Inc.
Message Integrity Check (MIC)
IV encrypted datadest addrWEP frame
stream cipher XOR
Sender adds MIC to packet
stream cipher XOR
Recipient examines MIC; discards packet
if MIC is not intact
src addr
MICseq #plaintext ICV
MICseq #plaintext ICV
22© 2002, Cisco Systems, Inc.
Agenda
• 802.11 standards activities
• Wireless LAN Security – Authentication and Encryption
• Security Enhancements • Future trends
23© 2002, Cisco Systems, Inc.
WPA = “Wi-Fi Protected Access”
• WPA = 802.1X + TKIPWPA requires authentication & encryption802.1X authentication choices include LEAP, PEAP, TLS
• Industry suppliers are strong supporters of WPABuilds on 802.1X and TKIP, similar to what Cisco has been supporting since December 2000Widespread adoption of WPA will remove the “security cloud” from the WLAN industryWPA is as secure as Cisco’s current security offering, WPA will become accepted as the standard
• WPA compliance is needed for Wi-Fi certification of new products beginning in August 2003
Cisco AP currently being tested for use as a WPA reference platform at the Wi-Fi Plugfest
24© 2002, Cisco Systems, Inc.
4 Security Profiles
VirtualPrivate
Network (VPN)
No WEP and Broadcast Mode
Public Access
Open Access 40-bit and 128-bitStatic Encryption Key
Telecommuter & SOHO
Basic SecurityDynamic Encryption Key Scalable Key Managem’t
Mutual 802.1x/EAP Authentication
TKIP/WPA
Mid-Market and Enterprise
Enhanced Security
Public NetworkSecurity
Special Apps./
Business Traveler
25© 2002, Cisco Systems, Inc.
Firewall Enterprise
High Speed
Hotel/Airport
Wireless
SecureIntranet Using VPN
Remote Access Security using VPN
Internet
26© 2002, Cisco Systems, Inc.
VPN for 802.11 Access
Pros• Familiar
In use in most organizationsMakes WLAN and remote access UIs consistent
• Trusted for authentication and privacy
Supports central security managementEnsures 3DES encryption from client to concentrator
• Compatible with Aironet and other WLAN products
Cons• Cost: Requires VPN
concentrators behind APs• Performance: Encryption is
done in software on client• Roaming: Roaming between
VPN concentrators forces application restarts
• QoS: All traffic is IPSec traffic; no QoS, multicast, or multiprotocol support)
• Clients: Not supported on phones, scanners, or other specialized devices
27© 2002, Cisco Systems, Inc.
Client Differentiation without VLANs
SSID: phoneSecurity: WEP
SSID: laptopSecurity: PEAP, TKIP
SSID: pdaSecurity: LEAP, CKIP
Channel: 11SSID: phoneVLAN: 3
802.1Q wired network w/ VLANs
Channel: 6SSID: pdaVLAN: 2
Channel: 1SSID: laptopVLAN: 1
28© 2002, Cisco Systems, Inc.
Client Differentiation with VLANs
SSID: phoneSecurity: WEP
SSID: laptopSecurity: PEAP, TKIP
SSID: pdaSecurity: LEAP, CKIP
Channel: 6SSID laptop = VLAN 1SSID pda = VLAN 2 SSID phone = VLAN 3
802.1Q wired network w/ VLANs
29© 2002, Cisco Systems, Inc.
Firewall
Internet
DataCenter
Simplified L2VLAN’s
Access Points
Firewall to Protect Network Services
30© 2002, Cisco Systems, Inc.
Wireless LAN Security Architecture
• IEEE 802.1x/EAP –Standard network protocol that makes wireless networking as secure as wired.
• Encryption – Enhancements to WEP with TKIP secure all data transmissions
Dynamic Session KeysKey hashing to prevent weak IV’sMessage Integrity Check
• Authentication – Network access is blocked until mutual authentication complete
Selection of authentication type derived from mobile application and devices (TLS, PEAP, LEAP,…)
• VLANs - users can segment traffic and offer differentiated services and policies to different user groups
• WPA – WiFi Protected AccessStandard encryption architecture based on TKIP to be supported as a WECA test standard in August ’03
31© 2002, Cisco Systems, Inc.
Agenda
• 802.11 standards activities
• Wireless LAN Security – Authentication and Encryption
• Security Enhancements • Future trends
32© 2002, Cisco Systems, Inc.
Momentum Continues in Deploying Wireless LANs
• Wireless LANs are an “addictive” technology
• Strong commitment to Wireless LANs by technology heavy-weights–Cisco, IBM, Intel, Microsoft
• Embedded market is growing–Laptop PC’s with “wireless inside”–PDA’s are next
• The WLAN market is expanding from Industry-Specific Applications, to Universities, Homes, & Offices
33© 2002, Cisco Systems, Inc.
Future Trends
• Enterprise wireless applications begin to explodeAvailability of notebooks with imbedded wirelessPDA’s, Web Pads, Phones w/ 802.11Dual band (802.11a/b/g) supported
• Widespread availability of 802.11 accessVLAN’s in the enterprise common areasFranchise locations offering wireless accessService Providers offering wireless access in the public venue
• Mobile worker staying connected at work, home and on the road!
• Multiple Authentication types to be supported in the Enterprise
343434© 2002, Cisco Systems, Inc.