1 © 2002, Cisco Systems, Inc. WLAN Standards and Security Solutions Dan Cusick Mobility Marketing Manager Cisco Systems, Inc. [email protected]

1© 2002, Cisco Systems, Inc.

WLAN Standards and Security Solutions

Dan CusickMobility Marketing Manager

Cisco Systems, [email protected]


Agenda

• 802.11 standards activities

• Wireless LAN Security – Authentication and Encryption

• Security Enhancements

• Future trends


Wireless Technologies

PAN(Personal Area

Network)

LAN(Local Area Network)

WAN(Wide Area Network)

MAN(Metropolitan Area Network)

PANPAN LANLAN MANMAN WANWAN

StandardsStandards BluetoothBluetooth 802.11802.11HiperLAN2HiperLAN2

802.11802.11MMDS, LMDSMMDS, LMDS

GSM, GPRS,GSM, GPRS,CDMA, 2.5-3GCDMA, 2.5-3G

SpeedSpeed < 1Mbps< 1Mbps 11 to 54 Mbps11 to 54 Mbps 11 to 100+ Mbps11 to 100+ Mbps 10 to 384Kbps10 to 384Kbps

RangeRange ShortShort MediumMedium Medium-LongMedium-Long LongLong

ApplicationsApplications Peer-to-PeerPeer-to-PeerDevice-to-DeviceDevice-to-Device Enterprise networksEnterprise networks T1 replacement, last mile T1 replacement, last mile

accessaccessPDAs, Mobile Phones, PDAs, Mobile Phones,

cellular accesscellular access


WLAN “Alphabet Soup”:IEEE 802.11 Standards Activities

• 802.11a: 5GHz, 54Mbps• 802.11b: 2.4GHz, 11Mbps• 802.11d: Multiple regulatory domains • 802.11e: Quality of Service (QoS)• 802.11f: Inter-Access Point Protocol (IAPP)• 802.11g: 2.4GHz, 54Mbps• 802.11h: Dynamic Frequency Selection

(DFS) and Transmit Power Control (TPC)• 802.11i: Security


802.11a

• 5 GHz, 54 Mbps, OFDM technologyData rates supported: 54, 48, 36, 24, 12, and 6 MbpsCan “downshift” to lower data rates for longer range

• 802.11a products now available

• Worldwide compatibility issues for 5 GHz bandEffort underway to allow 802.11a operation in European countriesLong-term: Worldwide usage with adoption of Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS) per 802.11h standard

• 5 GHz band has more channels than 2.4 GHz bandUNII-1 + UNII-2 = 8 non-overlapping channels (vs. 3 channels for 2.4GHz)

• 5 GHz band subject to less interference than 2.4 GHz ISM bandHowever, 2.4GHz interference not a major problem in most business environments


Europe19 Channels(*assumes noantenna gain)

1W200mW

Understanding the 5 GHz Spectrum

5.15 5.35 5.470 5.725 5.8255 GHzUNII Band

5.25

UNII-1: Indoor Use, antenna must be fixed to the radioUNII-2: Indoor/Outdoor Use, fixed or remote antennaUNII-3: Outdoor Bridging Only (EIRP limit is 52 dBm if PtP)

UNII-140mW

(22 dBm EIRP)

UNII-2200mW

(29 dBm EIRP)

US (FCC)12 Channels(*can use up to

6dBi gain antenna)

UNII-3800mW

(35 dBm EIRP)

4 Channels

*if you use a higher gain antenna, you must reduce the transmit power accordingly

4 Channels 4 Channels11 Channels


802.11g

• 2.4 GHz, up to 54 Mbps, OFDM/CCK technology

• Preliminary draft standard submitted Dec. 2001; currently on 802.11g draft standard v3.0

• Goal: Full forward/backward compatibility with 802.11b

Provide upgrade path & investment protection for 802.11b users

The coming of 802.11g “future proofs” 802.11b purchases today

• Initial SOHO 802.11g products released

• 54 Mbps enterprise-class 802.11g products expected 2nd half of 2003


802.11 Positioning

5GHz - 802.11a• 54Mbps• Higher expected throughput than

802.11g• 8 channels for indoor use (allows

“honeycomb” network deployment)

• 12 channels total• Global Acceptance • 5 GHz band has less interference

2.4GHz - 802.11b & g• 11Mbps 36Mbps 54Mbps• 3 channels• Worldwide• 802.11g is forward-and-backward

compatible with 802.11b• Easy upgrade path to 802.11g• 802.11b has advantages on cost, size,

& power consumption, so will continue to be popular, especially with PDA’s, phones

Both frequency bands will be successful!


Agenda



• Security Enhancements

• Future trends


Wireless LAN (WLAN)

Wireless LAN Security Issues

Issue• Wireless sniffer can view all

WLAN data packets• Anyone in AP coverage area

can get on WLAN

802.11 WEP Solution• Encrypt all data transmitted

between client and AP• Without encryption key, user

cannot transmit or receive data

Wired LAN

Goal: Make WLAN security equivalent to that of wired LANs (Wired Equivalent Privacy)

client access point (AP)


TKIP and AES

Limitations of 802.11 WEP Security

• Shared, static WEP keysNo centralized key managementPoor protection from variety of security attacks

• No effective way to deal with lost or stolen adapter

Possessor has network accessRe-keying of all WLAN client devices is required

• No mutual authentication

• Lack of integrated user administration

Need for separate user databases; no use of RADIUSPotential to identify user only by device attribute like MAC address

• Inherent weaknesses in RC4-based WEP keys

802.1X

WPA


“Business Class” Security:802.11i Task Group Recommendations

• Mutual Authentication• Dynamic Session Key• Message Integrity Check (MIC)• Temporal Key Integrity Protocol (TKIP)

— Per-packet Key Hashing— Initialization Vector Sequencing— Rapid Re-Keying

• Future— Stronger encryption schemes such as AES


802.1X-based:Mutual Authentication

RADIUS server authenticates client

Client authenticates RADIUS server DerivekeyDerive

key

Mutual Authentication is required to prevent rogue clients (e.g. in the parking lot) from accessing your network, AND to prevent rogue AP’s from “stealing” data from your clients


Client

EnterpriseNetwork

RADIUS ServerAccess Point

AP blocks all requests until authentication

completes


802.1X Authentication Types

• LEAP (EAP Cisco Wireless)– User authentication via user ID and password– Supports Windows, CE, Linux, Mac OS, and DOS – Aggressive licensing program by Cisco to other vendors

• EAP-TLS (EAP-Transport Layer Security)– User authentication via client certificates and server certificates– Supported in XP and soon other Windows versions

• PEAP (Protected EAP)– User authentication via user ID and password or OTP– Supported by Cisco Aironet client adapters and by Microsoft in various Windows versions– Uses server-side TLS, which requires only server certificates

• EAP-TTLS– User authentication via user ID and password or OTP– Supported by Funk Software’s Odyssey– Uses server-side TLS


802.1X/LEAP Mutual Authentication

clientAP

RADIUS server

Start

identity

AP blocks all requests until authentication completes

identity

RADIUS server authenticates client

Request identity

Client authenticates RADIUS server DerivekeyDerive

key




PEAP Authentication

Use server-side EAP-TLS to authenticate RADIUS server…

user-supplied

token

userdatabase

…and buildSSL-encrypted tunnel

Use tunnel to authenticate user via token, OTPassword, or other

data

PEAP sets up a secure, encrypted tunnel between client and RADIUS server

PEAP sets up a secure, encrypted tunnel between client and RADIUS server


WEP: AirSnort “Weak IV” Attack

• Attack is based on Fluhrer/Mantin/Shamir paper• Initialization vector (IV) is 24-bit field that changes with

each packet• RC4 Key Scheduling Algorithm creates IV from base key • Flaw in WEP implementation of RC4 allows creation of

“weak” IVs that give insight into base key• More packets = more weak IVs = better chance to

determine base key• To break key, hacker needs 100,000-1,000,000 packets

IV encrypted data WEP framedest addr src addr


TKIP: WEP Key Hashing

IV base key

RC4

stream cipher

plaintext data

encrypted data

RC4

stream cipher

IV base key

hash

Because packet key is hash of IV and base key, IV no longer

gives insight into base key

XOR

packet keyIV

no key hashing key hashing


WEP: Bit-Flipping and Replay Attack

• Hacker intercepts WEP-encrypted packet• Hacker flips bits in packet and recalculates ICV CRC32• Hacker transmits to AP bit-flipped frame with known IV• Because CRC32 is correct, AP accepts, forwards frame• Layer 3 device rejects and sends predictable response• AP encrypts response and sends it to hacker• Hacker uses response to derive key (stream cipher)

message XOR

plain text

1234

stream cipher

XXYYZZ

cipher text

XOR 1234

stream cipher

message

predicted plain text


Message Integrity Check (MIC)

IV encrypted datadest addrWEP frame

stream cipher XOR

Sender adds MIC to packet

stream cipher XOR

Recipient examines MIC; discards packet

if MIC is not intact

src addr

MICseq #plaintext ICV

MICseq #plaintext ICV


Agenda



• Security Enhancements • Future trends


WPA = “Wi-Fi Protected Access”

• WPA = 802.1X + TKIPWPA requires authentication & encryption802.1X authentication choices include LEAP, PEAP, TLS

• Industry suppliers are strong supporters of WPABuilds on 802.1X and TKIP, similar to what Cisco has been supporting since December 2000Widespread adoption of WPA will remove the “security cloud” from the WLAN industryWPA is as secure as Cisco’s current security offering, WPA will become accepted as the standard

• WPA compliance is needed for Wi-Fi certification of new products beginning in August 2003

Cisco AP currently being tested for use as a WPA reference platform at the Wi-Fi Plugfest


4 Security Profiles

VirtualPrivate

Network (VPN)

No WEP and Broadcast Mode

Public Access

Open Access 40-bit and 128-bitStatic Encryption Key

Telecommuter & SOHO

Basic SecurityDynamic Encryption Key Scalable Key Managem’t

Mutual 802.1x/EAP Authentication

TKIP/WPA

Mid-Market and Enterprise

Enhanced Security

Public NetworkSecurity

Special Apps./

Business Traveler


Firewall Enterprise

High Speed

Hotel/Airport

Wireless

SecureIntranet Using VPN

Remote Access Security using VPN

Internet


VPN for 802.11 Access

Pros• Familiar

In use in most organizationsMakes WLAN and remote access UIs consistent

• Trusted for authentication and privacy

Supports central security managementEnsures 3DES encryption from client to concentrator

• Compatible with Aironet and other WLAN products

Cons• Cost: Requires VPN

concentrators behind APs• Performance: Encryption is

done in software on client• Roaming: Roaming between

VPN concentrators forces application restarts

• QoS: All traffic is IPSec traffic; no QoS, multicast, or multiprotocol support)

• Clients: Not supported on phones, scanners, or other specialized devices


Client Differentiation without VLANs

SSID: phoneSecurity: WEP

SSID: laptopSecurity: PEAP, TKIP

SSID: pdaSecurity: LEAP, CKIP

Channel: 11SSID: phoneVLAN: 3

802.1Q wired network w/ VLANs

Channel: 6SSID: pdaVLAN: 2

Channel: 1SSID: laptopVLAN: 1


Client Differentiation with VLANs

SSID: phoneSecurity: WEP

SSID: laptopSecurity: PEAP, TKIP

SSID: pdaSecurity: LEAP, CKIP

Channel: 6SSID laptop = VLAN 1SSID pda = VLAN 2 SSID phone = VLAN 3

802.1Q wired network w/ VLANs


Firewall

Internet

DataCenter

Simplified L2VLAN’s

Access Points

Firewall to Protect Network Services


Wireless LAN Security Architecture

• IEEE 802.1x/EAP –Standard network protocol that makes wireless networking as secure as wired.

• Encryption – Enhancements to WEP with TKIP secure all data transmissions

Dynamic Session KeysKey hashing to prevent weak IV’sMessage Integrity Check

• Authentication – Network access is blocked until mutual authentication complete

Selection of authentication type derived from mobile application and devices (TLS, PEAP, LEAP,…)

• VLANs - users can segment traffic and offer differentiated services and policies to different user groups

• WPA – WiFi Protected AccessStandard encryption architecture based on TKIP to be supported as a WECA test standard in August ’03


Agenda



• Security Enhancements • Future trends


Momentum Continues in Deploying Wireless LANs

• Wireless LANs are an “addictive” technology

• Strong commitment to Wireless LANs by technology heavy-weights–Cisco, IBM, Intel, Microsoft

• Embedded market is growing–Laptop PC’s with “wireless inside”–PDA’s are next

• The WLAN market is expanding from Industry-Specific Applications, to Universities, Homes, & Offices


Future Trends

• Enterprise wireless applications begin to explodeAvailability of notebooks with imbedded wirelessPDA’s, Web Pads, Phones w/ 802.11Dual band (802.11a/b/g) supported

• Widespread availability of 802.11 accessVLAN’s in the enterprise common areasFranchise locations offering wireless accessService Providers offering wireless access in the public venue

• Mobile worker staying connected at work, home and on the road!

• Multiple Authentication types to be supported in the Enterprise


Documents

1 © 2002, Cisco Systems, Inc. WLAN Standards and Security Solutions Dan Cusick Mobility Marketing Manager Cisco Systems, Inc. [email protected]