Embed Size (px)
DESCRIPTION
An Initial Security Analysis of the IEEE 802.1x Standard. Tsai Hsien Pang 2004/11/4. Outline. Introduction IEEE 802.1x Standard Man-in-Middle, Session Hijack attack Proposed solution Conclusion Reference. 802.11 Security. - PowerPoint PPT Presentation
Citation preview
An Initial Security An Initial Security Analysis of the IEEE Analysis of the IEEE
802.1x Standard802.1x Standard
Tsai Hsien PangTsai Hsien Pang
2004/11/42004/11/4
2004/11/4 2
OutlineOutline
► IntroductionIntroduction► IEEE 802.1x StandardIEEE 802.1x Standard►Man-in-Middle, Session Hijack attackMan-in-Middle, Session Hijack attack►Proposed solutionProposed solution►ConclusionConclusion►ReferenceReference
2004/11/4 3
802.11 Security802.11 Security
►A wireless network is broadcast by nature, A wireless network is broadcast by nature, and the media is reachably-broadcast.and the media is reachably-broadcast.
►Authentication and data encryption.Authentication and data encryption.►The 802.11 standard for WLAN communicThe 802.11 standard for WLAN communic
ations introduced the Wired Equivalent Prations introduced the Wired Equivalent Privacy (WEP) protocol.ivacy (WEP) protocol.
2004/11/4 4
Basic Security MechanismsBasic Security Mechanisms
►Two Model: ad-hoc and infrastructure Two Model: ad-hoc and infrastructure mode.mode.
►A wireless client establish a relation A wireless client establish a relation with an AP, called an association.with an AP, called an association. Unauthenticated and unassociatedUnauthenticated and unassociated Authenticated and unassociatedAuthenticated and unassociated Authenticated and associatedAuthenticated and associated
2004/11/4 5
802.11 State Machine802.11 State Machine
► STA and AP exchange STA and AP exchange authentication authentication Management frames Management frames between state 1 and 2.between state 1 and 2.
►Open system ,share Open system ,share key and Mac-address key and Mac-address based control list.based control list.
►WEP was designed to WEP was designed to provide confidentiality.provide confidentiality.
2004/11/4 6
WEP ProtocolWEP Protocol
►The WEP protocol is used in 802.11 networThe WEP protocol is used in 802.11 networks to protect link level data during wirelesks to protect link level data during wireless transmission.s transmission.
► It relies on a secret key It relies on a secret key kk shared between t shared between the communicating parties to protected thhe communicating parties to protected the body of a transmitted frame of data.e body of a transmitted frame of data.
►Encryption of a frame proceeds: checksuEncryption of a frame proceeds: checksumming and encryption.mming and encryption.
2004/11/4 7
WEP Protocol (2)WEP Protocol (2)
2004/11/4 8
The Drawback of WEPThe Drawback of WEP
►Keystream ReuseKeystream Reuse The IV field used by WEP is only 24 bits wide, nThe IV field used by WEP is only 24 bits wide, n
early guaranteeing that the same IV will be reearly guaranteeing that the same IV will be reused for multiple message.used for multiple message.
21)),(42()),(41(21
),(422
),,(411
PPkvRCPkvRCPCC
kvRCPC
kvRCPC
22),(4
11),(4
PCkvRC
PCkvRC
2004/11/4 9
The Drawback of WEP (2)The Drawback of WEP (2)
►Message ModificationMessage Modification The WEP checksum is a linear function of The WEP checksum is a linear function of
the message.the message.
2004/11/4 10
OutlineOutline
► IntroductionIntroduction► IEEE 802.1x Std and RSNIEEE 802.1x Std and RSN►Man-in-Middle, Session Hijack attackMan-in-Middle, Session Hijack attack►Proposed solutionProposed solution►ConclusionConclusion
2004/11/4 11
IEEE 802.1x and RSNIEEE 802.1x and RSN
► IEEE 802.1x is a security framework IEEE 802.1x is a security framework must provide network access must provide network access authentication.authentication.
►RSN (Robust Security Network) RSN (Robust Security Network) provides mechanisms to restrict provides mechanisms to restrict network connectivity to authorized network connectivity to authorized entities only via 802.1x.entities only via 802.1x.
2004/11/4 12
IEEE 802.1x SetupIEEE 802.1x Setup
► SupplicantSupplicant: An entity : An entity use a service via a port use a service via a port on the on the AuthenticatorAuthenticator..
► AuthenticatorAuthenticator: A : A service provider.service provider.
► AAA ServerAAA Server: A central : A central authentication server authentication server which directs the which directs the AuthenticatorAuthenticator to to provide the service provide the service after successful after successful authentication.authentication.
2004/11/4 13
802.11 Association802.11 Association
2004/11/4 14
A Typical Authentication Session A Typical Authentication Session using EAPusing EAP
EAPOL RADIUS
EAPOL Start
2004/11/4 15
Extensible Authentication Extensible Authentication Protocol (EAP)Protocol (EAP)
► EAP is built around EAP is built around the challenge-the challenge-response response communication communication paradigm.paradigm.
► Four type messages: Four type messages: EAP Request, EAP EAP Request, EAP Response, EAP Response, EAP Success, EAP Failure.Success, EAP Failure.
2004/11/4 16
EAPOLEAPOL
► The EAP Over Lan (EAThe EAP Over Lan (EAPOL) protocol carries POL) protocol carries the EAP packets betwthe EAP packets between authenticator aneen authenticator and supplicant.d supplicant.
► An EAPOL key messagAn EAPOL key message provides a way of ce provides a way of communicating a highommunicating a higher-layer negotiated seer-layer negotiated session key.ssion key.
2004/11/4 17
RADIUSRADIUS
►Remote Authentication Dial-In User Remote Authentication Dial-In User Service (RADIUS) Protocol.Service (RADIUS) Protocol.
►The Authentication server and the The Authentication server and the authenticator communicate using the authenticator communicate using the RADIUS.RADIUS.
2004/11/4 18
Dual Port ModelDual Port Model
►The AP (Authenticator) must permit The AP (Authenticator) must permit the EAP traffic before the the EAP traffic before the authentication succeeds.authentication succeeds.
2004/11/4 19
802.11/1x State Machine802.11/1x State Machine
2004/11/4 20
OutlineOutline
► IntroductionIntroduction► IEEE 802.1x Std and RSNIEEE 802.1x Std and RSN►Man-in-Middle, Session Hijack attackMan-in-Middle, Session Hijack attack►Proposed solutionProposed solution►ConclusionConclusion
2004/11/4 21
AttackAttack
►MIM (Man-in-Middle) attack.MIM (Man-in-Middle) attack.►Session Hijacking.Session Hijacking.►Denial of Service (DoS).Denial of Service (DoS).
2004/11/4 22
Man-in-MiddleMan-in-Middle
►An attacker forge this packet on behalf An attacker forge this packet on behalf of the authenticator and potentially of the authenticator and potentially start a simple Man-in-Middle attack.start a simple Man-in-Middle attack.
2004/11/4 23
Session HijackingSession Hijacking
►The session hijack by spoofing a The session hijack by spoofing a 802.11 MAC disassociate message.802.11 MAC disassociate message.
2004/11/4 24
Denial of Service (DoS)Denial of Service (DoS)►EAPOL Logoff, EAPOL Start message EAPOL Logoff, EAPOL Start message
spoofing.spoofing.►EAP failure message spoofing.EAP failure message spoofing.►Spoofing of 802.11 management Spoofing of 802.11 management
frames.frames.►Large number of associate request.Large number of associate request.
2004/11/4 25
OutlineOutline
► IntroductionIntroduction► IEEE 802.1x Std and RSNIEEE 802.1x Std and RSN►Man-in-Middle, Session Hijack attackMan-in-Middle, Session Hijack attack►Proposed solutionProposed solution►ConclusionConclusion
2004/11/4 26
Per-packet Authenticity and Per-packet Authenticity and IntegrityIntegrity
►Lack of per-packet authenticity and Lack of per-packet authenticity and integrity in IEEE 802.11 frames has integrity in IEEE 802.11 frames has been a key contributor in many of the been a key contributor in many of the protocol’s security problems.protocol’s security problems.
►There are currently no plans by the There are currently no plans by the IEEE to add integrity protection to IEEE to add integrity protection to management frame.management frame.
►The session hijack attack primarily The session hijack attack primarily exploited.exploited.
2004/11/4 27
Authenticity and Integrity of Authenticity and Integrity of EAPOL messagesEAPOL messages
►Addition of an EAP authenticator Addition of an EAP authenticator attribute.attribute.
2004/11/4 28
OutlineOutline
► IntroductionIntroduction► IEEE 802.1x Std and RSNIEEE 802.1x Std and RSN►Man-in-Middle, Session Hijack attackMan-in-Middle, Session Hijack attack►Proposed solutionProposed solution►ConclusionConclusion
2004/11/4 29
ConclusionConclusion
►Because the transport medium is Because the transport medium is shared, permits attackers easy and shared, permits attackers easy and unconstrained access.unconstrained access.
►Our attacks demonstrate that the Our attacks demonstrate that the current RSN architecture does not current RSN architecture does not provide strong access control and provide strong access control and authentication.authentication.
2004/11/4 30
ReferenceReference
1. Arunesh Mishra, William A. Arbaugh, “An Initial security analysis of the IEEE 802.1x Standard”.
2. N.Borisov, L.Goldberg, D.Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11”. Proc., Seventh Annual International Conference on Mobile Computing and Networking, July, 2001, pages 180-188.
3. IEEE, Lan man standard of the ieee computer society. Wireless lan media access control and physical layer specification. IEEE standard 802.11, 1997.
