WLAN HackingThreats and Countermeasures
WLAN HackingThreats and Countermeasures
RSA Europe, Vienna, 18 OctoberRSA Europe, Vienna, 18 October
John RhotonHP Services, Mobile Technology Lead
John RhotonHP Services, Mobile Technology Lead
Objectives
• Describe state of WLAN security
— Mechanisms
— Vulnerabilities/threats/exploits
• Provide countermeasures and best practices to address threats
• Requires management of authorized MAC addresses
• LAA (Locally Administered Address) can override UAA (Universally Administered Address)
MAC Filters
802.11b Security Vulnerabilities
• Symmetric secret keys
—Poor key management
—Hardware theft is equivalent to key theft
• Algorithmic weaknesses
—WEP
—Packet spoofing, disassociation attack
—Replay attack
• Decoy AP
• Rogue AP
Equipment of a Wi-Fi freeloader
• Mobile device
— Linux
— Windows
— Pocket PC
• Wireless card
— Orinoco card
— Prism 2 card
• Driver for promiscuous mode
• Cantenna and wireless MMCX to N type cable
Tools
• NetStumbler—access point reconnaissance
— http://www.netstumbler.com
• WEPCrack—breaks 802.11 keys
— http://wepcrack.sourceforge.net/
• AirSnort—breaks 802.11 keys
— Needs only 5-10 million packets
— http://airsnort.shmoo.com/
• chopper
— Released August 2004
— Reduces number of necessary packets to 200-500 thousand
• Aircrack, Airopeek, Airsnare, Airmagnet, Airjack, Aerosol, Kismet, Packetyzer, NAI Sniffer, Retina WiFi Scanner…
FBI – ISSA Los Angeles 2005
FBI Computer Scientist James C. Smith (left) &
FBI Special Agent Geoff Bickers (right)
broke 128-bit WEP key in three minutes
Ten-minute WEP crack
• Kismet
— reconnaissance
• Airodump
— WEP cracking
• Void11
— deauth attack
• Aireplay
— replay attack
Source: tom’s networking
Wireless LAN security evolution
1999 2003 2005
WEPWEP
WPAWPA
802.11i /WPA2
802.11i /WPA2
Timeline
Privacy: 40 bit RC4 with 24 bit IV
Auth: SSID and Shared key
Integrity: CRC
Privacy: Per packet keying (RC4) with 48 bit IV
Auth: 802.1x+ EAP
Integrity: MIC
Privacy: AES
Auth: 802.1x+ EAP
Integrity: MIC
Secu
rity
Improved Security Proposals ( WPA)
• Temporal Key Integrity Protocol
—Fast/Per packet keying
—Message Integrity Check (MIC)
• Multilinear Modular Hash (MMH replaces CRC)
• WPA-Personal
—Pre-shared key (Alphanumeric password)
• WPA-Enterprise
—802.1x (adapted for 802.11 MAC by 802.11i WG) with EAP
—No predefined EAP mechanisms
IEEE 802.1x Explanation
Controlled port
Uncontrolled port
Supplicant Authentication Server
Authenticator
• Restricts physical access to the WLAN
• Handles automated key change
• Can use existing authentication system
EAP Methods client/server dependent
• Both Client and RADIUS server must support same EAP method
• Microsoft
—supports EAP API for XP and W2K.
—EAP-MD5 disallowed for wireless
—EAP-TLS in Windows XP release
—Service pack 1 adds protected EAP (PEAP)
• MS-CHAPv2—passwords
• TLS (SSL channel)—certificates
PEAP-EAP-TLS a little slower than EAP-TLS
• SecurID—but not tested/supported for wireless
802.1x Implementation
• 802.1x supplicant
• 802.1x capable Access Point
• 802.1x Authorization Server
Supplicant(Client)
Authenticator(Access Point)
Authentication Server(RADIUS Server)
RADIUS802.1xEAP EAP
TKIP / MIC
• Ratified June 2004
• AES selected by National Institute of Standards and Technology (NIST) as replacement for DES
• Symmetric-key block cipher
• Computationally efficient
• Can use large keys (> 1024 bits)
• Cipher Block Chaining Message Authentication Code (CBC-MAC or CCMP) replaces TKIP—RFC 3610
• May require equipment upgrades—Some WPA implementations already support AES
• Update for Windows XP (KB893357)
• Transition Security Networks (TSN) interoperate with WEP
• Robust Security Networks (RSN) prohibit WEP
802.11i / WPA2
Role-based Access Control
• Bluesocket
• Perfigo (Cisco)
• Cranite
• Aruba
• HP ProCurve (Vernier)
Role
Schedule
Location
UserAccessControl
IP Address PortTime
VLAN
Enterprise WLAN Security Options
• WPA – Enterprise— Eventual transition to 802.11i
— Requires WPA-compliant APs and NICs
• VPN Overlay— Performance overhead (20-30%)
— VPN Concentrator required
• RBAC— Additional appliance and infrastructure
— Most refined access
Home WLAN: WEP key rotation, firewall, intrusion detection
Public WLAN: MAC address filter, secure billing, VPN passthrough
Rogue Access Points
• Highest risk when WLANs are NOT implemented
— Usually completely unsecured
— Connected by naïve (rather than malicious) users
• Intrusion Detection Products
— Manual, Sensors, Infrastructure
• Multi-layer perimeters
— 802.1x
— RBAC, VPNInternetIntranetAccess
Summary
• WLAN security had a bad start
— WEP is insufficient
— MAC filtering is even worse
• WPA and 802.11i are solid
— As far as we know today…
• Consider multi-layer perimeter control (VPN, RBAC)
• Opt-out disabled
— Rogue access points are the biggest threat of all!
Send mail to: [email protected]