WLAN Security
Doc.dr.sc. Sabina Baraković
CSA 585 Wireless Security
Topics
Introduction to WLAN
Basics on WLANs
Wired Equivalent Privacy – WEP
Attacks Targeting WLANs
WiFi Protected Access
Sarajevo, 2015 2
INTRODUCTION TO WLAN
Sarajevo, 2015 3
Introduction to WLAN
Sarajevo, 2015 4
WLAN is a network designed as an enhancement to wired LAN using the radio technology
WLAN combines data connectivity with user mobility, while offering cost advantages over wired networks
A WLAN offers important advantages with respect to wired networks
A WLAN allows the mobile terminals to be fully mobile as long as they remain within the radio range
The setting of a WLAN network is an easy and fast process
A WLAN avoids the load of having cables between the mobile terminals
Introduction to WLAN
Sarajevo, 2015 5
A WLAN includes drawbacks
The power of the radio signal goes weaker with the distance to the WLAN access point
The functioning of the network is highly influenced by the environment it is expected to work in (absorption, reflection and interference of radio waves)
The data rate is often lower than the rate provided by the wired networks, because of the limitation of the radio range, the possibility of interference occurrences, and the quasi omnipresence of packet collisions
A WLAN does not allow transmitting and listening on the same channel and at the same time (limitations of the medium)
The mobile terminals attached to a WLAN have limited batteries and computation power, which can generate high communication latency
WLANs are inherently less secure as data is transmitted over radio links
Security in WLAN
Sarajevo, 2015 6
Security mechanisms implemented for WLAN systems are
deployed at layer two and three
The mechanisms implemented at layer two aims to provide the
wire equivalent privacy
Several protocols have been developed; they differ sensibly from
one WLAN technology to another
The security services provided at layer three include support for
secure IP mobility, roaming between different domains, and
user’s authentication
Security in WLAN
Sarajevo, 2015 7
Security mechanisms are required to avoid threats in a cost effective way
The most important security services that can be considered for WLAN networks include confidentiality, authentication of users, authentication of access points, data integrity, non-repudiation of origin, non-repudiation of delivery, auditing and logging, denial of service prevention, and traffic flow analysis prevention
This set of services can be complemented by mechanisms for host security, data driven attack prevention, and organizational security policies
BASICS OF WLANs
Sarajevo, 2015 8
802.11
Sarajevo, 2015 9
802.11 is standard for wireless networking
Extensions to 802.11
802.11d – adds additional regulatory domains for other countries
802.11e – adds QoS enhancements for multimedia and VoIP
802.11f – Internet-Access Point Protocol for roaming between base stations
802.11h – adds dynamic frequency selection for Europe
802.11i – adds security enhancements
802.11j – same as 802.11h, but for Japan
WLAN Basic Infrastructure
Sarajevo, 2015 10
DCF Basic Access Mechanisms
Sarajevo, 2015 11
Sarajevo, 2015 12
WIRED EQUIVALENT PRIVACY - WEP
Sarajevo, 2015 13
Wired Equivalent Privacy - WEP
Sarajevo, 2015 14
WEP is the security solution adopted by the early versions of
802.11 standards
Provides a security level equivalent to the one provided by the
wired LAN in terms of protection of network access
WLAN present two major security vulnerabilities:
Wireless signals are broadcasted and may be easily eavesdropped
Connecting to a WLAN does not require a physical access; Malicious users may easily
connect to APs
In order to address the WLAN vulnerabilities, WEP protocol
encrypts the transmitted messages and authenticates the mobile
users before giving them access to the wireless LAN
WEP Vulnerabilities
Sarajevo, 2015 15
WEP considers only the authentication of mobile stations without requiring the authentication of the AP
The authentication procedure is vulnerable to message injection attacks, thus enabling identity spoofing attacks
WEP does not define how to securely maintain a key base and renew the keys for a better security (the same key is used for authentication and confidentiality services)
Complicated administration of keys at the AP
The integrity of the WEP encrypted messages is easily compromised
WEP architecture does not integrate a mechanism for replayed messages detection
The confidentiality of WEP encrypted messages can be easily compromised
ATTACKS TARGETING WLANs
Sarajevo, 2015 16
Denial of Service Attacks
Sarajevo, 2015 17
WLAN is vulnerable to network-level DoS attacks since allows any client to
associate
802.11 network is a shared medium and a malicious user can flood the network
with traffic, denying access to other devices associated to the targeted access
point
DoS at WLAN can occur due to large file transfers or bandwidth-intense
applications
At the data-link layer, ubiquitous access to the medium again creates new
opportunities for DoS attacks
With wired equivalent privacy (WEP) turned on, an attacker has access to the link layer
information and can perform some DoS attacks
Without WEP, the attacker has full access to manipulate associations between the MS and AP
If the user is not using WEP, he/she is vulnerable to DoS attacks from spoofed APs
Man-in-the-Middle Attacks
Two main forms:
Eavesdropping – occurs when an attacker receives a data communication
stream
Manipulation – an attacker has the ability to receive the victim‘s data and
to retransmit the data after changing it
Sarajevo, 2015 18
Message Modification and Injection
Sarajevo, 2015 19
Messages encrypted by WEP can be modified without detection
Defense against the attack is to disallow the reuse of an initial
vector in multiple packets and require that all receivers enforce
this interdiction
802.11 does not do this although it recommends it
Message Decryption
Sarajevo, 2015 20
An attacker can decrypt messages sent over the air
The idea is to mislead the AP into decrypting some cipher-text for the attacker
IP redirection
The attack can be used when the WEP access point acts as an IP router with Internet connectivity
The idea is to sniff an encrypted packet off the air and use an attack to modify it so that it has a new
destination address that the attacker can control
The AP will decrypt the packet and send it to its new destination
The modified packet will flow from the WLAN to the Internet without being stopped by a firewall
Once it reaches the destination, the attacker can read the packet in the clear
The easiest way to modify the destination IP address is to figure out the original destination IP
address is and modify it
The attacker needs to ensure that the IP checksum in the modified packet is still correct
Message Decryption
Sarajevo, 2015 21
Reaction attacks
Are performed when WEP is used to protect TCP/IP traffic
Do not require connection to the Internet
The attacker monitors the reaction of a recipient of TCP packet and uses what he/she collects to infer information about the unknown plaintext
The attack relies on the fact that a TCP packet is accepted only if the TCP checksum is correct, and when it is accepted, an acknowledgment packet is sent in response
The acknowledgment packets are easily identified by their size, without requiring any effort of decryption
The reaction of the recipient will disclose whether the TCP checksum was valid when the packet was decrypted
WiFi PROTECTED ACCESS
Sarajevo, 2015 22
WiFi Protected Access
Sarajevo, 2015 23
WiFi alliance used ready portions of 802.11i standard to define WPA to overcome the design weaknesses of the WEP architecture while proposing an effective key distribution method
WPA introduces Temporal Key Integrity Protocol (TKIP) which introduces message integrity check as it provided a good integrity level without requiring a lot of computing resources
Uses 128-bit keys and implements a key management method
Provides confidentiality and integrity services
Two versions of WPA:
WPA per-user based security designed for enterprises
WPA pre-shared key mode designed for consumers
Extensible Authentication Protocol - EAP
Sarajevo, 2015 24
EAP defines the messages to exchange at the data link layer level in order to authenticate users
Involves:
Lower layer - monitors the transmission and the reception of the data frames in the correct order between the peer and the authenticator
EAP layer - guarantees a reliable transmission of the EAP packets via the lower layer and delivers and receives EAP messages to and from the EAP peer and authenticator layers
EAP peer and authenticator layers – receive EAP packets and EAP response
EAP method layer – implements the authentication algorithms and receive and transmit EAP messages via EAP peer and authentication layers; implements the authentication logic and determines whether the supplicant is a legitimate user
Comparison between WEP and WPA
Sarajevo, 2015 25
IEEE 802.11i and WPA2
Sarajevo, 2015 26
In addition to TKIP encryption and 802.1x/EAP authentications
supports Advanced Encryption Standard (AES) which will secure the
communication between mobile users operating in the ad hoc mode
May secure the devices implementing the IEEE 802.11b, IEEE 802.11a
and IEEE 802.11g versions but requires hardware upgrade
WPA and WPA2 Vulnerabilities
Sarajevo, 2015 27
Weak password
WPA packet spoofing and decryption
WPS PIN recovery
MS-CHAPv2
Hole196
THANK YOU FOR ATTENTION!
Sarajevo, 2015 28