CCSCSE 20031 WIRELESS LAN SECURITY AND LABORATORY DESIGNS Yasir Zahur T. Andrew Yang University of...
-
Upload
alvin-goodman -
Category
Documents
-
view
214 -
download
1
Transcript of CCSCSE 20031 WIRELESS LAN SECURITY AND LABORATORY DESIGNS Yasir Zahur T. Andrew Yang University of...
CCSCSE 2003 1
WIRELESS LAN SECURITY AND WIRELESS LAN SECURITY AND LABORATORY DESIGNS LABORATORY DESIGNS
Yasir Zahur T. Andrew Yang
University of Houston – Clear Lake
1717thth CCSC Southeastern Conference CCSC Southeastern ConferenceGeorgia Perimeter College - Dunwoody, GAGeorgia Perimeter College - Dunwoody, GA
CCSCSE 2003 2
Agenda
Introduction Standards & Specifications Vulnerabilities Alternate Security Solutions Laboratory Setup
CCSCSE 2003 3
Where Does WLAN Fit ?Where Does WLAN Fit ?
CCSCSE 2003 4
Source: http://www.jiwire.com/?cid=95&kw=802.11&se=google (Nov. 6, 2003)
Traveler's Quick Finder
Browse by location
Free Hotspots 510 hotspots
Hotels 5,910 hotspots
Airports 432 hotspots
Cafes 5,344 hotspots
CCSCSE 2003 5
Growth of WLANGrowth of WLAN
CCSCSE 2003 6
Infrastructure Mode of WLAN
CCSCSE 2003 7
Typical WLAN ArchitectureTypical WLAN Architecture
CCSCSE 2003 8
IEEE 802.11 StandardsIEEE 802.11 StandardsStandard Description Current Status
IEEE 802.11 Standard for WLAN operations at data rates up to 2 Mbps in the 2.4-GHz ISM band
Approved in July 1997
IEEE 802.11a Standard for WLAN operations at data rates up to 54 Mbps in the 5-GHz UNII band
Approved in Sept 1999. End-user products began hipping in early 2002
IEEE 802.11b Standard for WLAN operations at data rates up to 11 Mbps in the 2.4-GHz ISM band
Sept 1999. End-user products began shipping in early 2000
IEEE 802.11g High-rate extension to 802.11b allowing for
data rates up to 54 Mbps in the 2.4-GHz
ISM band
Draft standard adopted Nov 2001.
Full ratification expected late 2002
or early 2003
IEEE 802.11e Enhance the 802.11 MAC to improve and manage Quality of Service, provide classes of service, and enhanced security and
authentication mechanisms. These enhancements should provide the quality required for services such as IP telephony and video
streaming
Still in development, i.e., in the task group (TG) stage
IEEE 802.11f Develop recommended practices for an Inter- access Point Protocol (IAPP) which provides the necessary capabilities to
achieve multi-vendor AP interoperability across a DS supporting IEEE P802.11 Wireless LAN Links
Still in development, i.e., in the task group (TG) stage
IEEE 802.11i Enhance the 802.11 Medium Access Control (MAC) to enhance security and authentication mechanisms
Still in development, i.e., in the task group (TG) stage
CCSCSE 2003 9
Interferences (802.11b)Interferences (802.11b)
2.4GHzCordless
Phone
Access Point
Some other wireless network
Microwave oven
CCSCSE 2003 10
IEEE 802.11b SpecificationsIEEE 802.11b Specifications (a brief overview)(a brief overview)
Transmission of approximately 11 Mbps of data Half Duplex protocol Use of CSMA/CA (collision avoidance) instead of CSMA/CD (collision
detection) Total of 14 frequency channels. FCC allows channels 1 through 11
within the U.S in 2.4 GHz ISM band Only channels 1, 6 and 11 can be used without causing interference
between access points Wired Equivalent Privacy (WEP) based on Symmetric RC4 Encryption
algorithm Use of Service Set Identifier (SSID) as network identifier
CCSCSE 2003 11
General WLAN VulnerabilitiesGeneral WLAN Vulnerabilities
• Eavesdropping• Invasion and Resource Stealing • Traffic Redirection • Denial Of Service Attack • Rogue Access Point • No per packet authentication • No central authentication, authorization, and
accounting (AAA) support
CCSCSE 2003 12
802.11b Vulnerabilities802.11b Vulnerabilities
• MAC address based authentication• One-Way authentication • SSID • Static WEP Keys • WEP key vulnerabilities
o Manual Key Management o Key Size o Initialization Vector o Decryption Dictionaries
CCSCSE 2003 13
WEP EncryptionWEP Encryption
CCSCSE 2003 14
IEEE 802.1xIEEE 802.1x
IEEE 802.1x is a port based authentication protocol. It forms the basis for IEEE 802.11i standard. There are three different types of entities in a typical 802.1x network
including a supplicant, an authenticator, and an authentication server. In an un-authorized state, the port allows only DHCP and EAP
(Extensible Authentication Protocol) traffic to pass through.
CCSCSE 2003 15
EAPOL ExchangeEAPOL Exchange
CCSCSE 2003 16
IEEE 802.1x – Pros / ConsIEEE 802.1x – Pros / Cons
Dynamic Session Key Management Open Standards Based Centralized User Administration User Based Identification Absence Of Mutual Authentication Lack of clear communication between 802.11 and 802.11i
state machines and message authenticity
CCSCSE 2003 17
Absence Of Mutual AuthenticationAbsence Of Mutual Authentication
Supplicant always trusts the Authenticator but not vice versa This opens the door for “MAN IN THE MIDDLE ATTACK”
CCSCSE 2003 18
Session Hijack AttackSession Hijack Attack
802.11i State Machine 802.11 State Machine
CCSCSE 2003 19
Session Hijack AttackSession Hijack Attack (…cont)(…cont)
CCSCSE 2003 20
Alternate SolutionsAlternate Solutions
Virtual Private Networks (VPN) User Authentication Encryption
Cisco LEAP Mutual Authentication Per Session based Keys
Secure Socket Layer (SSL) Encryption Digital Certificates
CCSCSE 2003 21
WEP AttackWEP Attack
CCSCSE 2003 22
Man In The Middle & Man In The Middle & Session Hijack AttacksSession Hijack Attacks
CCSCSE 2003 23
Cisco LEAP SetupCisco LEAP Setup
LEAP Enabled Access Point
LEAP Enabled Client
AAA Server
CCSCSE 2003 24
VPN SetupVPN Setup
Pass Through Access Point
VPN Client VPN Server
CCSCSE 2003 25
SSL SetupSSL Setup
Pass Through Access Point
SSL Client SSL Server
CCSCSE 2003 26
A Specialized Computer Security Lab
NSF CCLI A&I grant: 2003-2005
Two Focuses:a) DCSL: Distributed Computer Security Lab
Between UHCL and UHDPossibly extended to other small or medium-sized collegesCustomizable testbed for various security-related
experiments/projects
b) Module-based Computer Security Courseware DesignOn-goingLooking for collaborators, courseware developers, users, …
CCSCSE 2003 27
CCSCSE 2003 28
Computer Security Courseware
b) Module-based Computer Security Courseware DesignUnits: Modules, submodules, artifacts, …
CCSCSE 2003 29
ReferencesReferences
John Pescatore, “Wireless Networks: Can Security Catch Up With Business?” Arunesh Mishra, William A. Arbaugh
, “An Initial Security Analysis of the IEEE 802.1x Standard”, Department Of Computer Science, University Of Maryland, Feb 06 2002
WLAN Association, “Wireless Networking Standards and Organizations”, WLANA Resource Center, April 17 2002
Cisco Networks, “Cisco Aironet Response to University of Maryland’s paper” John Vollbrecht, David Rago, and Robert Moskowitz
. “Wireless LAN Access Control and Authentication”, White Papers at Interlink Networks Resource Library, 2001
Nikita Borisov, Ian Goldberg, and David Wagner “Security of WEP Algorithm”, ISAAC, Computer Science Department, University Of California Berkely