IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan,...

Prepared by : Zuraidy Adnan, FITM UNISEL

1

IWD2243Wireless & Mobile Security

Chapter 3 : Wireless LAN Security


2

3.1 Introduction 802.11 security architecture – Wired

Equivalent Privacy (WEP) Responsible for the CIA in 802.11 network. Designed to be “Wireless Ethernet” Important architectural differences between

802.11 & TWNs 802.11 limited support for roaming, restricted to

wireless access network only While TWN support seamless roaming over large

geographical areas.


3

3.2 WEP Key establishment in 802.11

None, out of scope Relies on preshared key STAs and APs Does not specify how the keys are established.

Anonymity in 802.11 Not a major concern. The use of IP address unlike IMSI in TWNs IP address assign to user can change over time The use of Network Address Translation (NAT) Mapping the internal IP with Global IP (GIP)


4

3.2 WEP (cont.) Authentication in 802.11

Authentication – control access to the network. Wired LAN – security features being inherits from

the network WLAN – no physical access authentication Net authenticate STAs – STA authenticate Net APs – Broadcast beacon (mgmt frame which

announce the existence of the network) Each beacon have Service Set Identifier (SSID) – or

– Net name – identify ESS. STA want to connect – passive / active scan. STAs send probe request to all available channel


5

3.2 WEP (cont.) Authentication in 802.11 (cont.)

Concerned Aps received a probe – send probe-response

STAs find out which station it can join STAs choose the network it whishes to join – based

on signal strength The authentication process start – two options :-

Open System Authentication (OSA) See figure 18.2 : 802.11 OSA, page 408 Using OSA – mean no authentication at all

Shared Key Authentication (SKA)


6


Shared Key Authentication (SKA) See figure 18.3 : 802.11 SKA, page 410 Challenge – response system SKA divide STAs into 2 groups, 1 – allowed access, 2 – all

other STAs Group 1 – STAs share secret key with Aps Using SKA requires, the STAs and APs capable of using WEP,

and the STAs and AP have preshared key.


7


Authentication and Handoffs See figure 18.4 : 802.11 handoffs and security, page 411

What’s wrong with 802.11 authentication? No method specified in WEP for each STA to be assigned

with unique key Many 802.11 deployment share key across Aps One way – no provision for the STA to authenticate the

Net. Pseudo-Authentication scheme

Allows only STAs that knows the SSID to join the Net Using MAC address as a secret.

Aps maintain a list of STA’s MAC, only registered MAC can access the Net


8

3.2 WEP (cont.) Confidentiality in 802.11

See figure 18.5 : WEP, page 414 5 steps to provide confidentiality in 802.11 See figure 18.6 : A WEP packet, page 415 The packet that been produced after encryption

process. What’s wrong with WEP

Usage of RC4 stream chiper, always failed in wireless medium.

Solution : shift synchronization requirement from session to a packet – change keys for every packet.

IV which concatenated with master key per packet being sent in clear text

Susceptible to Fluhrer-Mantin-Shamir (FMS) attack. Specify no rules for IV selection


9

3.2 WEP (cont.) Data Integrity in 802.11

802.11 uses Integrity Check Value (ICV) field in the packet

See figure 18.7 : Data integrity in WEP, page 419 ICV – Cyclic Redundancy Check-32bits (CRC32) CRC32 is linear and not cryptographically

computed Eve still can modify the message!

Loopholes in 802.11 security (summary) The list 1-9, page 421 & 422.


10

3.3 WPA Wi-Fi Protected Access (WPA) Prestandard subset of 802.11i Biggest differences –

Usage of AES (Advanced Encryption Standard) for providing confidentiality and integrity

Usage of Temporal Key Integrity Protocol (TKIP) and MICHAEL.

Both differences makes big changes in WLAN security architecture & hardware parts.

Most parts (h/ware) in 802.11 implementation cannot be used in WPA 802.11i


11

3.3 WPA (cont.) Key establishment

WEP used preshared key establish using out of band mechanism

2 environments – home & enterprise Diff infra capacities to provide security Enterprise – 802.11i use IEEE 802.1X for key

establishment & authentication. 802.1X use backend authentication server Home user – no backend authentication server –

allow out-of-band mechanism for key establishment See figure 18.8 : Key hierarchy in 802.11, page 425


12

3.3 WPA (cont.) Key establishment (cont.)

WPA solve the problem of authentication in WEP by reducing exposure of master key (MK)

WPA extends the two-tier hierarchy to multiple hierarchy.

Pair-wise master key (PMK) – preshared key, or derived from 802.1X

PMK – 32bytes – too long for human to remember Allow user to enter shorter password which will be

used as a seed to generate 32byte key. Pair-wise transient key (PTK) – Session key, consist

of 4 keys, 128bits long.


13


4 keys – encryption key for data, integrity key for data, encryption key for EAPoL msg, and integrity key for EAPoL msg.

PTK derived from PMK using pseudorandom function (PRF)

PRF is based on HMAC-SHA algorithm. Five input values to obtain PTK from PMK :-

PTK = PRF-512(PMK, “pair-wise expansion”, AP_MAC || STA_MAC || Anonce || Snonce)

5 values – PMK, MAC add for two endpoints, one nonce for each endpoints.


14


Nonce – “number-once” – generated at both side Anonce = PRF-256(Random Number, “Init counter”,

AP_MAC || Time) Snonce = PRF-256 (Random Number, “Init

counter”,STA_MAC || Time) Next step – derive per-packet keys from PTK. See figure 18.9 : TKIP encryption, page 427 See “important features to note in (TKIP encrypt)

process”, page 428.


15

3.3 WPA (cont.) Authentication

Home user, 802.11i allows WEP like configuration Enterprise user, 802.11i specify the use of 802.1X 802.1X architected along with Extensible

Authentication Protocol over LAN (EAPoL) See figure 18.10a : 802.1X/EAP port model, page

429 See figure 18.10b : EAPoL, page 429 EAP specify 3 net elements – Supplicant,

Authenticator, Authentication Server See figure 18.10c : EAP over WLAN, page 430 STA – supplicant, AP – authenticator, backend

authentication server


16

3.3 WPA (cont.) Authentication (cont.)

See figure 18.10d : 802.1X network architecture Confidentiality

Enhancement from WEP confidentiality TKIP double the IV size from 24 to 48bits Used for per-packet mixing function, instead of

just add more bits into the size, and still can co-exist in WEP compatible hardware.

Integrity TKIP use a new message integrity check (MIC)

protocol, MICHAEL


17

3.3 WPA (cont.) Integrity (cont.)

MICHAEL – no multiplication operation, instead, just rely on shift and add operations.

Another enhancement – to use IV as a sequence counter.

Overall picture : confidentiality + integrity See figure 18.10e : TKIP – the complete picture,

page 435 How does WPA Fix WEP loopholes

See table 18.1 : WEP loopholes and WPA fixes


18

3.4 WPA2 Only few enhancements features from WPA Enhancements :-

Authentication - Replaces a stream chiper (RC4) with a strong block chiper (AES). Instead, WPA2 embed AES in stream chiper.

Integrity – provides for stronger integrity protection using AES-based CCMP.

See figure 18.15 : WPA2 – the complete picture See table 18.2 : comparison of WEP, WPA, and

WPA2 security architectures.

IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan,...

Documents

Transcript of IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan,...