Life After WPA
description
Transcript of Life After WPA
Life After WPALife After WPA
Yap Chern NamYap Chern NamSecretary of IEEE Secretary of IEEE Computer ChapterComputer [email protected]@tp.edu.sg
OverviewOverview
What has happened?What has happened? What is going on now?What is going on now? What is up and coming?What is up and coming?
Why WPA/802.11i?Why WPA/802.11i? – Walker, “Unsafe at any Key Size” , IEEE
802.11 doc. 00-362, October 2000 – Arbaugh, “An inductive Chosen Plaintext
Attack against WEP”, IEEE 802.11 doc. 01-230, May 2001
– Borisov, Goldberg, Wagner, “The insecurity of 802.11”,Proceedings of International Conference on Mobile Computing and Networking, July 2001
– Fluhrer, Mantin, Shamir, “Weaknesses in the key schedule algorithm of RC4”, Proceedings of 4th Annual Workshop of Selected Areas of Cryptography, August 2001
How are the Hackers?How are the Hackers?
http://http://www.youtube.com/watch?vwww.youtube.com/watch?v=kDD9PjiQ2_U&feature==kDD9PjiQ2_U&feature=player_embeddedplayer_embedded
Is WPA Safe?Is WPA Safe?
2008, Martin Beck / Erik Tews2008, Martin Beck / Erik Tews• Dictionary Attacks on TKIPDictionary Attacks on TKIP
2009, Masakatu Morii, Toshihiro 2009, Masakatu Morii, Toshihiro • (Reduce under 1 minute)(Reduce under 1 minute)
WPA2 too complex?WPA2 too complex?
Windows 2003 Server;Windows 2003 Server; Windows 2008 ServerWindows 2008 Server
• PEAP/MS-CHAPPEAP/MS-CHAP• Server AuthenticationServer Authenticationhttp://www.microsoft.com/downloads/http://www.microsoft.com/downloads/
details.aspx?familyid=0f7fa9a2-e113-details.aspx?familyid=0f7fa9a2-e113-415b-b2a9-415b-b2a9-b6a3d64c48f5&displaylang=enb6a3d64c48f5&displaylang=en
Low Cost Solutions - Zero ShellLow Cost Solutions - Zero Shell
Voice over IPVoice over IP
2009,"It only took more than 125 2009,"It only took more than 125 years but POTS (plain old telephony years but POTS (plain old telephony service) is now on the decline in the service) is now on the decline in the U.S.," said U.S.," said Ken Dulaney, vice Ken Dulaney, vice president and distinguished analyst president and distinguished analyst at Gartnerat Gartner. "The emergence of VoIP . "The emergence of VoIP and the phenomenal rise of the and the phenomenal rise of the mobile phone now represent the 'dial mobile phone now represent the 'dial tone' for the future" tone' for the future"
IEEE 802.11 SecurityIEEE 802.11 Security
Authentication (Request)
Authentication (Success)
Authentication (Request)
Authentication (Challenge)
Authentication (Response)
Authentication (Success)
Open System Authentication +Re-association
Shared Key Authentication +Re-association
Re-association Request
Re-associationResponse
Re-associationRequest
Re-associationResponse
Mobile Station
Access Point
Mobile Station
Access Point
IEEE 802.1x (EAP/TLS)IEEE 802.1x (EAP/TLS)
EAPOL-Start
EAP Rq (ID)
EAPOL Rs (ID)
EAP-Start
EAPOL Rq (ID)
EAP Rs (ID)
EAP TLS-StartEAPOL TLS-Start
TLS Client HelloTLS Client Hello
TLS Server HelloTLS Server Hello
EAPOL TLS FinishedEAP TLS Finished
EAPOL SuccessPMK Res
Mobile Station / Supplicant
Access Point / Authenticator
RADIUS / Authentication
Server
4 Way Handshake Mutual 4 Way Handshake Mutual AuthenticationAuthentication
EAPOL (key-info, S-nonce, MIC, RSN-IE)
EAPOL (key-info, A-nonce, MIC, RSN-IE)
EAPOL (key-info, MIC)
EAPOL (key-info, A-nonce)
Mobile Station / Supplicant
Access Point / Authenticator
IEEE 802.11e - 2005IEEE 802.11e - 2005
ADDTS request
ADDTS response
Mobile Station / Supplicant
Access Point / Authenticator
BSS TransitionBSS Transition
Data
Ack
Roaming Connection
Roaming Success
Mobile Station Access Point A Access Point B
Data
Ack
Data
Lo
ss and
Tim
ing
du
ring T
ran
sition
Con
nection
P
rocess
Dete
rmin
e Sig
nal L
oss &
S
cann
ing fo
r New
AP
Scanning State
Losing Connection
Security or Voice?Security or Voice?Mobile Station
Access Point / Authenticator
Authentication Server
EAPOL Start
EAP Start
EAP Success – PMK Res
EAPOL Success
EAPO
L
RADI
USMessage D
Message A
Message B
Message C
ADDTS Req
ADDTS Res
Mutual Authenti-
cation
QoS Spec
Mutual Authentication
· Message A = key_info, Anounce
· Message B = key_info, Snounce, MIC, RSE_IE
· Message C = key_info, Anonce, MIC, RSE_IE
· Message D= key_info, MIC
Open SystemAuth
Open SystemAuth
Re-assoc Req
Re-assoc Res
Upper Layer
Authenti-cation
Network SetupNetwork Setup
W2K3R1
S1
AP1
AP2
VG1
STA
CTR1
Voice Traffic on BSS TransitionVoice Traffic on BSS Transition
0.00
2.00
4.00
6.00
8.00
10.00
12.00
1 2 3 4 5 6 7 8 9 10
Trials
Sec
on
ds
WPA2 Clear
Various Codec on Wireless LANVarious Codec on Wireless LAN
0.0010.0020.0030.0040.0050.0060.0070.0080.0090.00
5 10 15 20 25 30 35 40 45 50
Num of Voice Call
Per
cen
t P
kt L
oss
G711.1 G711.2 G723.1 G729.2 G729.3
IEEE 802.11k - 2008IEEE 802.11k - 2008
Load Balancing in WLANLoad Balancing in WLAN Capacity ManagementCapacity Management
Roaming becomes more inportantRoaming becomes more inportant
IEEE 802.11r - 2008IEEE 802.11r - 2008
New IEEE 802.11rMessage Sequence Diagram
Mobile StationAccess Point / Authenticator
Authentication Server
Open SystemAuth
Open SystemAuth
IEEE 802.11rRe-assoc Req
Auth Info
Auth InfoIEEE 802.11rRe-assoc Res
New Message D
Message B and
ADDTS Req
Message C and
ADDTS Res
OPNET SimulationOPNET SimulationRoaming Timing with w/o STA Load
0.00
0.02
0.04
0.06
0.08
0.10
0.12
0.14
0 50 100 150 200 250
BackEnd Latency (mSec)
Roaming Latency (Sec)
IEEE 802.11i Roaming Latency IEEE 802.11i Voice Latency
IEEE 802.11r Roaming Latency IEEE 802.11r Voice Latency
Current SecurityCurrent Security
Management Frame and Control are Management Frame and Control are Clear text.Clear text.
Why so worry so much for Why so worry so much for management frames??....management frames??....
IEEE 802.11k lots of network IEEE 802.11k lots of network information related information, information related information, handoff information handoff information
De-Auth and Dis-Assoc simplest DoSDe-Auth and Dis-Assoc simplest DoS
IEEE 802.11w - 2009IEEE 802.11w - 2009
802.11w get rids of “Spoofed 802.11w get rids of “Spoofed Disconnect” DoS attacksDisconnect” DoS attacks• Deauthentication Deauthentication • DisassociationDisassociation
Certain “Action Management Certain “Action Management Frames” are made anti-spoof Frames” are made anti-spoof • Spectrum Management (IEEE 802.11k)Spectrum Management (IEEE 802.11k)• QoS (IEEE 802.11e)QoS (IEEE 802.11e)• Fast BSS Transition(IEEE 802.11r)Fast BSS Transition(IEEE 802.11r)
How is it done?How is it done?
IEEE 802.11w adds cryptographic IEEE 802.11w adds cryptographic protection to Deauth and Disassocprotection to Deauth and Disassoc• Using MIC attached to the Management Using MIC attached to the Management
Frames.Frames.
Thank YouThank You