WLANSecurity

Condensed Version

First generation wireless security

• Many WLANs used the Service Set Identifier (SSID) as a basic form of security.

• Some WLANs controlled access by entering the media access control (MAC) address of each client into the wireless access points.

• Neither option was secure, since wireless sniffing could reveal both valid MAC addresses and the SSID.

AP: "Allow any SSID"

• Most access points have options like "SSID broadcast" and "Allow any SSID".

• These features are usually enabled by default and make it easy to set up a wireless network.

• The "Allow any SSID" option permits the access point to allow access to a client with a blank SSID.

• The "SSID broadcast" sends beacon packets that advertise the SSID. • Disabling these two options does not secure the network, since a

wireless sniffer can easily capture a valid SSID from normal WLAN traffic.

• SSIDs should not be considered a security feature.

AP: "Allow any SSID"

Set Guest Mode SSID• If you want the access point to allow associations from client devices that

do not specify an SSID in their configurations, you can set up a guest SSID. • The access point includes the guest SSID in its beacon. • By default, the access point's default SSID, tsunami, is set to guest mode. • However, to keep your network secure, you should disable the guest mode

SSID on most access points.

AP Default

No Client SSID, but Associated!

Wired equivalent privacy (WEP)

• The IEEE 802.11 standard includes WEP to protect authorized users of a WLAN from casual eavesdropping.

• The IEEE 802.11 WEP standard specified a 40-bit key, so that WEP could be exported and used worldwide.

• Most vendors have extended WEP to 128 bits or more. • When using WEP, both the wireless client and the access point must

have a matching WEP key.• WEP is based upon an existing and familiar encryption type, Rivest

Cipher 4 (RC4).

128 bit WEP is sometimes referred to, and more accurately, as 104 bit WEP.

Also, be sure that Transmit Key numbers match, I.e. Key 1 on both AP and ACU.

AP

ACU

Open Authentication

• Typical Open Authentication on both AP and Client with No WEP keys

Open Authentication and WEP

• A client can associate with an AP, but use WEP to send the encrypted data packets.

• Authentication and data encryption are two different things.– Authentication – Is the client allowed to associate with

this AP?– Encryption – Encrypts the data (payload) and ICV

(Integrity Check Value) fields of the 802.11 MAC– So a client could Associate with the AP, using Open

Authentication (basically no authentication), but use WEP to encrypt the data frames sent after its associated.

Authentication Process – Shared-Key

• Shared key requires the client and the access point to have the same WEP key.

• An access point using Shared Key Authentication sends a challenge text packet to the client.

• If the client has the wrong key or no key, it will fail this portion of the authentication process.

• The client will not be allowed to associate to the AP.

Encryption Modes

• Indicates whether clients should use data encryption when communicating with the device. The three options are:

• None - The device communicates only with client devices that are not using WEP.

• WEP Encryption - Choose Optional or Mandatory. • If optional, client devices can communicate with this access point or

bridge with or without WEP. • If mandatory, client devices must use WEP when communicating with

the access point. Devices not using WEP are not allowed to communicate. WEP (Wired Equivalent Privacy) is an 802.11 standard encryption algorithm originally designed to provide with a level of privacy experienced on a wired LAN. The standard defines WEP base keys of size 40 bits or 104 bits.

Secure 802.11 WLANs

• WLAN industry recognized the vulnerabilities of 802.11 authentication and data privacy.

• Changes are being incorporated into the 802.11i draft standard.

• 802.11i has passed on June 25, 2004.

• Wi-Fi Alliance has put together a subset of the components of 802.11i called Wi-Fi Protected Access (WPA).

• This part of the presentation explains 802.11i and WPA.

Secure 802.11 WLANs

• Many mistakenly believe WEP to be the only component to WLAN security.

• Wireless security consists of four facets:

1. The Authentication Framework – The mechanism that accommodates the authentication algorithm by securely communicating messages between the client, AP, and authentication Server.

2. The Authentication Algorithm – Algorithm that validates the user credentials.

3. The Data Privacy Algorithm – Algorithm that provides data privacy across the wireless medium for data frames.

4. The Data Integrity Algorithm – Algorithm that provides data integrity across the wireless medium to ensure to the receiver that the data frame was not tampered with.

1. The Authentication Framework

• IEEE has addressed the shortcomings of 802.11 authentication by incorporating 802.1X authentication framework.

• 802.1X itself is an IEEE standard that provides all 802 link layer topologies with extensible authentication, normally seen in higher layers.

• 802.1X is based on a Point-to-Point (PPP) authentication framework known as Extensible Authentication Protocol (EAP).

• 802.11i incorporates the 802.1X authentication framework requiring its use for user-based authentication.

802.11i

802.1X (EAP)

• User-based authentication

• Mutual authentication

• Dynamic Key Generation

WPA is a subset

1. The Authentication Framework

• EAP (RFC 2284) and 802.1X do not mandate the use of any specific authentication algorithm.

• Network administrator can use any EAP-compliant authentication type for either 802.1X or EAP authentication.

• The only requirement is that both the 802.11 client (known as the supplicant) and the authentication server support the EAP authentication algorithm.

• This open and extensible architecture lets you use one authentication framework in differing environments, each environment may use a different authentication type.

802.1X/EAP

EAP-Cisco EAP-TLS EAP-PEAP

802.3 802.5 802.11

Authen. Method

Authen. Framework

Access Mechanism

Differing environments

Any EAP-compliant authentication type

802.1X

1. The Authentication Framework

• 802.1X requires three entities– Supplicant – Resides on WLAN client– Authenticator – Resides on AP– Authentication Server – Resides on RADIUS server

3. Data Privacy

• The encryption vulnerabilities in WEP present 802.11 vendors and the IEEE with a predicament:– How can you fix 802.11 encryption without requiring a complete

replacement of AP hardware or client NICs?• The IEEE answered this question with Temporal Key Integrity

Protocol (TKIP) as part of 802.11i (and WPA).• TKIP uses many key functions of WEP to maintain client investment of

existing 802.11 equipment and infrastructure, but fixes several of the vlnerabilities to provide effective data-frame encryption.

3. Data Privacy

• The key enhancements with TKIP are:– Per-frame keying – The WEP key is quickly changed on a per-

frame basis.– Message integrity check (MIC) – A check provides effective data-

frame integrity to prevent frame tampering and frame replay.• Solves statistical attacks such as Airsnort and the IV vulnerability. (FYI

– To be included at a later date.)• Changes WEP key used between client and AP before an attacker can

collect enough frames to derive key bytes.

Broadcast key rotation (BKR)

• The Broadcast Key Rotation (BKR) feature, is also a TKIP enhancement. • BKR protects the multicast traffic of the access point from being exploited by dynamically

changing the multicast encryption key. • The access point rotates the broadcast key after a configured broadcast WEP key timer

expires. • This process should generally be in sync with the timeouts configured on the RADIUS

servers for user re-authentication. • Broadcast key rotation is an excellent alternative to WEP key hashing. • This is true if the WLAN supports wireless client devices that are not Cisco devices or

that cannot be upgraded to the latest firmware for Cisco client devices. • It is recommended that broadcast key rotation be enabled when the access point

services an 802.1x exclusive wireless LAN. • It is not necessary to enable broadcast key rotation if WEP key hashing is enabled. • Use of both key rotation and key hashing provides unnecessary protection. • When broadcast key rotation is enabled, only wireless client devices using LEAP or EAP-

TLS authentication can use the access point. • Client devices using static WEP with open, shared key, or EAP-MD5 authentication

cannot use the access point when broadcast key rotation is enabled.

Advanced Encryption Standard (AES)

• WEP encryption and 802.11 authentication are known to be weak.

• IEEE and WPA are enhancing WEP with TKIP and providing robust authentication options with 802.1x.

• At the same time, IEEE is also looking to stronger encryption mechanisms.

• IEEE has adopted AES to the data-privacy section of the proposed 802.11i standard.

• WPA does not include support for AES encryption.• Later versions of WPA are likely to be released to align with

802.11i for interoperable AES support.• AES is the next generation encryption function approved

by the National Institute of Standards and Technology (NIST).

Second generation encryption

• One issue is that AES requires a coprocessor or additional hardware to operate.

• This means that companies need to replace existing access points and client NICs to implement AES.

• Based on marketing reports, the currently installed base is relatively small compared to predicted future deployments.

• As a result, there will be a very large percentage of new WLAN implementations that will take advantage of AES when it becomes part of 802.11.

• On the other hand, companies that have already installed WLANs will need to determine whether it is worth the costs of upgrading for better security.

Second generation encryption

• AES specifies three key sizes, which are 128, 192, and 256 bits. It uses the Rijndael Algorithm.

• If someone where to build a machine that could recover a Data Encryption Standard (DES) key in a second, then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key.

• To put that into perspective, the universe is believed to be less than 20 billion years old.

Cipher “Suite”

• Cipher suites are sets of encryption and integrity algorithms.

• Suites provide protection of WEP and allow use of authenticated key management.

• Suites with TKIP provide best security.

• Must use a cipher suite to enable:–WPA – Wi-Fi Protected Access–CCKM – Cisco Centralized Key Management

Security Levels