Wireless network security

Editor's Notes

• #5: ACCESS POINT A wireless access point (AP) is a hardware device that allows wireless communication devices, such as PDAs and mobile computers, to connect to a wireless network. Usually, an AP connects to a wired network, and provides a bridge for data communication between wireless and wired devices. Service set Identifier (SSID) A Service Set Identifier (SSID) is a configurable identification that allows wireless clients to communicate with an appropriate access point. With proper configuration, only clients with correct SSID can communicate with the access points. In effect, SSID acts as a single shared password between access points and clients
• #9: “PARKING LOT" ATTACK Access points emit radio signals in a circular pattern, and the signals almost always extend beyond the physical boundaries of the area they intend to cover. Signals can be intercepted outside buildings, or even through the floors in multi-storey buildings. As a result, attackers can implement a "parking lot" attack, where they actually sit in the organisation’s parking lot and try to access internal hosts via the wireless network. They are now through the firewall, and have the same level of network access as trusted employees within the corporation. An attacker may also fool legitimate wireless clients into connecting to the attacker’s own network by placing a unauthorised access point with a stronger signal in close proximity to wireless clients. The aim is to capture end-user passwords or other sensitive data when users attempt to log on these rogue servers.
• #12: PHYSICAL LAYER The lowest layer of the IEEE 802 reference model is the physical layer, which includes such functions as encoding/decoding of signals and bit transmission/reception. In addition, the physical layer includes a specification of the transmission medium. In the case of IEEE 802.11, the physical layer also defines frequency bands and antenna characteristics. MEDIA ACCESS CONTROL All LANs consist of collections of devices that share the network’s transmission capacity. Some means of controlling access to the transmission medium is needed to provide an orderly and efficient use of that capacity. This is the function of a media access control (MAC) layer. The MAC layer receives data from a higher-layer protocol, typically the Logical Link Control (LLC) layer, in the form of a block of data known as the MAC service data unit (MSDU). LOGICAL LINK CONTROL In most data-link control protocols, the data-link protocol entity is responsible not only for detecting errors using the CRC, but for recovering from those errors by retransmitting damaged frames. In the LAN protocol architecture, these two functions are split between the MAC and LLC layers. The MAC layer is responsible for detecting errors and discarding any frames that contain errors. The LLC layer optionally keeps track of which frames have been successfully received and retransmits unsuccessful frames.
• #13: To allow clients to access the network they must be go through two steps: getting authenticated by the AP, then getting associated. There are two types of authentications used: Shared Key Authentication and Open System Authentication. Open System Authentication is the default authentication protocol for the 802.11 standard. It consists of a simple authentication request containing the station ID and an authentication response containing success or failure data. Upon successful authentication, both stations are considered mutually authenticated.
• #14: Here shared key authentication is shown in diagram When the client wants to connect to the Access Point (AP), it sends a request. Upon that request the AP sends a challenge packet in clear text (unencrypted). The client then encrypt it with its WEP key and sends it back. The AP tries to decrypt the message using its WEP key. If the decryption process succeeded that means the client is an authenticated user, otherwise the access is denied. In this case if someone is sniffing the traffic, they will get a copy of the encrypted and clear text versions of the message. Although Open System Authentication does not offer any kind of authentication, it is more secure. The reason behind the last statement is that Open System Authentication does not expose the WEP key to traffic sniffers.3
• #15: SHARED KEY AUTHENTICATION FLAW Shared key authentication can easily be exploited through a passive attack by eavesdropping on both the challenge and the response between the access point and the authenticating client. Such an attack is possible because the attacker can capture both the plaintext and the cipher text. WEP uses the RC4 stream cipher as its encryption algorithm. A stream cipher works by generating a keystream, i.e. a sequence of pseudo-random bits. The keystream is then XORed against the plaintext to produce the cipher text. If both the plaintext and the ciphertext are known, the keystream can be recovered by simply XORing the plaintext and the ciphertext together. The recovered keystream can then be used by the attacker to encrypt any subsequent challenge text generated by the access point. As a result, the attacker can be authenticated to the access point. In the WEP (Wired Equivalent Privacy) standard both of the authentication modes were supported. In the new security standards, it is not recommended to use shared key authentication
• #16: WEP has three goals to achieve for wireless LAN: confidentiality, availability and integrity [Earle2005] . WEP is now considered insecure for many reasons, nonetheless it served its purpose for a certain amount of time. WEP uses CRC (Cyclical Redundancy Checking) to verify message integrity. On the other side (receiver: AP) the decryption process is the same but reversed.
• #17: WEP uses encryption to provide confidentiality. The encryption process is only between the client and the AP, meaning that packet transfers after the AP (wired LAN) are unencrypted. WEP uses RC4 (discussed earlier) for the encryption purposes. Since RC4 is a stream cipher it needs a seed value to start its key stream generator. This seed is called IV (Initialization Vector). The IV and the shared WEP key are used to encrypt/decrypt transferred packets . In the encryption process, the Integrity check (IC) value is computed and attached to the payload, then the payload is XORed with the encryption key consisting of two sections (IV and WEP Key). The packet is then forwarded with the IV value sent in plain text . WEP uses CRC (Cyclical Redundancy Checking) to verify message integrity. On the other side (receiver: AP) the decryption process is the same but reversed. The AP uses the IV value sent in plain text to decrypt the message by joining it with the shared WEP key. To get a better understanding of the operation, Fig. 14 below shows both encryption and decryption process between the client and AP.
• #18: WEP is now considered insecure for many reasons, nonetheless it served its purpose for a certain amount of time. In the previous section we have described the way the WEP security protocol operates and the main features or properties it possesses. In the following section we will go through WEP weaknesses and flaws. One of the major reasons behind WEP weaknesses is its key length. WEP has a 40-bit key , which can be broken in less than five hours using parallel attacks with the help of normal computer machines[Brown2003] . This issue urged vendors to update WEP from using 40-bit to 104-bit key; the new release is called WEP2. This The main disadvantage of WEP however, is the lack of key management.. Some SOHO users (Small Office/ Home Office) never change their WEP key, which once known the whole system is in jeopardy. In addition to that, WEP does not support mutual authentication. It only authenticates the client, making it open to rouge AP attacks. Another issue is the use of CRC to ensure integrity. While CRC is a good integrity provision standard, it lacks the cryptography feature. CRC is known to be linear. By using a form of induction, knowing enough data (encrypted packets) and acquiring specific plaintext, the WEP key can be resolved [Brown2003] .
• #19: The 802.1x standard was designed for port base authentication for 802 networks. 802.1x does not care what encryption techniques is used, it is only used to authenticate users. EAP (Extensible authentication Protocol) was designed to support multiple authentication methods over point to point connections without requiring IP . EAP allows any of the encryption schemes to be implemented on top of it, adding flexibility to the security design module. EAPOL (EAP over LAN) is EAP's implementation for LANs[EAPOL] .
• #20: The authentication server in the 802.1x framework uses RADIUS (Remote Authentication Dial-In User Service) protocol to provide AAA (Authentication, Authorization and Accounting) service for network clients [RADIUS][Imai2006] . The protocol creates an encrypted tunnel between the AS (Authentication Server) and the Authenticator (AP). Authentication messages are exchanged inside the tunnel to determine if the client has access to the network or not.
• #21: Due to the market need of a better substitute to WEP vendors (WiFi Alliance) took a subset of it and market the new product before the final release under the name WPA (WiFi Protected Access), which was released in April 2003. After the final release of 802.11i the vendors implemented the full specifications under the name WPA2.
• #22: The four-way handshake is designed so that the access point (or authenticator) and wireless client (or supplicant) can independently prove to each other that they know the PSK(Pre Shared Key)/PMK (Pair Wise Master Key), without ever disclosing the key. Instead of disclosing the key, the access point (AP) and client encrypt messages to each other—that can only be decrypted by using the PMK that they already share—and if decryption of the messages was successful, this proves knowledge of the PMK. The actual messages exchanged during the handshake are depicted in the figure and explained below (all messages are sent as EAPOL-Key frames): The AP sends a nonce-value (ANonce) to the STA together with a Key Replay Counter, which is a number that is used to match each pair of messages sent, and discard replayed messages. The STA now has all the attributes to construct the PTK. The STA sends its own nonce-value (SNonce) to the AP together with a Message Integrity Code (MIC), including authentication, which is really a Message Authentication and Integrity Code (MAIC), and the Key Replay Counter which will be the same as Message 1, to allow AP to match the right Message 1. The AP verifies Message 2, by checking MIC, RSN, ANonce and Key Replay Counter Field, and if valid constructs and sends the GTK with another MIC. The STA verifies Message 3, by checking MIC and Key Replay Counter Field, and if valid sends a confirmation to the AP.
• #23: The Group Temporal Key (GTK) used in the network may need to be updated due to the expiration of a preset timer. When a device leaves the network, the GTK also needs to be updated. This is to prevent the device from receiving any more multicast or broadcast messages from the AP. To handle the updating, 802.11i defines a Group Key Handshake that consists of a two-way handshake: The AP sends the new GTK to each STA in the network. The GTK is encrypted using the KEK assigned to that STA, and protects the data from tampering, by use of a MIC. The STA acknowledges the new GTK and replies to the AP.
• #24: To improve data transfer, 802.11i specifies three protocols: TKIP, CCMP and WRAP. TKIP (Temporal Key Integrity Management) was introduced as a "band-aid" solution to WEP problems[ Brown2003] . One of the major advantages of implementing TKIP is that you do not need to update the hardware of the devices to run it. Simple firmware/software upgrade is enough.Unlike WEP, TKIP provides per-packet key mixing, a message integrity check and a re-keying mechanism [ TKIP] . TKIP ensures that every data packet is sent with its own unique encryption key. TKIP is included in 802.11i mainly for backward compatibility.
• #25: WRAP (Wireless Robust Authenticated Protocol) is the LAN implementation of the AES encryption standard introduced earlier. It was ported to wireless to get the benefits of AES encryption. WRAP has intellectual property issues, where three parties have filed for its patent. This problem caused IEEE to replace it with CCMP. CCMP (Counter with Cipher Block Chaining Message Authentication Code Protocol) is considered the optimal solution for secure data transfer under 802.11i. CCMP uses AES for encryption. The use of AES will require a hardware upgrade to support the new encryption algorithm.
• #28: Signal- hiding technique-Organizations can take a number of measures to make it more difficult for an attacker to locate their wireless access points, including turning off service set identifier (SSID) broadcasting by wireless access points; assigning cryptic names to SSIDs; reducing signal strength to the lowest level that still provides requisite coverage; and locating wireless access points in the interior of the building, away from windows and exterior walls. Greater security can be achieved by the use of directional antennas and of signal-shielding techniques.
• #29: 1.Use encryption. Wireless routers are typically equipped with built-in encryption mechanisms for router-to-router traffic. 2. Use antivirus and antispyware software, and a firewall. These facilities should be enabled on all wireless network endpoints. 3. Turn off identifier broadcasting. Wireless routers are typically configured to broadcast an identifying signal so that any device within range can learn of the router’s existence. If a network is configured so that authorized devices know the identity of routers, this capability can be disabled, so as to thwart attackers. 4. Allow only specific computers to access your wireless network. A router can be configured to only communicate with approved MAC addresses. Of course, MAC addresses can be spoofed, so this is just one element of a security strategy.