Wireless LAN Security

Kim W. Tracy
NEIU, University Computing
k.w.tracy@ieee.org

1
 Outline

Threats to LANs & Wireless LANs

Wireless LAN Security Techniques

Summary

2
 Fundamental Premise

Security cannot be considered in
isolation and to be effective must
consider the entire system

That is, network and LAN security must
be:

Consistent with other security mechanisms

E.g. application, data, hardware, and physical

Supportive of other security mechanisms

3
Threats

4
LAN Threats
Protecting Integrity

Protecting Secrecy

Network Traffic

Protecting Availability

5
 Specific LAN Threats

Availability

Worms/Virus DoS

Errant applications creating lots of
traffic/malformed traffic

Authentication

Spying devices on LAN

For example, a contractor connecting to LAN

Secrecy

Sniffers being connected to the LAN to collect
passwords, etc.

6
Authentication

7
 Current State of LAN
Authentication

Usually none!

If in the building can plug in to the LAN

Can cause severe problems:

Using LAN for illegal purposes
(company/person may be liable)

Can more easily compromise servers

For example, send spam from your mail servers

Wireless LANs are bringing issue out

8
 Authentication services

802.1X – IEEE standard for LAN authentication

Can use PKI certificate-based authentication

Kerberos (closed environment)

Single login (once per session)

To multiple servers/domains

‘Ticket’ for each server

X.509 (open environment)

Based on public key infrastructure

Used in SSL, IPSEC, S/MIME, SET…

One-way, two-way or three-way authentication

9
Kerberos

10
 X.509 Authentication

A B
[Ta, Ra, B, EkpubB(Kab) ] sgnA
One-way authentication

[Ta, Ra, B, EkpubB(Kab) ] sgnA

Two-way authentication
[Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB

[Ta, Ra, B, EkpubB(Kab) ] sgnA

[Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB

Three-way authentication
[Rb] sgnA

11
 IEEE 802.1X Terminology

Authentication
Supplicant Authenticator Server
Uncontrolled port

Controlled port
802.1X
• created to control access to any 802 LAN
• used as a transport for Extensible Authentication Protocol
(EAP, RFC 2284)
12
 802.1X Model

AP
Authentication
STA Associate
Server
EAP Identity Request
EAP Identity Response EAP Identity Response

EAP Auth Request EAP Auth Request

EAP Auth Response EAP Auth Response

EAP-Success EAP-Success

Authentication traffic

Port Status:
Normal Data 13
Wireless LAN Security

14
 Introduction

802.11 standard specifies the operating
parameters of wireless local area networks
(WLAN)

History: 802.11, b, a, g, i

Minimal security in early versions

Original architecture not well suited for
modern security needs

802.11i attempts to address security issues
with WLANs

15
 802.11b

Wired Equivalent Privacy (WEP)

Confidentiality

Encryption

40-bit keys (increased to 104-bit by WEP2)

Based on RC4 algorithm

Access Control

Shared key authentication + Encryption

Data Integrity

Integrity checksum computed for all messages

16
 802.11b

Vulnerabilities in WEP

Poorly implemented encryption

Key reuse, small keys, no keyed MIC

Weak authentication

No key management

No interception detection

17
 802.11b

Successful attacks on 802.11b

Key recovery - AirSnort

Man-in-the-middle

Denial of service

Authentication forging

Known plaintext

Known ciphertext

18
 802.11i

Security Specifications

Improved Encryption

CCMP (AES), TKIP, WRAP

2-way authentication

Key management

Ad-hoc network support

Improved security architecture

19
802.11i Authentication

Source: Cam-Winget, Moore, Stanley and Walker

20
802.11 Encryption

Source: Cam-Winget, Moore, Stanley and Walker

21
 802.11i – Potential Weaknesses


Hardware requirements

Hardware upgrade needed for AES support

Strength of TKIP and Wrap questionable in the long term

Authentication server needed for 2-way
authentication

Complexity

The more complex a system is, the more likely it
may contain an undetected backdoor

Patchwork nature of “fixing” 802.11b

22
 No Control over WLAN?

Often you want to connect to a wireless LAN
over which you have no control

Options:

If you can, connect securely (WPA2, 802.11i, etc.)

If unsecured, connect to your secure systems
securely:

VPN – Virtual Private Network

SSL connections to secure systems

Be careful not to expose passwords

Watch for direct attacks on untrusted networks

23
 WLAN Security - Going Forward


802.11i appears to be a significant improvement
over 802.11b from a security standpoint

Vendors are nervous about implementing 802.11i
protocols due to how quickly WEP was
compromised after its release

Only time will tell how effective 802.11i actually
will be

Wireless networks will not be completely secure
until the standards that specify them are designed
from the beginning with security in mind

24
 Summary

Wireless LAN Security is not
independent of the greater network
security and system security

Threats to the Wireless LAN are largely
in terms of being available and in
providing a means to attack systems on
the network

That is, not many folks attack routers (yet)

25
 References

ftp://ftp.prenhall.com/pub/esm/web_marketing
/ptr/pfleeger/ch07.pdf
- Charles & Shari Pfleeger’s chapter on
network security

http://www.gocsi.com/forms/fbi/pdf.jhtml - To
request the Computer Security Institute/FBI
yearly survey results (widely referenced)

26