Types of Attacks-Wireless Networks-Lecture Slides, Slides for Wireless Networking. Amrita Vishwa Vidyapeetham

Wireless Networking

Description: This course consist on introduction to wireless communication, evolution of wireless communication systems, medium access techniques, propagation models, error control techniques, cellular systems, emerging networks. This lecture inlcudes: Types, Attacks, Passive, Active, Inject, Decrypt, Statistical, Analysis, Dictionary, Building
Showing pages  1  -  2  of  25
The preview of this document ends here! Please or to read the full document or to download it.
Document information
Uploaded by: shaje_69kinky
Views: 966
Downloads : 0
University: Amrita Vishwa Vidyapeetham
Upload date: 07/08/2012
Embed this document:

2

Outlines

 Types of Attack  Goals of 802.11 Security  WEP Protocol  WEP Authentication  Security flaws in original 802.11  802.1x Security ► AKM Operations with AS ► AKM operations with PSK

 IBSS Security model

docsity.com

3

Last Lecture

 Introduction ► What is Ad hoc networks? ► Characteristic (Heterogeneous, Self-creating, self-organizing,

self-adminstrating, on-the-fly) ► Ad hoc vs. cellular networks ► Challenges (Spectrum allocation, Self-configuration, Medium

access control (MAC), Energy efficiency, TCP Performance, Mobility management, Security & privacy, Routing protocols, Multicasting, QoS, Service Location, Provision, Access)

 Routing Protocol ► Expected Properties of Ad-hoc Routing Protocols ► A taxonomy for routing protocols in Mobile ad ► Some common protocols (DSDV, AODV, DSR, ZRP, TORA)

docsity.com

4

Types of Attacks

 Passive attacks ► to decrypt traffic based on statistical analysis

 Active attacks ► To inject new traffic from authorized mobile stations,

based on known plaintext  Active attacks ► To decrypt traffic, based on tricking the access point

 Dictionary building attacks ► Allows real-time automated decryption of all traffic

docsity.com

5

802.11 Security

 Goals of 802.11 security ► Access Control

• Ensure that your wireless infrastructure is not used. ► Data Integrity

• Ensure that your data packets are not modified in transit. ► Confidentiality

• Ensure that the contents of your wireless traffic is not learned

 802.11 security consists of two subsystems ► A data encapsulation technique called Wired

Equivalent Privacy (WEP) ► An authentication algorithm called Shared Key

Authentication

docsity.com

6

WEP

 Wireless connections has important security issues to keep the intruders from accessing, reading and modifying the network traffic.

 But mobile systems need to be connected.  We need an algorithm which provides the same

level of security that physical wire does.  WEP is used to ► Protect wireless communication from

eavesdropping. Prevent unauthorized access to wireless network

(feature of WEP, but not an explicit goal in the 802.11 standard)

docsity.com

7

 WEP relies on a secret key which is shared between the sender and the receiver. ► SENDER: Mobile station (e.g. Labtop with a wireless ethernet

card) ► RECEIVER: Access Point (eg. base station)

Secret Key is used to encrypt packets before they are transmitted

Integrity Check is used to ensure packets are not modified in transit. ► The standard does not discuss how shared key is established ► In practice, most installations use a single key which is shared

between all mobile stations and access points.

docsity.com

8

WEP Protocol

 To send a message M: ► Compute a checksum c(M) (is not depend on secret key k) ► Pick an IV v and generate a keystream RC4(v,k) ► XOR <M, c(M)> with the keystream to get the ciphertext ► Transmit v and ciphertext over a radio link

 When received a message M ► Use transmitted v and the shared key k to generate the

keystream RC4(v,k) ► XOR the ciphertext with RC4(v,k) to get <M’,c’> ► Check is c’=c (M’) ► If it is, accept M’ as the message transmitted

docsity.com

9

WEP Encapsulation

802.11 Hdr Data

WEP Encapsulation Summary:

• Encryption Algorithm = RC4

• Per-packet encryption key = 24-bit IV concatenated to a pre-shared key

• WEP allows IV to be reused with any frame

• Data integrity provided by CRC-32 of the plaintext data (the “ICV”)

• Data and ICV are encrypted under the per-packet encryption key

802.11 Hdr DataIV ICV

Encapsulate Decapsulate

docsity.com

10

Defense of WEP

 Integrity Check(IC) field ► Used to ensure that packet has not been modified in

transit  Initialization Vector(IV) ► Used to avoid encrypting two ciphertexts with the

same key stream ► Used to argument the shared key and produce a

different RC4 key for each packet to avoid statistical attacks

docsity.com

11

docsity.com

12

WEP Authentication

Challenge (Nonce)

Response (Nonce RC4 encrypted under shared key)

STA AP

Shared secret distributed out of band

Decrypted nonce OK?

802.11 Authentication Summary:

• Authentication key distributed out-of-band

• Access Point generates a “randomly generated” challenge

• Station encrypts challenge using pre-shared secret

docsity.com

13

Security Flaws

 Physical threat: user loses 802.11 NIC, doesn’t report it ► Attacker with physical possession of NIC may be

capable of accessing the network  Impersonation: User Identification ► 802.11 does not identify users, only NICs ► Problems

• MAC may represent more than one user • Multi-user machines becoming common; which user is

logged on with which MAC? • Users may move between machines • Machine may allow logins by other users within the domain

docsity.com

14

 Mutual Authentication ► 802.11 shared authentication not mutual

• Client authenticates to Access Point but Access Point does not authenticate to client

• Enables rogue access points • Denial of service attacks possible

► Solution • Mutual authentication: Require both sides to demonstrate knowledge of

key  Known Plaintext Attack ► WEP supports per-packet encryption, integrity, but not per-packet

authentication ► Given a known packet (ARP, DHCP, TCP ACK, etc.), possible to

recover RC4 stream ► Enables spoofing of packets until IV changes ► Can insert a packet, calculate ICV, encrypt with known RC4 stream ► Solution

• Add a keyed message integrity check • Change the IV every packet

docsity.com

15

 Denial of Service: Disassociation Attacks ► 802.11 associate/disassociate messages

unencrypted and unauthenticated • Enables forging of disassociation messages • Creates vulnerability to denial of service attacks

 Dictionary Attacks ► WEP keys are derived from passwords that makes it

much easier to break keys by brute force ► Attacker uses a large list of words to try to guess a

password and derive the key

docsity.com

16

How to address these issues

 Addition of new 802.11 authentication methods ► Hardware changes needed for each new method

• Creates incentive to limit number of authentication methods supported, make new methods optional

► Result: No upgrade path to extended authentication ► “Hard coding” authentication methods makes it

difficult to respond to security vulnerabilities  The solution: a flexible security framework ► Implement security framework in upper layers ► Enable plug-in of new authentication, key

management methods without changing NIC or Access Point

docsity.com

17

How 802.1x Address Security Issues of 802.11

 EAP Framework  User Identification & Strong authentication  Dynamic key derivation  Mutual authentication  Per-packet authentication  Dictionary attack precautions

docsity.com

18

 system setup and operation of an RSN, in two cases: when an IEEE 802.1X AS is used and when a PSK is used

 For an ESS, the AP includes an Authenticator, and each associated STA includes a Supplicant.

docsity.com

19

IEEE 802.1X Terminology

Controlled port

Uncontrolled port

Supplicant Authentication

ServerAuthenticator

802.1X

• created to control access to any 802 LAN

• used as a transport for Extensible Authentication Protocol (EAP, RFC 2284)

docsity.com

20

AKM Operation with AS

 Prior to any use of IEEE 802.1X, IEEE 802.11 assumes that the Authenticator and AS have established a secure channel.

 A STA discovers the AP’s security policy through passively monitoring Beacon frames or through active probing ► If IEEE 802.1X authentication is used, the EAP authentication

process starts when the AP’s Authenticator sends the EAP- Request or the STA’s Supplicant sends the EAPOL-Start message.

► EAP authentication frames pass between the Supplicant and AS via the Authenticator and Supplicant’s Uncontrolled Ports.

► The Supplicant and AS authenticate each other and generate a PMK. The PMK is sent from the AS to the Authenticator over the secure channel.

docsity.com

21

docsity.com

22

 A 4-Way Handshake utilizing EAPOL-Key frames is initiated by the Authenticator to do the following: ► Confirm that a live peer holds the PMK. ► Confirm that the PMK is current. ► Derive a fresh pairwise transient key (PTK) from the PMK. ► Install the pairwise encryption and integrity keys into IEEE

802.11. ► Transport the group temporal key (GTK) and GTK sequence

number from Authenticator to Supplicant and install the GTK and GTK sequence number in the STA and, if not already installed, in the AP.

► Confirm the cipher suite selection.

docsity.com

23

Upon successful completion of the 4-Way Handshake, the Authenticator and Supplicant have authenticated each other; and the IEEE 802.1X Controlled Ports are unblocked to permit general data traffic.

docsity.com

24

Operation of AKM with PSM

 The following AKM operations are carried out when the PMK is a PSK: ► A STA discovers the AP’s security policy through

passively monitoring Beacon frames or through active probing A STA associates with an AP and negotiates a security policy.

► The PMK is the PSK. ► The 4-Way Handshake using EAPOL-Key frames is

used just as with IEEE 802.1X authentication, when an AS is present.

► The GTK and GTK sequence number are sent from the Authenticator to the Supplicant just as in the AS case.

docsity.com

25

IBSS Key usage Model

 In an IBSS, the unicast data frames between two STAs are protected with a pairwise key. The key is part of the PTK, which is derived during a 4-Way Handshake.

 In an IBSS, the broadcast/multicast data frames are protected by a key, e.g., named B1, that is generated by the STA transmitting the broadcast/multicast frame.

 To allow other STAs to decrypt broadcast/multicast frames, B1 must be sent to all the other STAs in the IBSS. ► B1 is sent in an EAPOL-Key frame, encrypted under the

EAPOL-Key encryption key (KEK) portion of the PTK, ► and protected from modification by the EAPOL-Key

confirmation key (KCK) portion of the PTK.  In an IBSS, a STA’s SME responds to Deauthentication

frames from a STA by deleting the PTK SA associated with that STA.

docsity.com

26

Summary

 Types of Attack  Goals of 802.11 Security  WEP Protocol  WEP Authentication  Security flaws in original 802.11  802.1x Security ► AKM Operations with AS ► AKM operations with PSK

 IBSS Security model  Next Lecture ► QoS in WLAN and Mobile IP

docsity.com

Docsity is not optimized for the browser you're using. In order to have a better experience please switch to Google Chrome, Firefox, Internet Explorer 9+ or Safari! Download Google Chrome