Chapter 24 Wireless Network Security Wireless Security • Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically involves broadcast communications, which is far more susceptible to eavesdropping and jamming than wired networks Wireless networks are also more vulnerable to active attacks that exploit vulnerabilities in communications protocols Mobility Wireless devices are far more portable and mobile, thus resulting in a number of risks Resources Some wireless devices, such as smartphones and tablets, have sophisticated operating systems but limited memory and processing resources with which to counter threats, including denial of service and malware Accessibility Some wireless devices, such as sensors and robots, may be left unattended in remote and/or hostile locations, thus greatly increasing their vulnerability to physical attacks • • o o o • • • Endpoint Access point Figure 24.1 Wireless Networking Components Wireless Network Threats Accidental Malicious association Ad hoc networks Nontraditional Identity theft (MAC Man-in-the middle networks spoofing) attacks association Denial of service (DoS) Network injection Securing Wireless Transmissions • Principal threats are eavesdropping, altering or inserting messages, and disruption • Countermeasures for eavesdropping: o o • Signal-hiding techniques Encryption The use of encryption and authentication protocols is the standard method of countering attempts to alter or insert transmissions Securing Wireless Networks • The main threat involving wireless access points is unauthorized access to the network • Principal approach for preventing such access is the IEEE 802.1X standard for portbased network access control o • The standard provides an authentication mechanism for devices wishing to attach to a LAN or wireless network Use of 802.1X can prevent rogue access points and other unauthorized devices from becoming insecure backdoors Wireless Network Security Techniques Allow only specific Use encryption computers to access your wireless network Use anti-virus and anti- Change your router’s pre- spyware software and a set password for firewall administration Turn off identifier broadcasting Change the identifier on your router from the default Mobile Device Security • An organization’s networks must accommodate: o Growing use of new devices • o Cloud-based applications • o Applications no longer run solely on physical servers in corporate data centers De-perimeterization • o Significant growth in employee’s use of mobile devices There are a multitude of network perimeters around devices, applications, users, and data External business requirements • The enterprise must also provide guests, third-party contractors, and business partners network access using various devices from a multitude of locations Security Threats Lack of physical security controls Use of applications created by unknown parties Use of untrusted networks Interaction with other systems Use of location services Use of untrusted mobile devices Use of untrusted content Association-Related Services • Transition types, based on mobility: o o o No transition • A station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single BSS BSS transition • Station movement from one BSS to another BSS within the same ESS; delivery of data to the station requires that the addressing capability be able to recognize the new location of the station ESS transition • Station movement from a BSS in one ESS to a BSS within another ESS; maintenance of upper-layer connections supported by 802.11 cannot be guaranteed Services • Association Establishes an initial association between a station and an AP • Enables an established association to be transferred from one AP to another, allowing a mobile station Reassociation to move from one BSS to another • Disassociation A notification from either a station or an AP that an existing association is terminated Wireless LAN Security • • • • Wired Equivalent Privacy (WEP) algorithm o 802.11 privacy Wi-Fi Protected Access (WPA) o Set of security mechanisms that eliminates most 802.11 security issues and was based on the current state of the 802.11i standard Robust Security Network (RSN) o Final form of the 802.11i standard Wi-Fi Alliance certifies vendors in compliance with the full 802.11i specification under the WPA2 program Services Access Control Authentication and Key Generation Protocols Robust Security Network (RSN) IEEE 802.1 Port-based Access Control Extensible Authentication Protocol (EAP) Confidentiality, Data Origin Authentication and Integrity and Replay Protection TKIP CCMP (a) Services and Protocols Algorithms Services Robust Security Network (RSN) Confidentiality Integrity and Data Origin Authentication CCM (AESCTR) CCM TKIP (AESHMAC- HMAC(Michael CBCSHA-1 MD5 MIC) MAC) TKIP (RC4) NIST Key Wrap Key Generation HMACSHA-1 RFC 1750 (b) Cryptographic Algorithms CBC-MAC CCM CCMP TKIP = = = = Cipher Block Block ChainingMessage Authentication Code(MAC) Counter Modewith Cipher Block ChainingMessage Authentication Code Counter Modewith Cipher Block ChainingMAC Protocol Temporal Key Integrity Protocol Figure24.6 Elements of IEEE 802.11i STA AP AS Phase1 - Discovery Phase2 - Authentication Phase3 - Key Management Phase4 - Protected Data Transfer Phase5 - Connection Termination Figure24.7 IEEE 802.11i Phases of Operation End Station STA Station sends a request to join network AP Proberequest Proberesponse Station sends a request to perform null authentication Station sends a request to associatewith AP with security parameters Open system authentication request Open system authentication response AS AP sends possible security parameter (security capabilties set per thesecurity policy) AP performs null authentication Association request Association response Station sets selected security parameters 802.1X controlled port blocked AP sends theassociated security parameters 802.1x EAP request 802.1x EAP response Access request (EAP request) ExtensibleAuthentication Protocol Exchange Accept/EAP-success key material 802.1x EAP success 802.1X controlled port blocked Figure24.8 IEEE 802.11i Phases of Operation: Capability Discovery, Authentication, and Association Uncontrolled port Authentication server Accesspoint Station Controlled port Controlled port To other wireless stations on this BSS To DS Figure24.9 802.1X Access Control MPDU Exchange • Authentication phase consists of three phases: o Connect to AS • The STA sends a request to its AP that it has an association with for connection to the AS; the AP acknowledges this request and sends an access request to the AS o EAP exchange o Secure key delivery • • Authenticates the STA and AS to each other Once authentication is established, the AS generates a master session key and sends it to the STA Out-of-band path PSK EAP method path AAAK or MSK Pre-shared key 256 bits Legend User-defined cryptoid AAA key ≥256 bits EAP authentication PMK No modification Possibletruncation PRF (pseudo-random function) using HMAC-SHA-1 Pairwisemaster key 256 bits following EAP authentication or PSK PTK Pairwisetransient key During 4-way handshake 384 bits (CCMP) 512 bits (TKIP) KCK KEK EAPOL key confirmation key 128 bits TK EAPOL key encryption key 128 bits Temporal key 128 bits (CCMP) 256 bits (TKIP) Thesekeys are components of thePTK (a) Pairwisekey hierarchy GMK (generated by AS) Group master key 256 bits Changes periodically or if compromised GTK Group temporal key 40 bits, 104 bits (WEP) 128 bits (CCMP) 256 bits (TKIP) Changes based on policy (disassociation, deauthentication) (b) Group key hierarchy Figure24.10 IEEE 802.11i Key Hierarchies Table 24.3 IEEE 802.11i Keys for Data Confidentiality and Integrity Protocols (Table can be found on page 757 in the textbook.) STA AP AP’s 802.1X controlled port blocked Message1 EAPOL-key (Anonce, Unicast) Message2 delivers another nonceto the AP so that it can also generatethe PTK It demonstratesto the AP that theSTA is alive, ensures that the PTK is fresh (new) and that thereis no man-in-the-middle Message4 serves as an acknowledgement to Message3 It serves no cryptographic function This messagealso ensures the reliablestart of thegroup key handshake Message1 delivers a nonceto theSTA so that it can generatethePTK Message2 EAPOL-key (Snonce, Unicast, MIC) Message3 EAPOL-key (Install PTK, Unicast, MIC) Message4 EAPOL-key (Unicast, MIC) Message3 demonstrates to theSTA that theauthenticator is alive, ensures that the PTK is fresh (new) and that thereis no man-in-the-middle AP’s 802.1X controlled port unblocked for unicast traffic TheSTA decrypts theGTK and installs it for use Message2 is delivered to the AP This frameserves only as an acknowledgment to theAP Message1 EAPOL-key (GTK, MIC) Message2 EAPOL-key (MIC) Message1 delivers a new GTK to theSTA TheGTK is encrypted beforeit issent and theentire messageis integrity protected TheAP installs theGTK Figure24.11 IEEE 802.11i Phases of Operation: Four-Way Handshakeand Group Key Handshake Temporal Key Integrity Protocol (TKIP) • Designed to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP • Provides two Message integrity services: Data confidentiality Provided by encrypting Adds a message integrity code to the 802.11 MAC frame after the data field the MPDU Counter Mode-CBC MAC Protocol (CCMP) • Intended for newer IEEE 802.11 devices that are equipped with the hardware to support this scheme • Provides two Message integrity services: Data confidentiality Uses the CTR block cipher Uses the cipher-block-chaining message authentication code (CBC-MAC) mode of operation with AES for encryption +1 A B i || K HMAC-SHA-1 R =HMAC-SHA-1(K, A || || B || i) Figure24.12 IEEE 802.11i Pseudorandom Function Summary • • • Wireless Security o o Wireless network threats Wireless security measures Mobile device security o o Security threats Mobile device security strategy IEEE 802.11 wireless LAN overview o o o The Wi-Fi alliance o IEEE 802.11 services IEEE 802 protocol IEEE 802.11 network components and architectural model • IEEE 802.11i wireless LAN security • • • • • • • IEEE 802.11i services IEEE 802.11i phases of operation Discovery phase Authentication phase Key management phase Protected data transfer phase The IEEE 802.11i pseudorandom function ... limtts scope of data and application access Authentication and access control protocols used to verify device and user and establish limits on access Figure24.2 MobileDeviceSecurity Elements Table... Wireless LAN Security • • • • Wired Equivalent Privacy (WEP) algorithm o 802.11 privacy Wi-Fi Protected Access (WPA) o Set of security mechanisms that eliminates most 802.11 security issues and was... Authentication and Integrity and Replay Protection TKIP CCMP (a) Services and Protocols Algorithms Services Robust Security Network (RSN) Confidentiality Integrity and Data Origin Authentication