Penguin

WLUG Meeting - 22 August 2005

Location: University of Waikato, LitB Time: 7pm

DanielLawson is giving a talk on the current state of Wireless Security, covering WEP, WPA, 802.11i? and more.

WEP - Wireline Equivalent Protocol.

  • Introduced in 1997 as part of IEEE 802.11 standard
  • Attempt to make wireless networks "no less secure" than wired ones

Authentication:

  • one-way open authentication (SSID)
  • shared-key authentication

Encryption:

  • Wireline Equivalent Privacy (WEP) key

WEP keys

  • 40 (or 104/128 bit) string
  • uses RC4?
  • combined with 24bit Initialization Vector (IV)

Pros:

  • allows some control over access to network
  • allows some protection against sniffing.

Cons:

  • comprised key = complete breach in security
  • pain to administer large number of machines
  • algorithm broken; can break encryption if enough data observed

WPA - Wi-Fi Protected Access

  • Wi-Fi Alliance assembled a part of the upcoming 802.11i? standardin 2003
  • TKIP for encryption
  • per-user, not per-device authentication and key distribution framework (802.1X?)
  • Extensible Authentication Protocol (EAP)
  • Can still use Pre-Shared Keys (PSK)

TKIP

  • RC4? based
  • Per-packet keying, IV changes, broadcast key rotation to get around WEP insecurities
  • Message Integrity Check (MIC?) to prevent MITM? attacks

802.1X?

  • IEEE standard for port-based authentication
  • Strong mutual authentication between client and auth server
  • Authenticates a client through user-supplied credentials, rather than a computer

Keys

  • TKIP keys dynamically generated and distributed
  • Master key generated to seed key hierarchy
  • Master key given to AP and client
  • Per-user, per-session encryption - brute forcing attack very difficult!

EAP

  • Extensible Authentication Protocol
  • Allows different auth methods without infrastructure changes
  • Originally designed for PPP connections, adapted for LAN (EAPOL)
  • Many EAPOL auth protocols exist - MD5, TLS, CHAP?, MS-CHAPv2?, SIM (Subscriber Identity Module), EAP-AKA (Authentication and Key Agreement), GTC (Generic Token Card)
  • Some methods add a tunnel for authentication information - PEAP, EAP-TTLS (Tunneled TLS)

WPA2?

  • Full IEEE 802.11i? standard
  • Ratified in July 2004
  • TKIP, 802.1X?/EAP
  • Added AES encryption

AES

  • Counter cipher-block chaining mode (CBC), as opposed to WEP's single stream cipher
  • Variable keys sizes - 128, 192, 256 bits
  • "Good security"

Practical Wireless Security

Encryption Methods:

  • Only very early 802.11b devices lack WEP support, .: WEP is a good "minimum"
  • WEP adds some overhead - might see some drop in throughput. Better than handing out your email password?
  • BUT, WEP can be broken.
  • Some 802.11b and most 802.11g (all?) devices have WPA support
  • WPA addresses most of the problems
  • Can still use PSK
  • PSK used to seed the TKIP key hieararchy
  • Changing keys, so bruteforce attack not as feasable
  • WPA shown to still be insecure if keys are less than 20 characters long
  • WPA2? has good encryption (AES)
  • Some WPA implementations have AES support as well. This is also good!

Is PSK ok?

  • For small networks, PSK works well
  • Know the userbase
  • Can control when people add / leave network, and change keys appropriately
  • Low admin time
  • Perfect for home / small office use

When is PSK not ok?

  • Large networks ( > 20 machines ?)
  • Large admin cost
  • Dynamic user base (eg cafe net, conference)
  • If per-user security is needed (eg cafe net, conference)

Other considerations for wireless security:

End-to-end security

  • WEP, WPA, WPA2? only secure "in the air" transmissions. No security on remaining wired transmissions (which might go over an unsecured wireless backhaul!)
  • Use VPNs

Multiple SSIDs

  • Can be used to provide different levels of security
  • different user groups

VLANs

  • Many APs now support VLAN tagging
  • Per-port (per AP)
  • MAC address (per physical computer - bad)
  • Per SSID (SSIDs are sniffable)
  • Per user (via 802.1X?)

Rogue AP detection

  • Network only secure as long as you control all aspects of it
  • insecure APs without strict security controls can cause major security breaches

Implementation of WPA-RADIUS with 802.1X via FreeRadius?

See also: