| Rev | Author | # | Line |
|---|---|---|---|
| 2 | DanielLawson | 1 | WLUG Meeting - 22 August 2005 |
| 1 | CraigBox | 2 | |
| 4 | JohnMcPherson | 3 | Location: University of Waikato, [LitB] |
| 2 | DanielLawson | 4 | Time: 7pm |
| 5 | |||
| 7 | DanielLawson | 6 | DanielLawson is giving a talk on the current state of Wireless Security, covering [WEP], [WPA], [802.11i] and more. |
| 6 | DanielLawson | 7 | |
| 7 | DanielLawson | 8 | [WEP] - Wireline Equivalent Protocol. |
| 9 | * Introduced in 1997 as part of [IEEE] [802.11] standard | ||
| 6 | DanielLawson | 10 | * Attempt to make wireless networks "no less secure" than wired ones |
| 11 | |||
| 12 | Authentication: | ||
| 7 | DanielLawson | 13 | * one-way open authentication ([SSID]) |
| 6 | DanielLawson | 14 | * shared-key authentication |
| 15 | |||
| 16 | Encryption: | ||
| 7 | DanielLawson | 17 | * Wireline Equivalent Privacy ([WEP]) key |
| 6 | DanielLawson | 18 | |
| 7 | DanielLawson | 19 | [WEP] keys |
| 6 | DanielLawson | 20 | * 40 (or 104/128 bit) string |
| 7 | DanielLawson | 21 | * uses [RC4] |
| 22 | * combined with 24bit Initialization Vector ([IV]) | ||
| 6 | DanielLawson | 23 | |
| 24 | Pros: | ||
| 25 | * allows some control over access to network | ||
| 26 | * allows some protection against sniffing. | ||
| 27 | |||
| 28 | Cons: | ||
| 29 | * comprised key = complete breach in security | ||
| 30 | * pain to administer large number of machines | ||
| 31 | * algorithm broken; can break encryption if enough data observed | ||
| 32 | |||
| 7 | DanielLawson | 33 | [WPA] - Wi-Fi Protected Access |
| 34 | * Wi-Fi Alliance assembled a part of the upcoming [802.11i] standardin 2003 | ||
| 35 | * [TKIP] for encryption | ||
| 11 | CraigBox | 36 | * per-user, not per-device authentication and key distribution framework ([802.1X]) |
| 7 | DanielLawson | 37 | * Extensible Authentication Protocol ([EAP]) |
| 38 | * Can still use Pre-Shared Keys ([PSK]) | ||
| 6 | DanielLawson | 39 | |
| 7 | DanielLawson | 40 | [TKIP] |
| 41 | * [RC4] based | ||
| 42 | * Per-packet keying, [IV] changes, broadcast key rotation to get around [WEP] insecurities | ||
| 43 | * Message Integrity Check ([MIC]) to prevent [MITM] attacks | ||
| 6 | DanielLawson | 44 | |
| 11 | CraigBox | 45 | [802.1X] |
| 7 | DanielLawson | 46 | * [IEEE] standard for port-based authentication |
| 6 | DanielLawson | 47 | * Strong mutual authentication between client and auth server |
| 48 | * Authenticates a client through user-supplied credentials, rather than a computer | ||
| 49 | |||
| 50 | Keys | ||
| 7 | DanielLawson | 51 | * [TKIP] keys dynamically generated and distributed |
| 6 | DanielLawson | 52 | * Master key generated to seed key hierarchy |
| 7 | DanielLawson | 53 | * Master key given to [AP] and client |
| 6 | DanielLawson | 54 | * Per-user, per-session encryption - brute forcing attack very difficult! |
| 55 | |||
| 7 | DanielLawson | 56 | [EAP] |
| 6 | DanielLawson | 57 | * Extensible Authentication Protocol |
| 58 | * Allows different auth methods without infrastructure changes | ||
| 12 | CraigBox | 59 | * Originally designed for [PPP] connections, adapted for [LAN] ([EAPOL|EAP]) |
| 60 | * Many [EAPOL|EAP] auth protocols exist - [MD5], [TLS], [CHAP], [MS-CHAPv2], [SIM] (Subscriber Identity Module), EAP-AKA (Authentication and Key Agreement), GTC (Generic Token Card) | ||
| 61 | * Some methods add a tunnel for authentication information - [PEAP|EAP], [EAP-TTLS|EAP] (Tunneled [TLS]) | ||
| 6 | DanielLawson | 62 | |
| 7 | DanielLawson | 63 | [WPA2] |
| 9 | PerryLorier | 64 | * Full [IEEE] [802.11i] standard |
| 6 | DanielLawson | 65 | * Ratified in July 2004 |
| 11 | CraigBox | 66 | * [TKIP], [802.1X]/[EAP] |
| 7 | DanielLawson | 67 | * Added [AES] encryption |
| 6 | DanielLawson | 68 | |
| 7 | DanielLawson | 69 | [AES] |
| 8 | PerryLorier | 70 | * Counter cipher-block chaining mode ([CBC]), as opposed to [WEP]'s single stream cipher |
| 6 | DanielLawson | 71 | * Variable keys sizes - 128, 192, 256 bits |
| 72 | * "Good security" | ||
| 73 | |||
| 74 | |||
| 75 | Practical Wireless Security | ||
| 76 | |||
| 77 | Encryption Methods: | ||
| 78 | |||
| 7 | DanielLawson | 79 | * Only very early [802.11b] devices lack [WEP] support, .: [WEP] is a good "minimum" |
| 80 | * [WEP] adds some overhead - might see some drop in throughput. Better than handing out your email password? | ||
| 81 | * BUT, [WEP] can be broken. | ||
| 6 | DanielLawson | 82 | |
| 7 | DanielLawson | 83 | * Some [802.11b] and most [802.11g] (all?) devices have [WPA] support |
| 84 | * [WPA] addresses most of the problems | ||
| 85 | * Can still use [PSK] | ||
| 86 | * [PSK] used to seed the [TKIP] key hieararchy | ||
| 6 | DanielLawson | 87 | * Changing keys, so bruteforce attack not as feasable |
| 7 | DanielLawson | 88 | * [WPA] shown to still be insecure if keys are less than 20 characters long |
| 6 | DanielLawson | 89 | |
| 7 | DanielLawson | 90 | * [WPA2] has good encryption ([AES]) |
| 91 | * Some [WPA] implementations have [AES] support as well. This is also good! | ||
| 6 | DanielLawson | 92 | |
| 7 | DanielLawson | 93 | Is [PSK] ok? |
| 6 | DanielLawson | 94 | |
| 7 | DanielLawson | 95 | * For small networks, [PSK] works well |
| 6 | DanielLawson | 96 | * Know the userbase |
| 97 | * Can control when people add / leave network, and change keys appropriately | ||
| 98 | * Low admin time | ||
| 99 | * Perfect for home / small office use | ||
| 100 | |||
| 7 | DanielLawson | 101 | When is [PSK] not ok? |
| 6 | DanielLawson | 102 | * Large networks ( > 20 machines ?) |
| 103 | * Large admin cost | ||
| 104 | * Dynamic user base (eg cafe net, conference) | ||
| 105 | * If per-user security is needed (eg cafe net, conference) | ||
| 106 | |||
| 107 | |||
| 108 | Other considerations for wireless security: | ||
| 109 | |||
| 110 | End-to-end security | ||
| 7 | DanielLawson | 111 | * [WEP], [WPA], [WPA2] only secure "in the air" transmissions. No security on remaining wired transmissions (which might go over an unsecured wireless backhaul!) |
| 112 | * Use [VPN]s | ||
| 6 | DanielLawson | 113 | |
| 7 | DanielLawson | 114 | Multiple [SSID]s |
| 6 | DanielLawson | 115 | * Can be used to provide different levels of security |
| 116 | * different user groups | ||
| 117 | |||
| 7 | DanielLawson | 118 | [VLAN]s |
| 119 | * Many [AP]s now support VLAN tagging | ||
| 120 | * Per-port (per [AP]) | ||
| 121 | * [MAC] address (per physical computer - bad) | ||
| 122 | * Per [SSID] ([SSID]s are sniffable) | ||
| 11 | CraigBox | 123 | * Per user (via [802.1X]) |
| 6 | DanielLawson | 124 | |
| 7 | DanielLawson | 125 | Rogue [AP] detection |
| 6 | DanielLawson | 126 | * Network only secure as long as you control all aspects of it |
| 7 | DanielLawson | 127 | * insecure [AP]s without strict security controls can cause major security breaches |
| 6 | DanielLawson | 128 | |
| 129 | |||
| 11 | CraigBox | 130 | Implementation of WPA-RADIUS with 802.1X via FreeRadius |
| 10 | CraigBox | 131 | |
| 132 | See also: | ||
| 133 | |||
| 134 | * [How to set up a wireless network using Windows server WPA and RADIUS|http://www.hansenonline.net/Networking/wlanradius.html] | ||
| 13 | DanielLawson | 135 | * [Comparison of TTLS and PEAP|http://www.oreillynet.com/pub/a/wireless/2002/10/17/peap.html] |
lib/blame.php:177: Warning: Invalid argument supplied for foreach()