Rev | Author | # | Line |
---|---|---|---|
2 | DanielLawson | 1 | WLUG Meeting - 22 August 2005 |
1 | CraigBox | 2 | |
2 | DanielLawson | 3 | Location: University of Waikato, [LitB] |
4 | Time: 7pm | ||
5 | |||
6 | DanielLawson is giving a talk on the current state of Wireless Security, covering [WEP], [WPA], [802.11i] and more. | ||
6 | DanielLawson | 7 | |
8 | [WEP] - Wireline Equivalent Protocol. | ||
9 | * Introduced in 1997 as part of [IEEE] [802.11] standard | ||
10 | * Attempt to make wireless networks "no less secure" than wired ones | ||
11 | |||
12 | Authentication: | ||
13 | * one-way open authentication ([SSID]) | ||
14 | * shared-key authentication | ||
15 | |||
16 | Encryption: | ||
17 | * Wireline Equivalent Privacy ([WEP]) key | ||
18 | |||
19 | [WEP] keys | ||
20 | * 40 (or 104/128 bit) string | ||
21 | * uses [RC4] | ||
22 | * combined with 24bit Initialization Vector ([IV]) | ||
23 | |||
24 | Pros: | ||
25 | * allows some control over access to network | ||
26 | * allows some protection against sniffing. | ||
27 | |||
28 | Cons: | ||
29 | * comprised key = complete breach in security | ||
30 | * pain to administer large number of machines | ||
31 | * algorithm broken; can break encryption if enough data observed | ||
32 | |||
33 | [WPA] - Wi-Fi Protected Access | ||
34 | * Wi-Fi Alliance assembled a part of the upcoming [802.11i] standardin 2003 | ||
35 | * [TKIP] for encryption | ||
36 | * per-user, not per-device authentication and key distribution framework ([802.1X]) | ||
37 | * Extensible Authentication Protocol ([EAP]) | ||
38 | * Can still use Pre-Shared Keys ([PSK]) | ||
39 | |||
40 | [TKIP] | ||
41 | * [RC4] based | ||
42 | * Per-packet keying, [IV] changes, broadcast key rotation to get around [WEP] insecurities | ||
43 | * Message Integrity Check ([MIC]) to prevent [MITM] attacks | ||
44 | |||
45 | [802.1X] | ||
46 | * [IEEE] standard for port-based authentication | ||
47 | * Strong mutual authentication between client and auth server | ||
48 | * Authenticates a client through user-supplied credentials, rather than a computer | ||
49 | |||
50 | Keys | ||
51 | * [TKIP] keys dynamically generated and distributed | ||
52 | * Master key generated to seed key hierarchy | ||
53 | * Master key given to [AP] and client | ||
54 | * Per-user, per-session encryption - brute forcing attack very difficult! | ||
55 | |||
56 | [EAP] | ||
57 | * Extensible Authentication Protocol | ||
58 | * Allows different auth methods without infrastructure changes | ||
59 | * Originally designed for [PPP] connections, adapted for [LAN] ([EAPOL|EAP]) | ||
10 | CraigBox | 60 | * Many [EAPOL|EAP] auth protocols exist - [MD5], [TLS], [CHAP], [MS-CHAPv2], [SIM] (Subscriber Identity Module), EAP-AKA (Authentication and Key Agreement), GTC (Generic Token Card) |
61 | * Some methods add a tunnel for authentication information - [PEAP|EAP], [EAP-TTLS|EAP] (Tunneled [TLS]) | ||
6 | DanielLawson | 62 | |
63 | [WPA2] | ||
64 | * Full [IEEE] [802.11i] standard | ||
65 | * Ratified in July 2004 | ||
66 | * [TKIP], [802.1X]/[EAP] | ||
67 | * Added [AES] encryption | ||
68 | |||
69 | [AES] | ||
8 | PerryLorier | 70 | * Counter cipher-block chaining mode ([CBC]), as opposed to [WEP]'s single stream cipher |
6 | DanielLawson | 71 | * Variable keys sizes - 128, 192, 256 bits |
72 | * "Good security" | ||
73 | |||
74 | |||
75 | Practical Wireless Security | ||
76 | |||
77 | Encryption Methods: | ||
78 | |||
79 | * Only very early [802.11b] devices lack [WEP] support, .: [WEP] is a good "minimum" | ||
80 | * [WEP] adds some overhead - might see some drop in throughput. Better than handing out your email password? | ||
81 | * BUT, [WEP] can be broken. | ||
82 | |||
83 | * Some [802.11b] and most [802.11g] (all?) devices have [WPA] support | ||
84 | * [WPA] addresses most of the problems | ||
85 | * Can still use [PSK] | ||
86 | * [PSK] used to seed the [TKIP] key hieararchy | ||
87 | * Changing keys, so bruteforce attack not as feasable | ||
88 | * [WPA] shown to still be insecure if keys are less than 20 characters long | ||
89 | |||
90 | * [WPA2] has good encryption ([AES]) | ||
91 | * Some [WPA] implementations have [AES] support as well. This is also good! | ||
92 | |||
93 | Is [PSK] ok? | ||
94 | |||
95 | * For small networks, [PSK] works well | ||
96 | * Know the userbase | ||
97 | * Can control when people add / leave network, and change keys appropriately | ||
98 | * Low admin time | ||
99 | * Perfect for home / small office use | ||
100 | |||
101 | When is [PSK] not ok? | ||
102 | * Large networks ( > 20 machines ?) | ||
103 | * Large admin cost | ||
104 | * Dynamic user base (eg cafe net, conference) | ||
105 | * If per-user security is needed (eg cafe net, conference) | ||
106 | |||
107 | |||
108 | Other considerations for wireless security: | ||
109 | |||
110 | End-to-end security | ||
111 | * [WEP], [WPA], [WPA2] only secure "in the air" transmissions. No security on remaining wired transmissions (which might go over an unsecured wireless backhaul!) | ||
112 | * Use [VPN]s | ||
113 | |||
114 | Multiple [SSID]s | ||
115 | * Can be used to provide different levels of security | ||
116 | * different user groups | ||
117 | |||
118 | [VLAN]s | ||
119 | * Many [AP]s now support VLAN tagging | ||
120 | * Per-port (per [AP]) | ||
121 | * [MAC] address (per physical computer - bad) | ||
122 | * Per [SSID] ([SSID]s are sniffable) | ||
123 | * Per user (via [802.1X]) | ||
124 | |||
125 | Rogue [AP] detection | ||
126 | * Network only secure as long as you control all aspects of it | ||
127 | * insecure [AP]s without strict security controls can cause major security breaches | ||
128 | |||
129 | |||
130 | Implementation of WPA-RADIUS with 802.1X via FreeRadius | ||
10 | CraigBox | 131 | |
132 | See also: | ||
133 | |||
134 | * [How to set up a wireless network using Windows server WPA and RADIUS|http://www.hansenonline.net/Networking/wlanradius.html] | ||
13 | DanielLawson | 135 | * [Comparison of TTLS and PEAP|http://www.oreillynet.com/pub/a/wireless/2002/10/17/peap.html] |
lib/blame.php:177: Warning: Invalid argument supplied for foreach()