WLUG Meeting - 22 August 2005
Location: University of Waikato, LitB
DanielLawson is giving a talk on the current state of Wireless Security, covering WEP, WPA, 802.11i? and more.
WEP - Wireline Equivalent Protocol.
- Introduced in 1997 as part of IEEE 802.11 standard
- Attempt to make wireless networks "no less secure" than wired ones
- one-way open authentication (SSID)
- shared-key authentication
- Wireline Equivalent Privacy (WEP) key
- 40 (or 104/128 bit) string
- uses RC4?
- combined with 24bit Initialization Vector (IV)
- allows some control over access to network
- allows some protection against sniffing.
- comprised key = complete breach in security
- pain to administer large number of machines
- algorithm broken; can break encryption if enough data observed
WPA - Wi-Fi Protected Access
- Wi-Fi Alliance assembled a part of the upcoming 802.11i? standardin 2003
- TKIP for encryption
- per-user, not per-device authentication and key distribution framework (802.1X?)
- Extensible Authentication Protocol (EAP)
- Can still use Pre-Shared Keys (PSK)
- RC4? based
- Per-packet keying, IV changes, broadcast key rotation to get around WEP insecurities
- Message Integrity Check (MIC?) to prevent MITM? attacks
- IEEE standard for port-based authentication
- Strong mutual authentication between client and auth server
- Authenticates a client through user-supplied credentials, rather than a computer
- TKIP keys dynamically generated and distributed
- Master key generated to seed key hierarchy
- Master key given to AP and client
- Per-user, per-session encryption - brute forcing attack very difficult!
- Extensible Authentication Protocol
- Allows different auth methods without infrastructure changes
- Originally designed for PPP connections, adapted for LAN (EAPOL)
- Many EAPOL auth protocols exist - MD5, TLS, CHAP?, MS-CHAPv2?, SIM (Subscriber Identity Module), EAP-AKA (Authentication and Key Agreement), GTC (Generic Token Card)
- Some methods add a tunnel for authentication information - PEAP, EAP-TTLS (Tunneled TLS)
- Full IEEE 802.11i? standard
- Ratified in July 2004
- TKIP, 802.1X?/EAP
- Added AES encryption
- Counter cipher-block chaining mode (CBC), as opposed to WEP's single stream cipher
- Variable keys sizes - 128, 192, 256 bits
- "Good security"
Practical Wireless Security
- Only very early 802.11b devices lack WEP support, .: WEP is a good "minimum"
- WEP adds some overhead - might see some drop in throughput. Better than handing out your email password?
- BUT, WEP can be broken.
- Some 802.11b and most 802.11g (all?) devices have WPA support
- WPA addresses most of the problems
- Can still use PSK
- PSK used to seed the TKIP key hieararchy
- Changing keys, so bruteforce attack not as feasable
- WPA shown to still be insecure if keys are less than 20 characters long
- WPA2? has good encryption (AES)
- Some WPA implementations have AES support as well. This is also good!
Is PSK ok?
- For small networks, PSK works well
- Know the userbase
- Can control when people add / leave network, and change keys appropriately
- Low admin time
- Perfect for home / small office use
When is PSK not ok?
- Large networks ( > 20 machines ?)
- Large admin cost
- Dynamic user base (eg cafe net, conference)
- If per-user security is needed (eg cafe net, conference)
Other considerations for wireless security:
- WEP, WPA, WPA2? only secure "in the air" transmissions. No security on remaining wired transmissions (which might go over an unsecured wireless backhaul!)
- Use VPNs
- Can be used to provide different levels of security
- different user groups
- Many APs now support VLAN tagging
- Per-port (per AP)
- MAC address (per physical computer - bad)
- Per SSID (SSIDs are sniffable)
- Per user (via 802.1X?)
Rogue AP detection
- Network only secure as long as you control all aspects of it
- insecure APs without strict security controls can cause major security breaches
Implementation of WPA-RADIUS with 802.1X via FreeRadius?