|
By Dr.T Mon, 05 August 2002 , 17:35 GMT
Published on BCVG Network Security e-zine issue #2
Introduction
This is the last article in the Wireless series. Just to
remind you, the first article introduced the reader to the Wireless
world and discussed Wireless devices and protocols. The second
article went deeper into Wireless networks, provided general info on
WLAN and discussed IEEE standards for them. This article deals with
WLAN security, explains the most common attack techniques and
introduces some useful tools.
Overview
Few words on Wireless network topology. Each Wireless
network has two major components, either stations (STA) or access
points (AP). Wireless network operates in one of two modes: ad-hoc
(peer-to-peer) or infrastructure mode.
In the ad-hoc mode each client (STA) communicates directly
with other clients within the network. In the infrastructure mode each client (STA) sends its
communication requests to a central station, which is the Access
Point (AP). The access point acts as an Ethernet bridge.
A client and an access point must establish a relationship
prior to exchanging data. Once established the client-access point
relationship could be in any of the following three states:
1. Unauthenticated and unassociated
2. Authenticated and unassociated
3. Authenticated and associated
The exchange of “real” data is only possible in the third
state. Until then the parties communicate using management frames.
Access point transmits beacon management frames at fixed intervals.
Client receives this frame and starts authentication by sending an
authentication frame. After successful authentication the client
sends an association frame and the access point responds with an
associated response frame.
Wireless Networks Security Mechanisms
The 802.1 standard for wireless networks provides several
mechanisms for achieving secure network environment. This section
explains five widely used mechanisms.
# Wired Equivalent Protocol
Wired Equivalent Protocol, or WEP, was first designed by
the authors of the 802.1 standard. WEP was designed not to provide a
secure network protocol similar to IPSec, but rather to provide an
equivalent level of privacy. WEP aims to provide security by
encrypting data over radio waves. WEP is used to prevent
unauthorized access to the wireless network. WEP is disabled by
default. If it is turned on any outgoing package is encrypted and
packed.
The WEP protocol relies on a secret key that is shared in a
basic BSS (Basic Set Service). This key is used to encrypt data
packets before they are transmitted, and an integrity check is run
on them. WEP uses the RC4 algorithm, which is a stream cipher. A
stream cipher expands a short key into an infinite pseudo-random key
stream.
WEP
Encipherment Algorithm
* Plaintext message is run though an integrity algorithm to
produce integrity check value, also known as ICV. The 802.11
standard specifies the use of CRC-32.
* The integrity check value is appended to the end of the
plaintext message.
* 24-bit initialization vector (IV) is generated and the
secret key is concatenated to it. Then it is used to generate a seed
value for the WEP pseudo-random number generator (PRNG).
* PRNG outputs a key sequence.
* The data is encrypted by XORing with the key sequence
generated.
* The IV is appended in the clear to the protected frame
(with the ciphertext) and transmitted.
The algorithm involved in deciphering can be easily guessed
from the above algorithm. The IV is used to elongate the life of the
secret key.
WEP uses a RC4 key stream; therefore it uses a 64-bit key
to generate it, which is
XOR'ed to the data/ICV combination, 24-bits IV. The secret
key is 40-bits long.
# WEP 2
The IEEE proposed changes to the WEP protocol in 2001,
after many flaws had been discovered in the original one. The new
version, WEP2, has increased the IV space from 24 bits to 128 bits
and provides Cerberus V Support, though problems haven't disappeared
(discussed later). Complete support for the entire WEP2 has yet to
be achieved.
# Open System Authentication
Each Wireless network has two authentication systems. Open
system authentication is the first one and default authentication
protocol for 802.11. The name implies that this system authenticates
anyone who requests authentication (like a root account with null
password). WEP is not helpful, since experiments have shown that the
authentication management frames are sent in the clear even if WEP
is enabled.
# Access Control List
This security feature is not defined in the 802.11
standard, but it is used by vendors to provide better security in
addition to the standard security methods. Access Control List is
based on the client’s wireless Ethernet MAC address (unique for each
NIC). The access point can limit the clients using the network by
using the ACL. If a client's MAC address is listed, then he is
permitted access to the network; if not, then access to the network
is denied.
# Closed Network Access Control
This feature allows an administrator use either an open
network or a closed network. Open network means that anyone is
permitted to join the network, while in closed network, only clients
that know the network name, or SSID, can join. The network name acts
as a shared key.
Wireless
Networks Attacks
Most of you will probably find this section more
interesting, since it explains common attack techniques that are
used to compromise wireless networks, stealing bandwidth and just
for having fun. If you have a wireless network nearby or you live in
a place where wireless technology is widely used, any of the attack
techniques described below will have 98% success.
Attackers target Wireless networks since about 95% of all
networks are completely unprotected. The current standard (802.11b)
grants bandwidth of up to 11 MBps. If attacked Wirelesses network
uses default settings there will be no cap set on bandwidth, which
means the attacker can have complete access to the capacity. You can
find a very convincing example at Neworder -
http://neworder.box.sk/newsread.php?newsid=3899.
# Access Point Spoofing & MAC Sniffing
Access control list lists provide a reasonable level of
security when a strong form of identity is used. Unfortunately, this
is not the case with MAC addresses. MAC addresses are easily sniffed
by an attacker since they must appear in the clear even when WEP is
enabled. Further more, wireless cards permit the changing of their
MAC address via software. An attacker can use those "advantages" in
order to masquerade as a valid MAC address by programming the
wireless card, and get into the wireless network and use the
wireless pipes.
Spoofing MAC address is very easy. Using packet-capturing
software, an attacker can determine a valid MAC address using one
packet. If the wireless card firmware allows changing the MAC
address, then he is done.
If an attacker holds wireless equipment nearby, and he/she
is near a wireless network, he will be able to perform a spoofing
attack. To perform a spoofing attack, an attacker must setup an
access point (rogue) near the target wireless network or in a place
where a victim may believe that wireless Internet is available. If
the rogue's signal is stronger than the signal of the real access
point, then the victim's computer will connect to the attacker's
access point. Once the victim has established a connection, the
attacker can steal his password, network access, compromise his/her
computer etc. This attack is used mainly for password acquisition.
# WEP Attacks
Plaintext
Attacks
In this attack, the attacker knows the plaintext message
and has a copy of the ciphertext. The missing piece is the key. In
order to get the key, an attacker would send a target system a small
part of data, and then capture the data that is sent to the
destination. Once the attack captured the data, he got the IV. Now,
he can simply run a dictionary attack to find the key.
Another plaintext attack reveals the key stream using a
simply XOR. If an attack has the ciphertext and the plaintext, he
can XOR the ciphertext and get the key stream. The attacker can use
the key stream with the right IV, to inject packets into the
wireless network without authenticating o the access point.
Cipher stream
Reuse
This problem allows an attacker to recover the key stream
from a WEP packet (encrypted packet). The WEP cipherment algorithm
declares small space to the initialization vector, using this flow
an attacker can capture key streams by sending packets with various
IV. Later, the attacker can decrypt the encrypted message using by
XORing with the plaintext message (Note that the attack must have
both ciphertext and plaintext). Later, when authentication data
traffic though the network, the attacker would be able to intercept
it, and using the key stream(s) the attacker can recover it to
plaintext.
Fluhrer-Mantin-Shamir Research
This research project was released a year ago (August 2001)
by Scott Fluhrer of Cisco Systems, Itsik Mantin and Adi Shamir of
the Computer Science Department of The Weizmann Institute in Israel.
The project is dealing with weaknesses in the Key Scheduling
Algorithm (KSA) of RC4.
This group discovered two weaknesses in the KSA. The attack
technique, which is described in their research paper, cracks keys
of both WEP (24 bit long) and WEP2 (128 bit long). Adam Stubblefield
or Rice University and John Loannidis and Aviel Rubin of AT&T Labs
approved this attack technique later. Once the attack was approved,
two new tools become available to the public (air snort and
WEPCrack). Their source code, though, was never released to the
public.
# Man-in-the-middle attacks
Most of the attacks in this category are based on ARP
poisoning, or cache poisoning. Basically, ARP spoofing is a method
of exploiting the interaction of IP and Ethernet protocols. Since,
this article is not about ARP protocols, or ARP attacks, I'll
describe shortly the attacks and the purpose.
The attacker combines an access point with a virtual
private network server of the same type as the one on the target
network. When a user tries to connect to the real server, the
spoofed server sends a replay back, leading the user to connect to
the fake server.
This type of attack is complex to be explain in this
article, though you can find good articles about ARP poisoning at
www.ebcvg.com
# Low-Hanging Fruit
A wireless attacker would probably start with this attack,
since most wireless networks are completely unprotected (they use
open system authentication), and moreover, WEP is not present by
default.
All an attacker needs to attack such a system is a wireless
card and a scanner (see at the end of this article). An attacker
scans for open access points that allow anyone to connect, and then
connects to the access point. Attackers use it to have free Internet
access, launching a blind attack (attacking a third party) etc.
Securing
Wireless Networks
Wireless network has become very popular among companies,
because it allows employees to access the wired network (WLAN) from
any place thus granting roaming ability. New technologies usually
fail to provide decent security level - Wireless is not an
exception. This section describes the most common ways to improve
security of a Wireless network.
# MAC Address Filtering
This method uses a list of MAC addresses of client wireless
network interface cards that are allowed to associate with the
access point. If there are several access points, the list should be
available on all access points, which the client can be associated
with. Administrators should take care that the list is "up-to-date".
Though this method is vulnerable (see above), it is widely used to
secure wireless networks.
# WEP
As was stated above, WEP provides a certain level of data
encryption for communication between clients and access points.
Still, WEP should be enabled, because there is no need to make it
easier for attacker to compromise the network. Once again, this
method is vulnerable to different kind of attacks.
# SSID (Network ID)
The first attempt to secure wireless network was the use of
Network ID (SSID). When a wireless client wants to associate with an
access point, the SSID is transmitted during the process. The SSID
is a seven digit alphanumeric ID that is hard coded into the access
point and the client device. Using SSID, only those clients, who
hold the correct Network ID, are allowed to associate with the
access point. With WEP enabled, the SSID is transmitted in encrypted
form, but if an attacker has a physical access to the device, he/she
can determine the SSID, since it is stored in clear text.
Once the SSID is compromised by an attacker, the Wireless
network administrator must assign a new SSID manually.
# Firewalls
Using a firewall to secure a wireless network is probably
the only security feature that will prevent unauthorized access. As
mentioned below, the access to the network should be done via IPSec,
secure shell or VPN. Thus, the firewall should be configured to
allow only IPSec or secure shell traffic. A illustration of an
access to a wired network form a wireless network:
1. The wireless client authenticated and associates with
wireless access point. For better security, the access point should
be configured to filter MAC addresses.
2. The access point sends a request to the DHCP server. The
server assigns the client a network address.
3. Once the network address is assigned, the wireless
client is now at the wireless network. In order to access the wired
network, it either sets up an IPSec VPN Tunnel or uses secure shell.
It is important to configure the firewall to accept only
secure connections, all other connect should be denied.
# Access Points
Access points can accommodate MAC filtering and should be
configured to do so, though MAC addresses can be spoofed (see
above). Administrators should take care that the AP is located in a
secured place, so unauthorized physical access will be permitted.
Configuring AP is done via telnet, web browser or SNMP. It
is recommended to allow configuration only via telnet session, and
block all other ways.
# Design Considerations
Before taking any implementation to secure a wireless
network, it is important to properly design the network. A properly
designed network can eliminate some risks associated with wireless
networks.
Some tips for proper design:
1. Protect wireless networks with VPN or access control
list.
2. Access points should not be connected to the internal
wired network even if WEP is enabled.
3. Access points should be never placed behind a firewall.
4. Wireless clients are allowed to access the network
though a secure shell, IP-Sec or virtual private network. These
provide user authorization, authentication and encryption - secure
your network.
Links
-------
WEPCrack - http://www.ebcvg.com/download.php?id=1083
NetSumbler(windows) -
http://www.ebcvg.com/download.php?id=1084
Airsnort - http://www.ebcvg.com/download.php?id=1085
Wireless Access Points and ARP Poisoning -
http://www.ebcvg.com/download.php?id=1158
Best Practices for Deploying Wireless LANs -
http://www.ebcvg.com/download.php?id=1160
Danny aka Dr.T (admin@ebcvg.com),
www.ebcvg.com, July 2002
|