Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security of WLAN. 無線網路架構 WPANs - 802.15 ( 藍芽, 紅外線 ) –Wireless Personal Area Networks WLANs - 802.11 ( a/b/g ) –Wireless Local Area Networks WMANs – 802.16.

Similar presentations


Presentation on theme: "Security of WLAN. 無線網路架構 WPANs - 802.15 ( 藍芽, 紅外線 ) –Wireless Personal Area Networks WLANs - 802.11 ( a/b/g ) –Wireless Local Area Networks WMANs – 802.16."— Presentation transcript:

1 Security of WLAN

2 無線網路架構 WPANs ( 藍芽, 紅外線 ) –Wireless Personal Area Networks WLANs ( a/b/g ) –Wireless Local Area Networks WMANs – –Wireless Metropolitan Area Networks WWANs –Wireless Wide Area Networks WLANs

3 IEEE 無線標準 — 家族 定義了無線網路實體層的標準 b (Wi-Fi)Wi-Fi –2.4G –11Mbps g ( 提供與 b 相容模式 ) –2.4GHz –54 Mbps a –5 GHz –54Mbps 的頻寬 e – 提供具備服務品質保證 (QoS, Quality of Service) 的無線 網路環境

4 Wireless Concept Local Area Network b/802.11g/802.11a Wide Area Network 3G/GPRS Wireless Personal Connectivity Bluetooth m m km Range

5 WLAN 的運作方式 IEEE802.11b 標準協定,無線網路共定義為 下列二種模式 : 1.Ad-hoc Mode: – 即是一群使用無線網路卡的電腦,可以直接相 互連接,資源共享,無需透過基地台 (Access Point) ,此一模式則無法連接 Internet 。 2.Infrastructure Mode – 此種架構模式讓無線網路卡的電腦透過基地台 (Access Point) 來達成網路資源的共享。

6 Wireless Local Area Network Infrastructure network Ad Hoc network

7 WLAN 無線區域網路 Independent Basic Service Set (IBSS) Ad-hoc Basic Service Set (BSS) Distribution System (DS) Extended Service Set (ESS) Station (STA) – 無線用戶端 Access Point (AP) – 無線存取點

8 涵蓋的範圍 區域的安全性 無線網路用戶端 Access Point 有線網路 Wireless LAN (WLAN) 是延伸有線網路

9 Seamless Roaming Infrastructure Network v.s. Ad Hoc Network Arranged in a cell structure, similar to cell phone network Cells need to overlap to enable seamless roaming SSID=AAA

10 Account Roaming across different WISPs EZon NCS ( Radius/POP3/LDAP ) Cipherium NCS NAM ( Radius/POP3/LDAP ) Home register Visiting site Trust & Policy Roaming account authentication request Travel to username :

11 General WLAN Security Mechanism User Authentication –ESSID –MAC address filter –RADIUS external interface User Authorization –Full access or none Data Security –Static key based WEP –Dynamic key based LEAP 802.1X

12 802.11b 的安全機制 身分驗證 Authentication – 開放式系統 Open System – 封閉式系統 Closed System – 分享密鑰認證 Shared-Key ( Challenge-Response ) 資料保密 Confidentiality –WEP (Wired Equivalent Privacy) 資料的完整性 Integrity –CRC –CRC + WEP

13 802.11b 認證模式 身份驗證 Authentication SSID (Service Set ID) WEP 資料加密 開放式系統 Open System 接受 SSID 值為 空白 不使用不支援 封閉式系統 Closed System 需輸入有效的 SSID 不使用不支援 分享密鑰認證 Shared Key ( Challenge-Response ) 需輸入有效的 SSID 利用 WEP 與 RC4 演算法進 行身分確認 利用 WEP 產 生的金鑰進 行資料加密

14 分享密鑰認證 Shared-Key ( Challenge-Response ) 無線網路使用者無線網路使用者 Access Point 認證請求 挑戰字串 回應 確認身分成功 確認身分成功 隨機產生 128bit 挑戰字串 使用 WEP 進行 RC4 加密運算 利用 WEP 及 RC4 進 行解密後進行比對 開始進行連線

15 Dept. Servers WEP Challenges Weak Security – 大多數 WLAN AP’s 未做安全性設定 – 靜態 WEP 易被解 –WLAN AP 很難去防止攻擊 m ail t o :t h e b X7!g%k0j 37**54bf(jv &8gB)£F.. X7!g%k0j37**54bf(jv&8gB)£F.. X 7 ! g % k 0 j 3 7 X 7 ! g % k 0 j 3 7 * * WLAN Access Point WLAN 使用者 不安全的網路 X 7 ! g % k 0 j 3 7 * *

16 意外連接到非法駭客 1. User Station 首先探測是否有 AP 建築物 A 鄰近建築物 B ACCESS POINT 停車場 ATTACKER (Soft AP) 探測 2. AP 送回指示訊號 3. User Station 根據訊號, 干擾 … 等等 各式各樣因素, 連接到最適當的 AP Ad Hoc Networ k 4. User Station 的 Ad Hoc 網路連接到 Hacker 無法控制所要連接的點..

17 WEP WEP (Wired Equivalent Privacy) protocol A key shared between all the members of the BSS Using RC4 stream cipher encryption algorithm 24-bit initialization vector Append a CRC-32 checksum of the frame payload plaintext in its encapsulation

18 HeaderHost (layer 3) data CRC-32 Host (layer 3) dataIntegrity check value IVSecret RC4 stream cipher HeaderIVCipher-text key WEP

19 明文 WEP 加密流程 WEP ( 40 or 128 bit) IV IV Access Point 無線網路用戶端無線網路用戶端 IV + WEP PayloadPayload CRCCRC CRC + Payload RC4RC4 XOR明文XOR密文RC4RC4 IV (Initial Vector) WEP ( 40 or 128 bit)

20 WEP 的資料格式 RC4 實際所傳送的資料 64/128 bit 加密金鑰 40/104 bit 金鑰 24 bit IV 資料 CRC XOR 加密資料 輸入 輸出

21 WEP 的弱點 Initialization vector (IV) –24-bit 欄位, 利用明碼進行傳送 – 廠商設計不良 每次重新建立連線就將 IV 歸 0 傳送資料時將每個封包的 IV 值加 1 –IV 長度不足及重複使用機率過大 AP 以 每封包 1500-byte 在 11mbps 進行傳送, 金鑰約 5 小時即有可能重複, 如果封包更小時間更短 Integrity check (IC) 欄位 – 用 CRC-32 進行錯誤判斷, 且被放入封包中進行加密 – 無法做資料完整性確認依據 Integrity protection for source and destination addresses is not provided

22 常見的威脅 網路掃瞄工具 –SSID –Channel 窮舉攻擊法 字典攻擊法 緩衝區溢位攻擊 MITM (Man-In-The-Middle) 攻擊

23 如何強化 WLAN 的安全性 目前的 認證解決方案 –802.1x 身份認證機制 EAP 金鑰交換 –PEAP ( 使用者密碼 ) –TLS ( 數位憑證驗證 ) AP 需支援 –RADIUS 提供身份驗證服務 –CA 進行憑證發放 –Active Directory 進行身份驗證

24 目前的解決方案 : 802.1x Port-based 存取控制方式 – 可以用在無線或有線網路環境 –Access point 必須支援 802.1x – 不需要大幅改變現有硬體架構 可以使用 EAP 使用更高安全性的驗證方式 – 讓用戶端選擇使用的驗證方式 –Access point 不需要提供 EAP 的驗證方式 金鑰自動管理 – 不須重新改寫無線網卡的晶片設計

25 加密用金鑰 用戶端及 RADIUS 伺服器對每位使用者重新產生 連線用 WEP 金鑰 – 未在無線網路中傳送 –RADIUS 伺服器 將金鑰送到 AP ( 利用共享金鑰加密 ) Access point 使用通用 WEP 金鑰 – 用來作為 AP 與用戶端初始連線驗證 – 透過 EAPOW-key 訊息進行傳遞 – 使用連線加密金鑰加密資料 連線用加密金鑰將重新產生 … – 金鑰到期 ( 預設 60 分鐘 ) – 用戶端移到新的 AP

26 TKIP : IEEE i short-term solution A message integrity code (MIC), called Michael,to defeat forgeries; A packet sequencing discipline, to defeat replay attacks A per-packet key mixing function, to prevent attack 並對 source and destination address 做保護 引進 IEEE 802.1X 的 key management Long-term solution CCMP(Counter-Mode-CBC-MAC Protocol) 選用 AES 並採取新的模式運作 protocol ,稱為 CCMP , 利用計數模式 (packet sequence) 加密, 並利用 CBC-MAC 對資料完整性做保證 目前的 加密解決方案

27 加解密實作標準 TKIP Authentication server 認證實作標準 IEEE802.1X Upper layer frame Data link layer frame 802.1x vs TKIP

28 WEPTKIP Cipher Key Size(s)RC4 40 or 104-bit encryption RC4 128-bit encryption 64-bit authentication Key Lifetime Per- packet-key 25-bit wrapping IV Concatenate IV to base key 48-bit IV TKIP mixing function Packet Data Replay detection CRC-32 None Michael Enforcing IV sequencing Key ManagementNoneIEEE802.1X

29 What’s 802.1X Standard for Port-based network access control. A basic authentication mechanism is Extensible Authentication Protocol (EAP).

30 802.1X Port-based Authentication Defines a client-server-based access control and authentication protocol Restricts unauthorized clients from connecting to a LAN (or a WLAN) Based on EAP (Extensible Authentication Protocol) Setup a RADIUS (Remote Authentication Dial-In User Service) security system

31 802.1X Ports LAN Controlled PortUncontrolled PortControlled PortUncontrolled Port Port UnauthorizedPort Authorized

32 Security Claims of 802.1x Mutual Authentication Integrity Protection Replay Protection Confidentiality Key Derivation Dictionary Attack Resistance Fast Reconnect Man-in-the-middle Resistance

33 What’s EAP Offers a basic framework for authentication. Many different authentication protocols can be used over it. New authentication protocols can be easily added.

34 Background for EAP EAP is originally a Point-to-Point Protocol (PPP) authentication scheme EAP supports multiple authentication schemes such as smart cards, Kerberos, Public Key, TLS, One Time Passwords, etc. EAP hides the details of the authentication scheme from those network elements that need not know For example in PPP, the client and the AAA (authentication, authorization, and accounting) server only need to know the EAP type, and the Network Access Server does not EAP is currently being used for PPP, wireless LAN and Virtual Private Network (VPN) authentication

35 The EAP Protocol A request-response protocol Four kinds of messages 1.EAP request 2.EAP response 3.EAP success 4.EAP failure

36 Security claims terminology for EAP Mutual authenticationThe authenticator authenticates the peer and the peer authenticates the authenticator Integrity protectionProviding data origin authentication and protection against unauthorized modification of information for EAP packets Replay protectionAgainst replay of an EAP method or its messages ConfidentialityThe encryption of EAP messages, including EAP Requests and Responses, and method-specific success and failure indications. Key derivationThe ability of the EAP method to derive exportable keying material Dictionary attack resistance When there is a weak password in the secret, the method does’nt allow an attack more efficient than brute force MICA keyed hash function used for authentication and integrity protection of data Cryptographic binding A single entity has acted as the EAP peer for all methods executed within a sequence or tunnel.

37 RADIUS Authentication server - Performs the actual authentication of the client LAN architecture WLAN architecture

38 IEEE 802.1x provide both authentication and key management EAPRADIUS

39 802.1X WLAN 架構

40 Figure of Port-based Network Access Control

41 802.1X Over SupplicantSupplicant AuthenticatorAuthenticator Authentication Server association EAPOL-start EAP-request/identity EAP-response/identity RADIUS-access-request EAP-request RADIUS-access-challenge EAP-response (credentials) RADIUS-access-request EAP-success RADIUS-access-accept EAPOW-key (WEP) Access blocked Access allowed

42 Figure of EAPOW

43 EAP Message Flow association EAPOL-Start EAP-request/identity EAP-response/identity RADIUS-access-request RADIUS-access-challengeEAP-request EAP-responseRADIUS-access-response RADIUS-access-acceptEAP-success EAPOW-key(WEP) Access Blocked Access allowed SupplicantAuthenticator Authentication Server

44 ◎ EAP Architecture EAP TLS,SPEKE, SRPMD5, TTLS, PEAP… 802.1X

45 Figure of EAP network Layers

46 EAP-MD5 Message Flow EAP-request/identity EAP-response/UsernameRADIUS-access-request RADIUS-access-challengeEAP-challenge-request EAP-challenge-response RADIUS-access-response RADIUS-access-acceptEAP-success ClientAccess PointRADIUS Server MD5 of EAP-Message ID+ Challenge + Password

47 Drawbacks of EAP-MD5 No mutual Authentication. No Protection against offline brute- force/Dictionary based attacks on user passwords.

48 LEAP (EAP-Cisco Wireless) Username and Password based Support for Windows platforms, Macintosh and Linux Cisco PROPRIETARY (based on 802.1X) Username 以明碼傳送 Password challenge and response 以明碼傳送 : 會被字典攻 擊法入侵 (MSCHAP v1 hash - * ftp://ftp.isi.edu/in- notes/rfc2433.txt) No support for One Time Password (OTP) 只支援 Cisco 之 Access Point, 且不 Support Token Card

49 EAP-TLS Developed by Microsoft. Provides mutual authentication, credential security and dynamic keys. Requires distribution of digital certificates to all users and RADIUS servers. A certificate management infrastructure is required (PKI).

50 STAAP EAPoW start EAP request, Identity EAP response, Identity (username) EAP response, EAP-Type(EAP/TLS) (TLS:client Hello ) RADIUS Access Request (username) EAP request, EAP-Type(EAP/TLS) RADIUS Access Challenge TLS:server Hello, (TLS certificate [TLS server_key_exchange, TLS certificate_request]) RADIUS Access Challenge RADIUS Access request (TLS:client Hello ) Random Session ID (明文,且沒有 MAC ) CipherSuite list : To define a key exchange algorithm, a bulk encryption algorithm, MAC algorithm Random number Generally is an X.509v3 certificate Certificate key type : encryption 、 signing 、 encryption + signing Key exchange algorithm : RSA (encryption / signing) 、 Diffie- Hellman (encryption / signing) 、 DSS (signing) [Sever Key Exchange] : extension of TLS certificate p , g , A = g x mod p , H(r a, r b, p, g, A, S)

51 RADIUS Access Challenge TLS:server Hello, TLS certificate TLS client_key_exchange, ([TLS certificate_verify], TLS change_cipher_spec), TLS finished RADIUS Access Challenge TLS change_cipher_spec, TLS finished Done ACK

52 EAP-TLS Message Flow (1/2) Client AP EAP-Request/Identity EAP-Response/Identity (My ID) EAP-Request/EAP-Type = EAP-TLS (TLS Start) EAP-Response/EAP-Type = EAP-TLS (TLS client_hello) EAP-Request/EAP-Type = EAP-TLS (TLS server_hello, TLS certificate, [TLS server_key_exchange], [TLS certificate_request], TLS server_hello_done) EAP-Response/EAP-Type = EAP-TLS (TLS certificate, TLS client_key_exchange, TLS [certificate_verify], TLS change_cipher_spec, TLS finished)

53 EAP-TLS Message Flow (2/2) Supplicant Authenticator EAP-Response/EAP-Type = EAP-TLS (TLS change_cipher_spec, TLS finished) EAP-Response/EAP-Type = EAP-TLS EAP-Success or EAP-Failure

54 Drawbacks of EAP-TLS Lack of user identity protection. Needs client certificate in order to authenticate client.

55 EAP-TTLS Allows users to authenticate by username and password, with no loss of security Developed by Funk Software and Certicom Provides strong mutual authentication, credential security, and dynamic keys Requires that certificates be distributed to the RADIUS servers only, not to users Compatible with existing user security databases, including Windows Active Directory, token systems, SQL, LDAP, etc.( 不用改變任何環境 )

56 EAP-TTLS Requires that certificates be distributed to the authentication servers only, not to users. Two phases: 1.Establish TLS Channel, authenticate server (Optionally authenticate user too). 2.If the user wasn’t authenticated, use the TLS channel to authenticate user using an authentication protocol (PAP/CHAP/EAP).

57 EAP-TTLS Layers (1/2) User Authentication-PAP/CHAP/EAP TLS EAP-TTLS EAP Link Layer/AAA – PPP, Radius, etc

58 EAP-TTLS Message Flow (1/5) ClientAPTTLS ServerAAA/H Server EAP-request/identity RADIUS-access-request: EAP-Response pass through RADIUS-access- Challenge : EAP-Request/TTLS-Start EAP-request pass through EAP-Response/TTLS: Client Hello RADIUS Access-Request: EAP-Response pass through

59 EAP-TTLS Message Flow (2/5) ClientAPTTLS ServerAAA/H Server RADIUS Access-Challenge: EAP-Request/TTLS: Server Hello Certificate ServerKeyExchange ServerHelloDone EAP-request pass through EAP-Response/TTLS: ClientKeyExchange ChangeCipherSpec Finished RADIUS-access-request: EAP-Response pass through

60 EAP-TTLS Message Flow (3/5) ClientAPTTLS ServerAAA/H Server RADIUS Access-Challenge: EAP-Request/TTLS: ChangeCipherSpec Finished EAP-request pass through EAP-Response/TTLS: {EAP-Response/Identity } RADIUS-access-request: EAP-Response pass through RADIUS-access-request: EAP-Response pass through

61 EAP-TTLS Message Flow (4/5) ClientAPTTLS ServerAAA/H Server RADIUS Access-Challenge EAP-Request/ MD5-Challenge RADIUS Access-Challenge: EAP-Request/TTLS: {EAP-Request/MD5-Challenge} EAP-request pass through EAP-Response/TTLS: {EAP-Response/MD5-Challenge} RADIUS-access-request: EAP-Response pass through RADIUS Access-Challenge EAP- Response/ MD5-Challenge

62 EAP-TTLS Message Flow (5/5) ClientAPTTLS ServerAAA/H Server RADIUS Access-Accept RADIUS Access-Accept: EAP-Success EAP-Success pass through Secure password authentication tunnel Secure data tunnel

63 A Comparison of methods EAP-MD5EAP-TLSEAP-TTLS TYPEPassword based Certificate based Hybrid Exchange Dynamic key NoYes Mutual Authentication NoYes Certificate Server Client NoYes Optional

64 PEAP(Palekar et al., 2004) 1. 同 EAP-TTLS 一樣, 基於 TLS 提供一個加密及以認證的通道 在 TLS 通道內進行 EAP 認證方法的認證機制 2. 達到解決傳統以密碼認證方式及 EAP-TLS 所產生的問題 3. 並提供雙向認證及產生動態會議金鑰的安全性。 PEAP

65

66 A likely alternative to TLS Support UserID and password-based authentication Easier to deploy than certificate-based authentication It could build up a shared key ◎ SRP – Secure Remote Password(RFC 2945)

67 EAP-MD-5 Username and Password based Username 以明碼傳送 Password challenge and response 以明碼傳送 會被字典攻擊法入侵 EAP-MD5 以靜態 WEP 方式處理 只提供 Server 認證 Client ,不提供 Client 認證 Server ,對 Client 無保障

68 EAP-SRP Based on Secure Remote Password (SRP) Four Subtypes of messages –1.Challenge / Client Key –2.Server Key / Client Validator –3.Server Validator –4.Lightweight Rechallenge

69 SRP Two Phase –Client and server calculate and exchange public keys –Client and server authenticate hashes based on the DH key, verifier, group, salt, username, etc. Using the SHA1 hash function The server stores user password as triplets of the form: –{,, } – = random() –x = SHA( | SHA( | ":" | )) – = v = g ^ x % N –N = prime modulus; g = generator

70 SRP Sequence g b(a+ux) (g a g xu ) b

71 Authentication server ID, A = g a, a random number chosen by user u = H(A, B) S = (Av u ) b K=H(S) s : user’s salt x : shared key x = H(s, H(ID||pwd)) v : Password verifier v = g x B = v + g b s, B = v + g b u = H(A, B) x = H(s, H(ID||pwd)) S = (B – g x ) (a+ux) K = H(S) H(H(p) ⊕ H(g), H(ID), s, A, B, K) H(A, M, K)

72 EAP-SPEKE Simple Password Exponential Key Exchange Protocol

73 Password-authenticated Diffie-Hellman key exchange 1 st stage : Uses a Diffie-Hellman exchange to establish a share key K, but instead of the commonly used fixed primitive base g, a function f converts the password S in to a base for exponentiation. Two random number R A and R B ◎ SPEKE

74 1. The client computes : , A  B :Q A 2. The server computes : , B  A :Q B 3. The client computes : 4. The server computes : ◎ SPEKE

75 2 nd stage : both client and server confirm each other’s knowledge of K before proceeding to use it as a session key ◎ SPEKE

76 Authentication server E K (C A ), C A : random number chosen by user E K (C B,C A ), C B : random number chosen by server E K (C B ) ID, QBQB

77 Authentication server Q A, H(ID A, R2 A ) Q B, E K (R2 A, R2 B ) E K (R2 B )

78 EAP-TYPERe-keying Mutual authentication UserID & Password Attack methods EAP-MD5No Yes Dictionary attack Man in middle Session hijack EAP-TLSYes NoX EAP-SRPYes ? EAP-SPEKEYes ?

79 EAP-TYPERe- Keying Mutual authentication UserID & Password Attack EAP-MD5No YesDictionary attack Man-in-middle attack Session hijacking attack EAP-TLSYes NoX EAP-SRPYes Dictionary attack ? EAP-SPEKEYes X Improved EAP- SPEKE Yes X

80 EAP-TYPERoundEncryptionsExponentsRandoms UserServerUserServerUserServer EAP-SRP EAP-SPEKE Improved EAP- SPEKE

81 Comparisons of EAP methods

82 Summary Practical Authentication methods of 802.1X are EAP-MD5,EAP-TLS,EAP- TTLS and PEAP. EAP-SIM or EAP-AKA is suitable for the Integration of Wireless LANs and Mobile Network.

83 802.11n is going on Task Group n (TGn) The next Wifi Standard Provide higher speed for new application & Market Improve PHY & MAC Performance Real Speed more than 108Mbps or beyond as 320Mbps New Antenna Technology Multiple In Multiple Out (MIMO) To be complete at least 3 years until 2005/2006

84 What is MIMO? Multiple In Multiple Out (MIMO) Reduce Multi-Path decline- 抗多徑衰落 BLAST 演算法 高頻譜利用率 MIMO+OFDM 改善無線網路效能 提高無線網路的容量及覆蓋率

85 Secure your wireless,802.11i Uses the Advanced Encryption Standard Will be Standard in 2003/Q4~2004/Q1 Hardware Upgrade WEPWPA802.11i CipherRC4 AES Key Size40bits 128bits encryption 128bits Key life24-bits IV48-bits IV Data IntegrityCRC-32MichaelCCM Header IntegrityNoneMichaelCCM Key manageNoneEAP-based

86 Wireless MAN IEEE a (MAN) IEEE e(Highly Mobility) Broadband Wireless Access(BWA) =WiFi802.16=WiMAX 2~11Ghz Speed up to 70 Mbps Range extend to 30miles(about 48km) Another Choice for “Last Mile”

87 WLAN + GPRS PWLAN (Public WLAN) GPRS 的優勢 – 涵蓋範圍廣 – 安全性高 WLAN 的優勢 – 建置成本低 – 免費的頻帶 雙網整合效益

88 Reference Wireless lan security and laboratory designs 2003 CCSC 無線企業網路 WLAN 應用技術研討會講義 中華電信訓 練所 2004 March WLAN security: current and future IEEE internet computing 2003 October 利用 Windows 的技術建置安全的無線區域網 路環境 陳其元講師 資策會 教育訓練處 台北中心 Reports from NCHU CS security lab Reports from CYUT IM security lab


Download ppt "Security of WLAN. 無線網路架構 WPANs - 802.15 ( 藍芽, 紅外線 ) –Wireless Personal Area Networks WLANs - 802.11 ( a/b/g ) –Wireless Local Area Networks WMANs – 802.16."

Similar presentations


Ads by Google