Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security of WLAN.

Similar presentations


Presentation on theme: "Security of WLAN."— Presentation transcript:

1 Security of WLAN

2 無線網路架構 WPANs - 802.15 (藍芽, 紅外線) WLANs - 802.11 ( a/b/g )
Wireless Personal Area Networks WLANs ( a/b/g ) Wireless Local Area Networks WMANs – Wireless Metropolitan Area Networks WWANs Wireless Wide Area Networks WLANs

3 IEEE 無線標準—802.11家族 定義了無線網路實體層的標準
802.11b (Wi-Fi) 2.4G 11Mbps 802.11g (提供與 b相容模式) 2.4GHz 54 Mbps 802.11a 5 GHz 54Mbps的頻寬 802.11e 提供具備服務品質保證(QoS , Quality of Service)的無線網路環境

4 Wireless Concept 0 - 10m 0 - 100m 0 - 10 km Range Local Area Network
802.11b/802.11g/802.11a Wide Area 3G/GPRS Wireless Personal Connectivity Bluetooth 0 - 10m m km Range

5 WLAN 的運作方式 IEEE802.11b 標準協定,無線網路共定義為下列二種模式 : Ad-hoc Mode:
即是一群使用無線網路卡的電腦,可以直接相互連接,資源共享,無需透過基地台(Access Point),此一模式則無法連接Internet。 Infrastructure Mode 此種架構模式讓無線網路卡的電腦透過基地台 (Access Point)來達成網路資源的共享。

6 802.11 Wireless Local Area Network
Infrastructure network Ad Hoc network

7 WLAN無線區域網路 Independent Basic Service Set (IBSS) Ad-hoc
Basic Service Set (BSS) Distribution System (DS) Extended Service Set (ESS) Station (STA) 無線用戶端 Access Point (AP) 無線存取點

8 802.11涵蓋的範圍 區域的安全性 802.11 Wireless LAN (WLAN) 是延伸有線網路 有線網路
Access Point 無線網路 用戶端

9 Seamless Roaming Infrastructure Network v.s. Ad Hoc Network
Arranged in a cell structure, similar to cell phone network Cells need to overlap to enable seamless roaming SSID=AAA SSID=AAA SSID=AAA SSID=AAA SSID=AAA

10 Account Roaming across different WISPs
(Radius/POP3/LDAP) Trust & Policy (Radius/POP3/LDAP) Cipherium NCS EZon NCS Roaming account authentication request NAM NAM username : Travel to Visiting site Home register

11 General WLAN Security Mechanism
User Authentication ESSID MAC address filter RADIUS external interface User Authorization Full access or none Data Security Static key based WEP Dynamic key based LEAP 802.1X

12 802.11b 的安全機制 身分驗證 Authentication 資料保密 Confidentiality
開放式系統 Open System 封閉式系統 Closed System 分享密鑰認證 Shared-Key ( Challenge-Response ) 資料保密 Confidentiality WEP (Wired Equivalent Privacy) 資料的完整性 Integrity CRC CRC + WEP

13 ( Challenge-Response )
802.11b 認證模式 身份驗證 Authentication SSID (Service Set ID) WEP 資料加密 開放式系統 Open System 接受SSID值為 空白 不使用 不支援 封閉式系統 Closed System 需輸入有效的SSID 分享密鑰認證 Shared Key ( Challenge-Response ) 利用WEP與RC4演算法進行身分確認 利用WEP產生的金鑰進行資料加密

14 分享密鑰認證 Shared-Key ( Challenge-Response )
無線網路使用者 Access Point 認證請求 隨機產生128bit 挑戰字串 挑戰字串 使用WEP進行RC4加密運算 回應 利用WEP及RC4進行解密後進行比對 確認身分成功 開始進行連線

15 mailto:theboss@myco.com..
WEP Challenges Weak Security WLAN 使用者 Dept. Servers X7!g%k0j37**54bf(jv&8gB)£F.. WLAN Access Point X7!g%k0j37** X7!g%k0j37** X7!g%k0j37 mailto:theb N 不安全的網路 X7!g%k0j 37**54bf(jv &8gB)£F.. 大多數 WLAN AP’s 未做安全性設定 靜態 WEP 易被解 WLAN AP 很難去防止攻擊

16 意外連接到非法駭客 無法控制所要連接的點.. 鄰近建築物 B 建築物 A 停車場 1. User Station首先探測是否有AP
ACCESS POINT 停車場 ATTACKER (Soft AP) 探測 Ad Hoc Network 1. User Station首先探測是否有AP 2. AP 送回指示訊號 3. User Station根據訊號, 干擾…等等各式各樣因素, 連接到最適當的 AP 無法控制所要連接的點.. 4. User Station的Ad Hoc 網路連接到 Hacker

17 WEP WEP (Wired Equivalent Privacy) protocol
A key shared between all the members of the BSS Using RC4 stream cipher encryption algorithm 24-bit initialization vector Append a CRC-32 checksum of the frame payload plaintext in its encapsulation

18 WEP 802.11 Header Host (layer 3) data CRC-32 Host (layer 3) data
Integrity check value RC4 stream cipher key IV Secret Header IV Cipher-text

19 WEP 加密流程 無線網路用戶端 Access Point WEP ( 40 or 128 bit)
IV IV (Initial Vector) IV + WEP IV + WEP Payload RC4 RC4 CRC 明文 密文 明文 CRC + Payload XOR XOR CRC + Payload

20 WEP的資料格式 40/104 bit 金鑰 24 bit IV RC4 64/128 bit 加密金鑰 資料 CRC XOR 加密資料
輸入 RC4 輸出 64/128 bit 加密金鑰 資料 CRC XOR 加密資料 24 bit IV 實際所傳送的資料

21 WEP的弱點 Initialization vector (IV) 24-bit 欄位 , 利用明碼進行傳送 廠商設計不良
AP 以 每封包1500-byte 在11mbps進行傳送 , 金鑰約 5 小時即有可能重複 , 如果封包更小時間更短 Integrity check (IC) 欄位 用 CRC-32 進行錯誤判斷,且被放入封包中進行加密 無法做資料完整性確認依據 Integrity protection for source and destination addresses is not provided

22 常見的威脅 網路掃瞄工具 窮舉攻擊法 字典攻擊法 緩衝區溢位攻擊 MITM (Man-In-The-Middle) 攻擊 SSID
Channel 窮舉攻擊法 字典攻擊法 緩衝區溢位攻擊 MITM (Man-In-The-Middle) 攻擊

23 如何強化 WLAN 的安全性 目前的 認證解決方案 802.1x 身份認證機制 RADIUS 提供身份驗證服務 CA 進行憑證發放
EAP 金鑰交換 PEAP (使用者密碼) TLS (數位憑證驗證) AP 需支援 RADIUS 提供身份驗證服務 CA 進行憑證發放 Active Directory 進行身份驗證

24 目前的解決方案: 802.1x Port-based 存取控制方式 可以使用 EAP 使用更高安全性的驗證方式 金鑰自動管理
可以用在無線或有線網路環境 Access point 必須支援 802.1x 不需要大幅改變現有硬體架構 可以使用 EAP 使用更高安全性的驗證方式 讓用戶端選擇使用的驗證方式 Access point 不需要提供 EAP 的驗證方式 金鑰自動管理 不須重新改寫無線網卡的晶片設計

25 加密用金鑰 用戶端及 RADIUS 伺服器對每位使用者重新產生 連線用 WEP 金鑰 Access point 使用通用 WEP 金鑰
未在無線網路中傳送 RADIUS 伺服器 將金鑰送到 AP ( 利用共享金鑰加密 ) Access point 使用通用 WEP 金鑰 用來作為 AP 與用戶端初始連線驗證 透過 EAPOW-key 訊息進行傳遞 使用連線加密金鑰加密資料 連線用加密金鑰將重新產生… 金鑰到期 ( 預設 60 分鐘 ) 用戶端移到新的 AP

26 目前的 加密解決方案 TKIP:IEEE 802.11i short-term solution Long-term solution
A message integrity code (MIC), called Michael,to defeat forgeries; A packet sequencing discipline, to defeat replay attacks A per-packet key mixing function, to prevent attack 並對source and destination address做保護 引進IEEE 802.1X的key management Long-term solution CCMP(Counter-Mode-CBC-MAC Protocol) 選用 AES 並採取新的模式運作protocol,稱為CCMP, 利用計數模式 (packet sequence)加密, 並利用 CBC-MAC 對資料完整性做保證

27 Authentication server
802.1x vs TKIP Authentication server 加解密實作標準 TKIP 認證實作標準 IEEE802.1X Upper layer frame Data link layer frame

28 WEP TKIP Cipher Key Size(s) RC4 40 or 104-bit encryption
RC4 128-bit encryption 64-bit authentication Key Lifetime Per-packet-key 25-bit wrapping IV Concatenate IV to base key 48-bit IV TKIP mixing function Packet Data Replay detection CRC-32 None Michael Enforcing IV sequencing Key Management IEEE802.1X

29 What’s 802.1X Standard for Port-based network access control.
A basic authentication mechanism is Extensible Authentication Protocol (EAP).

30 802.1X Port-based Authentication
Defines a client-server-based access control and authentication protocol Restricts unauthorized clients from connecting to a LAN (or a WLAN) Based on EAP (Extensible Authentication Protocol) Setup a RADIUS (Remote Authentication Dial-In User Service) security system

31 802.1X Ports Port Unauthorized Port Authorized LAN Controlled Port
Uncontrolled Port Controlled Port Uncontrolled Port LAN

32 Security Claims of 802.1x Mutual Authentication Integrity Protection Replay Protection Confidentiality Key Derivation Dictionary Attack Resistance Fast Reconnect Man-in-the-middle Resistance

33 What’s EAP Offers a basic framework for authentication.
Many different authentication protocols can be used over it. New authentication protocols can be easily added.

34 Background for EAP EAP is originally a Point-to-Point Protocol (PPP) authentication scheme EAP supports multiple authentication schemes such as smart cards, Kerberos, Public Key, TLS, One Time Passwords, etc. EAP hides the details of the authentication scheme from those network elements that need not know For example in PPP, the client and the AAA (authentication, authorization, and accounting) server only need to know the EAP type, and the Network Access Server does not EAP is currently being used for PPP, wireless LAN and Virtual Private Network (VPN) authentication

35 The EAP Protocol A request-response protocol Four kinds of messages
1.EAP request 2.EAP response 3.EAP success 4.EAP failure

36 Security claims terminology for EAP
Mutual authentication The authenticator authenticates the peer and the peer authenticates the authenticator Integrity protection Providing data origin authentication and protection against unauthorized modification of information for EAP packets Replay protection Against replay of an EAP method or its messages Confidentiality The encryption of EAP messages, including EAP Requests and Responses, and method-specific success and failure indications. Key derivation The ability of the EAP method to derive exportable keying material Dictionary attack resistance When there is a weak password in the secret, the method does’nt allow an attack more efficient than brute force MIC A keyed hash function used for authentication and integrity protection of data Cryptographic binding A single entity has acted as the EAP peer for all methods executed within a sequence or tunnel.

37 RADIUS Authentication server-Performs the actual authentication of the client LAN architecture WLAN architecture

38 IEEE 802.1x provide both authentication and key management
EAP RADIUS

39 802.1X WLAN 架構

40 Figure of Port-based Network Access Control

41 Authentication Server
802.1X Over Authentication Server Supplicant Authenticator association Access blocked EAPOL-start EAP-request/identity EAP-response/identity RADIUS-access-request EAP-request RADIUS-access-challenge EAP-response (credentials) RADIUS-access-request EAP-success RADIUS-access-accept EAPOW-key (WEP) Access allowed

42 Figure of EAPOW

43 EAP Message Flow Supplicant Authenticator Authentication Server
association Access Blocked EAPOL-Start EAP-request/identity EAP-response/identity RADIUS-access-request EAP-request RADIUS-access-challenge EAP-response RADIUS-access-response EAP-success RADIUS-access-accept EAPOW-key(WEP) Access allowed Access allowed

44 ◎EAP Architecture 802.11 EAP TLS,SPEKE, SRP MD5, TTLS, PEAP… 802.1X

45 Figure of EAP network Layers

46 EAP-MD5 Message Flow Client Access Point RADIUS Server
EAP-request/identity EAP-response/Username RADIUS-access-request EAP-challenge-request RADIUS-access-challenge EAP-challenge-response RADIUS-access-response MD5 of EAP-Message ID+ Challenge + Password EAP-success RADIUS-access-accept

47 Drawbacks of EAP-MD5 No mutual Authentication.
No Protection against offline brute-force/Dictionary based attacks on user passwords.

48 LEAP (EAP-Cisco Wireless)
Username and Password based Support for Windows platforms, Macintosh and Linux Cisco PROPRIETARY (based on 802.1X) Username 以明碼傳送 Password challenge and response以明碼傳送 :會被字典攻擊法入侵 (MSCHAP v1 hash - * ftp://ftp.isi.edu/in-notes/rfc2433.txt) No support for One Time Password (OTP) 只支援 Cisco 之 Access Point,且不Support Token Card

49 EAP-TLS Developed by Microsoft.
Provides mutual authentication, credential security and dynamic keys. Requires distribution of digital certificates to all users and RADIUS servers. A certificate management infrastructure is required (PKI).

50 EAP TLS(RFC 2716) Generally is an X.509v3 certificate
STA AP EAPoW start EAP request, Identity EAP response, Identity (username) EAP response, EAP-Type(EAP/TLS) (TLS:client Hello) RADIUS Access Request (username) EAP request, EAP-Type(EAP/TLS) RADIUS Access Challenge TLS:server Hello, (TLS certificate [TLS server_key_exchange, TLS certificate_request]) RADIUS Access request Generally is an X.509v3 certificate Certificate key type:encryption、signing、encryption+signing Key exchange algorithm:RSA (encryption / signing)、Diffie-Hellman (encryption / signing) 、DSS (signing) [Sever Key Exchange]:extension of TLS certificate p,g,A = gx mod p,H(ra, rb, p, g, A, S) Random Session ID(明文,且沒有MAC) CipherSuite list:To define a key exchange algorithm, a bulk encryption algorithm, MAC algorithm Random number

51 EAP TLS(RFC 2716) RADIUS Access Challenge
TLS:server Hello, TLS certificate TLS client_key_exchange, ([TLS certificate_verify], TLS change_cipher_spec), TLS finished TLS change_cipher_spec, TLS finished Done ACK

52 EAP-TLS Message Flow (1/2)
Client EAP-Request/Identity EAP-Response/Identity (My ID) EAP-Request/EAP-Type = EAP-TLS (TLS Start) EAP-Response/EAP-Type = EAP-TLS (TLS client_hello) EAP-Request/EAP-Type = EAP-TLS (TLS server_hello, TLS certificate, [TLS server_key_exchange], [TLS certificate_request], TLS server_hello_done) EAP-Response/EAP-Type = EAP-TLS (TLS certificate, TLS client_key_exchange, TLS [certificate_verify], TLS change_cipher_spec, TLS finished)

53 EAP-TLS Message Flow (2/2)
Authenticator Supplicant EAP-Response/EAP-Type = EAP-TLS (TLS change_cipher_spec, TLS finished) EAP-Response/EAP-Type = EAP-TLS EAP-Success or EAP-Failure

54 Drawbacks of EAP-TLS Lack of user identity protection.
Needs client certificate in order to authenticate client.

55 EAP-TTLS Allows users to authenticate by username and password, with no loss of security Developed by Funk Software and Certicom Provides strong mutual authentication, credential security, and dynamic keys Requires that certificates be distributed to the RADIUS servers only, not to users Compatible with existing user security databases, including Windows Active Directory, token systems, SQL, LDAP, etc.(不用改變任何環境)

56 EAP-TTLS Requires that certificates be distributed to the authentication servers only, not to users. Two phases: Establish TLS Channel, authenticate server (Optionally authenticate user too). If the user wasn’t authenticated, use the TLS channel to authenticate user using an authentication protocol (PAP/CHAP/EAP).

57 EAP-TTLS Layers (1/2) User Authentication-PAP/CHAP/EAP TLS EAP-TTLS
Link Layer/AAA – PPP, Radius, etc

58 EAP-TTLS Message Flow (1/5)
Client AP TTLS Server AAA/H Server EAP-request/identity RADIUS-access-request: EAP-Response pass through RADIUS-access-Challenge: EAP-Request/TTLS-Start EAP-request pass through EAP-Response/TTLS: Client Hello RADIUS Access-Request: EAP-Response pass through

59 EAP-TTLS Message Flow (2/5)
Client AP TTLS Server AAA/H Server RADIUS Access-Challenge: EAP-Request/TTLS: Server Hello Certificate ServerKeyExchange ServerHelloDone EAP-request pass through EAP-Response/TTLS: ClientKeyExchange ChangeCipherSpec Finished RADIUS-access-request: EAP-Response pass through

60 EAP-TTLS Message Flow (3/5)
Client AP TTLS Server AAA/H Server RADIUS Access-Challenge: EAP-Request/TTLS: ChangeCipherSpec Finished EAP-request pass through EAP-Response/TTLS: {EAP-Response/Identity} RADIUS-access-request: EAP-Response pass through RADIUS-access-request: EAP-Response pass through

61 EAP-TTLS Message Flow (4/5)
Client AP TTLS Server AAA/H Server RADIUS Access-Challenge EAP-Request/ MD5-Challenge RADIUS Access-Challenge: EAP-Request/TTLS: {EAP-Request/MD5-Challenge} EAP-request pass through EAP-Response/TTLS: {EAP-Response/MD5-Challenge} RADIUS-access-request: EAP-Response pass through RADIUS Access-Challenge EAP-Response/ MD5-Challenge

62 EAP-TTLS Message Flow (5/5)
Client AP TTLS Server AAA/H Server RADIUS Access-Accept RADIUS Access-Accept: EAP-Success EAP-Success pass through Secure password authentication tunnel Secure data tunnel

63 A Comparison of methods
EAP-MD5 EAP-TLS EAP-TTLS TYPE Password based Certificate Hybrid Exchange Dynamic key No Yes Mutual Authentication Server Client Optional

64 PEAP PEAP(Palekar et al., 2004) 同 EAP-TTLS一樣, 基於 TLS 提供一個加密及以認證的通道
在 TLS 通道內進行EAP認證方法的認證機制 達到解決傳統以密碼認證方式及 EAP-TLS 所產生的問題 並提供雙向認證及產生動態會議金鑰的安全性。

65 PEAP

66 ◎SRP – Secure Remote Password(RFC 2945)
A likely alternative to TLS Support UserID and password-based authentication Easier to deploy than certificate-based authentication It could build up a shared key

67 EAP-MD-5 Username and Password based Username 以明碼傳送
Password challenge and response以明碼傳送 會被字典攻擊法入侵 EAP-MD5 以靜態 WEP 方式處理 只提供 Server 認證 Client,不提供 Client 認證 Server ,對 Client 無保障

68 EAP-SRP Based on Secure Remote Password (SRP)
Four Subtypes of messages 1.Challenge / Client Key 2.Server Key / Client Validator 3.Server Validator 4.Lightweight Rechallenge

69 SRP Two Phase Client and server calculate and exchange public keys
Client and server authenticate hashes based on the DH key, verifier, group, salt, username, etc. Using the SHA1 hash function The server stores user password as triplets of the form: {<username>, <password verifier>, <salt>} <salt> = random() x = SHA(<salt> | SHA(<username> | ":" | <raw password>)) <password verifier> = v = g ^ x % N N = prime modulus; g = generator

70 SRP Sequence (gagxu)b gb(a+ux)

71 EAP SRP(Secure Remote Password, RFC2945)
Authentication server ID, A = ga , a random number chosen by user u = H(A, B) S = (Avu)b K=H(S) s , B = v + gb u = H(A, B) x = H(s, H(ID||pwd)) S = (B – gx)(a+ux) K = H(S) s :user’s salt x :shared key x = H(s, H(ID||pwd)) v :Password verifier v = gx B = v + gb H(H(p) ⊕ H(g), H(ID), s, A, B, K) H(A, M, K)

72 EAP-SPEKE Simple Password Exponential Key Exchange Protocol

73 ◎SPEKE Password-authenticated Diffie-Hellman key exchange
1st stage:Uses a Diffie-Hellman exchange to establish a share key K, but instead of the commonly used fixed primitive base g, a function f converts the password S in to a base for exponentiation. Two random number RA and RB

74 ◎SPEKE 1. The client computes: ,A  B :QA 2. The server computes:
,B  A :QB 3. The client computes: 4. The server computes:

75 ◎SPEKE 2nd stage:both client and server confirm each other’s knowledge of K before proceeding to use it as a session key

76 EAP SPEKE(Simple Password Exponential Key Exchange)
Authentication server ID, QB EK(CA), CA: random number chosen by user EK(CB ,CA), CB: random number chosen by server EK(CB)

77 EAP SPEKE(Simple Password Exponential Key Exchange)
-- Improved Authentication server QA, H(IDA , R2A) QB, EK(R2A, R2B) EK(R2B)

78 EAP-TYPE Re-keying UserID & Password Attack methods EAP-MD5 No Yes
Mutual authentication UserID & Password Attack methods EAP-MD5 No Yes Dictionary attack Man in middle Session hijack EAP-TLS X EAP-SRP ? EAP-SPEKE

79 Session hijacking attack
Security Analysis EAP-TYPE Re-Keying Mutual authentication UserID & Password Attack EAP-MD5 No Yes Dictionary attack Man-in-middle attack Session hijacking attack EAP-TLS X EAP-SRP Dictionary attack ? EAP-SPEKE Improved EAP-SPEKE Yes  Yes    X

80 Security Analysis EAP-TYPE Round Encryptions Exponents Randoms User
Server EAP-SRP 4 9 3 1 2 EAP-SPEKE 6 Improved EAP-SPEKE

81 Comparisons of EAP methods

82 Summary Practical Authentication methods of 802.1X are EAP-MD5,EAP-TLS,EAP-TTLS and PEAP. EAP-SIM or EAP-AKA is suitable for the Integration of Wireless LANs and Mobile Network.

83 802.11n is going on 802.11 Task Group n (TGn)
The next Wifi Standard Provide higher speed for new application & Market Improve PHY & MAC Performance Real Speed more than 108Mbps or beyond as 320Mbps New Antenna Technology Multiple In Multiple Out (MIMO) To be complete at least 3 years until 2005/2006

84 What is MIMO? Multiple In Multiple Out (MIMO)
Reduce Multi-Path decline-抗多徑衰落 BLAST演算法 高頻譜利用率 MIMO+OFDM 改善無線網路效能 提高無線網路的容量及覆蓋率

85 Secure your wireless,802.11i Uses the Advanced Encryption Standard
Will be Standard in 2003/Q4~2004/Q1 Hardware Upgrade WEP WPA 802.11i Cipher RC4 AES Key Size 40bits 128bits encryption 128bits Key life 24-bits IV 48-bits IV Data Integrity CRC-32 Michael CCM Header Integrity None Key manage EAP-based

86 802.16 Wireless MAN IEEE 802.16a (MAN) IEEE 802.16e(Highly Mobility)
Broadband Wireless Access(BWA) 802.11=WiFi =WiMAX 2~11Ghz Speed up to 70 Mbps Range extend to 30miles(about 48km) Another Choice for “Last Mile”

87 WLAN + GPRS PWLAN (Public WLAN) GPRS的優勢 WLAN的優勢 雙網整合效益 涵蓋範圍廣 安全性高
建置成本低 免費的頻帶 雙網整合效益

88 Reference 利用 Windows 的技術建置安全的無線區域網路環境 陳其元講師 資策會 教育訓練處 台北中心
Wireless lan security and laboratory designs 2003 CCSC 無線企業網路WLAN應用技術研討會講義 中華電信訓練所 2004 March WLAN security: current and future IEEE internet computing 2003 October 利用 Windows 的技術建置安全的無線區域網路環境 陳其元講師 資策會 教育訓練處 台北中心 Reports from NCHU CS security lab Reports from CYUT IM security lab


Download ppt "Security of WLAN."

Similar presentations


Ads by Google