Presentation is loading. Please wait.

Presentation is loading. Please wait.

July 2002 Threat Model Tim Moore Tim Moore, Microsoft.

Published byΦαίδρα Ελευθεριάδης Modified over 5 years ago

Similar presentations

Presentation on theme: "July 2002 Threat Model Tim Moore Tim Moore, Microsoft."— Presentation transcript:

1 July 2002 Threat Model Tim Moore Tim Moore, Microsoft

2 Looked at 802.11 1999 and then RSN to fix 1999 issues Not complete
July 2002 Focused on ESS Looked at and then RSN to fix 1999 issues Not complete Tim Moore, Microsoft

3 802.1X key management Station AP 802.11 MAC July 2002
Tim Moore, Microsoft

4 Threats Spoofing Tampering Repudiation Information Disclosure
July 2002 Threats Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of Privilege Tim Moore, Microsoft

5 Integrity and Privacy from RSN
July 2002 Data message Spoofing Information Disclosure Tampering WEP! Integrity and Privacy from RSN MAC address spoof detection requires Pairwise keys Station bridging unicast traffic will be decrypted as a Group key Should this be allowed? As it allows spoofing of MAC addresses Tim Moore, Microsoft

6 July 2002 TKIP/AES If the IV is repeated with a particular key then it is easy to recover the key 4-way handshake and 48bit IV Tim Moore, Microsoft

7 Michael Counter measures make a DoS
July 2002 Michael Counter measures make a DoS Snoop packet Destroy packet CRC Flip a bit Flip bits in ICV to correct Send packet RSN uses 1X to information AP in secure way Rate limit keying to limit affect on other stations until their keys are attacked. Tim Moore, Microsoft

8 Acks are generated very low in stack – below encryption/integrity
July 2002 Ack message Need RA, more bit and Duration from frame to be acked If more is 0 then do not need duration Acks for data messages can cause data loss Destroy message and then send ack Timing is difficult to respond to a message with a valid ack especially for more=1 but could be done by random acks being sent for more=0 Acks are generated very low in stack – below encryption/integrity So protecting is hard Can detect acks received at wrong time Should have MIB to log this occurring Tim Moore, Microsoft

9 (Re-)Association request
July 2002 (Re-)Association request Causes station to join DS implementations send level 2 message to setup bridges Pass data on/off DS Change capabilities to AP RSN IE Listen interval – DoS causes AP to lose data and disassociate station With RSN station should not join DS until 4-way handshake completes Data isn’t sent on/off DS because keys are not configured but also need to hold up level 2 bridge message Association allocates resources on AP APs need to limit resources used and recover resources if 4-way handshake doesn’t complete Tim Moore, Microsoft

10 July 2002 Note Draft 2.2 pre-auth has a problem in that 4-way handshake completes in pre-auth, anyone sending an association opened DS Fixed in 298r3 Tim Moore, Microsoft

11 RSN – 802.11 auth is open (i.e. no security)
July 2002 Authentication Open – no auth Shared – dictionary attack RSN – auth is open (i.e. no security) Currently do open to return state machine to 1999 version but should we remove state 2 in RSN? Tim Moore, Microsoft

12 (Re-)Association response
July 2002 (Re-)Association response Change station state Stations check they are in correct state Flood AP with association requests for different mac addresses – resource DoS If received when expecting then goes to correct state and real response is ignored If received after then ignored Limit resource usage, recover resources quickly if 802.1X key management doesn’t complete Tim Moore, Microsoft

13 Probe request Wastes bandwidth Gets info from AP July 2002
Tim Moore, Microsoft

14 Beacon/Probe response
July 2002 Beacon/Probe response Change capabilities of AP Privacy bit RSN information element A rogue AP with different capabilities but same SSID Discloses information about ciphers etc that helps attacker Station select most secure capabilities of APs in range DoS by more secure AP RSN duplicate capabilities into 4-way handshake which is protected RSN requires Privacy bit to be set DoS attack by modifying 4-way handshake RSN requires a configuration option to disallow non-RSN associations. Tim Moore, Microsoft

15 Disassociation/De-authentication
July 2002 Disassociation/De-authentication Deletes/changes state on AP Remove stations from AP and DS Nothing in RSN Sign Disassociation/De-authenticate messages Do not change MAC state Re-authenticate 802.1X and let 1X delete MAC state Tim Moore, Microsoft

16 Log packets sent on request of a PS-Poll that didn’t get received
July 2002 PS-Poll Used by station to get AP to send packets to station Causes packets to be dropped at the AP - Dos Log packets sent on request of a PS-Poll that didn’t get received Could be joined with ack spoofing to ack the data Tim Moore, Microsoft

17 RTS/CTS Contention free/ack ATIM
July 2002 RTS/CTS Not looked at because normally threshold large Contention free/ack ATIM Tim Moore, Microsoft

18 Others Radio flood Interfere with packet CRC
July 2002 Others Radio flood Can we detect this as radio noise and add MIB variables to log it? Interfere with packet CRC Detect packet errors – packets with bad CRCs or in particular with radio noise corrupting CRC Tim Moore, Microsoft

19 802.1X Flood EAPOL-Start messages Flood EAP Request/Identity
July 2002 802.1X Flood EAPOL-Start messages DoS Authenticator Flood EAP Request/Identity Dos Supplicant EAP_SUCCESS Supplicant believes auth complete RSN uses Secure bit for key management complete RSN encrypts 1X with Pairwise key EAP_FAILURE DoS Tim Moore, Microsoft

20 EAP Request/Identity contains identity information
July 2002 EAP_Logoff Encrypt 1X EAP Request/Identity contains identity information Change identity for DoS Read identity EAP scheme such as EAP_PEAP or EAP_TTLS Outer identity only needs NAI domain Tim Moore, Microsoft

21 EAP_Start, logoff and Notification can be tampered with
July 2002 EAP_Start, logoff and Notification can be tampered with RSN encrypts 1X after 4-way handshake PEAP or TTLS will protect inner EAP Tim Moore, Microsoft

22 July 2002 PSK Bad pre-shared keys Tim Moore, Microsoft

23 4-way handshake Send message 1 with wrong ANonce
July 2002 4-way handshake Send message 1 with wrong ANonce Implementation mustn’t change session change until message 3 Changing dest MAC address – DoS Tim Moore, Microsoft

24 Issues Association Disassociation/De-authenticate
July 2002 Issues Association Sign association message Use 4-way handshake as network secure This is in draft 2.2 Disassociation/De-authenticate Sign disassociate Can’t sign de-authenticate because there are cases when you can’t Disassociation/De-authenticate force 802.1X reauth If valid disassociate/de-authenticate then 802.1X fails and removes state If spoofed disassociate/de-authenticate then 802.1X succeeds and state is not removed Note: Could be used to force 802.1X reauths using resources Tim Moore, Microsoft

Download ppt "July 2002 Threat Model Tim Moore Tim Moore, Microsoft."

Similar presentations

IEEE 802.11i: A Retrospective Bernard Aboba Microsoft March 2004.

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.

IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
Wireless Networking.

Wireless Networking.
Chapter 13-802.11 Network Security Architecture 802.11 Security Basics Legacy 802.11 security Robust Security Segmentation Infrastructure Security VPN.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
1 MAC Management. 2 Outline Introduction - Authentication, Association - Address filtering, Privacy - Power Management, Synchronization MAC Management.

1 MAC Management. 2 Outline Introduction - Authentication, Association - Address filtering, Privacy - Power Management, Synchronization MAC Management.

Similar presentations

Ads by Google