Security in

Wireless LANs

1
Outline

• Introduction
• Overview of WLAN Security
• 802.11i architecture and Problems in it
• Issues in WLAN security

2
Introduction

3
Why WLANs?

Speed vs. mobility of wireless systems:

Wi-Fi, High Speed Packet Access (HSPA), Universal Mobile Telecommunications
System (UMTS), GSM (Global System for Mobile Communications)
Source: http://en.wikipedia.org/wiki/WiMAX
4
Why WLANs?
 IEEE 802.11 networks work on license free
industrial, science, medicine (ISM) bands
 Researchers can develop their own
communication mechanisms and test without
reserving the costly spectrum
 Cost of transferring the data is almost negligible

5
What is WLAN?
 IEEE 802.11X Standard
 802.11a/b/n – 2.5GHz/5GHz
– 11 Mbps/54Mbps
 802.11i – security (802.1X)
 802.11w – management frame security
 802.11r – mobility/Fast Transition
 Options:
Voice-over wiFi
Mobile with wiFi
Mobile without wiFi Supporting Local Transfers (Convergence)

6
802.11 WLAN technologies
 IEEE 802.11 standards and rates
 IEEE 802.11 (1997) 1 Mbps and 2 Mbps (2.4 GHz band )
 IEEE 802.11b (1999) 11 Mbps (2.4 GHz band) = Wi-Fi
 IEEE 802.11a (1999) 6, 9, 12, 18, 24, 36, 48, 54 Mbps (5 GHz
band)
 IEEE 802.11g (2001 ... 2003) up to 54 Mbps (2.4 GHz) backward
compatible to 802.11b
 IEEE 802.11n 2009 up to 15, 30, 45, 60, 90, 120, 135, 150
 IEEE 802.11ac 2012 up to 200, 433.3, 866.7
 IEEE 802.11ad 2014 up to 6.75Gb/s

Range varies from few metres to approx 90 m

7
IEEE 802 LAN standards and
TCP/IP model
 The IEEE 802.x LAN standards deal with the
DataLink and Physical layer of the TCP/IP model
IEEE 802 LAN

A BSS without an AP is called an ad hoc network;

a BSS with an AP is called an infrastructure network
9
IEEE 802.11 LAN

10
Access Points
 Used in the infrastructure mode.
 Functions like a bridge between an IEEE
802.11 wireless network and an Ethernet.
 An infrastructure mode station must
associate with an access point.
 All frame transfer must pass through the AP even if
frames can be directly sent to other stations using
the ad hoc mode.
 The AP, acting like a central controller

14- 11
Limitation
 Contention based
 Separate frames for management
functionalities and data transfer
 Limited range and Capacity of APs (An AP
can cater limited users at a time)
 Broadcast communication (collision occurs
and visible to others)
 Wireless Hotspot - Wardriving
 Two layer (redundant) security exists
12
Overview of WLAN Security

13
Security in WLAN: An Overview
Attack Tools - 1
 Tcpdump for obtaining MAC information: http://www.tcpdump.org/
 Wireshark for obtaining MAC information: http://www.wireshark.org/
 Kismet for obtaining MAC information:
http://www.kismetwireless.net/
 Sniffing software for management frames “Netstumbler”:
http://www.netstumbler.com
 Collection of tools for network penetration “Dsniff”:
http://packages.debian.org/stable/net/dsniff/
 GNU MAC Changer 16.0: http://www.alobbs.com
 MAC Spoofing “SpoofMAC”: http://www.klcconsulting.net/smac/
 MAC address Changer“Technitium”:
www.technitium.com/tmac/index.html
 Wireless network discovery tool for Mac OS X “KisMAC”:
http://binaervarianz.de/projekte/

15
Attack Tools - 2
 File2air written by Joshua Wright at:
http://www.willhackforsushi.com/File2air.html
 Frame injection program “Aireplay-ng”:
http://www.aircrack-ng.org/doku.php
 “FakeAP”: Black Alchemy Weapons Lab:
http://www.blackalchemy.to/project/fakeap/
 Rogue wireless access point setup utility “Airsnarf”:
http://airsnarf.shmoo.com
 DoS attack tools by forging management frames. “Airjack”:
http://sourceforge.net/projects/airjack/
 WLAN DoS attack tool “Void11”: http://www.wlsec.net/void11/
 WPA-PSK keys cracking program “Aircrack-ng” at http://www.aircrack-
ng.org/
 Encrypted packets injection program “Packet forge-ng”
http://www.aircrack-ng.org/doku.php

16
Basic security
SSIDs, MAC Address and Open System Authentication:

Service Set Identifiers: Prevents access by any client

device that does not have the SSID.

Open or shared-key authentication, static key: Access

point sends the client device a challenge-text packet
which client must encrypt

Media Access Control authentication: clients MAC

address matches an address in an authentication table
Wired Equivalent Privacy
 WEP concerns
 Uses RC4, a synchronous stream cipher
 Does not provide mechanism for sharing Keys (Pre-
shared keys)
 Changing the Initialization Vector (IV) with each packet is
optional
 Weak CRC-32 checksum used for message integrity
 Concatenates IV directly to the Pre- shared key to
produce a key for RC4
 One –way authentication
 Authentication binds itself to cryptographic algorithm
Wi-Fi Protected Access (WPA)
 Interim interoperable standard created by Wi-fi alliance
in response to weaknesses in Wired Equivalent Privacy
(WEP)
 Intermediate measure to take the place of WEP while
802.11i was prepared
 Designed to work with all wireless network interface
cards, but not all first generation wireless access points.

Goals of WPA
 To address the issues with WEP encryption through a
software upgrade
 To provide a secure wireless networking solution for
small office/home office wireless users
 To be forward-compatible with the upcoming IEEE
802.11i standard
Features of WPA
WPA Authentication
 Pre-shared key (PSK)

 every user given the same pass-phrase

 less secure

 preferred for Personal mode - homes, small offices

 IEEE 802.1X authentication

 server distributes different keys to each user

 enhanced security and authentication

 preferred for enterprise mode - business, government,

education
Encryption
 RC4 stream cipher using 128-bit key, 48-bit IV

 larger IV defeats Key recovery attack

Key Management
 Temporal Key Integrity Protocol (TKIP) - dynamically

changes encryption keys for each packet.

Payload Integrity
 8 Byte Message integrity code( MIC)

 Between the payload of the 802.11 frame and the 4-

byte ICV
 MIC includes a frame counter to prevent replay attacks
WPA makes breaking into a Wireless LAN difficult by

 Increasing the size of the keys and IVs

 Reducing the number of packets sent with related keys
 Adding a secure message verification system
802.11i architecture

24
IEEE 802.11i / WPA2
 An amendment to the 802.11, specifying security mechanisms
for wireless networks
 The draft standard was ratified on 24 June 2004
 adds stronger encryption, authentication, and key management
strategies
 makes use of the Advanced Encryption Standard (AES) block
cipher instead of RC4 stream cipher.
 the use of WPA2 needs firmware or driver support of the wireless
host (router or access point) and the wireless client (adapter).
Components of WPA2

 802.1X Port-Based Network Access Control – for

authentication
 Counter Mode with CBC-MAC Protocol (CCMP) – for
confidentiality, integrity and origin authentication
 Temporary Key Integrity Protocol (TKIP)
 4-Way Handshake – for Encryption key distribution
IEEE 802.1X
 802.1X is an IEEE standard for port-based Network
Access Control for LANs
 For WLANs, it is based on the EAP, Extensible
Authentication Protocol
 Fullfills the security loopholes of access control,
authentication and key management in 802.11
architecture
 Contributes to a solution –RSN
 The authentication is usually done by a third-party entity,
such as a RADIUS server
CCMP (Counter Mode with CBC
MAC Protocol)
 CCMP uses the counter mode (CTR) for data
confidentiality and the Cipher Block Chaining Message
Authentication Code (CBC-MAC) for data integrity.
 It uses the Advanced Encryption Standard (AES)
algorithm with a 128-bit key and a 128-bit block size.
 CCMP provides MIC protection over both the frame body
and nearly the entire header in a MAC frame, which
prevents an adversary from exploiting the MAC headers.
 CCMP uses a 48-bit Packet Number (PN) to prevent
replay attacks and construct a fresh nonce for each packet
 Analysis suggests that once CCMP is implemented, an
adversary will not able to break the data confidentiality and
integrity without the knowledge of the key.
802.11i state diagram
Open System
Unauthenticated Authentication

Open System
802.11 Authenticated
Association
802.1X (EAPOL)
802.11 Associated Asociation

4-way Handshake 802.1X

with Preshared key Authenticated

802.11i 4-way Handshake

Associated

CCMP Protected
Communication

TKIP Protected
Communication

29
EAP over LAN (EAPOL)

supplicant authenticator authentication

(client) (AP) server (RADIUS)

EAP method
EAP

RADIUS RADIUS
802.1X 802.1X
TCP/IP TCP/IP
802.11 802.11 Ethernet Ethernet

30
802.11i Authentication and
4-way handshake

31
 Supplicant Authenticator
Authenticated Authenticated
Associated Associated Authentication
802.1X 802.1X Server
Blocked Blocked (RADIUS)
1. EAPOL-Start

Authentication Phase
2. EAPOL-Request Identity
3. EAPOL-Response Identity
5. Mutual Authentication 4. RADIUS-Request
(de facto EAP-TLS)
6. RADIUS-Accept
7. EAPOL-Success
Master Session 8. MSK Master Session
Key (MSK) Key (MSK)

Pairwise Master Pairwise Master

Key (PMK) Key (PMK)
9. {AA, ANonce, sn, msg1}
Pairwise Transient
Key (PTK)
10. {SPA, SNonce, SPA
4-way Handshake

RSN IE, sn, msg2, MIC}

PTK, Generate GTK

11. {AA, ANonce, AA RSN
IE, GTK, sn+1, msg3, MIC}
12. {SPA, sn+1, msg4, MIC}

802.1X UnBlocked 802.1X UnBlocked

32
 AP-RADIUS Key Identity
802.1X/EAP-Request Identity

802.1X/EAP-Response Identity (My ID)

RADIUS Access Request /EAP-Response Identity

RADIUS Access Challenge /EAP-Request Identity

802.1X/EAP-Request (TLS) Identity

802.1X/EAP-Response(TLS clientHello(random 1)) RADIUS Access Request/EAP-Response TLS ClientHello

Identity

RADIUS Access Challenge/EAP-Request Identity

802.1X/EAP-Request(TLS ServerHello(random 2) || TLS
Certificate || TLS CertificateRequest || TLS
server_key_exchange || TLS server_done)

MasterKey = TLS-PRF(PreMasterKey, “master secret” || random1 || random2)

802.1X/EAP-Response(TLS client_key_exchange || TLS || TLS

certificate || TLS certificateVerify || TLS change_cipher_suite ||
TLS finished
RADIUS Access Request /EAP-Response

802.1X/EAP-Request(TLS change_cipher_suite || TLS RADIUS Access Challenge/EAP-Request

finished)
Identity

802.1X/EAP-Response
RADIUS Access Request/EAP-Response

PMK = TLS-PRF(MasterKey, “client EAP encryption” || random1 || random2)

RADIUS Accept/EAP-Success, PMK

802.1X/EAP-Success

33
Problems in the current
structure
 Complex
 Lengthy
 Not secure (Message replay, malicious Access Point (AP) associations
etc.)
 Prone to Denial of Service vulnerabilities
Before handshake
(Attacks- Authentication, Association, De-authentication,
Dissociation, Request Floods etc.)

During handshake
(via initial message )
After handshake
(De-authentication, Dissociation )

34
DoS attacks in WLANs

 False AP attack
 Flooding DoS
 Exploiting Setup mechanism
 Protocol based attack
 Exploitation of authentication mechanism
IEEE 802.11w
Provides protection against Authentication/ Association requests
in existing connection and Deauthentication/Dissassociation
DoS attacks.

Legacy Deauth/Disass. Request MIC

Spoofed Deauth/Disass. Request MIC

Issues in WLAN Security

37
Issues: WLAN Security
 Unauthenticated and unprotected management frames,
 Deprecation of lightweight WEP,
 Existence of bulky 802.11i,
 Authentication mechanisms themselves fell prey against
DoS attacks,
 Per frame lightweight authentication solutions lacks
security measures like secrecy, integrity etc.
 No security protocols against DoS attacks, the DoS
solutions are in pieces,
 The existing solutions against MAC spoofing,
masquerading, replay, modifications are not sufficient,
 Mobile authentication protocols are not directly
applicable in WLAN.
Practical Steps to Secure
WLAN
1. Discovery of Rogue Access Points & Vulnerabilities
Netstumbler and Kismet, and other commercial scanners
can survey the airwaves for rogue access points and
some network vulnerabilities.
2. Implement the best practices of wireless LAN
security
change the default Service Set Identifiers (SSIDs)
A Cisco access point with the default SSID of "tsunami"
alerts hackers to a wide-open network
An SSID of “Director Office" calls attention to valuable
information

39
Practical Steps to Secure
WLAN
configure access points to disable the broadcast mode
where the access point constantly broadcasts its SSID
as a beacon in search for stations with which to connect.
By turning this default feature off, stations must know the
SSID in order to connect to the access point.
MAC address filtering provides basic control over which
stations can connect to your network.
3. Encryption, Authentication and VPN
Introduce 802.1x as strengthened authentication for all
802.11 networks.

40
Practical Steps to Secure
WLAN
4. Set & Enforce Wireless LAN Policies
Fundamental policies include:
Forbidding the installation of unauthorized access points
and ad hoc networks.
Mandating the use of WEP or VPNs.
Limit wireless LAN traffic to operate on set channels
Limit wireless LAN connectivity to chosen business
hours.
5. Deploying an intrusion detection system (IDS)

41
Summing Up..

"Wireless LANs are a breeding ground for

new attacks because the technology is young
and organic growth creates the potential for a
huge payoff for hackers"

42
Thank You

43