Wireless Networks Security PDF

Summary

This document is a lecture on network security, focusing specifically on wireless networks. The lecture, delivered by Prof. Dr. Torsten Braun at the University of Bern, covers topics like wireless security threats, preventive measures, and security strategies.

Full Transcript

Network Security
VII. Wireless Networks

Prof. Dr. Torsten Braun, Institut für Informatik
Bern, 21.10.2024 – 28.10.2024
Network Security: Wireless Networks

Wireless Networks
Table of Contents

1. Wireless Security
2. Mobile Device Security
3. IEEE 802.11 Wireless LAN
4. IEEE 802.11 Wireless LAN Security

3
Network Security: Wireless Networks

1. Wireless Security
1. Key Factors

− Channel − Resources
− Broadcast Communications − Limited memory and
are more vulnerable to processing resources
eavesdropping and jamming. to counter threads including
− more vulnerable to active attacks denial of service attacks

− Mobility − Accessibility
− Portability creates risks. − Devices like sensors might be
left unattended.
− Vulnerability to physical attacks
4
Network Security: Wireless Networks

1. Wireless Security
2. Wireless Networking components

Endpoint Wireless medium Access point (AP)

5 Figure 18.1 Wireless Networking Components
Network Security: Wireless Networks

1. Wireless Security
3.1 Wireless Network Threats

− Accidental association − Ad hoc networks
− Company wireless LANs in proximity − Peer-to-peer networks between wireless
may create overlapping transmission computers with no AP between them.
ranges.
− User intending to connect to one WLAN − Such networks can pose a security threat
may unintentionally log in to a wireless due to a lack of a central point of control.
AP from a neighboring network.
− Nontraditional networks
− Malicious association − Personal network devices,
− A wireless device is configured to e.g., Bluetooth devices, barcode readers,
appear to be a legitimate access point, pose a security risk in terms of both
enabling the operator to steal eavesdropping and spoofing.
passwords from legitimate users.
− Then it penetrates a wired network
through a legitimate wireless AP.
6
Network Security: Wireless Networks

1. Wireless Security
3.2 Wireless Network Threats

− Identity theft (spoofing) − Denial of Service
− occurs when an attacker is able to − An attacker continually bombards a
eavesdrop network traffic and wireless AP or some other accessible
identify the (MAC) address of a wireless port with various protocol
messages to consume system
computer with network privileges resources.
− Man-in-the-middle attacks − Network injection
− persuading user and AP to − targets wireless APs that are
believe that they are talking to exposed to non-filtered network
each other, when in fact the traffic, such as routing protocol or
communication is going through network management messages
an intermediate attacking device − Example:
bogus reconfiguration commands
7
Network Security: Wireless Networks

1. Wireless Security
4.1 Measures: Securing Wireless Transmissions

Principal threats to Countermeasures
wireless transmission: − Signal-hiding techniques
− Eavesdropping − Turn off Service Set Identifier broadcasting
by wireless APs
− Altering or inserting − Cryptic names for SSIDs
messages − Reduce signal strength to lowest level that
still provides good coverage
− Disruption − Locate wireless APs inside the building,
away from windows and exterior walls
− Encryption
− effective against eavesdropping
assuming encryption keys are secured
8
Network Security: Wireless Networks

1. Wireless Security
4.2 Measures: Securing Wireless Access Points

Main threat involving wireless APs: Principal approach for preventing
unauthorized network access such access: IEEE 802.1X
− for port-based network
access control
− to prevent rogue APs and
other unauthorized devices
from becoming insecure
backdoors

9
Network Security: Wireless Networks

1. Wireless Security
4.3 Measures: Securing Wireless Networks

− Use − Change
− (built-in) encryption at − identifier on router from default
wireless routers − router’s pre-set password for
− antivirus software administration
− antispyware software − Allow
− firewall − only specific computers to
− Turn off access a wireless network
− identifier broadcasting

10
Network Security: Wireless Networks

2. Mobile Device Security
1. Organizational Requirements

− Mobile devices are essential − Due to massive changes, an
for organizations as part of the organization’s networks must
overall network infrastructure. accommodate:
− Prior to the widespread use of − growing number of devices
smartphones, network security − cloud-based applications
was based upon clearly
defined perimeters that − de-perimeterization
separated trusted internal − external business requirements
networks from the untrusted
Internet.
11
Network Security: Wireless Networks

2. Mobile Device Security
2. Security Threats

− Lack of physical security controls − Use of applications created by
− Security policy must assume that unknown parties
mobile devices can become stolen. − Risk of installing malicious software
− Use of untrusted devices − Interaction with other systems
− Assumption that not all − Data synchronization with
devices are trustworthy other devices and the cloud
− Use of untrusted networks − Use of untrusted content
− Networks are − e.g., using QR code
not trustworthy
− Use of location services
12
Network Security: Wireless Networks

2. Mobile Device Security
3. Strategy

limits

13
Network Security: Wireless Networks

2. Mobile Device Security
4. Categories of Principal Mobile Device Security
Elements
− Device security − Client/server traffic security
− Auto-lock − Traffic encryption,
e.g., using SSL or VPNs
− Password or PIN protection − Strong authentication,
− Avoid auto-complete for passwords e.g., multi-factor authentication
− Ensure use of SSL − Barrier security
− Ensure software and system updates − Firewalls
− Install antivirus software − Intrusion detection and prevention systems
− Encrypted storage of sensitive data
− Avoid installation of 3rd party software
− Security training
− Disable location services
14
Network Security: Wireless Networks

3. IEEE 802.11 Wireless LAN
1. Terminology

15
Network Security: Wireless Networks

3. IEEE 802.11 Wireless LAN General IEEE 802 Specific IEEE 802.11
functions functions
2. Protocol Stack
Logical Link Flow control
Control Error control

Assemble data
Medium Access into frame Reliable data delivery
Addressing Wireless access control
Control Error detection protocols
Medium access

Encoding/decoding Frequency band
of signals definition
Physical Bit transmission/ Wireless signal
reception encoding
Transmission medium

16
Network Security: Wireless Networks

3. IEEE 802.11 Wireless LAN
3. General MPDU Format

17
Network Security: Wireless Networks

3. IEEE 802.11 Wireless LAN
4. Extended Service Set
Distribution System

AP 2

AP 1
Basic Service
Set (BSS)
Basic Service STA 1
Set (BSS)
STA 8
STA 2

STA 6 STA 7
STA4

STA 3
18
Network Security: Wireless Networks

3. IEEE 802.11 Wireless LAN
5. Services Table 18.2 IEEE 802.11 Services

Service Provider Used to support
Association Distribution system MSDU delivery
Authentication Station LAN access and security
Deauthentication Station LAN access and security
Dissassociation Distribution system MSDU delivery
Distribution Distribution system MSDU delivery
Integration Distribution system MSDU delivery
MSDU delivery Station MSDU delivery
Privacy Station LAN access and security
Reassociation Distribution system MSDU delivery
19
Network Security: Wireless Networks

3. IEEE 802.11 Wireless LAN
6. Association-Related Services: Transition Types

− No transition − ESS transition
− A station is either stationary or − A station moves from a BSS in an
moves only within the direct
communication range of the ESS to a BSS within another ESS.
communicating stations of a single − Maintenance of upper-layer
BSS.
connections supported by IEEE
− BSS transition 802.11 cannot be guaranteed.
− A station moves from one BSS to − Disruption of service is likely to
another BSS within the same ESS.
− Data delivery to station requires the occur.
addressing capability to recognize
the new location of the station.
20
 Network Security: Wireless Networks

3. IEEE 802.11 Wireless LAN
7. Association-Related Services
To deliver a message within a DS, Services relating to a station maintaining an
the DS must know the identity of association with the AP within its current BSS:
the AP to which the message − Association establishes an initial
should be delivered for that association between a station and an AP
message to reach the destination − Reassociation enables an established
station. association to be transferred from one AP
to another, allowing a mobile station to
move from one BSS to another
− Disassociation: A notification from either
a station or an AP that an existing
association is terminated
21
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
1. Standards

− Wired Equivalent Privacy
− Privacy portion of IEEE 802.11 standard
− Some major security flaws
− Wi-Fi Protected Access (WiFi Alliance)
− A set of security mechanisms that eliminates
most IEEE 802.11 security issues
− WPA2 for 802.11i standard
− Robust Security Network
− Final form of 802.11i standard
22
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
2. Wired Equivalent Privacy

Authentication and encryption with shared keys

Pseudo
Random
Initialisation Vector (24)
Number
||
Generation Cipher
Secret Key (40/104) XOR
Text
||
Message (clear text) CRC

802.11 Header IV

23
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
3.1 WiFi-Protected Access
− WPA − WPA3
− Temporary Key Integrity Protocol − Enterprise mode:
AES-256 with Galois Counter Mode
− Message Integrity Check with SHA-384 as HMAC
replaces CRC. − Personal mode: CCMP-128 as
− WPA2 minimum encryption algorithm
− replaces Pre-Shared Key exchange
− IEEE 802.11i with Simultaneous Authentication of
− Counter Mode Equals exchange
Cipher Block Chaining − a variant of the Dragonfly Key
Message Authentication Code Exchange [RFC 7664] based on
Diffie-Hellman key exchange using
Protocol (CCM mode Protocol) finite cyclic groups, e.g., elliptic curves.
based on AES. − resistant to dictionary attacks

24
Mobile Communications: Wireless Local Area Networks

4. IEEE 802.11i Wireless LAN Security
3.2 Dragonfly

Pre-shared password is transformed
into generator G by the known function.

25
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
4.1 Robust Security Network: Services and Protocols
Robust Security Network (RSN)

Authentication Confidentialiy, Data
Services

Access Control and Key Origin Authentication
Generation and Integrity and
Replay Protection
Protocols

IEEE 802.1 Extensible
Port-based Authentication TKIP CCMP
Access Control Protocol (EAP)

26
 Protocols
IEEE 802.1 Extensible Integrity and

Algorithms Services
Network Security: Wireless Networks
Port-based Authentication TKIPConfidentiality
CCMP Data Origin
Key
Generation
Authentication
Access Control Protocol (EAP)
4. IEEE 802.11i Wireless LAN Security TKIP
(RC4)
CCM
(AES-
NIST
Key
HMAC- HMAC-
SHA-1 MD5
TKIP
(Michael
CCM
(AES-
CBC-
HMAC-
SHA-1
RFC
1750
CTR) Wrap MIC)
(a) Services and Protocols MAC)
4.2 RSN Services and Algorithms
(b) Cryptographic Algorithms

CBC-MAC = Cipher Block Block Chaining Message Authentication Code (MAC)
Robust Security Network (RSN) CCM = Counter Mode with Cipher Block Chaining Message Authentication Code
CCMP = Counter Mode with Cipher Block Chaining MAC Protocol
TKIP = Temporal Key Integrity Protocol

Figure 18.6 Elements of IEEE 802.11i

Integrity and
Algorithms Services

Key
Confidentiality Data Origin Generation
Authentication

CCM
CCM NIST TKIP
TKIP HMAC- HMAC- (AES- HMAC- RFC
(AES- Key (Michael
(RC4) SHA-1 MD5 CBC- SHA-1 1750
CTR) Wrap MIC)
MAC)
27
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
4.3 RSN: Phases of Operation
STA AP AS End Station

Phase 1 - Discovery

Phase 2 - Authentication

Phase 3 - Key Management

Phase 4 - Protected Data Transfer

Phase 5 - Connection Termination
28
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
4.4 RSN: Discovery Phase

STA and AP decide on
− Confidentiality and MPDU integrity protocols
− WEP, TKIP, CCMP
− Authentication method
− Pre-shared key authentication
− IEEE 802.1X
− Cryptography key management approach

29
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
5.1 Open System Authentication, Association and
Reassociation
AP AP
Authentication Request

Authentication Response

Association Request (SSID)
Association Response (Association ID)

Reassociation Request (AP ID)
Information exchange
between APs
Reassociation Response (Association ID)
30
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
5.2 Pre-Shared Key Authentication

AP

Open System Authentication
Association

Authentication (RAND)

Authentication (RAND, Reply)

Authentication (SessionKey)

Authentication Acknowledge

Authentication (MulticastSessionKey)
31
 Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
5.3.1 IEEE 802.1X Access Control
− Port-Based Network Access Control
− Extensible Authentication Protocol
defined in IEEE 802.1X standard
802.1X uses
− controlled ports
− to allow the exchange of PDUs
between a supplicant and other
systems on the LAN only if the
current state of the supplicant
authorizes such an exchange
− uncontrolled ports
− to allow the exchange of PDUs
between supplicant and AS,
regardless of the authentication
state of the supplicant

32
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security STA AP AS

5.3.2 IEEE 802.1X: Station sends a request Probe request

Discovery and EAP Exchange to join network
Probe response
AP sends possible
security parameter
(security capabilties set
Open system per the security policy)
Station sends a
Discovery request to perform
null authentication
authentication request

Open system
authentication response AP performs
null authentication
Station sends a request to Association request
associate with AP with
security parameters Association response AP sends the associated
security parameters
Station sets selected
security parameters
802.1X controlled port blocked

802.1X EAP request

RADIUS 802.1X EAP response
EAP Request/auth
Access Challenge Access request
(EAP request)

Extensible Authentication Protocol Exchange
EAP Response/auth
Accept/EAP-success
RADIUS key material
Access Request 802.1X EAP success

33 802.1X controlled port blocked
 PTK
Pairwise transient key
bits (CCMP)Network DuringNetworks
Security: Wireless 4-way handshake
bits (TKIP)

KEK TK
ion key 4. IEEE 802.11i Wireless LAN Security
EAPOL key encryption key
128 bits
Temporal key
128 bits (CCMP)
256 bits (TKIP) Out-of-band path EAP method path
6.1 Key Management PSK
Pre-shared key
AAAK or MSK
AAA key
These keys are 256 bits User-defined ≥256 bits EAP
components of the PTK cryptoid authentication

(a) Pairwise key hierarchy PMK
Legend
No modification Pairwise master key
Possible truncation 256 bits following EAP authentication
PRF (pseudo-random or PSK
GMK (generated by AS) function) using
HMAC-SHA-1 PTK
Group master key
Pairwise transient key
256 bits Changes periodically
or if compromised 384 bits (CCMP) During 4-way handshake
512 bits (TKIP)
GTK
KCK KEK TK
Group temporal key
EAPOL key confirmation key EAPOL key encryption key Temporal key
40 bits, 104 bits (WEP)
128 bits (CCMP) Changes based on 128 bits 128 bits 128 bits (CCMP)
256 bits (TKIP) policy (disassociation, 256 bits (TKIP)
deauthentication)

These keys are
(b) Group key hierarchy components of the PTK

34 (a) Pairwise key hierarchy
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
6.2 Keys for Data Confidentiality
and Integrity Protocols

35
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
6.3.1 Pairwise Keys

Used for communication between a pair of Pairwise Master Key
devices, typically between a STA and an AP
− derived from MSK
− These keys form a hierarchy beginning with a
master key from which other keys are derived − If a PSK is used: PSK is used as PMK;
dynamically and used for a limited period of if a MSK is used:
time PMK is derived from the MSK by truncation
Pre-Shared Key Pairwise Transient Key
− secret key shared by AP and STA, which is − consists of three keys to be used for
installed outside the scope of IEEE 802.11i communication between a STA and AP after they
have been mutually authenticated.
Master Session Key
− Using the STA and AP MAC addresses in the
− (also known as the AAAK) is generated generation of the PTK provides protection against
using the IEEE 802.1X protocol session hijacking and impersonation; using nonces
during the authentication phase provides additional random keying material

36
 Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
6.3.2 PTK Parts

EAP Over LAN – EAPOL – Key Encryption Key
Key Confirmation Key
− protects the confidentiality of
− supports the integrity and data origin keys and other data during some
authenticity of STA-to-AP control RSN association procedures.
frames during operational RSN setup
− performs access control function: Temporal Key
proof-of-possession of the PMK − provides the actual protection for
− An entity that possesses the PMK user traffic.
is authorized to use the link.
37
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
6.4 Group Keys

Group keys for multicast Group Temporal Key
communication: 1 STA sends − is generated by the AP and
MPDUs to multiple STAs. transmitted to its associated STAs
Group Master Key − IEEE 802.11i requires that its value
is computationally indistinguishable
− Key-generating key used with from random
other inputs to derive the GTK
− is distributed securely using the
pairwise keys that are already
established
− is changed every time a device
leaves the network
38
 Network Security: Wireless Networks

STA AP
4. IEEE 802.11i Wireless LAN Security
6.5 Pairwise Key Distribution
AP’s 802.1X controlled port blocked

Message 1
EAPOL-key (Anonce, Unicast)
Message 1 delivers a nonce to the STA
so that it can generate the PTK.
Message 2 delivers another nonce to the
AP so that it can also generate the Message 2
PTK. It demonstrates to the AP that EAPOL-key (Snonce,
the STA is alive, ensures that the Unicast, MIC)

4-Way Handshake PTK is fresh (new) and that there is no
man-in-the-middle Message 3
EAPOL-key (Install PTK,
Unicast, MIC) Message 3 demonstrates to the STA that
the authenticator is alive, ensures that the
Message 4 serves as an acknowledgement to PTK is fresh (new) and that there is no
Message 4
Message 3. It serves no cryptographic man-in-the-middle.
EAPOL-key (Unicast, MIC)
function. This message also ensures the
reliable start of the group key handshake.
AP’s 802.1X controlled port
unblocked for unicast traffic

Message 1
Group Key Handshake The STA decrypts the GTK
EAPOL-key (GTK, MIC)
Message 1 delivers a new GTK to
the STA. The GTK is encrypted
and installs it for use. before it is sent and the entire
message is integrity protected
Message 2
EAPOL-key (MIC)
Message 2 is delivered to the
The AP installs the GTK.
AP. This frame serves only as
an acknowledgment to the AP.
39
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
7.1 Protected Data Transfer Phase
Temporal Key Integrity Protocol Counter Mode-CBC MAC Protocol
− designed to require only software − intended for newer IEEE 802.11
changes to devices that are devices that are equipped with the
implemented with WEP hardware to support this scheme
− Periodic rekeying, after not
more than 10‘000 frames
− Services
− Services
− Message integrity
− adds Message Integrity Code
− Message integrity
to MAC frame after data field − CBC-MAC
− Data confidentiality − Data confidentiality
− Encrypting MPDU/MIC by RC4 − CTR block cipher mode with AES
40
Network Security: Wireless Networks

4. IEEE 802.11i Wireless LAN Security
7.2 Pseudorandom Function
− used at a number of places in the
IEEE 802.11i scheme to
− generate nonces
− expand pairwise keys
− generate the GTK
− HMAC-SHA-1 to generate a
pseudorandom bit stream

41
Thanks
for your Attention
Prof. Dr. Torsten Braun, Institut für Informatik
Bern, 21.10.2024 – 28.10.2024