Sign In
Register
Help
Quote
By Dr.T Mon, 05 August 2002
Published on BCVG Network Security e-zine issue #2
Introduction
This is the last article in the Wireless series. Just to remind you, the first article introduced the reader to the Wireless world and discussed Wireless devices and protocols. The second article went deeper into Wireless networks, provided general info on WLAN and discussed IEEE standards for them. This article deals with WLAN security, explains the most common attack techniques and introduces some useful tools.
Overview
Few words on Wireless network topology. Each Wireless network has two major components, either stations (STA) or access points (AP). Wireless network operates in one of two modes: ad-hoc (peer-to-peer) or infrastructure mode. In the ad-hoc mode each client (STA) communicates directly with other clients within the network. In the infrastructure mode each client (STA) sends its communication requests to a central station, which is the Access Point (AP). The access point acts as an Ethernet bridge.
A client and an access point must establish a relationship prior to exchanging data. Once established the client-access point relationship could be in any of the following three states:
1. Unauthenticated and unassociated
2. Authenticated and unassociated
3. Authenticated and associated
The exchange of real data is only possible in the third state. Until then the parties communicate using management frames. Access point transmits beacon management frames at fixed intervals. Client receives this frame and starts authentication by sending an authentication frame. After successful authentication the client sends an association frame and the access point responds with an associated response frame.
Wireless Networks Security Mechanisms
The 802.1 standard for wireless networks provides several mechanisms for achieving secure network environment. This section explains five widely used mechanisms.
# Wired Equivalent Protocol
Wired Equivalent Protocol, or WEP, was first designed by the authors of the 802.1 standard. WEP was designed not to provide a secure network protocol similar to IPSec, but rather to provide an equivalent level of privacy. WEP aims to provide security by encrypting data over radio waves. WEP is used to prevent unauthorized access to the wireless network. WEP is disabled by default. If it is turned on any outgoing package is encrypted and packed.
The WEP protocol relies on a secret key that is shared in a basic BSS (Basic Set Service). This key is used to encrypt data packets before they are transmitted, and an integrity check is run on them. WEP uses the RC4 algorithm, which is a stream cipher. A stream cipher expands a short key into an infinite pseudo-random key stream.
WEP Encipherment Algorithm
* Plaintext message is run though an integrity algorithm to produce integrity check value, also known as ICV. The 802.11 standard specifies the use of CRC-32.
* The integrity check value is appended to the end of the plaintext message.
* 24-bit initialization vector (IV) is generated and the secret key is concatenated to it. Then it is used to generate a seed value for the WEP pseudo-random number generator (PRNG).
* PRNG outputs a key sequence.
* The data is encrypted by XORing with the key sequence generated.
* The IV is appended in the clear to the protected frame (with the ciphertext) and transmitted.
The algorithm involved in deciphering can be easily guessed from the above algorithm. The IV is used to elongate the life of the secret key.
WEP uses a RC4 key stream; therefore it uses a 64-bit key to generate it, which is
XOR'ed to the data/ICV combination, 24-bits IV. The secret key is 40-bits long.
# WEP 2
The IEEE proposed changes to the WEP protocol in 2001, after many flaws had been discovered in the original one. The new version, WEP2, has increased the IV space from 24 bits to 128 bits and provides Cerberus V Support, though problems haven't disappeared (discussed later). Complete support for the entire WEP2 has yet to be achieved.
# Open System Authentication
Each Wireless network has two authentication systems. Open system authentication is the first one and default authentication protocol for 802.11. The name implies that this system authenticates anyone who requests authentication (like a root account with null password). WEP is not helpful, since experiments have shown that the authentication management frames are sent in the clear even if WEP is enabled.
# Access Control List
This security feature is not defined in the 802.11 standard, but it is used by vendors to provide better security in addition to the standard security methods. Access Control List is based on the clients wireless Ethernet MAC address (unique for each NIC). The access point can limit the clients using the network by using the ACL. If a client's MAC address is listed, then he is permitted access to the network; if not, then access to the network is denied.
# Closed Network Access Control
This feature allows an administrator use either an open network or a closed network. Open network means that anyone is permitted to join the network, while in closed network, only clients that know the network name, or SSID, can join. The network name acts as a shared key.
Wireless Networks Attacks
Most of you will probably find this section more interesting, since it explains common attack techniques that are used to compromise wireless networks, stealing bandwidth and just for having fun. If you have a wireless network nearby or you live in a place where wireless technology is widely used, any of the attack techniques described below will have 98% success.
Attackers target Wireless networks since about 95% of all networks are completely unprotected. The current standard (802.11b) grants bandwidth of up to 11 MBps. If attacked Wirelesses network uses default settings there will be no cap set on bandwidth, which means the attacker can have complete access to the capacity. You can find a very convincing example at Neworder - http://neworder.box....php?newsid=3899.
# Access Point Spoofing & MAC Sniffing
Access control list lists provide a reasonable level of security when a strong form of identity is used. Unfortunately, this is not the case with MAC addresses. MAC addresses are easily sniffed by an attacker since they must appear in the clear even when WEP is enabled. Further more, wireless cards permit the changing of their MAC address via software. An attacker can use those "advantages" in order to masquerade as a valid MAC address by programming the wireless card, and get into the wireless network and use the wireless pipes.
Spoofing MAC address is very easy. Using packet-capturing software, an attacker can determine a valid MAC address using one packet. If the wireless card firmware allows changing the MAC address, then he is done.
If an attacker holds wireless equipment nearby, and he/she is near a wireless network, he will be able to perform a spoofing attack. To perform a spoofing attack, an attacker must setup an access point (rogue) near the target wireless network or in a place where a victim may believe that wireless Internet is available. If the rogue's signal is stronger than the signal of the real access point, then the victim's computer will connect to the attacker's access point. Once the victim has established a connection, the attacker can steal his password, network access, compromise his/her computer etc. This attack is used mainly for password acquisition.
# WEP Attacks
Plaintext Attacks
In this attack, the attacker knows the plaintext message and has a copy of the ciphertext. The missing piece is the key. In order to get the key, an attacker would send a target system a small part of data, and then capture the data that is sent to the destination. Once the attack captured the data, he got the IV. Now, he can simply run a dictionary attack to find the key.
Another plaintext attack reveals the key stream using a simply XOR. If an attack has the ciphertext and the plaintext, he can XOR the ciphertext and get the key stream. The attacker can use the key stream with the right IV, to inject packets into the wireless network without authenticating o the access point.
Cipher stream Reuse
This problem allows an attacker to recover the key stream from a WEP packet (encrypted packet). The WEP cipherment algorithm declares small space to the initialization vector, using this flow an attacker can capture key streams by sending packets with various IV. Later, the attacker can decrypt the encrypted message using by XORing with the plaintext message (Note that the attack must have both ciphertext and plaintext). Later, when authentication data traffic though the network, the attacker would be able to intercept it, and using the key stream(s) the attacker can recover it to plaintext.
Fluhrer-Mantin-Shamir Research
This research project was released a year ago (August 2001) by Scott Fluhrer of Cisco Systems, Itsik Mantin and Adi Shamir of the Computer Science Department of The Weizmann Institute in Israel. The project is dealing with weaknesses in the Key Scheduling Algorithm (KSA) of RC4.
This group discovered two weaknesses in the KSA. The attack technique, which is described in their research paper, cracks keys of both WEP (24 bit long) and WEP2 (128 bit long). Adam Stubblefield or Rice University and John Loannidis and Aviel Rubin of AT&T Labs approved this attack technique later. Once the attack was approved, two new tools become available to the public (air snort and WEPCrack). Their source code, though, was never released to the public.
# Man-in-the-middle attacks
Most of the attacks in this category are based on ARP poisoning, or cache poisoning. Basically, ARP spoofing is a method of exploiting the interaction of IP and Ethernet protocols. Since, this article is not about ARP protocols, or ARP attacks, I'll describe shortly the attacks and the purpose.
The attacker combines an access point with a virtual private network server of the same type as the one on the target network. When a user tries to connect to the real server, the spoofed server sends a replay back, leading the user to connect to the fake server.
This type of attack is complex to be explain in this article, though you can find good articles about ARP poisoning at www.ebcvg.com
# Low-Hanging Fruit
A wireless attacker would probably start with this attack, since most wireless networks are completely unprotected (they use open system authentication), and moreover, WEP is not present by default.
All an attacker needs to attack such a system is a wireless card and a scanner (see at the end of this article). An attacker scans for open access points that allow anyone to connect, and then connects to the access point. Attackers use it to have free Internet access, launching a blind attack (attacking a third party) etc.
Securing Wireless Networks
Wireless network has become very popular among companies, because it allows employees to access the wired network (WLAN) from any place thus granting roaming ability. New technologies usually fail to provide decent security level - Wireless is not an exception. This section describes the most common ways to improve security of a Wireless network.
# MAC Address Filtering
This method uses a list of MAC addresses of client wireless network interface cards that are allowed to associate with the access point. If there are several access points, the list should be available on all access points, which the client can be associated with. Administrators should take care that the list is "up-to-date". Though this method is vulnerable (see above), it is widely used to secure wireless networks.
# WEP
As was stated above, WEP provides a certain level of data encryption for communication between clients and access points. Still, WEP should be enabled, because there is no need to make it easier for attacker to compromise the network. Once again, this method is vulnerable to different kind of attacks.
# SSID (Network ID)
The first attempt to secure wireless network was the use of Network ID (SSID). When a wireless client wants to associate with an access point, the SSID is transmitted during the process. The SSID is a seven digit alphanumeric ID that is hard coded into the access point and the client device. Using SSID, only those clients, who hold the correct Network ID, are allowed to associate with the access point. With WEP enabled, the SSID is transmitted in encrypted form, but if an attacker has a physical access to the device, he/she can determine the SSID, since it is stored in clear text.
Once the SSID is compromised by an attacker, the Wireless network administrator must assign a new SSID manually.
# Firewalls
Using a firewall to secure a wireless network is probably the only security feature that will prevent unauthorized access. As mentioned below, the access to the network should be done via IPSec, secure shell or VPN. Thus, the firewall should be configured to allow only IPSec or secure shell traffic. A illustration of an access to a wired network form a wireless network:
1. The wireless client authenticated and associates with wireless access point. For better security, the access point should be configured to filter MAC addresses.
2. The access point sends a request to the DHCP server. The server assigns the client a network address.
3. Once the network address[/b] is assigned, the wireless client is now at the wireless network. In order to access the wired network, it either sets up an IPSec VPN Tunnel or uses secure shell.
It is important to configure the firewall to accept only secure connections, all other connect should be denied.
# Access Points
Access points can accommodate MAC filtering and should be configured to do so, though MAC addresses can be spoofed (see above). Administrators should take care that the AP is located in a secured place, so unauthorized physical access will be permitted.
Configuring AP is done via telnet, web browser or SNMP. It is recommended to allow configuration only via telnet session, and block all other ways.
# Design Considerations
Before taking any implementation to secure a wireless network, it is important to properly design the network. A properly designed network can eliminate some risks associated with wireless networks.
Some tips for proper design:
1. Protect wireless networks with VPN or access control list.
2. Access points should not be connected to the internal wired network even if WEP is enabled.
3. Access points should be never placed behind a firewall.
4. Wireless clients are allowed to access the network though a secure shell, IP-Sec or virtual private network. These provide user authorization, authentication and encryption - secure your network.
Published on BCVG Network Security e-zine issue #2
Introduction
This is the last article in the Wireless series. Just to remind you, the first article introduced the reader to the Wireless world and discussed Wireless devices and protocols. The second article went deeper into Wireless networks, provided general info on WLAN and discussed IEEE standards for them. This article deals with WLAN security, explains the most common attack techniques and introduces some useful tools.
Overview
Few words on Wireless network topology. Each Wireless network has two major components, either stations (STA) or access points (AP). Wireless network operates in one of two modes: ad-hoc (peer-to-peer) or infrastructure mode. In the ad-hoc mode each client (STA) communicates directly with other clients within the network. In the infrastructure mode each client (STA) sends its communication requests to a central station, which is the Access Point (AP). The access point acts as an Ethernet bridge.
A client and an access point must establish a relationship prior to exchanging data. Once established the client-access point relationship could be in any of the following three states:
1. Unauthenticated and unassociated
2. Authenticated and unassociated
3. Authenticated and associated
The exchange of real data is only possible in the third state. Until then the parties communicate using management frames. Access point transmits beacon management frames at fixed intervals. Client receives this frame and starts authentication by sending an authentication frame. After successful authentication the client sends an association frame and the access point responds with an associated response frame.
Wireless Networks Security Mechanisms
The 802.1 standard for wireless networks provides several mechanisms for achieving secure network environment. This section explains five widely used mechanisms.
# Wired Equivalent Protocol
Wired Equivalent Protocol, or WEP, was first designed by the authors of the 802.1 standard. WEP was designed not to provide a secure network protocol similar to IPSec, but rather to provide an equivalent level of privacy. WEP aims to provide security by encrypting data over radio waves. WEP is used to prevent unauthorized access to the wireless network. WEP is disabled by default. If it is turned on any outgoing package is encrypted and packed.
The WEP protocol relies on a secret key that is shared in a basic BSS (Basic Set Service). This key is used to encrypt data packets before they are transmitted, and an integrity check is run on them. WEP uses the RC4 algorithm, which is a stream cipher. A stream cipher expands a short key into an infinite pseudo-random key stream.
WEP Encipherment Algorithm
* Plaintext message is run though an integrity algorithm to produce integrity check value, also known as ICV. The 802.11 standard specifies the use of CRC-32.
* The integrity check value is appended to the end of the plaintext message.
* 24-bit initialization vector (IV) is generated and the secret key is concatenated to it. Then it is used to generate a seed value for the WEP pseudo-random number generator (PRNG).
* PRNG outputs a key sequence.
* The data is encrypted by XORing with the key sequence generated.
* The IV is appended in the clear to the protected frame (with the ciphertext) and transmitted.
The algorithm involved in deciphering can be easily guessed from the above algorithm. The IV is used to elongate the life of the secret key.
WEP uses a RC4 key stream; therefore it uses a 64-bit key to generate it, which is
XOR'ed to the data/ICV combination, 24-bits IV. The secret key is 40-bits long.
# WEP 2
The IEEE proposed changes to the WEP protocol in 2001, after many flaws had been discovered in the original one. The new version, WEP2, has increased the IV space from 24 bits to 128 bits and provides Cerberus V Support, though problems haven't disappeared (discussed later). Complete support for the entire WEP2 has yet to be achieved.
# Open System Authentication
Each Wireless network has two authentication systems. Open system authentication is the first one and default authentication protocol for 802.11. The name implies that this system authenticates anyone who requests authentication (like a root account with null password). WEP is not helpful, since experiments have shown that the authentication management frames are sent in the clear even if WEP is enabled.
# Access Control List
This security feature is not defined in the 802.11 standard, but it is used by vendors to provide better security in addition to the standard security methods. Access Control List is based on the clients wireless Ethernet MAC address (unique for each NIC). The access point can limit the clients using the network by using the ACL. If a client's MAC address is listed, then he is permitted access to the network; if not, then access to the network is denied.
# Closed Network Access Control
This feature allows an administrator use either an open network or a closed network. Open network means that anyone is permitted to join the network, while in closed network, only clients that know the network name, or SSID, can join. The network name acts as a shared key.
Wireless Networks Attacks
Most of you will probably find this section more interesting, since it explains common attack techniques that are used to compromise wireless networks, stealing bandwidth and just for having fun. If you have a wireless network nearby or you live in a place where wireless technology is widely used, any of the attack techniques described below will have 98% success.
Attackers target Wireless networks since about 95% of all networks are completely unprotected. The current standard (802.11b) grants bandwidth of up to 11 MBps. If attacked Wirelesses network uses default settings there will be no cap set on bandwidth, which means the attacker can have complete access to the capacity. You can find a very convincing example at Neworder - http://neworder.box....php?newsid=3899.
# Access Point Spoofing & MAC Sniffing
Access control list lists provide a reasonable level of security when a strong form of identity is used. Unfortunately, this is not the case with MAC addresses. MAC addresses are easily sniffed by an attacker since they must appear in the clear even when WEP is enabled. Further more, wireless cards permit the changing of their MAC address via software. An attacker can use those "advantages" in order to masquerade as a valid MAC address by programming the wireless card, and get into the wireless network and use the wireless pipes.
Spoofing MAC address is very easy. Using packet-capturing software, an attacker can determine a valid MAC address using one packet. If the wireless card firmware allows changing the MAC address, then he is done.
If an attacker holds wireless equipment nearby, and he/she is near a wireless network, he will be able to perform a spoofing attack. To perform a spoofing attack, an attacker must setup an access point (rogue) near the target wireless network or in a place where a victim may believe that wireless Internet is available. If the rogue's signal is stronger than the signal of the real access point, then the victim's computer will connect to the attacker's access point. Once the victim has established a connection, the attacker can steal his password, network access, compromise his/her computer etc. This attack is used mainly for password acquisition.
# WEP Attacks
Plaintext Attacks
In this attack, the attacker knows the plaintext message and has a copy of the ciphertext. The missing piece is the key. In order to get the key, an attacker would send a target system a small part of data, and then capture the data that is sent to the destination. Once the attack captured the data, he got the IV. Now, he can simply run a dictionary attack to find the key.
Another plaintext attack reveals the key stream using a simply XOR. If an attack has the ciphertext and the plaintext, he can XOR the ciphertext and get the key stream. The attacker can use the key stream with the right IV, to inject packets into the wireless network without authenticating o the access point.
Cipher stream Reuse
This problem allows an attacker to recover the key stream from a WEP packet (encrypted packet). The WEP cipherment algorithm declares small space to the initialization vector, using this flow an attacker can capture key streams by sending packets with various IV. Later, the attacker can decrypt the encrypted message using by XORing with the plaintext message (Note that the attack must have both ciphertext and plaintext). Later, when authentication data traffic though the network, the attacker would be able to intercept it, and using the key stream(s) the attacker can recover it to plaintext.
Fluhrer-Mantin-Shamir Research
This research project was released a year ago (August 2001) by Scott Fluhrer of Cisco Systems, Itsik Mantin and Adi Shamir of the Computer Science Department of The Weizmann Institute in Israel. The project is dealing with weaknesses in the Key Scheduling Algorithm (KSA) of RC4.
This group discovered two weaknesses in the KSA. The attack technique, which is described in their research paper, cracks keys of both WEP (24 bit long) and WEP2 (128 bit long). Adam Stubblefield or Rice University and John Loannidis and Aviel Rubin of AT&T Labs approved this attack technique later. Once the attack was approved, two new tools become available to the public (air snort and WEPCrack). Their source code, though, was never released to the public.
# Man-in-the-middle attacks
Most of the attacks in this category are based on ARP poisoning, or cache poisoning. Basically, ARP spoofing is a method of exploiting the interaction of IP and Ethernet protocols. Since, this article is not about ARP protocols, or ARP attacks, I'll describe shortly the attacks and the purpose.
The attacker combines an access point with a virtual private network server of the same type as the one on the target network. When a user tries to connect to the real server, the spoofed server sends a replay back, leading the user to connect to the fake server.
This type of attack is complex to be explain in this article, though you can find good articles about ARP poisoning at www.ebcvg.com
# Low-Hanging Fruit
A wireless attacker would probably start with this attack, since most wireless networks are completely unprotected (they use open system authentication), and moreover, WEP is not present by default.
All an attacker needs to attack such a system is a wireless card and a scanner (see at the end of this article). An attacker scans for open access points that allow anyone to connect, and then connects to the access point. Attackers use it to have free Internet access, launching a blind attack (attacking a third party) etc.
Securing Wireless Networks
Wireless network has become very popular among companies, because it allows employees to access the wired network (WLAN) from any place thus granting roaming ability. New technologies usually fail to provide decent security level - Wireless is not an exception. This section describes the most common ways to improve security of a Wireless network.
# MAC Address Filtering
This method uses a list of MAC addresses of client wireless network interface cards that are allowed to associate with the access point. If there are several access points, the list should be available on all access points, which the client can be associated with. Administrators should take care that the list is "up-to-date". Though this method is vulnerable (see above), it is widely used to secure wireless networks.
# WEP
As was stated above, WEP provides a certain level of data encryption for communication between clients and access points. Still, WEP should be enabled, because there is no need to make it easier for attacker to compromise the network. Once again, this method is vulnerable to different kind of attacks.
# SSID (Network ID)
The first attempt to secure wireless network was the use of Network ID (SSID). When a wireless client wants to associate with an access point, the SSID is transmitted during the process. The SSID is a seven digit alphanumeric ID that is hard coded into the access point and the client device. Using SSID, only those clients, who hold the correct Network ID, are allowed to associate with the access point. With WEP enabled, the SSID is transmitted in encrypted form, but if an attacker has a physical access to the device, he/she can determine the SSID, since it is stored in clear text.
Once the SSID is compromised by an attacker, the Wireless network administrator must assign a new SSID manually.
# Firewalls
Using a firewall to secure a wireless network is probably the only security feature that will prevent unauthorized access. As mentioned below, the access to the network should be done via IPSec, secure shell or VPN. Thus, the firewall should be configured to allow only IPSec or secure shell traffic. A illustration of an access to a wired network form a wireless network:
1. The wireless client authenticated and associates with wireless access point. For better security, the access point should be configured to filter MAC addresses.
2. The access point sends a request to the DHCP server. The server assigns the client a network address.
3. Once the network address[/b] is assigned, the wireless client is now at the wireless network. In order to access the wired network, it either sets up an IPSec VPN Tunnel or uses secure shell.
It is important to configure the firewall to accept only secure connections, all other connect should be denied.
# Access Points
Access points can accommodate MAC filtering and should be configured to do so, though MAC addresses can be spoofed (see above). Administrators should take care that the AP is located in a secured place, so unauthorized physical access will be permitted.
Configuring AP is done via telnet, web browser or SNMP. It is recommended to allow configuration only via telnet session, and block all other ways.
# Design Considerations
Before taking any implementation to secure a wireless network, it is important to properly design the network. A properly designed network can eliminate some risks associated with wireless networks.
Some tips for proper design:
1. Protect wireless networks with VPN or access control list.
2. Access points should not be connected to the internal wired network even if WEP is enabled.
3. Access points should be never placed behind a firewall.
4. Wireless clients are allowed to access the network though a secure shell, IP-Sec or virtual private network. These provide user authorization, authentication and encryption - secure your network.
MultiQuote
