wireless communications and mobile computing
play

Wireless Communications and Mobile Computing MAP-I Jaime Dias, - PowerPoint PPT Presentation

WNMC-MPR-Sec 1 Wireless Communications and Mobile Computing MAP-I Jaime Dias, Manuel Ricardo Faculdade de Engenharia da Universidade do Porto WNMC-MPR-Sec 2 SECURITY - BASIC CONCEPTS WNMC-MPR-Sec 3 Symmetric Cryptography Ex: RC4, AES


  1. WNMC-MPR-Sec 1 Wireless Communications and Mobile Computing MAP-I Jaime Dias, Manuel Ricardo Faculdade de Engenharia da Universidade do Porto

  2. WNMC-MPR-Sec 2 SECURITY - BASIC CONCEPTS

  3. WNMC-MPR-Sec 3 Symmetric Cryptography ♦ Ex: RC4, AES 3

  4. WNMC-MPR-Sec 4 Digest/Hash ♦ Input » variable length message ♦ Output » a fixed-length bit string (the hash) ♦ Used to guarantee message integrity and source identification ♦ Ex: MD5, SHA1 4

  5. WNMC-MPR-Sec 5 Public Key Cryptography – Confidenciality 5

  6. WNMC-MPR-Sec 6 Public Key Cryptography - Authentication (digital signature) 6

  7. WNMC-MPR-Sec 7 Public Key Distribution Problem Ataque MIM: (8) Kpriv Alice [Kpub Alice [“Logo pelas 19h”]]=“ Logo pelas 19h ” (3) “ Logo pelas 20h ” (1) Kpub Alice (2) Kpub Carol Alice Carol Bob (7) Kpub Alice [“Logo pelas 19h”] (4) Kpub Carol [“Logo pelas 20h”] (5) Kpriv Carol [Kpub Carol [“Logo pelas 20h”]]=“ Logo pelas 20h ” (6) “ Logo pelas 20h ” è “ Logo pelas 19h ” O que a Alice julga ter acontecido: (4) Kpriv Alice [Kpub Alice [“Logo pelas 19h”]]=“ Logo pelas 19h ” (2) “ Logo pelas 19h ” (1) Kpub Alice Alice Bob (3) Kpub Alice [“ Logo pelas 19h ”] 7

  8. WNMC-MPR-Sec 8 Certification Authority 8

  9. WNMC-MPR-Sec 9 SSL/TLS ♦ SSL (Secure Socket Layer) – Developed by Netscape ♦ TLS 1.x (Transport Layer Security) – IETF ♦ Transparent to application protocols ♦ Server/client can authenticate using certificates ♦ But, due to certificate costs » Servers è authenticated by certificates » Clients è authenticated at the application layer (e.g. passwords) 9

  10. WNMC-MPR-Sec 10 SSL/TLS – Typical Procedure Client: » connects to a TLS-enabled server requesting secure connection presents a list of supported CipherSuites (ciphers, hash functions) » Server: » picks the strongest CipherSuite; notifies the client about the decision Server: » sends back its identification as a Digital Certificate » Certificate: [server name, server's public encryption key , trusted certificate authority (CA)] Client: » Contacts CA and verifies if certificate is authentic Client: » encrypts a random number (RN) with the server's public key (PbK) » sends it to server Server » Decrypts RN using its private key (PvK) Client  Server: generate key material for encryption/decryption Client: authenticates near the server

  11. WNMC-MPR-Sec 11 802.11 SECURITY

  12. WNMC-MPR-Sec 12 802.11 Security ♦ “Minimum” security  WEP (Wired Equivalent Privacy) ♦ Station authentication » Open mode è no authentication » Shared Mode – AP sends challenge è station returns the challenge encrypted with the WEP key ♦ Confidentiality è frames are encrypted with RC4 ♦ Integrity è CRC32 12

  13. WNMC-MPR-Sec 13 WEP - Encryption IV WEP Key SDU ICV WEP PRNG (crc32) (RC4) XOR Header IV Cryptogram FCS Frame 802.11 Keystream 13

  14. WNMC-MPR-Sec 14 WEP - Decryption IV WEP Key SDU ICV WEP PRNG (RC4) XOR Check values ICV Header IV Cryptogram FCS Frame 802.11 Keystream 14

  15. WNMC-MPR-Sec 15 WEP Vulnerabilities ♦ Same IV and WEP key  same keystream » IV too short (24 bits) » No mechanism for WEP key update ♦ Same keystream: » SDU2 ⊕ SDU1 = cryptogram1 ⊕ cryptogram2 » If SDU1 is known (ICMP, TCP ack, …) then » SDU2 = cryptogram1 ⊕ cryptogram2 ⊕ SDU1 15

  16. WNMC-MPR-Sec 16 WEP Vulnerabilities (2) » RC4 key = IV (3 bytes) + WEP key (5 or 13 bytes) ♦ Weak IVs help breaking the WEP key » Weak IVs: i:ff:X ♦ Ex: Weak IVs for WEP keys of 40 bits » 3:ff:X, 4:ff:X, 5:ff:X, 6:ff:X, 7:ff:X 16

  17. WNMC-MPR-Sec 17 WEP Vulnerabilities (3) ♦ Integrity Check Value based on CRC32 (linear) ♦ WEP does not authenticate nor check the integrity of the frame header » Station can change the MAC address ♦ AP is not authenticated » Rogue AP ♦ WEP does not control the frame sequence » Replay attacks ♦ Same key for every station » Traffic can be eavesdropped or even changed by any station knowing the WEP key 17

  18. WNMC-MPR-Sec 18 WEP Vulnerabilities (4) ♦ Manufacturers put additional barriers » Authentication by SSID – Station monitors the medium and wait for another station to associate to see the SSID » Access control by MAC address – Station sees the MAC address of allowed stations and clone their address 18

  19. WNMC-MPR-Sec 19 802.1X – Access Control Before the Traffic 802.1X authentication Other traffic ( blocked ) After the Traffic 802.1X authentication Other traffic ( unblocked )

  20. WNMC-MPR-Sec 20 EAP – Extensible Authentication Protocol Token AKA/ TLS Methods SIM Card » Encapsulates authentication » Runs over any link layer EAP but thought for PPP » Messages PPP 802.3 802.11 Links Requests , Responses bytes 1 1 2 1 variable Code | Identifier | Length | Type | Type-Data EAP Identity Request EAP Identity Response EAP Auth Request STA EAP Auth Response Authenticator EAP-Success

  21. WNMC-MPR-Sec 21 802.1X with Radius 21

  22. WNMC-MPR-Sec 22 Dynamic WEP ♦ Uses 802.1X ♦ User authentication » Support of multiple authentication methods » Centralized database with users’ credentials, independent of APs ♦ Enables also AP authentication ♦ Authenticaton keys ≠ encryption keys ♦ Periodic update of WEP keys 22

  23. WNMC-MPR-Sec 23 Dynamic WEP (2) 1. Authentication through an 802.1X EAP method 2. Generation of MPPE key 2. Generation of MPPE key (Microsoft Point-to-Point Encryption) 6. Station decrypts the WEP 4. Generation of WEP key key with the MPPE key 5. AP encrypts the WEP key with the MPPE key and sends it over EAPOL-KEY 3. MPPE key encrypted with RADIUS key 7. Station applies the WEP 8. AP applies the WEP key key 9. 802.11 data frames are unblocked and encrypted with WEP 23

  24. WNMC-MPR-Sec 24 802.11i ♦ WEP failure  IEEE 802.11i ♦ Authentication/Access Control » Pre-shared key (PSK) » With Authentication Server , using 802.1X ♦ Key Management » Temporary Keys » Authentication keys ≠ Encryption keys ♦ Data encryption » CCMP (Counter mode Cipher block Chaining MAC protocol) – Based on the AES cipher algorithm » TKIP (Temporal Key Integrity Protocol) – Based on the RC4 cipher algorithm (same as WEP) ♦ Infraestructured and ad-hoc modes 24

  25. WNMC-MPR-Sec 25 Wi-Fi Protected Access ♦ WPA » Based on Draft 3.0 of 802.11i (2002) » Short term solution for legacy equipments » No support for CCMP nor ad-hoc mode » TKIP reuses the WEP HW (RC4 cipher algorithm) – Firmware upgrade ♦ WPA2 » Supports 802.11i » Long term solution 25

  26. WNMC-MPR-Sec 26 Authentication methods (802.1X) ♦ Requires Authentication Server ♦ Most popular Wi-Fi authentication methods » EAP-TLS » EAP-TTLS » PEAP 26

  27. WNMC-MPR-Sec 27 EAP-TLS ♦ Uses TLS to authenticate both server and user through certificates ♦ Mandatory in WPA ♦ Cons: » Certificates are expensive » User identity goes in clear in the user’s certificate TLS (authentication of server and user) EAP RADIUS 802.1X (EAPoL) UDP/IP 802.11 ST AP AS 27

  28. WNMC-MPR-Sec 28 Tunneled authentication ♦ Two phase authentication » TLS tunnel authenticates the Authentication Server » User is autenticated over the TLS tunel – Support of weaker methods for user’s authentication – Certificates are optional – User’s identity goes encrypted ♦ EAP-TTLS, PEAP 28

  29. WNMC-MPR-Sec 29 EAP-TTLS MS-CHAP ♦ EAP- Tunneled TLS PAP, CHAP, EAP, … (User authentication) TLS (Server authentication) EAP RADIUS 802.1X (EAPoL) UDP/IP 802.11 ST AP AS 29

  30. WNMC-MPR-Sec 30 PEAP ♦ Protected Extensible Authentication Protocol ♦ v0  Microsoft, v1  Cisco ♦ PEAPv0/EAP-MSCHAPv2 – the most popular MSCHAPv2, TLS, … (user authentication) EAP TLS (server authentication) EAP RADIUS 802.1X (EAPoL) UDP/IP ST 802.11 AP AS 30

  31. WNMC-MPR-Sec 31 Key Management ♦ Master Key (MK) generated by Authentication Server ♦ Pairwise Master Key (PMK) generated from MK ♦ PMK sent to the AP through the AAA protocol (RADIUS) ♦ Generation of the Pairwise Transient Key (PTK) through the 4-way handshake ♦ Group key handshake (GTK) Group key handshake generated by the AP and sent though the Group key 31 handshake

  32. WNMC-MPR-Sec 32 Key Management (2) Encrypted with PTK PTK = Hash(PMK, Anonce, Snonce, MACaddr STA , MACaddr AP ) 32

  33. WNMC-MPR-Sec 33 TKIP Key Encryption generation » Diminui correlação entre a keystream e a chave de cifragem 33

  34. WNMC-MPR-Sec 34 Data frames – WEP, TKIP, and CCMP Encrypted Authenticated 802.11 Header ICV IV / KeyID Data 4 octets 4octets >=0 octets Encrypted Authenticated Authenticated 802.11 Header IV / KeyID Extented IV ICV Data MIC 4octets 4 octets 4 octets >=0 octets 8 octets Encrypted Authenticated Authenticated IV / KeyID Extented IV MIC 802.11 Header Data 4octets 4 octets 8 octets >=0 octets 34

  35. WNMC-MPR-Sec 35 Integridade das mensagens ♦ ICV = CRC32 not really a signature ♦ MIC  signature/hash 35

  36. WNMC-MPR-Sec 36 GSM

Recommend


More recommend