Wireless Security Wireless Security Confidentiality Integrity Wireless Architecture Access Points Which AP? The Evil Twin Attack Wireless Security Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 1 / 41
Wireless Security What is Wireless Security? Wireless Security ■ Wireless Security The usual: confidentiality, integrity, Confidentiality ■ Integrity Wireless availability? Architecture Access Points Or Butler Lampson’s “Gold” (Au) standard: ■ Which AP? The Evil Twin authentication, authorization, audit? Attack Why This Works Both! ■ Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 2 / 41
Confidentiality Obvious danger — it’s easy to intercept traffic Wireless Security ■ Wireless Security Obvious countermeasure — cryptography Confidentiality ■ Integrity Wireless But it’s harder to use here than it looks ■ Architecture Access Points Which AP? The Evil Twin Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 3 / 41
Integrity At first glance, integrity seems ok Wireless Security ■ Wireless Security This is radio — how can an attacker change Confidentiality ■ Integrity Wireless messages in mid-packet? Architecture Access Points Solution: the “Evil Twin” (or “Sybil”) attack ■ Which AP? The Evil Twin Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 4 / 41
Wireless Architecture The obvious architecture is pure peer-to-peer Wireless Security ■ Wireless Security — each machine has a radio, and talks directly Confidentiality Integrity Wireless to any other machine Architecture Access Points In fact, 802.11 (WiFi) can work that way, but ■ Which AP? The Evil Twin rarely does Attack Why This Works More common scenario: base stations (also ■ Integrity Attacks Availability known as access points) Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 5 / 41
Access Points An ordinary wireless node associates with an Wireless Security ■ Wireless Security access point (AP) Confidentiality Integrity Wireless More precisely, it associates with the AP ■ Architecture Access Points having a matching network name (if specified) Which AP? The Evil Twin and the strongest signal Attack Why This Works If another AP starts sending a stronger signal ■ Integrity Attacks Availability (probably because the wireless node has Black Holes Battery Exhaustion moved), it will reassociate with the new access Battery Exhaustion WEP point War-Driving All transmissions from the laptop go to the ■ Network Access Control access point All transmissions to the laptop come from the ■ access point 6 / 41
Which AP? Which AP is your laptop associated with? Wireless Security ■ Wireless Security Which network (SSID)? Confidentiality ■ Integrity Wireless Many people know neither ■ Architecture Access Points “My ISP is NETGEAR” ■ Which AP? The Evil Twin Those who specify anything specify the SSID ■ Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 7 / 41
The Evil Twin Attack Simplest way: carry an access point with you Wireless Security ■ Wireless Security Simpler solution: many laptops can emulate Confidentiality ■ Integrity Wireless access points Architecture Access Points On Linux, use ■ Which AP? The Evil Twin iwconfig eth0 mode Master Attack Why This Works Force others to associate with your laptop, and ■ Integrity Attacks Availability send you all their traffic. . . Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 8 / 41
Why This Works Conventionally, we worry about authenticating Wireless Security ■ Wireless Security the client to the server Confidentiality Integrity Wireless Here, we need to authenticate the server to ■ Architecture Access Points the client Which AP? The Evil Twin The infrastructure wasn’t designed for that; ■ Attack Why This Works more important, users don’t expect to check Integrity Attacks Availability for it (and have no way to do so in any event) Black Holes Battery Exhaustion How do you know what the access point’s key ■ Battery Exhaustion WEP should be? War-Driving Network Access Control 9 / 41
Integrity Attacks We now see how to do integrity attacks Wireless Security ■ Wireless Security We don’t tinker with the packet in the air, we Confidentiality ■ Integrity Wireless attract it to our attack node Architecture Access Points You don’t go through strong security, you go ■ Which AP? The Evil Twin around it Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 10 / 41
Availability Simple version: black-hole evil twin Wireless Security ■ Wireless Security Sophisticated version: battery exhaustion Confidentiality ■ Integrity Wireless Architecture Access Points Which AP? The Evil Twin Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 11 / 41
Black Holes Emulate an access point Wireless Security ■ Wireless Security Hand out IP addresses Confidentiality ■ Integrity Wireless Do nothing with received packets ■ Architecture Access Points More subtly, drop 10-15% of them — ■ Which AP? The Evil Twin connections will work, but very slowly Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 12 / 41
Battery Exhaustion “ Wi-Fi is also a power-hungry technology that Wireless Security Wireless Security can cause phone batteries to die quickly in some Confidentiality Integrity Wireless cases, within an hour or two of talk time. Architecture Access Points Which AP? When you turn on the Wi-Fi it does bring the The Evil Twin Attack battery life down, said Mike Hendrick, director of Why This Works Integrity Attacks product development for T-Mobile.” Availability Black Holes Battery Exhaustion Battery Exhaustion New York Times, 27 November 2006 WEP War-Driving Network Access Control 13 / 41
Battery Exhaustion Send your enemy large “ping” packets Wireless Security ■ Wireless Security The reply packets will be just as big — and Confidentiality ■ Integrity Wireless transmitting such packets uses a lot of power Architecture Access Points The more you transmit, the more power — ■ Which AP? The Evil Twin often battery power — you use up Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 14 / 41
Wireless Security WEP WEP — Using a Flawed Cipher in a Bad Way for the Wrong Application Datagrams and Stream Ciphers Key Setup Key Setup for WEP WEP Cryptanalysis of RC4 IV Replay Packet Redirection Checksums The Biggest Flaw in WEP What WEP Should Have Been War-Driving Network Access Control 15 / 41
WEP — Using a Flawed Cipher in a Bad Way for the Wrong Application It was obvious from the start that some crypto Wireless Security ■ WEP was needed WEP — Using a Flawed Cipher in a Bad Way for the Choice: WEP — Wireline Equivalent Privacy ■ Wrong Application Datagrams and for 802.11 netorks Stream Ciphers Key Setup Many different mistakes ■ Key Setup for WEP Cryptanalysis of RC4 Case study in bad crypto design ■ IV Replay Packet Redirection Checksums The Biggest Flaw in WEP What WEP Should Have Been War-Driving Network Access Control 16 / 41
Datagrams and Stream Ciphers WEP uses RC4 because RC4 is very efficient Wireless Security ■ WEP But 802.11 is datagram-oriented; there’s no WEP — Using a ■ Flawed Cipher in a Bad Way for the inter-packet byte stream to use Wrong Application Datagrams and Must rekey for every packet ⇒ Stream Ciphers Key Setup But you can’t reuse a stream cipher key on ■ Key Setup for WEP Cryptanalysis of RC4 different packets. . . IV Replay Packet Redirection Checksums The Biggest Flaw in WEP What WEP Should Have Been War-Driving Network Access Control 17 / 41
Key Setup Wireless Security Per−Packet Key WEP WEP — Using a 24 bits 104 bits Flawed Cipher in a Bad Way for the Counter Provisioned Key Wrong Application Datagrams and Stream Ciphers Key Setup Actual Key Key Setup for WEP Cryptanalysis of RC4 IV Replay Packet Redirection Checksums The Biggest Flaw in RC4 WEP What WEP Should Have Been War-Driving Key stream Network Access Packet Control IV Encrypted Packet 18 / 41
Recommend
More recommend