Академический Документы
Профессиональный Документы
Культура Документы
WLAN Security
Doc.dr.sc. Sabina Barakovi
Topics
Introduction to WLAN
Basics on WLANs
Sarajevo, 2015
INTRODUCTION TO WLAN
Sarajevo, 2015
Introduction to WLAN
Sarajevo, 2015
Introduction to WLAN
The power of the radio signal goes weaker with the distance to the WLAN
access point
The functioning of the network is highly influenced by the environment it
is expected to work in (absorption, reflection and interference of radio
waves)
The data rate is often lower than the rate provided by the wired
networks, because of the limitation of the radio range, the possibility of
interference occurrences, and the quasi omnipresence of packet
collisions
A WLAN does not allow transmitting and listening on the same channel
and at the same time (limitations of the medium)
The mobile terminals attached to a WLAN have limited batteries and
Sarajevo, 2015computation power, which can generate high communication latency
5
WLANs are inherently less secure as data is transmitted over radio links
Security in WLAN
Sarajevo, 2015
Security in WLAN
Security mechanisms are required to avoid threats in a cost
effective way
The most important security services that can be considered for
WLAN networks include confidentiality, authentication of users,
authentication of access points, data integrity, non-repudiation of
origin, non-repudiation of delivery, auditing and logging, denial of
service prevention, and traffic flow analysis prevention
This set of services can be complemented by mechanisms for host
security, data driven attack prevention, and organizational
security policies
Sarajevo, 2015
BASICS OF WLANs
Sarajevo, 2015
802.11
Extensions to 802.11
Sarajevo, 2015
Sarajevo, 2015
10
Sarajevo, 2015
11
Sarajevo, 2015
12
Sarajevo, 2015
13
Connecting to a WLAN does not require a physical access; Malicious users may easily
connect to APs
Sarajevo, 2015
14
WEP Vulnerabilities
WEP considers only the authentication of mobile stations without
requiring the authentication of the AP
The authentication procedure is vulnerable to message injection attacks,
thus enabling identity spoofing attacks
WEP does not define how to securely maintain a key base and renew the
keys for a better security (the same key is used for authentication and
confidentiality services)
Complicated administration of keys at the AP
The integrity of the WEP encrypted messages is easily compromised
WEP architecture does not integrate a mechanism for replayed messages
detection
The confidentiality of WEP encrypted messages can be easily
Sarajevo, 2015
15
compromised
Sarajevo, 2015
16
802.11 network is a shared medium and a malicious user can flood the network
with traffic, denying access to other devices associated to the targeted access
point
At the data-link layer, ubiquitous access to the medium again creates new
opportunities for DoS attacks
With wired equivalent privacy (WEP) turned on, an attacker has access to the link layer
information and can perform some DoS attacks
Without WEP, the attacker has full access to manipulate associations between the 17
MS and AP
Sarajevo,
2015
If the user is not using WEP, he/she is vulnerable to DoS attacks from spoofed APs
Man-in-the-Middle Attacks
Manipulation an attacker has the ability to receive the victims data and
to retransmit the data after changing it
Sarajevo, 2015
18
Sarajevo, 2015
19
Message Decryption
The idea is to mislead the AP into decrypting some cipher-text for the attacker
IP redirection
Sarajevo, 2015
The attack can be used when the WEP access point acts as an IP router with Internet connectivity
The idea is to sniff an encrypted packet off the air and use an attack to modify it so that it has a new
destination address that the attacker can control
The AP will decrypt the packet and send it to its new destination
The modified packet will flow from the WLAN to the Internet without being stopped by a firewall
Once it reaches the destination, the attacker can read the packet in the clear
The easiest way to modify the destination IP address is to figure out the original destination IP
address is and modify it
The attacker needs to ensure that the IP checksum in the modified packet is still correct
20
Message Decryption
Reaction
Are
Do
attacks
The
The
The
Sarajevo, 2015
The
Sarajevo, 2015
22
Sarajevo, 2015
23
EAP defines the messages to exchange at the data link layer level in order
to authenticate users
Involves:
Lower layer - monitors the transmission and the reception of the data
frames in the correct order between the peer and the authenticator
EAP layer - guarantees a reliable transmission of the EAP packets via the
lower layer and delivers and receives EAP messages to and from the EAP
peer and authenticator layers
EAP peer and authenticator layers receive EAP packets and EAP response
EAP method layer implements the authentication algorithms and receive and
transmit EAP messages via EAP peer and authentication layers; implements the
authentication logic and determines whether the supplicant is a legitimate user
Sarajevo, 2015
24
Sarajevo, 2015
25
May secure the devices implementing the IEEE 802.11b, IEEE 802.11a
and IEEE 802.11g versions but requires hardware upgrade
Sarajevo, 2015
26
Weak password
MS-CHAPv2
Hole196
Sarajevo, 2015
27
Sarajevo, 2015
28