TECHNISCHE UNIVERSITÄTILMENAU
Inte
grat
ed H
ard-
and
Softw
are
Syst
ems
http
://w
ww
.tu-il
men
au.d
e/ih
sSecurity – Basics
Security Threats
Authentication
Authorization
Accounting
Security Attacks
Unauthorized Access
Misconfiguration
Eavesdropping
Client-to-Client Attacks
Denial-of-Service Attack
Jamming and Hijacking
Hardware Theft
Wireless Internet 2Andreas Mitschele-Thiel 6-Apr-06
Security Threats
snooping blocking
sniffing spoofing/hijacking
Alice BobEve
A simple communication model
Wireless Internet 3Andreas Mitschele-Thiel 6-Apr-06
Possible Solutions
hashingone-way function (reduce size of data)no reconstruction of input possible
encryption/decryptiontransformation in cipher text and vice versa based on a key
biometric analysise.g. fingerprint, iris scan, voice print, face recognition
chaffing and winnowingsending “chaff” (incorrect messages)receiver “winnows” the incoming data, i.e. sorts out the “chaff” (nonsense) to retrieve the “wheat” (correct content)
=> confusion of the bad guye.g. steganography: hiding data in content of a picture
Wireless Internet 4Andreas Mitschele-Thiel 6-Apr-06
Authentication, Authorization and Accounting
Using AAA services, network administrators can control:Who can log on to the network from wired or wireless connections(authentication) What privileges each user has in the network (authorization)What accounting information is recorded in terms of security audits or account billing (accounting)
Important for wireless networks: accountingSophisticated scheme depending on
class of user (tariff details)day of the weektime of the dayservice (0180, 0190, 0800, special service numbers, GPRS data, GSM data, VPN)...
Wireless Internet 5Andreas Mitschele-Thiel 6-Apr-06
Authentication I
Definition:
The act of verifying a claimed identity, in the form of a pre-existing label from a mutually known name space, as the originator of a message (message authentication) or as the end-point of a channel (entity authentication).
Authentication request
Authentication confirm
Wireless Internet 6Andreas Mitschele-Thiel 6-Apr-06
Authentication II
Authentication of the channel end point &Authentication of the message originator
Authentication methods: password, symmetric encryption, public key cryptography, challenge-response schemes, etc.
Security requirements: confidentiality, protection against replay attacks, resistance against man-in-the-middle attacks, etc.
T
J
I’m T, please verify.
I’m T, please verify.
Verify OK. You are T.
Verify failed. You are not T.
Wireless Internet 7Andreas Mitschele-Thiel 6-Apr-06
Authentication using challenge-response scheme
A3
RANDKi
128 bit 128 bit
SRES* 32 bit
A3
RAND Ki
128 bit 128 bit
SRES 32 bit
SRES* =? SRES SRES
RAND
SRES32 bit
mobile network SIM
AuC
MSC
SIM
Ki: individual subscriber authentication key SRES: signed response
Wireless Internet 8Andreas Mitschele-Thiel 6-Apr-06
Symmetric encryption
encryption
Alice´splain text
decryption
plain text
Alice´scipher text
cipher textBob´s Bob´s
plain text is transformed into a cipher text – and vice versa
use of “secret key” by communicating partners
symmetric encryption:same secret key for encryption and decryption
algorithm for decryption is reverse of encryption algorithm
e.g. XOR or modulo operation
encryption
plaindata key
ciphereddata
decryption
key
plaindata
Wireless Internet 9Andreas Mitschele-Thiel 6-Apr-06
Bob´s public key
Public key cryptography
encryption
Alice´splain text
decryption
Alice´scipher text
Bob´s private key
Alice´s private key
Alice´s public key
plain text is transformed into a cipher text – and vice versatwo different keys:
(secret) private key public key shared with communicating partners
pair of keys used for encryption and decryptionsending with receivers public key => encryptionsending with own private key => authentication
certificate used to transfer public key and to support authentication
encryption
plaindata
publickey
ciphereddata
decryption
plaindata
privatekey
Wireless Internet 10Andreas Mitschele-Thiel 6-Apr-06
Public key cryptography (mutual authentication)
PrK: Private Key PuK: Public Key
Certificate (s)/(r): The certificate of sender/receiver
PrK(s) {random(r)}
Certificate verifiedRetrieve PuK(s) from certificate
Certificate(s), PrK(s) {random (s)}
Certificate(r), PuK(s) {session key}PrK(r) {random(r), random(s)}Verify certificate
of receiver(retrieve PuK(r) from certificate)
Sender (s) Receiver (r)
Wireless Internet 11Andreas Mitschele-Thiel 6-Apr-06
Public key cryptography (details)Detailed steps for mutual authentication:a) The VPN client (sender) sends its certificate and a random number (encrypted with its
private key) to the VPN server. b) The server (receiver) verifies the integrity of the received certificate using its Certificate
Authority (CA) public key. This verification also involves checks whether the certificate is on a revocation list, the validation range is acceptable and whether it concerns a certificate of other trusted CAs.
c) When all of the above is fine, the server (receiver) decrypts the encrypted random number by using the client’s public key and encrypts it with its own secret key. It also encrypts a randomly generated session key using the public key in the client’s certificate and sends these two data blocks as well as a challenge (random (r)) back to the client.
d) The VPN client decrypts the session key with its own private key, and then checks the validity of the server’s certificate and decrypts the answered random number using the server’s public key. Since the server’s certificate is valid and the challenge sent from the client to the server has been returned encrypted with the server’s secret key, the client can be sure, that the server is in the possession of the secret key belonging to the server’s certificate and since the CA has signed the connection between this key and the server’s user ID, the client can be sure that this partner is really the server it’s looking for.
e) If mutual authentication is required, the client sends back the challenge of the server encrypted with its own secret key. And the server will confirm the client’s identity.
f) In the following communication, the sender always send data encrypted with the receiver’s public key, which can be decrypted only by the receiver. Thus, a secure virtual tunnel is set up.
Wireless Internet 12Andreas Mitschele-Thiel 6-Apr-06
Authorization I
Definition:
The act of determining if a particular right, such as access to some resource, can be granted to the user
Normally authentication is first needed, before authorization can be done
I’m T, please verify.
Verify OK. You are T.I want to make a telephone call.
OK, you can make a call.
I want to visit a website
No, you don’t have the privilege
Wireless Internet 13Andreas Mitschele-Thiel 6-Apr-06
Authorization II
Entities in a usual authorization situation
1. Userrequesting some service needs to be authorized to access it
2. User’s home organizationagreement with the userused to check whether the user has the permission to use the requested service
3. AAA server of the service providerauthorizes the service based on an agreement with the user’s home organization
4. Service equipment of the service providerprovides the service for network connection, etc.
Wireless Internet 14Andreas Mitschele-Thiel 6-Apr-06
Authorization III
User
User’s home organization
AAA Server
Service provider
AAA Server
Service equipment
Basic authorization entities
Wireless Internet 15Andreas Mitschele-Thiel 6-Apr-06
Accounting
Accounting
Collecting information on resource usage
Collection of resource consumption data for different purposes: billing trend analysiscapacity planningauditing and cost allocation
Intra-domain accounting & inter-domain accounting
Wireless Internet 16Andreas Mitschele-Thiel 6-Apr-06
Unauthorized Access
Why:In wireless communications, there is no need for physically connecting to a communication channel
=> Attackers can easily listen or capture sensitive data in the wireless network
Solution: AAA ServiceRemote Authentication Dial-In User Service (RADIUS)
a widely deployed protocol enabling centralized authentication, authorization, and accounting for network access
originally developed for dial-up remote access, now RADIUS is supported by wireless access points and other network access types
RFC 2865, "Remote Authentication Dial-in User Service (RADIUS)"
RFC 2866, "RADIUS Accounting".
Wireless Internet 17Andreas Mitschele-Thiel 6-Apr-06
RADIUS architecture in wireless network
Wireless Client
(NAS)
RADIUS Server
RADIUS Client
NAS: Network Access Server
Internet
Wireless Internet 18Andreas Mitschele-Thiel 6-Apr-06
Misconfiguration
Why:Problem with 802.11 that the equipment is designed to allow for ease of installationsecurity features may be present, but
default settings disable security features to allow a network to be set up as quickly as possibleWLANs using default settings are particularly vulnerable as hackers are likely to try known passwords and settings
How:Default settings:
access by using network ID “Any” without password or any other authentication method
NetStumbler tool allows to easily find out the network’s ESSID
Wireless Internet 19Andreas Mitschele-Thiel 6-Apr-06
Eavesdropping (Interception and Monitoring)
Why:Most LAN adapters (wired or wireless) on the market today offer a “promiscuous mode”
use off-the-shelf software to capture every packet flow over the segment of the LAN plain passwords or other sensitive data passing through these segments may be captureddesigned for network engineer to do traffic analysis in order to solve network problems
How:Wireless Packet Sniffers
easy penetration of a wireless network several software tools allow intruders to passively collect data for real-time or posteriori analysisexamples: AirSnort, NetStumbler and WEPCrack
Wireless Internet 20Andreas Mitschele-Thiel 6-Apr-06
Wireless Internet 21Andreas Mitschele-Thiel 6-Apr-06
Client-to-Client Attacks
Why:No wireless access point necessary for two wireless clients to communicatewireless clients can talk directly to each other, bypassing the access point
=> each client is at risk from the same file sharing attacks and TCP/IP attacks as clients on a wired network
=> users need to defend clients not just against external threats but also against each other
Solution: enable personal firewall on each client use strong password to protect shared files
Wireless Internet 22Andreas Mitschele-Thiel 6-Apr-06
Denial-of-Service (DoS) Attack by Jamming
Why:A denial-of-service attack could be launched against a mobile network by deliberately causing interference in the same frequency band
=> availability problem: keeping authorized users from using the network
How:mobile network is vulnerable against denial of service attacks due to the nature of the radio transmission a powerful transceiver can easily generate radio interference that the mobile network is unable to communicate
Solution: Use a microwave emission analyzer to find out the interfering source
Wireless Internet 23Andreas Mitschele-Thiel 6-Apr-06
Communication Jamming
JammerClient Station Base Station
Jamming and communication hijacking I
Wireless Internet 24Andreas Mitschele-Thiel 6-Apr-06
Client Jamming (Rogue Client)jamming can be used to DoS the client so that it loses connectivity and cannot access the applicationjamming a client station provides an opportunity for a rogue client to take over or impersonate the jammed client
Jamming and communication hijacking II
Client Station Jammer Base StationAttacker
Wireless Internet 25Andreas Mitschele-Thiel 6-Apr-06
Jamming and communication hijacking II
Base Station Jamming (Rogue Base Station)jamming a base station provides an opportunity for a rogue base station to stand in for the legitimate base station users loging into the substitute server will unknowingly give away passwords and similar sensitive data
Client Station Jammer Base StationAttacker
Wireless Internet 26Andreas Mitschele-Thiel 6-Apr-06
Solution: Network Sniffingrogue access points might be deployed
by employees within the organization or
by outside intruders wishing to penetrate the system
deploy network sniffers on a regular basis in order to identify rogue access points
take measurements external to a facility in areas an intruder might be likely to attempt an attack
Jamming and communication hijacking III
Wireless Internet 27Andreas Mitschele-Thiel 6-Apr-06
Hardware Theft
Why:wireless network device may be lost or stolen the person in control of the device could potentially access thenetwork without the knowledge of network and security administrators
Solution: Call the police???
update the access control databasechange user password
Wireless Internet 28Andreas Mitschele-Thiel 6-Apr-06
Summary
MAC Address, PasswordHardware Theft
Microwave Emission AnalyzerDoS Attack
Personal Firewall, Strong PasswordClient-to-Client Attacks
EncryptionEavesdropping
Change Default SettingsMisconfiguration
Authentication, e.g. RADIUSUnauthorized Access
Avoidance / Correction / PreventionAttack
Wireless Internet 29Andreas Mitschele-Thiel 6-Apr-06
Security in ISO/OSI model
Datatransportlayer set
Applicationlayer set
Protocolexamples:Layers:
Application
Presentation
Session
Transport
Network
Data Link
Physical
IEEE 802.x,FDDI,PPP, SLIP...
IP...
SCP...
Telnet, FTP, SMTP, HTTP...
SIP...
TCP, UDP...
7
6
5
4
3
2
1
3
2
1
3
2
1
Source Intermediate System Target
7
6
5
4
3
2
1
SSL, TLS, PCT...
PPTP, L2TP...
IPSec...
PGP, SSH, S/MIME...
SHTTP...
Security realisationexamples:
Wireless Internet 30Andreas Mitschele-Thiel 6-Apr-06
Security in ISO/OSI model – Details
Session Control Protocol (SCP): Several heavily used Internet applications such as FTP, GOPHER, and HTTP use a protocol model in which every transaction requires a separate TCP connection. Since clients normally issue multiple requests to the same server, this model is quite inefficient, as it incurs all the connection start up costs for every single request. SCP is a simple protocol which lets a server and client have multiple conversations over a single TCP connection. The protocol is designed to be simple to implement, and is modelled after TCP.
Transport Layer Security (TLS): TLS supports encryption of data, similar to SSL but with improved encryption scheme. IETF has defined TLS as successor of SSL.
Private Communication Technology (PCT) protocol: Designed to provide privacy between two communicating applications (a client and a server), and to authenticate the server and (optionally) the client (Cisco protocol).
PPTP (Point-to-Point Tunelling Protocol): connects client and server (corporate network) via the Internet. Supports encryption based on PPP.
L2TP (Layer 2 Tunneling Protocol): connects client and server (corporate network) via the Internet. Combines L2F and PPTP.
L2F (Layer 2 Forwarding): Connects client and server (corporate network) via the Internet (Cisco protocol).
Wireless Internet 31Andreas Mitschele-Thiel 6-Apr-06
Reference
Books:“Hack proofing your wireless network”, Syngress, 2002
“Certified Wireless Network Administrator™ (CWNA™) Study Guide”
“Wireless security: models, threats, and solutions”, McGraw-Hill, 2002
Web Links:Remote Authentication Dial In User Service (RADIUS) http://www.ietf.org/rfc/rfc2865.txt
RADIUS Accounting http://www.ietf.org/rfc/rfc2866.txt
Unofficial 802.11 security web pagehttp://www.drizzle.com/~aboba/IEEE/
Virtual Private Network Consortium http://www.vpnc.org/
The Wireless LAN Association http://www.wlana.org/learn/security.htm