Wireless Security Mitigation Techniques


WLANs employ specific methods for encryption, hashing, and authentication. Figure 7-1 illustrates the general elements that make up the embedded WLAN security.

Figure 7-1. Embedded WLAN Security


Encryption

Encryption is the action taken to mask the elements in a data stream. This is done by applying a variable (key), which is known by a sending station and a receiving station, to an algorithm that encodes and decodes the transmission. In this section, you will find three basic flavors of encryption that have been applied to WLANs for securing over-the-air transmissions. Each is still suitable for use today. However, they are typically not used in Enterprise environments as they are insufficiently robust.

The initial encryption method was WEP, which provided sufficient protection in early WLAN deployments. Over the years, the ability and desire of people to crack encryption algorithms and break cyphers has increased. As such, more robust encryption schemes are continuously developed to offset weakened methods and to retain the possibility of secure communication. WLANs have thus seen the displacement of WEP by the schemes named CCMP and AES. Let us compare these three methods.

WEP

WEP is an encryption algorithm that is built into the original 802.11 standard. WEP encryption uses the RC4 stream cipher with either 40- or 104-bit keys and a 24-bit initialization vector. WEP was initially deployed as a static key written onto the client, which caused a burden on key management.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

CCMP is a 128-bit keys cipher with a 48-bit initialization vector (IV), which helps prevent replay attacks. The Cipher Block Chaining Message Authentication Code (CBC-MAC) component of CCM provides data integrity and authentication.

Note

Although CCMP is a very strong encryption standard but it requires more computing power than WEP. This is important because some wireless access points might not have sufficient computing power to support CCMP.


Advanced Encryption Standard (AES)

AES was developed for securing sensitive but unclassified material by the U.S. government. By directive of the National Institute of Standards and Technology (NIST), a replacement for the Data Encryption Standard (DES) and to a lesser degree 3DES was commissioned. The specification required a symmetric algorithm using a block encryption of no less than 128 bits in size. Note that AES also forms the underlying encryption algorithm used in CCM. Its requirement and subsequent ratification by the U.S. government prompted acceptance by the general public.

The capability of AES encryption to remain protected is estimated to be years as opposed to weeks or days of current encryption methods.

Note

AES was built on the cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, called Rijndael.


Hashing

Hashing prevents man-in-the-middle attacks as it ensures that messages that have been tampered with, while they were in transit, can be identified by the receiver. This is independent of whether the message is encrypted. This section details Temporal Key Integrity Protocol (TKIP) and Message Integrity Check (MIC), which we refer to as radio side protection throughout this chapter. Both of these are used to maintain the integrity of the information sent over the RF.

TKIP (Temporal Key Integrity Protocol)

You can think of TKIP as a wrapper or enhancement for WEP. WEP is still the underlying encryption standard, but TKIP significantly improves the security by addressing its weak hashing capabilities. Using TKIP, every key is "rehashed," effectively giving each packet its own key. Because the attacks upon WEP rely on capturing tens of thousands of packets that use the same key to attempt to identify the actual key, TKIP never reuses the same key. As such, it greatly reduces the risk of the key being discovered.

TKIP is also part of the WPA standard.

Message Integrity Check

In order to combat the ability of a hacker to intercept, examine, and forward on a packet to an AP, there is a need to provide an additional layer of radio side protection. This is done through the insertion of an 8-byte MIC placed between the data portion of the 802.11 frame and the 4-byte Integrity Check Value (ICV). The MIC field is encrypted along with the frame data and the ICV. This is essentially a cyclic redundancy check (CRC) for wireless and is intended to prevent replay attacks, that is replay of an intercepted packet.

Table 7-1 summarizes the different security models described.

Table 7-1. Different Security Models at a Glance
 

WEP

TKIP

CCMP

Cipher Type

RC4

RC4

AES

Key Size

40 or 128 bits

128 bits

128 bits

Key Life

24-bit IV

48-bit IV

48-bit IV

Integrity Check

CRC-32 (Data only)

MIC

CCM

Replay Counter

None

Inherent

Inherent

Key Management

None

EAP-based

EAP-based


Authentication

Authentication is the process in which the identity of a user or device is validated. This is typically done using passwords or certificates. Note that authentication assumes some degree of implicit trust. For example, the use of passwords assumes that it is only known by the authenticating entity. The same is true for certificates as they, in theory, can be handed off to somebody else. Furthermore, in the case of certificates, you need to trust the authority that extends the certificates.

This book does not cover this topic in-depth. However, you should be aware of these nontrivial challenges regarding trust and authentication. In the remainder of this section, we cover the methods and frameworks that are commonly used in WLANsspecifically, 802.1x, Wi-Fi Protected Access (WPA), and 802.11i.

802.1x

The 802.1x standard is a framework that defines a common process of communication for both wired and wireless LAN-based devices to initiate and secure point-to-point authentication. The 802.1x LAN standard can be applied to any subset of the 802 family. Its mainstream debut came at the time when WLAN products hit the mass market. Because standalone WEP was already known to be weak, 802.1x found a niche in which it could help to ensure the secure transmission of data in a WLAN. It is very important to understand that the standard only outlines the framework for communication. This freamework allowed vendors to provide various underlying authentication methods (which you learn more about in the section "EAP Types"), each with its own distinctive features.

The framework defines mutual authentication of devices and recommends the use of RADIUS as an authentication protocol. There are three key components to the 802.1x framework:

  • Supplicant (STA) The client device that is requesting access. Typically this device is enabled by software, which performs the actual process.

  • Authenticator (Auth) Plays the role of the middle man, providing an entry point from an untrusted network to a trusted one.

  • Authentication server (AS) Acts as the validation point of contact. The authentication server maintains a database of all known authenticators and also maintains entitlement for the user or device. This user database can reside on a separate system.

The authentication communication between a client device and the authentication server is broken into two stages, as shown in Figure 7-2:

  • The first mode is Extensible Authentication Protocol (EAP), or EAP over LAN (EAPoL), which is the encapsulation format.

  • The second mode is RADIUS, where the credentials are passed for validation against the authentication database.

    Figure 7-2. 802.1x at a Glance

    Note

    In Figure 7-2, the supplicant can be any end device (laptop, desktop, PDA, phone). The authenticator can be a switch or AP.


Wi-Fi Protected Access

Wi-Fi Protected Access (WPA) is a standard developed by the Wi-Fi Alliance primarily as a method for interoperability between Wi-Fi vendors. The Wi-Fi Alliance is a coalition of vendors with the charter of finding a common solution for wireless security. The WPA standard helps to mitigate the inherent shortcomings of WEP by protecting the transmission of data in the RF space by mandating the use of TKIP, MIC, and 802.1x.

WPA has two modes:

  • EAP and RADIUS in enterprise mode

  • Pre-shared keys (PSK) in non-RADIUS environments

WPA is built to support WEP as the encryption method, whereas the second phase of WPA, WPA2, supports the addition of CCMP for authentication.

Table 7-2 summarizes the features of the different WPA types.

Table 7-2. Differences Between WPA Types at a Glance

WPA Enterprise Mode

WPA PSK Mode

Requires an authentication server

Does not require an authentication server

Uses RADIUS protocols for authentication and key distribution

Uses shared secret keys for authentication

Centralizes management of user credentials

Provides device-oriented management of user credentials

Uses 802.1x as an identity framework

--


802.11i

Based on WPA, the IEEE has ratified 802.11i as a wireless security standard to help provide a more robust method of protection. This standard introduces new and stronger encryption and hashing methods. It expands the initial validation (handshake) between the AP and client while still using 802.1x for the actual authentication process. 802.11i also mandates the use of AES. The principle enhancements are

  • Discovery A four-way handshake to authenticate the AP and client

  • Authentication The 802.1x framework for end-to-end authentication

  • Key management Method through which systems derive an encryption key that ensures integrity for the whole session

  • Data Protection Encryption of parts of the data packet

Figure 7-3 illustrates the relationship between these four parts of 802.11i. Each shaded area refers to one of the four functions listed previously.

Figure 7-3. Functions of 802.11i


802.11i uses EAP as the end-to-end transport for authentication and 802.1X (EAPoL) to encapsulate these EAP messages over WLANs.

During the discovery phase, participants determine the parties with whom they will communicate. The AP informs the client which security features are required to be used for communications.

Authentication employs 802.1x as a framework and further specifies the following:

  1. The use of centralized network admission policyat the AS.

  2. Determination of the STA as to whether it does indeed want to communicate.

  3. Mutual authentication between the STA and Auth.

  4. Generation of a master key as a side effect of authentication.

  5. Use of a master key to generate session keys.

Key management also uses the 802.1x framework with the addition of a four-way handshake, which ensures that the client and AP are valid devices (trusted). Because the session key used in client and AP transmissions is valid for the length of the session, an additional mechanism was added to the protocol to help maintain the integrity of the key. Specifically, the following actions take place (four-way handshake):

1.

Bind Pair-Wise Master Key (PMK) to STA and AP.

2.

Confirm that both AP and STA possess a PMK.

3.

Generate new Pairwise Transmit Key (PTK).

4.

Prove each peer is live.

5.

Synchronize PTK use.

EAP Types

The Extensible Authentication Protocol (EAP) is a framework for sending authentication information and encryption keys from the authentication server (AS) to the client (STA) and AP (Auth). The authentication methodologypassword-based, public key infrastructure (PKI), or certificateis set by the organization.

The EAP session thus adopts the following event sequence:

  1. A wireless client associates with an access point, which prohibits the client from gaining access to anything (except the authentication server) on the network until it has logged in and authenticated.

  2. The client (STA) and AP (Auth) perform a mutual authentication (handshake). The AP receives an authentication request from the client and sends back a challenge. The client then completes this challenge. The AP then forwards the information to the authentication server (AS), using the client's and AP's credentials.

  3. When successful, the client and authentication server derive an encryption key. The key can be derived in several ways, and each EAP type defines the specifics. Additionally, during the process, the client and server also derive a broadcast key. All data is subsequently encrypted using this key pair.

  4. As a further measure to maintain integrity, the key pairs can be changed at regular intervals. The AAA server manages this function.

The following list describes different EAP types. Note that this is not a comprehensive catalog of all EAP types. However, it does include all the mainstream versions:

  • EAP-TLS (Transport Layer Security) Developed by Microsoft as a LAN-based authentication type.

  • EAP-LEAP (Lightweight Extensible Authentication Protocol) The Cisco version that was developed exclusively for WLAN security. It is also known as Cisco-EAP.

  • EAP-PEAP (Protected Extensible Authentication Protocol) Developed by Microsoft, Cisco, and RSA Security.

  • EAP-FAST (Flexible Authentication via Secure Tunneling) Second-generation WLAN security EAP type from Cisco.

  • EAP-TTLS (Tunneled Transport Layer Security) Developed by Funk Software and Certicom.

Table 7-3 summarizes the features of different EAP types.

Table 7-3. EAP Type Features

Security Type

User Auth

Device Auth

Tunneled

Certificate Based

TKIP / MIC

    

Server

Client

 

WEP

 

X

    

EAP-TLS

X

  

X

X

 

EAP-TTLS

X

 

X

X

X

 

Cisco-EAP (LEAP)

X

    

X

EAP-FAST

X

 

X

  

X

VPN

X

 

X

  

X

PEAP

X

X

X

 

X

X





The Business Case for Enterprise-Class Wireless Lans
The Business Case for Enterprise-Class Wireless LANs
ISBN: 1587201259
EAN: 2147483647
Year: 2004
Pages: 163

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net