Types of Security Threats

Security Risks

Security can be defined as keeping people from doing things you do not want them to do with, on, or from your data, computers, or peripheral devices. Stored information, the accuracy and value of information, access to internal and external services, and the organization's privacy are at risk. The security risks can come from hackers, criminal intruders, corporate raiders, insiders, contractors, and disgruntled employees. Hackers are typically young hobbyists. "Script Kiddiez" copy well-known attacks from the Internet and run them. More sophisticated hackers understand the underlying protocols and their weaknesses. Criminal intruders may be after access to credit card numbers and checking accounts. Corporate raiders may be after financial information, business plans, and intellectual property. Disgruntled employees, insiders, and contractors are a very serious problem since they are already inside.

WLAN Security Model

Intruders can inflict four major classes of attack on a system: interception, fabrication, modification, and interruption.^[2] A fifth class of attacks-repudiation-is an attack against the accountability of information. It is an attack from within the system by either the source entity or the destination entity. Each of these classes of attack can be addressed with a security mechanism. Together, the security mechanisms form a cryptosystem. Table 4-1 describes the five classes of attack.

Table 4-1: Five classes of attack

Attack	On	Solved By
Interception	Confidentiality and privacy	Encryption/decryption
Fabrication	Authenticity	Authentication
Modification Replay Reaction	Integrity	Attacks on Integrity can be solved by digital signatures on every message.
Interruption	Availability	No effective solutions exist for interruption / Denial of Service attacks on availability.
Repudiation	Nonrepudiation	Non-repudication currently still suffers of cases of identity theft.

Normal Flow

Under normal circumstances, information is sent from the source to the destination (see Figure 4-1).

Figure 4-1: Normal flow

Interception

Interception is a passive attack on confidentiality where an intruding entity is able to read the information that is sent from the source entity to the destination entity (see Figure 4-2). Sniffing is an example of an interception attack.

Figure 4-2: Interception in a network

The intruder attempts to learn or make use of information from the system, but does not affect system resources. The identity of the source entity can be intercepted and later used in a masquerade attack, or the intruder may be interested in releasing message contents such as authentication information, passwords, credit card numbers, intellectual property, or other sensitive information. The intruder may also be interested in performing traffic analysis on the system to derive or infer information from the traffic characteristics. The following sections describe examples of interception.

Eavesdropping and Sniffing Eavesdropping is the passive acquisition of information from a network. Just as you can listen to other people's conversations, information can be overheard on the network. This method of gathering information about the network is getting easier with the release of several products. Airopeek, Airsnort, NetStumbler, and WEPCrack are all programs that enable you to acquire information such as the SSID, the MAC address of the AP, and information about whether WEP is enabled.^[3]

The nature of a network based on radio frequency (RF) leaves it open to packet interception by any radio within range of a transmitter. Interception can occur far outside the user's working range by using high-gain antennas (many of which are standard offerings from some vendors). With readily available tools, an eavesdropper is not limited to just collecting packets for later analysis, but he or she can actually see interactive sessions like web pages viewed by a valid wireless user. An eavesdropper can also catch weak authentication exchanges, such as some web site logins. The eavesdropper could later duplicate the logon and gain access.

The 802.11 standards committee approved WEP, a proprietary encryption design by RSA, before adequate cryptographic analysis was performed. WEP's design has since been analyzed by research teams at Berkeley^[4] and the University of Maryland,^[5] and serious cryptographic flaws have been found. Researchers at Rice University and AT&T have found an algorithm to crack WEP in about 15 minutes.^[6] Hackers have developed tools such as NetStumbler, APSniff, and BSD Airtools to find wireless networks. Tools such as WEPCrack^[7] and Airsnort^[8] can crack WEP regardless of the key length. The 802.11i Task Force is working specifically to correct the flaws in WEP.

WEP is a simple algorithm that uses the RC4 stream cipher to expand a short key and an IV into an infinite pseudorandom number (PN) key stream. The sender exclusive ORs (XORs) the plaintext (which is appended with a cyclic redundancy check [CRC]) with this key stream to produce the ciphertext. The receiver has a copy of this key and uses it to generate an identical key stream. The ciphertext is XORed with the key stream and the original plaintext is recovered. Figure 4-3 illustrates the creation of ciphertext in WEP.

Figure 4-3: The creation of ciphertext in WEP

WEP operates at the link layer where packet loss is common. This is why the IV is sent in the clear. If two messages use the same IV and the same key is used with a known plaintext, the other plaintext can be recovered. IEEE 802.11 did not specify how to pick an IV. Most implementations initialize the IV with zero and afterwards increment it by one for each packet sent. This means that if the unit is reset, the IV starts at zero again.

There are only 24 IV choices. If IVs were randomly chosen, it would only take 12,430 frames to be 99 percent sure that an IV was reused. This is due to the birthday principle. For example, in a room of 23 or more people, the probability of two people having the same birthday is 50 percent.

Because WEP sends the IV in the clear along with the encrypted message, it is possible to use dictionary building and statistical methods to crack the WEP key. Both the 64- and 128-bit implementations have the same flaw. The 802.11 standard leaves WEP implementation to the WLAN manufacturers, so the implementations may not be exactly the same. This adds to further weaknesses in the system.

WEP was designed for homes and small businesses. WEP has one static key for the entire system. If a laptop, personal digital assistant (PDA), or other 802.11 device is stolen or misplaced from the enterprise, you cannot disable a single user's key; the entire enterprise must be rekeyed.

Another problem is that WEP does not have a key distribution system. In a small business, it is sufficient to enter the keys into the AP and the handful of laptops. However, in a larger organization, manually entering keys is not a scalable operation. If an enterprise needs to be rekeyed, a trusted person must enter the key into the client card of every 802.11 device-manually. The entire enterprise is out of commission until all APs and client cards are updated. Because it is so time consuming to change keys, users tend to use the same key for a long time.

Even if all employees of the enterprise are trusted to administer the key themselves, it still may be difficult for the employees to do. This is because the format of the key varies from one vendor to another. Some vendors use Hex keys, others use ASCII keys, and still others use a key-generation phrase. Some vendors use a combination of two or three of these formats. Some client card vendors have four keys and ask you to choose one out of the four. Asking the users to change to a new key does not work because the stolen laptop will already be preloaded with the keys. To make matters worse, some client cards only hold a single key. The amount of encryption client cards offer is mixed. Some cards do not provide encryption at all (for example, Orinoco Bronze), whereas others only provide 40-bit encryption. Still others allow both 40- and 104-bit encryption.

In many systems, the WEP keys are not properly safeguarded. WEP keys are sometimes stored in the clear. For many APs, WEP keys are sent in the clear from administration terminals into APs using various administration protocols such as the Simple Network Management Protocol (SNMP) (version 1 and 2), telnet, and HTTP.

It is clear that a solution that safeguards 802.11 against interception must secure privacy. However, that solution should also solve the associated key distribution problem and properly secure the keys.

Fabrication

Fabrication is an active attack on authentication where an intruder pretends to be the source entity (see Figure 4-4). Spoofed packets and fake e-mails are examples of a fabrication attack.

Figure 4-4: Fabrication in a network

WEP has two authentication mechanisms. With open system authentication (the default algorithm), the client only announces the intent to associate with the AP, and the AP looks at the Management Information Base (MIB) and looks to see if AuthenticationType = OS. If it does, access is allowed. Open system authentication, by its very nature, does not perform authentication and provides no security whatsoever. Figure 4-5 illustrates the open system authentication process.

Figure 4-5: Open system authentication in an 802.11 network

WEP also has an optional algorithm where the client can ask to be authenticated using shared key authentication. The AP in turn generates a random 128-bit challenge and sends it to the client. The client replies to the challenge, encrypted with the shared secret key, which is configured into both the client and AP. The AP decrypts the challenge, using a CRC to verify its integrity. If the decrypted frame matches the original challenge, the station is considered authentic. Optionally, the challenge/response handshake is repeated in the opposite direction for mutual authentication. Figure 4-6 illustrates the shared key authentication process.

Figure 4-6: Shared key authentication in an 802.11 network

An attacker who captures these frames possesses all of the parts required to derive the RC4 key stream and respond to a future challenge-the plaintext, ciphertext, and IV. The attacker can now pretend he or she is a valid client on the WLAN.

Because the key is shared with all users, no mechanism is available for authenticating individual users and hardware. If the key is leaked out or cracked, anyone who knows the key can use the system. WEP also has no mechanism for the users or hardware to authenticate the AP. Without two-way authentication, it is possible for an attacker to simulate the wireless network and get users to connect to it and reveal additional information that is useful to the attacker.

MAC address filtering is sometimes used to control access to resources. However, MAC address filtering is not adequate for the authentication of users. It is relatively simple to sniff valid MAC addresses out of the air and change the MAC address of a client card to masquerade as a legitimate user. Once access is gained to the network, all computers on the network are accessible because WEP and 802.11 do not provide access control mechanisms to limit which resources can be accessed. In a home, small office/home office (SOHO), or small business environment, this may not be an issue. However, in an enterprise environment, it may be important to control access to resources based on access policies. The following sections provide examples of fabrication.

Man-in-the-Middle Attacks In order to execute a man-in-the-middle attack, two hosts must be convinced that the computer in the middle is the other host. The classic version of this attack occurs when an attacker intercepts packets from the network, modifies them, and reinserts them back into the network.

Spoofing Spoofing is the act of pretending to be someone or something that you are not, such as using another person's user ID and password. Domain Name Service (DNS) spoofing is accomplished by sending a DNS response to a DNS server on the network. Internet Protocol (IP) address spoofing depends on the fact that most routers only look at the destination IP address, not the sending address. Validating the sending IP address can prevent this type of spoofing.

Insertion Attacks The act of configuring a device to gain access to a network or inserting unauthorized devices into a network in order to gain access is called an insertion attack. By installing wireless network cards and being in the vicinity of a target network, a device can be configured to gain access. Unauthorized APs can be installed in an attempt to get users to connect to a hacker's AP rather than to the intended network AP. If these APs are installed behind the corporate firewall, the risk of attack is much greater. This can sometimes be done by well meaning, but misinformed employees.^[9]

Brute-Force Password Attacks Also known as password cracking or dictionary attacks, this type of attack uses a dictionary and makes repeated attempts to test passwords to gain access to the network. This type of attack is possible even if password authentication is implemented.^[10]

Modification

Modification is an active attack on integrity where an intruding entity changes the information that is sent from the source entity to the destination entity (see Figure 4-7). The insertion of a Trojan Horse program or virus is an example of a modification attack.

Figure 4-7: Modification attack in an 802.11 network

WEP is wide open to a modification attack without detection because the IV is incremented and CRC is a linear function that only uses addition and multiplication. Thus the following is true:

crc(x ⊕ y) = crc(x) ⊕ crc(y)

With the CRC-32 integrity check, it is possible to change one or more bits in the original plaintext and predict which bits in the checksum need to be changed for the message to remain valid. This means it is possible to take messages from the source entity and modify and reinsert them in the data stream without detection. Basic 802.11 security does not guarantee message integrity. Either WEP or its replacement cipher needs to have a secure integrity check. The following sections provide examples of modification attacks.

Loss of Equipment The loss of equipment is an issue that has recently received quite a bit of attention due to events within the FBI. The loss of a laptop or other piece of equipment poses the issue of what data is contained within the device. It is possible for an unscrupulous person to dial into the wired network using lost or stolen equipment and stored passwords, and masquerade as an authorized user. This scenario is possible with current wired networks and is not dependent upon having access to a WLAN. The loss of a device equipped with wireless access certainly carries the same risks.

Virus Infection Virus infection is another issue that affects both wired and wireless networks. To date, there have been no reported viruses that infect cell phones; however, there have been viruses that are capable of sending text messages to cell phones. Two of these are VBS/Timo-A and the LoveBug. There have been reports of viruses that infect Palm OS as well as viruses carried on diskette, CD-ROM, and e-mail. These viruses can infect laptops whether or not they are wireless equipped and can be introduced into and spread via either the larger wired or wireless network.^[11]

Replay

Replay is an active attack on integrity where an intruding party resends information that is sent from the source entity to the destination entity (see Figure 4-8).

Figure 4-8: Replay attack on a network

Basic 802.11 security has no protection against replay. It does not contain sequence numbers or timestamps. Because IVs and keys can be reused, it is possible to replay stored messages with the same IV without detection to insert bogus messages into the system. Individual packets must be authenticated, not just encrypted. Packets must have sequence numbers or timestamps. The following sections describe some examples of replay attacks.

Traffic Redirection An attacking station can poison the Address Resolution Protocol (ARP) tables in switches on the wired network through the AP, causing packets for a wired station to be routed to the attacking station. The attacker can either passively capture these packets before forwarding them to the attacked wired system or attempt a man-in-the-middle attack. In such an attack, all the susceptible systems could be on the wired network.

Invasion and Resource Stealing Once an attacker has gained the knowledge of how a WLAN controls admittance, he or she may be able to either gain admittance to the network on his or her own, or steal a valid station's access. Stealing a station's access is simple if the attacker can mimic the valid station's MAC address and use its assigned IP address. The attacker waits until the valid system stops using the network and then takes over its position in the network. This enables an attacker to directly access all devices within a network or use the network to gain access to the wider Internet, all the while appearing to be a valid user of the attacked network.^[12]

Reaction

Reaction is an active attack where packets are sent by an intruder to the destination (see Figure 4-9). The intruder monitors the reaction. Additional information can be found from this new side channel.

Figure 4-9: An example of a reaction attack

Interruption

Interruption is an active attack on availability where an intruding entity blocks information sent from the originating entity to the destination entity (see Figure 4-10). Examples are denial of service (DoS) attacks and network flooding.

Figure 4-10: An example of interruption

The intruder may try to exhaust all network bandwidth using ARP flooding, ping broadcasts, Transmission Control Protocol (TCP) SYN flooding, queue flooding, smurfs, synk4, and other flood utilities. The intruder may also use some physical mechanism like RF interference to successfully interrupt a network. A related attack is a degradation of service attack where service is not completely blocked, but the quality of service (QoS) is reduced. With basic 802.11 security, little can be done to keep a serious intruder from mounting a DoS attack. The following sections describe some interruption attacks.

Denial of Service (DoS) Attacks DoS attacks do not allow a hacker to gain access to the network; rather, they basically make computer systems inaccessible by overloading servers or networks with useless traffic so legitimate users can no longer access those resources. The intention is to prevent the network from providing services to anyone. This is usually accomplished by overloading a resource to cause a failure. The overload causes the host to become unavailable, much like those annoying messages stating "all circuits are busy." Many variations of these types of attacks exist depending on the type of resource blocked (disk space, bandwidth, internal memory, and buffers), and some are more easily prevented than others. In the simplest case, turning off the service when it is not needed prevents this type of attack. In other cases, they cannot be easily blocked without limiting the use of a necessary resource. In a wireless network, because the airwaves are shared by other devices such as cordless telephones, microwave ovens, and baby monitors, an attacker with the proper equipment can flood the airwaves with noise and disrupt service to the network.^[13]

Rogue Networks and Station Redirection An 802.11 wireless network is very susceptible to a rogue AP attack. A rogue AP is one owned by an attacker that accepts station connections and then intercepts traffic and might also perform man-in-the-middle attacks before allowing traffic to flow to the proper network. The goal of a rogue is to move valid traffic off the WLAN onto a wired network for attacking (or to conduct the attack directly within the rogue AP) and then reinsert the traffic into the proper network. Such rogue APs could be readily deployed in public areas as well as shared office space areas.

Repudiation

Repudiation is an active attack on nonrepudiation by either the source or the destination where the source entity denies sending a message or the destination entity denies receiving a message (see Figure 4-11).

Figure 4-11: An example of repudiation

Basic 802.11 security does not have nonrepudiation. Without nonrepudiation, the source entity can deny ever having sent a message and the destination entity can deny ever having received the message.

^[2]William Stallings, Network and Internetwork Security: Principles and Practice (Englewood Cliffs, NJ: Prentice-Hall International, 1999).

^[3]James and Ruth LaRocca, 802.11 Demystified (New York: McGraw-Hill, 2002), 156-159.

^[4]S. Fluhrer, I. Mantin, and A. Shamir, "Weakness in the Key Scheduling Algorithm of RC4," Eighth Annual Workshop on Selected Areas in Cryptography, August 2001.

^[5]William A. Arbaugh, Narendar Shankar, and Y. C. Justin Wan, "Your 802.11 Wireless Network Has No Clothes," University of Maryland, www.cs.umd.edu/~waa/wireless.pdf, March 30, 2001.

^[6]A. Stubblefield, J. Ioannids, and A. D. Rubin, AT&T Technical Report TD-4ZCPZZ, "Using the Fluher, Martin, and Shamir Attack to Break WEP," Rice University and AT&T Labs, www.cs.rice.edu/~astubble/wep_attack.pdf, August 21, 2001.

^[7]WEPCrack, http://sourceforge.net/projects/wepcrack/.

^[8]Airsnort, http://airsnort.shmoo.com/.

^[9]James and Ruth LaRocca, 802.11 Demystified (New York: McGraw-Hill, 2002), 157.

^[10]James and Ruth LaRocca, 802.11 Demystified (New York: McGraw-Hill, 2002), 157.

^[11]James and Ruth LaRocca, 802.11 Demystified (New York: McGraw-Hill, 2002), 153.

^[12]John Vollbrecht, David Rago, and Robert Moskovitz, "Wireless LAN Access Control and Authentication," a white paper from Interlink Networks, www.interlink-networks.com, 2001.

^[13]James and Ruth LaRocca, 802.11 Demystified (New York: McGraw-Hill, 2002), 153.