Wireless SSN Week 7 - OS3...IEEE 802.11u - Interworking with non-802 networks (for example,...
Transcript of Wireless SSN Week 7 - OS3...IEEE 802.11u - Interworking with non-802 networks (for example,...
Wireless Security
SSN Week 7Maandag
11 December
2005
AGENDA
Overview Wireless Theorie WEP WPA WPA2 Bluetooth Wimax RFID
Met dank aan Wikipedia en SURFnet voor de plaatjes
Presentaties
Zorg vooraf dat je laptop werkt Ga positief in op vragen Lichaamshouding Maak aantekeningen Geef opbouwende feedback Bekijk de video !
A word from our sponsor
Met dank aan Ton Verschuren Surfnet en AT&T MLife
Waarom wireless
Toegang op andere plaatsen Maakt mobiele communicatie mogelijk Vervangt vervelende kabels Lage investeringskosten Gemakkelijk te installeren of van plaats te veranderen Onmiddellijke toegang Gemakkelijke integratie in bekabelde netwerken
Wide Area Wide Area Network (WAN)Network (WAN)
9.6 Kbit/s <2Mbs9.6 Kbit/s <2Mbs• Voice• SMS• e-Mail• Web browsing
• mCommerce• Internet access• Document transfer• Low/high quality video
GPS
Draadloze technologie in vogelvlucht
Local Area Network
wLAN
802.11b802.11b
LAN
<54Mbs<54Mbs• Access•“hot spots”•LAN equivalent
WirelessBridge
WorkgroupSwitches
Personal Area Network
(PAN)
<3Mbs<3Mbs• Access•Synchronization•10 Meters
Bluetooth
Man en Pan ?
PDAs, Mobile PDAs, Mobile Phones, cellular Phones, cellular
accessaccess
Fixed, last mile Fixed, last mile accessaccess
SOHO/SMB/SOHO/SMB/Enterprise networksEnterprise networks
Peer-to-PeerPeer-to-PeerDevice-to-DeviceDevice-to-DeviceApplicationsApplications
LongLongMedium-LongMedium-LongMediumMediumShortShortRangeRange
10 to 384Kbps10 to 384Kbps22+ Mbps22+ Mbps2 to 54+ Mbps2 to 54+ Mbps< 1Mbps< 1MbpsSpeedSpeed
GSM, GPRS,GSM, GPRS,UMTS, 2.5-3GUMTS, 2.5-3G
802.16 WIMAX802.16 WIMAXMMDS, LMDSMMDS, LMDS802.11a,11b,11g802.11a,11b,11g
BluetoothBluetoothZigbeeZigbee
StandardsStandards
WANWANMANMANLANLANPANPAN
ELECTROMAGNETIC SPECTRUM
Frequenties draadloos netwerken
ExtremelyLow
VeryLow
Low Medium High VeryHigh
UltraHigh
SuperHigh
InfraredVisibleLight
Ultra-violet
X-Rays
AudioAM Broadcast
Short Wave Radio FM BroadcastTelevision Infrared wireless LAN
902 - 928 MHz1800 & 1900 MHz
(GSM GPRS)
Cellular (840MHz)NPCS (1.9GHz)
2.4 - 2.4835 GHz83.5 MHz
(IEEE 802.11bg)
5 GHz(IEEE 802.11a)
(Hiperlan)
"Any girl can be glamorous. All she has to do is stand still and look stupid."
Hedy Lamar
Spread Spectrum
2,4 GHZ Spectrum vervuild
Vrij bruikbaar in vrijwel hele wereld Wireless LAN 802.11b en g Bluetooth DECT Magnetron ! Videozenders Custom apparatuur
802.Wat ?
* IEEE 802.1 Higher layer LAN protocol * IEEE 802.2 Logical link control
* IEEE 802.3 Ethernet * IEEE 802.4 Token bus (disbanded) * IEEE 802.5 Token Ring * IEEE 802.6 Metropolitan Area Networks (disbanded) * IEEE 802.7 Broadband LAN using Coaxial Cable(disbanded) * IEEE 802.8 Fiber Optic TAG (disbanded) * IEEE 802.9 Integrated Services LAN (disbanded) * IEEE 802.10 Interoperable LAN Security (disbanded) * IEEE 802.11 Wireless LAN * IEEE 802.12 demand priority * IEEE 802.13 (not used) * IEEE 802.14 Cable modems (disbanded) * IEEE 802.15 Wireless PAN * IEEE 802.16 Broadband wireless access * IEEE 802.17 Resilient packet ring * IEEE 802.18 Radio Regulatory TAG * IEEE 802.19 Coexistence TAG * IEEE 802.20 Mobile Broadband Wireless Access * IEEE 802.21 Media Independent Handoff * IEEE 802.22 Wireless Regional Area Network
802.11 Wat ? IEEE 802.11 - The original 1 Mbit/s and 2 Mbit/s, 2.4 GHz RF and IR standard (1999) IEEE 802.11a - 54 Mbit/s, 5 GHz standard (1999, shipping products in 2001) IEEE 802.11b - Enhancements to 802.11 to support 5.5 and 11 Mbit/s (1999) IEEE 802.11c - Bridge operation procedures; included in the IEEE 802.1D standard (2001) IEEE 802.11d - International (country-to-country) roaming extensions (2001) IEEE 802.11e - Enhancements: QoS, including packet bursting (2005) IEEE 802.11F - Inter-Access Point Protocol (2003) Withdrawn February 2006 IEEE 802.11g - 54 Mbit/s, 2.4 GHz standard (backwards compatible with b) (2003) IEEE 802.11h - Spectrum Managed 802.11a (5 GHz) for European compatibility (2004) IEEE 802.11i - Enhanced security (2004) IEEE 802.11j - Extensions for Japan (2004) IEEE 802.11k - Radio resource measurement enhancements (proposed - 2007?) IEEE 802.11l - (reserved and will not be used) IEEE 802.11m - Maintenance of the standard; odds and ends. (ongoing) IEEE 802.11n - Higher throughput improvements using MIMO (multiple input, multiple output antennas) (pre-draft -
2007?) IEEE 802.11o - (reserved and will not be used) IEEE 802.11p - WAVE - Wireless Access for the Vehicular Environment (such as ambulances and passenger cars)
(working - 2008?) IEEE 802.11q - (reserved and will not be used, can be confused with 802.1Q VLAN trunking) IEEE 802.11r - Fast roaming Working "Task Group r" - 2007? IEEE 802.11s - ESS Mesh Networking (working - 2008?) IEEE 802.11T - Wireless Performance Prediction (WPP) - test methods and metrics Recommendation (working -
2008?) IEEE 802.11u - Interworking with non-802 networks (for example, cellular) (proposal evaluation - ?) IEEE 802.11v - Wireless network management (early proposal stages - ?) IEEE 802.11w - Protected Management Frames (early proposal stages - 2008?) IEEE 802.11x - (reserved and will not be used) IEEE 802.11y - 3650-3700 Operation in the U.S. (early proposal stages - ?)
Draadloos LAN
Infrastructuur netwerkPoint-to-multipoint
Ad hoc netwerk
Draadloos ethernet bridgePoint-to-point
SOHO netwerk met internettoegang
Draadloos LAN internettoegang
Draadloos breedband InternetToegang via DSL
Fax
Routing
Routing
Wireless Lan 802.11b
WIFI 802.11b gestandaardiseerd in 1999 shared data rates tot 11Mbps Gebruikt 2.4GHz spectrum Straks kanaalbundeling
Wireless Lan 802.11g
WIFI gestandaardiseerd in juni 2003 shared data rates tot 54Mbps Gebruikt 2.4GHz spectrum Proprietary kanaalbundeling
Wireless Lan 802.11a
Gestandaardiseerd in Dec 1999 shared data rates tot 54Mbps Gebruikt OFDM meer bandbreedte Gebruikt 5GHz spectrum – ‘onvervuild’ Meer kanalen Niet compatible met 802.11b
Wireless Lan 802.11n
WIFI MIMO Draft gestandaardiseerd in 2006 shared data rates tot 540 Mbit/s Gebruikt 2.4GHz spectrum Final niet voor Juli 2007.
Wireless LAN security
SSID is geen security MAC address WEP 64 en 128 bit Authenticatie 802.1x
Wireless Security
MAC filtering WEP WPA WPA2 (802.11i) Eduroam
Wifi Authentication
Open Shared
Shared is oud !
WEP
Wired Equivalent Privacy 64 en 128 bit (40 en 104) RC4 Stream Cipher (Arcfour) IV niet versleuteld Te kraken in 5 minuten Grappig genoeg in SSL wel goed
gedaan (veel eerder)
WEP
WEPCrack
WHAX 3.0 CD (Whoppix) Auditor CD (Remote-exploit) Airodump/aireplay/aircrack Demo
Oplossingen voor WEP zwaktes
Gebruik geen statische keys Gebruik geen weak IV’s Hogere lagen security
– IP-SEC– SSL– HTTPS
WPA WPA2
WPA
Wi-Fi Protected Access Nog steeds RC4 maar nu TKIP (Temporal Key Integrity Protocol) IV gecrypt (gehashed) Meer random keys PSK mode Pre Shared Key
– Thuistoepassingen
WPA2
802.11i EAP RSN
– Robust Security Network – Onderhandeld Encryptie en Authenticatie
CCMP – Gebaseerd op AES Block Cipher– Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol– Zowel Keyhandling als Message integrity– Ook de headers worden versleuteld
WPA2
PSK mode Pre Shared Key– Thuistoepassingen
802.1x voor authenticatie Support in Windows MacOS en Linux 4 way handshake Niet alle drivers ondersteunen WPA2 !
4 way handshake
Eduroam
data
signalling
EAPOL EAP over
RADIUS
f.i. LDAP
RADIUS server
Institution A
Internet
Authenticator
(AP or switch) User DB
[email protected]_a.nl
StudentVLAN
GuestVLAN
EmployeeVLAN
Supplicant
Voorbeeld: SURFnet
RADIUS server
Institution B
RADIUS server
Institution A
Internet
Central RADIUS
Proxy server
Authenticator
(AP or switch) User DB
User DB
Supplicant
Guest
piet@institution_b.nl
StudentVLAN
GuestVLAN
EmployeeVLAN
data
signalling
Radius
RADIUS (Remote Authentication Dial In User Service)
PAP CHAP MS-CHAP MS-CHAPv2 LEAP PEAP EAP RFC 2865 en RFC 2866).
EAP-typesTopic EAP MD5 LEAP EAP TLS PEAP EAP TTLS
Security Solution Standards-based
Proprietary Standards-based
Standards-based
Standards-based
Certificates – Client No n/a Yes No No
Certificates – Server No n/a Yes Yes Yes
Credential Security None Weak Strong Strong Strong
Supported Authentication Databases
Requires clear-text database
Active Directory,NT Domains
Active Directory, LDAP etc.
Active Directory, NT Domain, Token Systems, SQL, LDAP etc.
Active Directory, LDAP, SQL, plain password files, Token Systems etc.
Dynamic Key Exchange
No Yes Yes Yes Yes
Mutual Authentication
No Yes Yes Yes Yes
EAPOL
EAP over Lan EAP aanvankelijk over PtoP Extensible Authentication Protocol
EAPOL wat ?
EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS, EAP-SIM, EAP-AKA,
EAP-TLS, PEAP, LEAP, and EAP-TTLS.
PEAPv0/EAP-MSCHAPv2 PEAPv1/EAP-GTC
Bluetooth historie
De Middeleeuwse Deense Koning, Harald Blaatand II of Bluetooth (940-981)
Bekend om samenbrengen van Denen en Zweden
Bedacht door Jaap Haartsen Ericsson
Wat is Bluetooth
Draadloze techniek Korte afstand < 1MB Techiek voor embedded devices Gebruikt 2.4GHz spectrum Relatief weinig stroomverbruik
Beloften Bluetooth
Veel apparaten door elkaar bruikbaar zonder afstemming
Goedkoop (50 dollarcent) In alle apparaten opgenomen Bedoeld voor korte afstand Plug & Play werkt uit de doos Laag batterijverbruik 700 Kbps
Bluetooth Security
Discovery Pairing SAFER+ voor keyuitwisseling E0 Stream Cipher Veel slechte implementaties Beveiliging via uitgewisselde key Meer door KPMG
Zigbee
802.15.4 Low end Goedkoop Weinig stroomverbruik Grote Alliance met Philips
http://www.zigbee.org/imwp/idms/popups/pop_download.asp?ContentID=6730
Wimax 802.16
Worldwide Interoperability for Microwave Access
Shared 70 Mbps (praktisch veel minder) 6-80 GHz MAN (5-8 Km) Last Mile technologie Niet voor consumenten Concurentie van UMTS
RFID
Radio Frequency IDentification (RFID) Passief en Actief Logistiek Diefstalpreventie Merken van dieren Authenticatie (druppels HvA Benzinepomp) Frequencies 125-150 MHz 13.56 MHz Vele ISO standaarden 5 cent per stuk Proprietary security Vaak gekraakt Onontgonnen gebied