Frequency hopping spread spectrum (FHSS)This chapter thoroughly discusses what you need to know about wireless technologies for the Security+ exam, as well as the knowledge needed to be an efficient security analyst. The widespread popularity and use of wireless networks and technologies have grown tremendously over the last few years. This is a technology that is only going to increase and become more prevalent in the coming years. Although wireless solutions continue to evolve and spread, the security of such systems is not always the first thought of the developer. Ensuring the security of such systems has become paramount in both public and private sectors. Wireless networks can be very insecure if specific measures are not taken to properly manage them; however, securing them is not impossible.
NOTE Although the concepts of wireless in this chapter go above and beyond what is covered under the Security+ exam, it is our belief that as a security analyst you will need to know this information as you progress forward. Therefore, we have highlighted the areas you will definitely be expected to know for the Security+ exam. Be sure you have a good grasp of wireless technologies for the exam, specifically concerning wireless network designs, issues with weak encryption, and vulnerabilities.
This section covers the basics of wireless network design and architectures. Before delving too deeply into the design of wireless systems it’s a good idea to first review some wireless communication basics. Wireless networks, like their wired counterparts, rely on the manipulation of electrical charge to enable communication between devices. Changes or oscillations in signal strength from zero to some maximum value (amplitude) and the rate of those oscillations (frequency) are used singularly or in combination with each other to encode and decode information.
Two devices can communicate with each other when they understand the method(s) used to encode and decode information contained in the changes to the electrical properties of the communications medium being used. A network adapter can decode changes in the electric current it senses on a wire and convert them to meaningful information (bits) that can subsequently be sent to higher levels for processing. Likewise, a network adapter can encode information (bits) by manipulating the properties of the electric current for transmission on the communications medium (in the case of wired networks, this would be the cable).
The primary difference between wired and wireless networks is that wireless networks use a special type of electric current known as radio frequency (RF), which is created by applying alternating current to an antenna to produce an electromagnetic field (EM). Devices for broadcasting and reception use the resulting RF field. In the case of wireless networks, the medium for communications is the EM field, the region of space that is influenced by electromagnetic radiation. (Unlike audio waves, radio waves do not require a medium such as air or water to propagate.) As with wired networks, amplitude decreases with distance, resulting in the degradation of signal strength and the capability to communicate. However, the EM field is also dispersed according to the properties of the transmitting antenna, and not tightly bound as is the case with communication over a wire. The area over which the radio waves propagate from an electromagnetic source is known as the fresnel zone.
NOTE A fresnel zone calculator is available at www.firstmilewireless.com/calc_fresnel.html.
Like the waves created by throwing a rock into a pool of water, radio waves are affected by the presence of obstructions and can be reflected, refracted, diffracted, or scattered, depending on the properties of the obstruction and its interaction with the radio waves. Reflected radio waves can be a source of interference on wireless networks. The interference created by bounced radio waves is called multipath interference.
When radio waves are reflected, additional wave fronts are created. These different wave fronts may arrive at the receiver at different times and be in phase or out of phase with the main signal. When the peak of a wave is added to another wave (in phase), the wave is amplified. When the peak of a wave meets a trough (out of phase), the wave is effectively cancelled. Multipath interference can be the source of hard-to-troubleshoot problems. In planning for a wireless network, administrators should consider the presence of common sources of multipath interference. These include metal doors, metal roofs, water, metal vertical blinds, and any other source that is highly reflective to radio waves. Antennas may help to compensate for the effects of multipath interference, but they must be carefully chosen. Many wireless access points (APs) have two antennas for precisely this purpose. However, a single omnidirectional antenna may be of no use at all for this kind of interference.
Another source of signal loss is the presence of obstacles. Although radio waves can travel through physical objects, they are degraded according to the properties of the object they travel through. For example, a window is fairly transparent to radio waves, but may reduce the effective range of a wireless network by 50 to 70 percent, depending on the presence and nature of the coatings on the glass. A solid core wall can reduce the effective range of a wireless network by up to 90 percent or greater.
EM fields are also prone to interference and signal degradation by the presence of other EM fields. In particular, 802.11 wireless networks are prone to interference produced by cordless phones, microwave ovens, and a wide range of devices that use the same unlicensed Industrial, Scientific, and Medical (ISM) or Unlicensed National Information Infrastructure (UNII) bands. To mitigate the effects of interference from these devices and other sources of electromagnetic interference, RF-based wireless networks employ spread spectrum technologies. Spread spectrum provides a way to “share” bandwidth with other devices that may be operating in the same frequency range. Rather than operating on a single, dedicated frequency such as is the case with radio and television broadcasts, wireless networks use a “spectrum” of frequencies for communication.
Conceived of by Hedy Lamarr and George Antheil in 1940 as a method of securing military communications from jamming and for eavesdropping during WWII, spread spectrum defines methods for wireless devices to use to send a number of narrowband frequencies over a range of frequencies simultaneously for communication. The narrowband frequencies used between devices change according to a random-appearing, but defined pattern, allowing individual frequencies to contain parts of the transmission. Someone listening to a transmission using spread spectrum would hear only noise, unless their device understood in advance what frequencies were used for the transmission and could synchronize with them.
Two methods of synchronizing wireless devices are as follows:
Frequency hopping spread spectrum (FHSS)
Direct sequence spread spectrum (DSSS)
As the name implies, FHSS works by quickly moving from one frequency to another according to a pseudorandom pattern. The frequency range used by the frequency hop is relatively large (83.5 MHz), providing excellent protection from interference. The amount of time spent on any given frequency is known as dwell time and the amount of time it takes to move from one frequency to another is known as hop time. FHSS devices begin their transmission on one frequency and move to other frequencies according to a predefined pseudorandom sequence and then repeat the sequence after reaching the final frequency in the pattern. Hop time is usually very short (200 to 300 μs) and not significant relative to the dwell time (100 to 200 ms). In general, the longer the dwell time, the greater the throughput and the more susceptible the transmission is to narrowband interference.
The frequency hopping sequence creates a channel, allowing multiple channels to coexist in the same frequency range without interfering with each other. As many as 79 Federal Communications Commission (FCC)-compliant FHSS devices using the 2.4-GHz ISM band can be colocated together. However, the expense of implementing such a large number of systems limits the practical number of colocated devices to well below this number. Wireless networks that use FHSS include HomeRF and Bluetooth, both of which operate in the unlicensed 2.4-GHz ISM band. FHSS is less subject to EM interference than DSSS, but usually operates at lower rates of data transmission (usually 1.6 Mbps, but can be as high as 10 Mbps) than networks that use DSSS.
DSSS works somewhat differently. With DSSS, the data are divided and simultaneously transmitted on as many frequencies as possible within a particular frequency band (the channel). DSSS adds redundant bits of data known as chips to the data to represent binary 0s or 1s. The ratio of chips to data is known as the spreading ratio: the higher the ratio, the more immune is the signal to the interference, because if part of the transmission is corrupted, the data can still be recovered from the remaining part of the chipping code. This method provides greater rates of transmission than FHSS, which uses a limited number of frequencies, but fewer channels in a given frequency range. DSSS also protects against data loss through the redundant, simultaneous transmission of data. However, because DSSS floods the channel it is using, it is also more vulnerable to interference from EM devices operating in the same range. In the 2.4- to 2.4835-GHz frequency range employed by 802.11b, DSSS transmissions can be broadcast in any one of 14 22-MHz wide channels. The number of center-channel frequencies used by 802.11 DSSS devices depends on the country. For example, North America allows 11 channels operating in the 2.4-to 2.4835-GHz range, Europe allows 13, and Japan allows 1. Because each channel is 22-MHz wide, they may overlap each other. Of the 11 available channels in North America, only a maximum of three (1, 6, and 11) may be used concurrently without the use of overlapping frequencies.
TEST DAY TIP When comparing FHSS and DSSS technologies, it should be noted that FHSS networks are not inherently more secure than DSSS networks, contrary to popular belief. Even if the relatively few manufacturers of FHSS devices were not to publish the hopping sequence used by their devices, a sophisticated hacker armed with a spectrum analyzer and a computer could easily determine this information and eavesdrop on the communications.
The seven-layer open systems interconnect (OSI) networking model defines the framework for implementing network protocols. Wireless networks operate at the physical and data link layers of the OSI model. The physical layer is concerned with the physical connections between devices, such as how the medium and low bits (0s and 1s) are encoded and decoded. Both FHSS and DSSS are implemented at the physical layer. The data link layer is divided into two sublayers, the Media Access Control (MAC) and Logical Link Control (LLC) layers.
The MAC layer is responsible for the following:
Framing data
Error control
Synchronization
Collision detection and avoidance
The Ethernet 802.3 standard, which defines the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) method for protecting against data loss as a result of data collisions on the cable, is defined at this layer.
Head of the Class
Nitty Gritty Details
Wireless networks and wireless networking, in general, are tested on the Security+ exam; the current revision has more wireless content that the original version and when the exam changes in the future, the Security+ exam wireless content will continue to grow as the networking world and corporate enterprises embrace more of the technology. Unfortunately, we (the authors of this book) have to balance our goal of providing a broad education with providing the specific knowledge needed to pass the Security+ exam. The explanation of wireless, how it works, and what you can do with it, is strictly background information to further your understanding of the technology. Security+ exam questions are not based on FHSS and DSSS technologies, so if this information seems overly technical, do not panic! It is important, however, to know this information as a security analyst. It is our mission to teach you everything you need to know to transition from the Security+ exam to the real world of security analysts.
In contrast to Ethernet 802.3 networks, wireless networks defined by the 802.11 standard do not use CSMA/CD as a method to protect against data loss resulting from collisions. Instead, 802.11 networks use a method known as Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). CSMA/CD works by detecting whether a collision has occurred on the network and then retransmitting the data in the event of such an occurrence. However, this method is not practical for wireless networks because it relies on the fact that every workstation can hear all the other workstations on a cable segment to determine if there is a collision.
In wireless networks, usually only the AP can hear every workstation that is communicating with it (for example, workstations A and B may be able to communicate with the same AP, but they may be too far apart from each other to hear their respective transmissions). Additionally, wireless networks do not use full-duplex communication, which is another way of protecting data against corruption and loss as a result of collisions.
NOTE APs are also referred to as wireless access points. This is a more precise term that differentiates them from other network APs (such as dial-in remote APs) but in this chapter, we will use the acronym AP to avoid confusion with the Wireless Application Protocol (WAP).
CSMA/CA solves the problem of potential collisions on the wireless network by taking a more active approach than CSMA/CD, which kicks in only after a collision has been detected. Using CSMA/CA, a wireless workstation first tries to detect if any other device is communicating on the network. If it senses it is clear to send, it initiates communication. The receiving device sends an acknowledgment (ACK) packet to the transmitting device indicating a successful reception. If the transmitting device does not receive an ACK, it assumes a collision has occurred and retransmits the data. However, it should be noted that many collisions can occur and that these collisions can be used to compromise the confidentiality of Wired Equivalent Privacy (WEP) encrypted data.
CSMA/CA is only one way in which wireless networks differ from wired networks in their implementation at the MAC layer. For example, the Institute of Electrical and Electronics Engineers, Inc. (IEEE) standard for 802.11 at the MAC layer defines additional functionality, such as virtual collision detection, roaming, power saving, asynchronous data transfer, and encryption.
The fact that the WEP protocol is defined at the MAC layer is particularly noteworthy and has significant consequences for the security of wireless networks. This means that data at the higher levels of the OSI model, particularly Transmission Control Protocol/Internet Protocol (TCP/IP) data, is also encrypted. Because much of the TCP/IP communications that occur between hosts contain a large amount of frequently repeating and well-known patterns, WEP may be vulnerable to known plaintext attacks, although it does include safeguards against this kind of attack.
The 802.11 standard provides for two modes for ad hoc and infrastructure wireless clients to communicate. The ad hoc mode is geared for a network of stations within communication range of each other. Ad hoc networks are created spontaneously between the network participants. In infrastructure mode, APs provide more permanent structure for the network. An infrastructure consists of one or more APs as well as a distribution system (that is, a wired network) behind the APs that tie the wireless network to the wired network. Figures 7.1 and 7.2 show an ad hoc network and an infrastructure network, respectively.
802.11 Traffic can be subdivided into three parts:
Control frames
Management frames
Data frames
Control frames include such information as Request to Send (RTS), Clear to Send (CTS), and ACK messages. Management frames include beacon frames, probe request/response, authentication frames, and association frames. Data frames are 802.11 frames that carry data, which is typically considered network traffic, such as IP encapsulated frames.
All this communication requires that systems have a means to distinguish different wireless networks from one another; the 802.11 standard defines the Service Set Identifier (SSID). The SSID is considered the identity element that “glues” various components of a wireless local area network (LAN) together. Traffic from wireless clients that uses one SSID can be distinguished from other wireless traffic using a different SSID. Using the SSID, an AP can determine which traffic is meant for it and which is meant for other wireless networks. Unless otherwise configured to block such activity, wireless networks will regularly broadcast their SSID. This is known as an SSID broadcast. Although SSID broadcast can be disabled, the SSID is still needed to direct packets to and from the AP, which basically means that it is still discoverable to an attacker with the right tools. The Security+ test candidate should realize that disabling the SSID for a network that is not for public use is a good idea, but also understand that hiding the SSID is not true security. It is really more of security by obscurity.
FIGURE 7.1
Ad Hoc Network Configuration
FIGURE 7.2
Infrastructure Network Configuration
The IEEE 802.11 standard covers the communication between wireless LAN (WLAN) components. RF poses challenges to privacy in that it travels through and around the physical objects. Because of the nature of the 802.11 wireless LANs, the IEEE working group implemented a mechanism to protect the privacy of the individual transmissions, known as the WEP protocol. Because WEP utilizes a cryptographic security countermeasure for the fulfillment of its stated goal of privacy, it had the added benefit of becoming an authentication mechanism. This benefit is realized through a shared-key authentication that allows for encryption and decryption of wireless transmissions. Up to four keys can be defined on an AP or a client, and they can be rotated to add complexity for a higher security standard in the WLAN policy.
WEP was never intended to be the absolute authority in wireless security and quickly became an example of how not to design a Cryptographic Security Protocol. The IEEE 802.11 standard stated that WEP should provide for the same amount of protection as a wired network. However, this provides only a basic level of privacy, and it was quickly determined that WEP had some fatal flaws. Because of the flaws in WEP, recommendations were quick to circulate that in cases that required higher degrees of security, other mechanisms should be utilized such as authentication, access control, password protection, and virtual private networks (VPNs). It is important to review the effect of key size on the overall security of WEP as an illustration of one of its major weaknesses.
One of WEP’s key weaknesses was a flaw in the combination of the initialization vector (IV) and the WEP secret key as used in the Key Scheduling Algorithm of the RC4 cipher. This flaw was quickly identified by Scott Fluhrer, Itsik Mantin, and Adi Shamir in their article “Weaknesses in the Key Scheduling Algorithm of RC4.”1 Using this information Adam Stubblefield, John Ionnadis, and Aviel Rubin showed in their article, “Using the Fluhrer, Mantin and Shamir Attack to Break WEP”2 how weak the WEP algorithm was and how easily it can be broken. It didn’t matter whether you used 40-bit or 104-bit WEP keys (the extra 24 bits were provided by the IV), WEP was a seriously flawed security algorithm.
To a nontechnical person it may seem that a message protected with a 128-bit encryption scheme would be twice as secure as a message protected with a 64-bit encryption scheme. However, this is not the case with WEP. Since the same IV vulnerability exists with both encryption levels, they can be compromised within similar time limits.
With 64-bit WEP, the network administrator specifies a 40-bit key—typically 10 hexadecimal digits (0 through 9, a through f, or A through F). A 24-bit IV is appended to the 40-bit key, and the RC4 key scheme is built from these 64 bits of data. This same process is followed in the 128-bit scheme. The administrator specifies a 104-bit key—this time 26 hexadecimal digits (0 through 9, a through f, or A through F). The 24-bit IV is added to the beginning of the key, and the RC4 key schedule is built.
Because the vulnerability stems from capturing predictably weak IVs, the size of the original key does not make a significant difference in the security of the encryption. This is due to the relatively small number of total IVs possible under the current WEP specification. Currently, there are a total of 16,777,216 possible IV keys. Because every frame or packet uses an IV, this number can be exhausted within hours on a busy network. If the WEP key is not changed within a strictly defined period of time, all possible IV combinations can be intercepted off of an 802.11b connection, captured, and made available for cracking within a short period of time. This is a design flaw of WEP, and bears no correlation to whether the wireless client is using 64-bit WEP or 128-bit WEP.
Improvements in the 802.11 standard have helped make wireless communication more secure. It is critically important to keep abreast of vendor-related software fixes and changes that improve the overall security posture of a wireless LAN.
With data security enabled in a closed network, the settings on the client for the SSID and the encryption keys must match the AP when attempting to associate with the network or it will fail. The next few paragraphs discuss Wi-Fi Protected Access (WPA) and WPA2 and their relation to the functionality of the 802.11 standard, including a standard definition.
The issues with WEP were cause enough for concern that the WiFi Alliance created a certification program for its replacements, WPA and WPA2. These improvements were needed to address the serious weaknesses in the way in which WEP was implemented. WPA was designed to meet these short-term needs of wireless security as a stopgap measure. One big change between WEP and WPA was the advancement of Temporal Key Integrity Protocol (TKIP). TKIP increases the IV from 24 bits to 48 bits. WPA was designed to also use a different secret key for each packet and also featured Message Integrity Code (MIC) that was designed to detect invalid packets. WPA was effective in that it was designed as a stopgap measure until a completely new replacement could be approved and released. This replacement was WPA2 (802.11i).
WPA2 implemented all the elements that were requirements of the Wi-Fi Alliance and as specified in 802.11i. The standard took so long to be released that it was branded WPA-2 even though it uses a completely different method of security. WPA2 includes Robust Security Network (RSN) support. RSN includes added protection for ad hoc networks, key caching, and preroaming authentication. WPA2 uses AES with key sizes of up to 256 bits.
The WAP is an open specification designed to enable mobile wireless users to easily access and interact with information and services. WAP is designed for hand-held digital wireless devices such as mobile phones, pagers, two-way radios, smartphones, and other communicators. It works over most wireless networks and can be built on many operating systems (OSes) including PalmOS, Windows CE, JavaOS, and others. The WAP operational model is built on the World Wide Web (WWW) programming model with a few enhancements and is shown in Figure 7.3.
WAP browsers in a wireless client are analogous to the standard WWW browsers on computers. WAP uniform resource locators (URLs) are the same as those defined for traditional networks and are also used to identify local resources in the WAP-enabled client. The WAP specification added two significant enhancements to the above-mentioned programming model: push and telephony support (Wireless Telephony Application [WTA]). WAP also provides for the use of proxy servers, as well as supporting servers that provide functions such as public key infrastructure support, user profile support, and provisioning support.
FIGURE 7.3
Wireless Application Protocol (WAP) 2.0 Architecture Programming Model
Wireless Transport Layer Security (WTLS) is an attempt by the WAP Forum to introduce a measure of security into WAP. The WTLS protocol is based on the Transport Layer Security (TLS) protocol that is itself a derivative of the Secure Sockets Layer (SSL) protocol. However, several changes were made to these protocols to adapt them to work within WAP. These changes include the following:
Support for both datagram- and connection-oriented protocols
Support for long round-trip times
Low bandwidth, limited memory, and processor capabilities
WTLS is designed to provide privacy as well as reliability for both the client and the server over an unsecured network and is specific to applications that utilize WAP. These applications tend to be limited by memory, processor capabilities, and low-bandwidth environments.
There are two authentication methods in the 802.11 standard:
Open authentication
Shared-key authentication
Open authentication is more precisely described as device-oriented authentication and can be considered a null authentication—all requests are granted. Without WEP, open authentication leaves the WLAN wide open to any client who knows the SSID. With WEP enabled, the WEP secret key becomes the indirect authenticator. The open authentication exchange, with WEP enabled, is shown in Figure 7.4.
The shared-key authentication process shown in Figure 7.5 is a four-step process that begins when the AP receives the validated request for association. After the AP receives the request, a series of management frames are transmitted between the stations to produce the authentication. This includes the use of the cryptographic mechanisms employed by WEP as a validation. The four steps break down in the following manner:
1. The requestor (the client) sends a request for association.
2. The authenticator (the AP) receives the request, and responds by producing a random challenge text and transmitting it back to the requestor.
3. The requestor receives the transmission, encrypts the challenge with the secret key, and transmits the encrypted challenge back to the authenticator.
FIGURE 7.4
Open Authentication
4. The authenticator decrypts the challenge text and compares the values against the original. If they match, the requestor is authenticated. However, if the requestor does not have the shared key, the cipher stream cannot be reproduced, therefore the plaintext cannot be discovered, and theoretically the transmission is secured.
One of the greatest weaknesses in shared-key authentication is that it provides an attacker with enough information to try and crack the WEP secret key. The challenge, which is sent from authenticator to requestor, is sent in the clear. The requesting client then transmits the same challenge, encrypted using the WEP secret key, back to the authenticator. An attacker who captures both of these packets now has two pieces of a three-piece puzzle: the cleartext challenge and the encrypted ciphertext of that challenge. The algorithm RC4 is also known. All that is missing is the secret key. To determine the key, the attacker may simply try a brute force search of the potential key space using a dictionary attack. At each step, the attacker tries to decrypt the encrypted challenge with a dictionary word as the secret key. The result is then compared against the authenticator’s challenge. If the two match, then the secret key has been determined. In cryptography, this attack is termed a known-plaintext attack and is the primary reason why shared-key authentication is actually considered slightly weaker than open authentication.
FIGURE 7.5
Shared-Key Authentications
TEST DAY TIP Although the Security+ exam does not cover theauthenticationprocess ingreat detail, it is important to remember the two authentication mechanisms in the 802.11 standard: open and shared-key.
To address the weaknesses in WEP, several vendors (including Cisco and Microsoft) adopted the IEEE 802.1x authentication mechanism for wireless networks. The IEEE 802.1x standard was created for the purpose of providing a security framework for port-based access control that resides in the upper layers of the protocol stack. The most common method for port-based access control is to enable new authentication and key-management methods without changing current network devices. The benefits that are the end result of this work include the following:
There is a significant decrease in hardware cost and complexity.
There are more options, allowing administrators to pick and choose their security solutions.
The latest and greatest security technology can be installed and should still work with the existing infrastructure.
You can respond quickly to security issues as they arise.
EXAM WARNING 802.1x typically is covered in the access control, authentication, and auditing sections of the Security+ exam, but is relevant to wireless networks because of the fact that it is quickly becoming the standard method of securely authenticating on a wireless network. Also, do not confuse 802.1x with 802.11x.
When a client device connects to a port on an 802.1x-capable AP, the AP port determines the authenticity of the devices. Before discussing the workings of the 802.1x standard, the following terminology must be defined:
Port A port is a single point of connection to a network.
Port access entity (PAE) This entity controls the algorithms and protocols that are associated with the authentication mechanisms for a port.
Authenticator PAE This enforces authentication before allowing access to resources located off of that port.
Supplicant PAE This tries to access the services that are allowed by the authenticator.
Authentication server This is used to verify the supplicant PAE. It decides whether or not the supplicant is authorized to access the authenticator.
FIGURE 7.6
EAP over LAN (EAPoL) Traffic Flow
Extensible Authentication Protocol Over LAN (EAPoL) 802.1x defines a standard for encapsulating Extensible Authentication Protocol (EAP) messages so that they can be handled directly by a LAN MAC service. 802.1x tries to make authentication more encompassing, rather than enforcing specific mechanisms on the devices. Because of this, 802.11x uses EAP to receive authentication information.
Extensible Authentication Protocol Over Wireless (EAPoW) When EAPoL messages are encapsulated over 802.11 wireless frames, they are known as EAPoW.
The 802.1x standard works in a similar manner for both EAPoL and EAPoW. As shown in Figure 7.6, the EAP supplicant (in this case, the wireless client) communicates with the AP over an “uncontrolled port.” The AP sends an EAP Request/Identity to the supplicant and a Remote Authentication Dial-In User Service (RADIUS)-Access-Request to the RADIUS access server. The supplicant then responds with an identity packet and the RADIUS server sends a challenge based on the identity packets sent from the supplicant. The supplicant provides its credentials in the EAP-response that the AP forwards to the RADIUS server. If the response is valid and the credentials validated, the RADIUS server sends a RADIUS-Access-Accept to the AP, which then allows the supplicant to communicate over a “controlled” port. This is communicated by the AP to the supplicant in the EAP-success packet.
With the addition of the 802.1x standard, clients are identified by username, not by the MAC addresses of the devices. This design not only enhances security, but also streamlines the process of authentication, authorization, and accountability for the network. 802.1x was designed to support extended forms of authentication using password methods (such as one-time passwords, or GSS_API mechanisms like Ker-beros) and nonpassword methods (such as biometrics, Internet Key Exchange [IKE], and smart cards).
802.1x and EAP provide for a mutual authentication capability. This makes the clients and the authentication servers mutually authenticating end points, and assists in the mitigation of attacks from man-in-the-middle (MITM) types of devices. Any of the following EAP methods provide for mutual authentication:
TLS It requires that the server supply a certificate and establish that it has possession of the private key.
IKE It requires that the server show possession of a preshared key or private key (this can be considered certificate authentication).
GSS_API (Kerberos) It requires that the server can demonstrate knowledge of the session key.
EAP can support per-packet authentication and integrity protection, but it is not extended to all types of EAP messages. For example, negative ACK and notification messages cannot use per-packet authentication and integrity. Per-packet authentication and integrity protection works for the following (packet is encrypted unless otherwise noted):
TLS and IKE derive session key
TLS ciphersuite negotiations (not encrypted)
IKE ciphersuite negotiations
Kerberos tickets
Success and failure messages that use a derived session key (through WEP)
NOTE EAP was designed to support extended authentication. When implementing EAP, dictionary attacks can be avoided by using nonpassword-based schemes such as biometrics, certificates, smart cards, and token cards. Using a password-based scheme should require the use of some form of mutual authentication so that the authentication process is protected against dictionary attacks.
TEST DAY TIP It is helpful to write out a table showing the various authentication methods used in 802.11 networks (for example, open authentication, shared-key authentication, and 802.1x authentication) with the various properties each of these authentication methods require. This will help keep them straight in your mind when taking the test.
Another clever attack can be accomplished using rogue APs. If an attacker can put together an AP with enough strength, end users may not be able to tell which AP is the authorized one that they should be using. In fact, most will not even know that another is available. Using this technique, an attacker is able to receive authentication requests and information from the end workstation regarding the secret key and where they are attempting to connect.
Rogue APs can also be used to attempt to break into more tightly configured wireless APs. Utilizing tools such as AirSnort and WEPCrack requires a large amount of data to be able to decrypt the secret key. A hacker sitting in a car in front of a house or office is noticeable, and thus will generally not have enough time to finish acquiring sufficient information needed to break the key. However, if an attacker installs a tiny, easily hidden machine in an inconspicuous location, it could be there long enough to break the key and possibly act as an external AP into the wireless network it has hacked.
Attackers who wish to spoof more than their MAC addresses have several tools available. Most of the tools available are for use in a UNIX environment and can be found through a simple search for “ARP Spoof” at http://packetstormsecurity.com. With these tools, hackers can easily trick all machines on a wireless network into thinking that the hacker’s machine is another valid machine. Through simple sniffing on the network, an attacker can determine which machines are in high use by the workstations on the network. If the attacker then spoofs the address of one of these machines, they might be able to intercept much of the legitimate traffic on the network.
AirSnort and WEPCrack are freely available. Although it would take additional resources to build a rogue AP, these tools run from any Linux machine.
Once an attacker has identified a network for attack and spoofed their MAC address to become a valid member of the network, they can gain further information that is not available through simple sniffing. If the network being attacked is using Secure Shell (SSH) to access the hosts, stealing a password might be easier than attempting to break into the host using an available exploit.
By Address Resolution Protocol (ARP) spoofing the connection with the AP to be that of the host from which the attacker wants to steal the passwords, an attacker can cause all wireless users who are attempting to SSH into the host to connect to the rogue machine instead. When these users attempt to sign in with their passwords, the attacker is able to, first, receive their passwords, and second, pass on the connection to the real end destination. If an attacker does not perform the second step, it increases the likelihood that the attack will be noticed, because users will begin to complain that they are unable to connect to the host.
Damage and Defense
Bad Karma
Rogue APs are only one of the threats a security professional must deal with. A new and more advanced attack is known as Karma. Karma further demonstrates the danger of wireless computing. Karma exploits a common vulnerability in Windows. When a Windows system wakes up from standby it probes the network for preferred/trusted networks to which it can connect. Karma doesn’t send out beacons like a regular AP advertising its presence. Karma simply passively monitors the airwaves listening for wireless client probes that are looking for a particular AP and it responds when it detects a probe. When Karma responds to the client, it spoofs the request and pretends to be the sought-after AP. Karma simply mimics a host AP and lures unsuspecting Wi-Fi users into connecting.
Wireless systems are more vulnerable to attacks than wired systems. Data emanation is one such vulnerability. Emanation is simply something that is emitted or radiated. Data emanation is a problem not only with 802.11 wireless networks but also with all types of wired and wireless equipment. Almost all activities dealing with computers or across a network involve data emanation. Consider the Cathode Ray Tube (CRT), a wireless keyboard, a Bluetooth headset, and a cordless mouse. Each of these devices is at risk for some type of data emanation.
Research on this problem began back in the 1950s under the TEMPEST project. This project was designed to look at hardening devices to prevent emanations from items such as keyboards and CRTs. These early studies focused on ways to prevent interception of signals from systems that could be transmitting or holding sensitive information. One early technique was the Faraday cage. A Faraday cage is an enclosure made out of a specific type of copper wire, which can be fashioned into an enclosure to block radio waves. When a Faraday cage is used, no electromagnetic radiation can enter or leave the item or equipment enclosed. Other techniques used to prevent data emanation include jamming or noise generators, and control zones. Jamming is nothing more than the deliberate radiation of electromagnetic energy to disrupt the enemy’s ability to intercept or send radio signals. Noise generators transmit broadcasting their own interference.
Finally, there are control zones. A control zone is designed to block radio signals; as such it is really nothing more than a rather large Faraday cage used to block electromagnetic radiation. As an example, you may have secure equipment in one area of the building but have this area enclosed with a Faraday cage, and for added protection, place several noise generators outside the control zone.
To guard against these attacks the security professional must understand that eavesdropping and data decode is a complicated attack that requires specialized equipment and a large amount of effort. While the government was actively involved in shielding against such attacks, others were looking for ways to launch emanation attacks. One example of this is Van Eck phreaking. This attack uses special equipment to pick up signals from computer devices by monitoring and decoding emanations.
Bluetooth uses the same 2.4 GHz frequency that the IEEE 802.11b wireless networks use, but, unlike those networks, Bluetooth can select from up to 79 different frequencies within a radio band. Bluetooth is a short range protocol that includes three classes, namely, 1 m, 10 m, and 100 m. Unlike 802.11b networks where the wireless client can only be associated with one network at a time, Bluetooth networks allow clients to be connected to seven networks at the same time. However, one of the main reasons that Bluetooth never succeeded like the 802.11b standard did is because of its low-bandwidth capabilities and a lack of range.
Bluetooth, by its very design, is not intended for the long ranges or high data throughput rates that 802.11 wireless networks have. This is largely due to the fact that the hop rate of Bluetooth devices is about 1600 hops per second with an average of a 625-µs dwell time, thus producing exceptionally more management overhead than 802.11. Although this exceptionally high hop rate does tend to make Bluetooth resistant to narrow band interference, it has the undesirable side effect of causing disruption of other 2.4-GHz-based network technologies, such as 802.11b and 802.11g. This high hop rate causes all-band interference on these 802.11 networks and can, in some cases, completely prevent an 802.11 wireless network from functioning.
Bluetooth has been shown to be vulnerable to attack. One exploit is Bluejacking. Although not a true attack, Bluejacking allows an individual to send unsolicited messages over Bluetooth to other Bluetooth devices. Bluejacking occurs when the attacker sends a virtual business card (vCard) to a target device over the Object Exchange (OBEX) protocol. A bluejack attack can include the sending of text, images, or sounds. Another attack is known as Bluesnarfing. Bluesnarfing is the theft of data, calendar information, or phone book entries. This means that no one within range should be able to make a connection to your Bluetooth device and download any information they want without your knowledge or permission.
Finally there is Bluebugging, which uses the Bluetooth protocol to establish a serial connection to the device. This allows access to full control over the phone. Such an attack could allow the attacker to place calls to any number without the phone owner’s knowledge. There are many tools for the attacker to use to launch various types of Bluetooth attacks. Tools like Carwhisper, http://trifinite.org/trifinite_stuff_carwhisperer.html, is one such example. This tool allows an attacker to send or receive audio from a Bluetooth-enabled automobile.
Wireless LANs are attractive to many companies and home users because of the increased productivity that results from the convenience and flexibility of being able to connect to the network without using wires. WLANs are especially attractive as they can reduce the cost of having to install cabling to support users on the network. For these and other reasons, WLANs have become very popular in the past few years. However, WLAN technology has often been implemented poorly and without due consideration being given to the security of the network. For the most part, these poor implementations result from a lack of understanding of the nature of wireless networks and the measures that can be taken to secure them.
WLANs are inherently insecure because of their very nature: they radiate radio signals containing network traffic that can be viewed and potentially compromised by anyone within the range of the signal. With the proper antennas, the range of WLANs is much greater than is commonly assumed. Many administrators wrongly believe that their networks are secure because the interference created by walls and other physical obstructions combined with the relative low power of wireless devices will contain the wireless signal sufficiently. Often, this is not the case.
There are different types of wireless networks that can be potentially deployed including HomeRF, Bluetooth, 802.11b, and 802.11a. The most common type of WLAN used today is based on the IEEE 802.11g standard.
The 802.11b standard defines the operation of WLANs in the 2.4 to 2.4835 GHz unlicensed ISM band. 802.11b devices use DSSS to achieve transmission rates of up to 11 Mbps. All 802.11b devices are half-duplex devices, which means that a device cannot send and receive at the same time. In this, they are like hubs and therefore require mechanisms for contending with collisions when multiple stations are transmitting at the same time. To contend with collisions, wireless networks use CSMA/CA.
The 802.11a and 802.11g standards define the operation of wireless networks with higher transmission rates. The 802.11a devices are not compatible with 802.11b, because they use frequencies in the 5-GHz band. Furthermore, unlike 802.11b networks, they do not use DSSS. 802.11g uses the same ISM frequencies as 802.11b and is backward-compatible with 802.11b devices.
The 802.11 standard defines the 40-bit WEP protocol as an optional component to protect wireless networks from eavesdropping. WEP is implemented in the MAC sublayer of the data link layer (layer 2) of the OSI model.
WEP is insecure for a number of reasons. The first is that, because it encrypts well-known and deterministic IP traffic in layer 3, it is vulnerable to plaintext attacks. That is, it is relatively easy for an attacker to figure out what the plaintext traffic is (for example, a DHCP exchange) and compare that with the ciphertext, providing a powerful clue for cracking the encryption. Another problem with WEP is that it uses a relatively short (24-bit) IV to encrypt the traffic. Because each transmitted frame requires a new IV, it is possible to exhaust the entire IV key space in a few hours on a busy network, resulting in the reuse of IVs. This is known as IV collisions. IV collisions can also be used to crack the encryption. Furthermore, IVs are sent in the clear with each frame, introducing another vulnerability. The final stake in the heart of WEP is the fact that it uses RC4 as the encryption algorithm. The RC4 algorithm is well known, and recently it was discovered that it uses a number of weak keys. AirSnort and WEPCrack are two well-known open-source tools that exploit the weak key vulnerability of WEP.
Although WEP is insecure, it does potentially provide a good barrier, and its use will slow down determined and knowledgeable attackers. WEP should always be implemented. The security of WEP is also dependent on how it is implemented. Because the IV key space can be exhausted in a relatively short amount of time, static WEP keys should be changed on a frequent basis.
The best defense for a wireless network involves the use of multiple security mechanisms to provide multiple barriers that will slow down attackers, making it easier to detect and respond to attacks. This strategy is known as defense-in-depth.
Securing a wireless network should begin with changing the default configurations of the wireless network devices. These configurations include the default administrative password and the default SSID on the AP. The SSID is a kind of network name, analogous to a Simple Network Management Protocol (SNMP) community name or a VLAN ID. For wireless clients to authenticate and associate with an AP, they must use the same SSID as the one in use on the AP. It should be changed to a unique value that does not contain any information that could potentially be used to identify the company or the kind of traffic on the network. By default, SSIDs are broadcast in response to beacon probes and can be easily discovered by site survey tools such as NetStumbler and Windows XP. It is possible to turn off SSID on some APs. Disabling SSID broadcasts creates a “closed network.” If possible, SSID broadcasts should be disabled, although this will interfere with the capability of Windows XP to automatically discover wireless networks and associate with them. However, even if SSID broadcasts are turned off, it is still possible to sniff the network traffic and see the SSID in the frames.
Wireless clients can connect to APs using either open system or shared-key authentication. While shared-key authentication provides protection against some denial of service (DoS) attacks, it creates a significant vulnerability for the WEP keys in use on the network and, therefore, should not be used.
The most predominant wireless technologies consist of WAP and IEEE 802.11 WLAN.
WEP is the security method used in IEEE 802.11. WLANs and WTLS provide security in WAP networks.
WEP provides for two key sizes: 40 bit and 104 bit. These keys are concatenated to a 24-bit IV to provide either a 64-bit or 128-bit key for encryption.
WEP uses the RC4 stream algorithm to encrypt its data.
802.11 networks use two types of authentication: open system and shared-key.
To protect against some rudimentary attacks that insert known text into the stream to attempt to reveal the key stream, WEP incorporates a checksum in each frame. Any frame not found to be valid through the checksum is discarded.
Used on its own, WEP does not provide adequate WLAN security.
WEP must be implemented on every client as well as on every AP to be effective.
WEP keys are user definable and unlimited. They do not have to be predefined and they can and should be changed often.
Wireless communication relies on radio frequencies that are susceptible to electromagnetic interferences (EMI) and radio frequency interferences (RFI). Spread Spectrum technologies reduce the effects of EMI and RFI.
An ad hoc wireless network is created when two or more wireless devices are connected. In an ad hoc network there is no AP.
FHSS is used in Bluetooth and Home RF wireless networks. It transmits RF signals by using rapid frequency switching. It has a frequency range of 2.4 GHz and has limited transmission speeds from 1.6 to 10 Mbps.
DSSS uses a wide band of frequency. DSSS is faster and more secure than FHSS. It uses a frequency range from 2.4 to 2.4835 GHz and is used in most 802.11b networks.
In a wireless network, the AP is known as the authenticator and the client is known as the supplicant.
There are two types of 802.11 network modes: ad hoc and infrastructure.
Ad hoc 802.11 networks are peer-to-peer in design and can be implemented by two clients with wireless network cards.
The infrastructure mode of 802.11 uses APs to provide wireless connectivity to a wired network beyond the AP.
WEP is considered weak encryption and is no longer considered acceptable for use in any situation. Stronger versions have since been released, which include WPA and WPA2 (802.11i).
One big change between WEP and WPA was the advancement of TKIP. TKIP increases the IV from 24 bits to 48 bits. WPA was designed to also use a different secret key for each packet and also featured MIC that was designed to detect invalid packets.
The WAP is an open specification designed to enable mobile wireless users to easily access and interact with information and services.
A rogue access point is nothing more than a wireless AP that has been installed on a corporate network without the permission of the company.
Rogue access points may have been installed as an accident or on purpose. In such situations the real threat is that an attack now has a link from outside the company to its internal network.
Rogue access points can also be set up to allow for man-in-the-middle attacks.
Data emanation deals with the leakage of electronic signals. Every CRT, wireless keyboard, mouse, Bluetooth headset, and so forth, emit wireless signals.
Early work on emanation was done by the U.S. government under the TEMPEST program.
Techniques to protect against emanation include shielding, white noise, and control zones.
Bluetooth is a short range communication technology.
Bluetooth is widely used by cell phone manufacturers to allow communication between phones and headsets and receivers built into automobiles.
Bluetooth can also be used to communicate with other devices such as printers and used to share data.
Bluetooth is subject to two primary types of attacks: Bluejacking and Bluesnarfing. Bluejacking allows an attacker to send unsolicited messages to the victim, whereas Bluesnarfing allows the attacker to steal information from the victim’s phone.
Bluebugging allows the attacker to take control of a victim’s phone, which, in turn could be used to make calls from the user’s phone.
Q: How can I protect my wireless network from eavesdropping by unauthorized individuals?
A: Because wireless devices are half-duplex devices, you cannot wholly prevent your wireless traffic from being listened to by unauthorized individuals. The only defense against eavesdropping is to encrypt layer 2 and higher traffic whenever possible.
Q: Are wireless networks secure?
A: By their very nature and by definition, wireless networks are not secure. They can, however, be made relatively safe from the point of view of security through administrative effort to encrypt traffic, to implement restrictive methods for authenticating and associating with wireless networks, and so on.
Q: Why should I do frequent site surveys?
A: A site survey will reveal the presence of unauthorized APs. Some of these APs could be placed to facilitate a MITM attack or to gain access to the physical network from a safe location. However, the unauthorized APs could have been purchased and implemented by departmental staff without your knowledge but with no malicious intent. Wireless networks are relatively inexpensive and easy to set up. It is natural for people to desire to implement technology they think will make their lives easier without waiting for knowledgeable staff in the IT department to implement it for them. Even if your company does not have a wireless network, it may be a good idea to conduct wireless site surveys to protect your wired network if you suspect there is a likelihood of employees installing their own APs to increase their productivity.
Q: My AP does not support the disabling of SSID broadcasts. Should I purchase a new one?
A: Disabling SSID broadcasts adds only one barrier for the potential hacker. Wireless networks can still be made relatively safe even if the AP does respond with its SSID to a beacon probe. Disabling SSID broadcasts is a desirable feature. However, before you go out and purchase new hardware, check to see if you can update the firmware of your AP. The AP vendor may have released a more recent firmware version that supports the disabling of SSID broadcasts. If your AP does not support firmware updates, consider replacing it with one that does.
Q: Why is WEP insecure?
A: WEP is insecure for a number of reasons. The first is that 24-bit IV is too short. Because a new IV is generated for each frame and not for each session, the entire IV key space can be exhausted on a busy network in a matter of hours, resulting in the reuse of IVs. Second, the RC4 algorithm used by WEP has been shown to use a number of weak keys that can be exploited to crack the encryption. Third, because WEP is implemented at layer 2, it encrypts TCP/IP traffic, which contains a high percentage of well-known and predictable information, making it vulnerable to plaintext attacks.
Q: How can I prevent unauthorized users from authenticating and associating with my AP?
A: There are a number of ways to accomplish this. You can configure your AP as a closed system by disabling SSID broadcasts and choosing a hard-to-guess SSID. You can configure MAC filtering to allow only those clients that use valid MAC addresses access to the AP. You can enable WEP and shared-key authentication. However, all of these methods do not provide acceptable levels of assurance for corporate networks that have more restrictive security requirements than are usually found in small office/home office environments. For corporate environments that require a higher degree of assurance, you should configure 802.1x authentication.
1. WEP uses which of the following encryption standards?
A. AES
B. ECC
C. RC4
D. DES
2. The medium for communications in a wireless system is
A. Cabling
B. Access point
C. Antenna
D. EM field
3. The area over which the radio waves propagate from an electromagnetic source is known as the
A. Control zone
B. Fresnel zone
C. Footprint
D. Wavelength
4. Wireless devices that are communicating directly to each other without an AP are said to be operating in what mode?
A. Peer-to-client mode
B. Ad hoc mode
C. Independent mode
D. Infrastructure
5. Which of the following is not a valid class for Bluetooth?
A. Class 0
B. Class 1
C. Class 2
D. Class 3
6. Why is a site survey performed?
A. Distribute wireless WEP/WPA/WPA2 keys
B. Find and remove unwanted access locations
C. Plan the design and topology of a wired network
D. Record current wireless signal strength and suggest improvements
7. Tools like NetStumbler are primarily used for
A. Wireless intrusion detection
B. Site surveys
C. Sniffing and decoding emanations from a CRT
D. Attacking wireless systems
A. A method used to attack wired networks
B. A means to attack wireless networks
C. A passive sniffing tool
D. A tool used to set up a rogue AP
9. Sending unsolicited messages over Bluetooth is defined as
A. Bluecrashing
B. Bluejacking
C. Karma
D. Bluesnarfing
10. Which type of attack is best defined by the unauthorized access of information from a wireless device through a Bluetooth device?
A. Bluecrashing
B. Bluejacking
C. Karma
D. Bluesnarfing
11. Which of the following is the most effective approach against detecting rogue APs?
A. Enforce the use of static addressing
B. Perform yearly site surveys
C. Develop a policy that prohibits the installation of unauthorized APs
D. Install wireless intrusion detection systems
12. Van Eck phreaking is best defined as
A. Attacks against phone systems
B. A random signal with a flat power spectral density
C. To eavesdrop on the contents of the monitor using its electronic emissions
D. A special enclosure that acts as an EM capacitor
13. Sometimes a DoS attack can be unintentional. If your home wireless network is having intermittent problems in the afternoon and the evenings, the most likely issue is which of the following?
A. The AP is malfunctioning and should be replaced
B. Someone is attacking your network with a VOID 11 DoS attack
C. The wireless network is not configured correctly
D. Your cordless phone is using the same frequency as the wireless network and whenever someone calls or receives a call the phone jams the wireless network
14. James is worried about the security of the wireless network and as such has disabled SSID broadcasts. James has now made the statement that his wireless network cannot be hacked. How should you respond?
A. Sniffing the SSID is not possible once the SSID broadcast has been disabled
B. Once broadcast has been disabled, sniffing the SSID is only possible with specialized expensive equipment
C. James is correct only if 128-bit WEP has been enabled
D. Even with SSID turned off someone can still sniff the network
15. Which of the following about 802.11a is correct?
A. 802.11a and 802.11b work on the same frequencies
B. 802.11g uses DSSS
C. 802.11a and 802.11b are incompatible
D. 802.11a has a maximum speed of 11 Mbps
1. C
2. D
3. B
4. B
5. A
6. D
7. B
8. C
9. B
10. D
11. D
12. C
13. D
14. D
15. C
1. Fluhrer S, Mantin I, Shamir A. Weaknesses in the Key Scheduling Algorithm of RC4. Cisco Systems/Weizmann Institute; 2001 [cited 26 June 2009]. Available from: http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf.
2. Stubblefield A, Ionnadis J, Rubin A. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP. ATT Labs; 2001 [cited 26 June 2009]. Available from: http://www.simovits.com/archive/break_wep.pdf.
