Monday, June 3, 2019
Wireless networks: Security
piano tuner net incomes Security radio engagements ,due to ease of installation ,cost benefits and the capability of get togetherivity , hence communication anywhere ,has made it the most popular way of cyberspace setup in this 21st century. With increase in the need of mobile systems, the current electronic market has similarly been flooding with lap go ons, pdas, RFID devices, healthc atomic number 18 devices and wireless VOIP (Voice e actuallywhere IP) which be WIFI (Wireless Fidelity) enabled. With the 3G (Third Generation) and 4G (Fourth Generation) cellular wireless standards, mobiles ph stars argon withal WIFI enabled with real high speed being provided for data upload and download .Nowadays a malls and public beas not mention redden cities are WIFI capable, enabling a person to access the internet or even contact a remote server in his office from anywhere in that city or even from his mobile phone while just strolling down the road. hardly as every good technolo gy has its own drawbacks so does the wireless nedeucerks .Just as in the case of pumped-up(a) net lives they are likewise prone to trespasser attacks or more comm entirely k immediatelyn as Wireless hacking thus compromising the earningss , protective covering, wholeness and privacy. The basic reason for this is when the wireless network was first introduced, it was con attitudered to fix security and privacy built into the system while transmitting data. This misconception had fundamentally arisen because wireless system transmitters and receivers used sp show up spectrum systems which have signals in the wide transmitting band. Since the RF(Radio Frequency ) receivers which at that eon could only intercept signal in the narrow transmission band these wireless signals were potentially considered in the safe zone .But it did not take extensive to invent devices that could intercept these wireless signals as rise .Hence the faithfulness of data lead over wireless netwo rks could be soft compromised .With the development of technology so has the methods and ways in which a network bum be attacked become more vicious .Fig-1 Wlocal area network (Wireless Local battlefield Network)Security of wireless networks against such(prenominal) vicious attacks is hence the become the priority for the network industry. This is because not all networks are equally ascertain .The security dep wipeouts on where this network is used. For example, if the urgency of the wireless is to provide a wireless hotspot in a shopping mall then(prenominal) then the security of this is never interested with but if its for a corporate they have their own security documentation and drug drug user access stop implemented in the network.II. WHY WIRELESS networks are prone to attacks?There are number of reasons wherefore wireless networks are prone to malicious attacks .These are the most challenging aspects to eb considered when a secure wireless network has to be establis hed.a) Wireless network are open networks The reason for this is that there is no physical media protecting these networks .Any software package boat transmitted and real substructure be intercepted if the receiver has the uniform frequency as the transmitter receiver used by h wireless network .There is excessively a common misconception that if the authentication and encryption are properly used the network will not be compromised .But what about the meanings sgoal back and forth in the lead the authentication and encryption comes into play ?b) Distance and Location The attacker underside attack from any distance and location and is only limited by the index number of the transmitter .Special devices have been designed which mass attack even short distance networks such the Bluetoothc) Identity of the Attacker Attacker can always appease unidentified because he uses a series of antennas or otherwise compromised networks before reaching the actual target. This stirs wireless network attackers very difficult to track.Some of the reasons why such attacks are so common is because of the lightheaded availability of in wee-weeation from none other than the Internet, easy to use cheap technology and of personal line of credit the need to hack .III. wireless hacking step by stepTo understand the security protocols for wireless networks currently in use, first it is important to understand the methods with which a rickety network is attacked by a hacker .These are also known as wireless intrusion methods .A. EnumerationAlso know as network Enumeration, the first and foremost step to hacking which is finding the wireless network. The wireless network could be any specific target or even a haphazard weak network which can be compromised and used to attack other end systems or networks .This feat is achieved by use a network discovery software which are now a days available online in plenty, to name a few are Kismet and Network tripper .In orde r to have more information about the network, the packets that are send and received by the network can sniffed utilize network analyzers also known as sniffers .A large number of information can be obtained by use this including IP grapple, SSID numbers even sensitive information such as MAC address , type of information and also the other networks that this compromised end system.Yet another(prenominal) problem face is the use of network mappers which can be used to find he servers that run these compromised networks hence also attacking these servers which could then affect proper functioning and information transfer betwixt these servers and to other networks connected to it .B. Vulnerability AssesmentThis is mainly done by the hacker y using a vulnerability scanner . later on the hacker has found the network he want to attack he uses this program in order to detect the weakness of the computer , computer systems networks or even applications. later on this the trespasser decided on the most possible means of entry into the network.C. Means of EntryIV. TYPES OF THREATS ATTACKSA. Eaves Dropping and Traffic AnalysisThis is the form of attack that makes use of the weak encryption of the network .This always compromises the integrity and security of the network .All attacks such as war driving , war chalking ,packet sniffing traffic analysis all downslope under this categoryB. Message ModificationThese attacks are mainly used to modify the data that is send across a network .The modification energy be giving wrong information or also adding malicious content to the data packet send form one station to another .This compromises the integrity and privacy of the Data .C. Rogue DevicesTheses could be devices such as APS , application software programs which has been compromised by the intruder and made to function according to him/her. such(prenominal) devices can compromise the integrity of the network as well as the data send across it .These devices ca n also launch reply attacks and also make the network associated to malicious content websites or information.D. Session HijackingThis attack occurs after a valid session has been established amidst two nodes to through the AP.In the attacker poses as a valid AP to the node trying to establish companionship and a valid node to the AP .The attacker can then send malicious or false information to the node that the connection has already been established with .The legalize node believe that the AP has terminated he connection with it . The hacker can then use this connection to get sensitive information from the network or the node .E. Man In the Middle AttacksThis is similar to that of a session hijacking attack but in this case it is a rogue AP that acts as valid node to the legitimate AP and valid AP to the legitimate leaf node .Once this has been established the rogue AP can access all information from the , intercept communication , send malicious information to other clients through this .These are just few of the security threats and attacks in wireless environments .With the advancing technologies there many more possible security threats that can be faced by these networks in the future.V. BASIC REQUIREMENTS IN WIRELESS NETWORK SECURITYWith the vulnerability of wireless networks ,security and countering o such malicious attacks have become one of the top priorities addressed by enterprises ,corporate as well as research fields in IT .There are many pints to be considered when the security of a network is concerned the most important f which are authentication, accountability and encryption .A. certificateThis is very familiar to anyone using a network in his or her work place or even accessing he email on the internet and the very first step in promoting a secure wireless network . .There many different ways of authentication and many different tools and methods have been used over the years in order.. make the primary process, more reliable and f ool prof.Some of the most widely used methods are a) User name and Password combinations generally defined as something that a person knows.b) Smart Card, RFIDs and tokenish technologies also known as something that a person hasc) Biometric Solutions such as finger printing , retina scanning which can be generally defined as something that a person is or are.Now the reliability of each one of these methods can vary depending on the level on which it has been implemented .In the case very low level authentication s only one kind of method I used to secure the network .One of the weakest forms of authentication can be considered as the use of only ID card or token technologies as if a person looses this , he can compromise the security of the network .Even in the case of username and word of honor the strength of the authentication is only as good as the complexity of the information used as username or even password .People generally prefer to use passwords that are easy to remembe r but also known to many other people in that organization or even outside One of the much better ways of securing a network through authentication is to use biometric solutions such as fingerprinting or retina scanning .But of course technology has advanced to the extend that even fingerprints or even retinas can be forged .Nowadays a number of methods of combinational methods are used as authentication with high security premises or networks guarded by more than two or three kinds of authentications .B. AccountabilityAfter a user has been authenticated to use the network it is important to have t able to track the computer usage of each person using the network so that incase of any foul play the person responsible can be held responsible .When the networks were very small it was very easy f a network executive director to track the usage of each person on a network .But with huge networks, remote access facilities and of course the wireless networks it has become quite a diffi cult task .AS mentioned earlier , there are many ways in which a hacker can make himself difficult to track down .Many softwares and firmwares have been created which is used in conjecture with the authentication protocols inoder to make the wireless network more secure and square-built .C. EncryptionThis is the most important step in building and securing a strong wireless network infrastructure .he steps generally followed for this are a) Methods establish on public place infrastructure (PKI)b) Using high flake encryption schemec) algorithmic rule used for encryption must be well known and proven to be very unbreakable.Current wireless network security solutions can be classified into three broad categoriesa) unencrypted solutionsb)encrypted solutionsc) combination.In this account with emphasis as explained in the abstract will eb on encrypted solutions for wireless security. A brief discussion on the unencrypted methods has still been given for basic understanding.I n the ca se of encryption ground security protocols ,a details description is given about the ones that are commonly used in wireless LANS in this paper .After which the latest and developing technologies will be discussed .The three major generations of security as existing today and also cited in many document ,journals and magazines are as follows 1) WEP (Wired Equivalent Privacy)2) WPA (Wi-Fi Protected Access)3) WPA2The image below shows the layer in which the wireless network security protocols come into play which is of course the impinging layerFig-1 802.11 AND OSI MODELVI. WIRELESS SECURITY UNENCRYPTEDA. MAC RegistrationThis is one of the weakest methods network security..MAC registration was fundamentally used to secure university residential networks as college apartments or dorm rooms. The basic way of doing this is to configure DHCP (Dynamic Host Configuration Protocol) to lease IP address to only a know set of MAC address which can be obtained manually by running automated s cripts on a network server so basically any person with a valid registration can enter into the network .Session logs also cannot be generated because of which accounting of the logs become impossible. Last but not the least since this method of securing was basically used for switched and wired networks encryption was never included.B. FirewallsIn this method, network authentication is one through either HTTP( Hyper text Transfer Protocol),HTTPS or telnet .When an authentication requirement is received by the network it is directed to the authentication server .On validating the authentication the firewalls add rules to the IP address provided to that user , This IP address also has clock timer attached to it in order to indicate the rule time out of this IP address. When executed through HTTPS it is basically a session based as well as a secure process .But any other process which is adapted from a switched wired network firewalls does not provided encryption.C. Wireless Firewall Gateways One of the most latest as well as considerably fool proof method in unencrypted solutions in Wireless Firewall Gateways or WFGs.This is a single wireless gate way is integrated with firewall, router, web server and DHCP server and its because of all these being in one system that makes WFGS a very secure wireless security solution. When a user connects to the WFG, he/she receives a IP address form the DHCP serve .Then the web server ( HTTPS) asks for a user name and password and this is executed by the PHP ( Hypertext Preprocessor).Address spoofing and unauthorized networks are avoided by PHP as the DHCP logs are constantly compare with the current updated ARP(Address Resolution Protocol).This verifies that the computer that is connect to the network is using he the IP address that has been leased to it by the DHCP server .Then this information is passed on to the authentication server which in turn adds rules to this IP address .Up ne the expiration of the DHCP lease the sessions are terminated . The WFGS hence make the authentication and accountably pat f the network more reliable ,But as this is also an unencrypted method it lacks the most important accept of security.VII. WEP-WIRED EQUIVALENT PRIVACYThis protocol was written in accordance with the security requirements required for IEE 802.11 wireless LAN protocol .IT is adapted from the wired LAN system and hence the security and privacy provided by it is also equivalent to the security and privacy provided a wired LAN. Through its an optional part of wireless network security, it will give a considerably secure networking environment.The algorithm used in WEP is known as the RC4(Rivest Cipher 4) .In this method a dissimulator random number is generated using encryption names of random lengths .This is then bound with the data bits using a OR(XOR) functionality in order t generate an encrypted data that is then send .Too look at in more in detail A. Sender SideThe pseudo random number is gener ated using the 24 bit IV(initialisation Vector ) given by the administrator network and also a 40 r 104 bit secret key or WEP key given by the wireless device itself. Which is then added together and passed on to theWEP PRNG (Pseudo Random Number Generator).At the same time the plain text along with an integrity algorithms combined together to form ICV (integrity ticking value) .The pseudo number and the ICV are then combined together to form a cipher text by sending them through an RC4.This cipher text is then again combined with IV to form the final encrypted message which is then send.Fig-2 WEP SENDER SIDEB. Receiver SideIn the receiver side the message is decrypted in five steps .Firs the preshared key and the encrypted message are added together .The result is then passed through yet another PRNG .The resulting number is passed through an CR4 algorithm and this resulting in retrieving the plain text .This again combines with another integrity algorithm to form a new ICV which is then compared with the introductory ICV t check for integrity.Fig-3 WEP RECIEVER SIDEC. Brief Descriptionsa) Initialization Vector are basically random bit the size f which is generally 24 bits but it also depends on the encryption algorithm .This IV is also send to the receiver side as it is required for decrypting the data send .b) Preshared Key is more or less like a password .This is basically provided by the network administrator and is shared between the access point and all network usersc) Pseudo Random Number Generator This basically creating a unique secret key for each packet sends through the network. This is done by using some 5 to at most 13 characters in preshared key and also by using randomly taken characters from IV.d) ICV and Integrated Algorithm This is used to encrypt the plain text or data and also to create a check value which can be then compared y the receiver side when it generates its own ICV .This is done using CRC (Cyclic Redundancy Code) technique t o create a checksum .For WEP, the CRC-32 of the CRC family is used.D. RC4 AlgorithmRC$ algorithm is not only proprietary to WEP .IT can also be called a random generator, stream cipher etc .Developed in RSA laboratories in 1987 , this algorithm uses tenacious functions to be specific XOR to add the key to the data . framing 5 RC4 AlgorithmE. Drawbacks of WEPThere are many drawbacks associated with the WEP encryptions. There are also programs now available in the market which can easily hack through these encryption leaving the network using WEP vulnerable to malicious attacksSome of the problems faced by WEPWEP does not prevent forgery of packets.WEP does not prevent replay attacks. An attacker cans simply record and replay packets as desired and they will be accepted as legitimateWEP uses RC4 improperly. The keys used are very weak, and can be brute-forced on standard computers in hours to minutes, using freely available software.WEP reuses initialization vectors. A variety of av ailableCryptanalytic methods can decrypt data without well-read the encryption keyWEP allows an attacker to undetectably modify a message without knowing the encryption key.Key management is lack and updating is poorProblem in the RC-4 algorithm.Easy forging of authentication messages.VIII. WPA -WIFI PROTECTED ACCESSWPA was developed by the WI-FI alliance to overcome most of the disadvantages of WEP. The advantage for the use is that they do not have t change the hardware when making the change from WEP to WPA.WPA protocol gives a more complex encryption when compared to TKIP and also with the MC in this it also helps to counter against bit flipping which are used by hackers in WEP by using a method known as hashing .The figure below shows the method WPA encryption.Figure 6 WAP Encryption Algorithm (TKIP)As seen it is almost as same as the WEP technique which has been enhanced by using TKIP but a hash is also added before using the RC4 algorithm to generate the PRNG. This duplicate s the IV and a copy this is send to the next step .Also the copy is added with the base key in order to generate another special key .This along with the hashed IV is used to generate the sequential key by the RC4.Then this also added to the data or plan text by using the XOR functionality .Then the final message is send and it is decrypted by using the inverse of this process.A. TKIP (Temporal Key Integrity Protocol)The confidentiality and integrity of the network is maintained in WPA by using improved data encryption using TKIP. This is achieved by using a hashing function algorithm and also an additional integrity feature to make sure that the message has not been tampered with The TKIP has about quadruple new algorithms that do various security functionsa) MIC or Micheal This is a coding system which improves the integrity of the data transfer via WPA .MIC integrity code is basically 64bits long but is change integrity into 32 bits of little Endean words or least significant b its for example let it be (K0 , K1) .This method is basically used to make that the data does not get forged .b) Countering Replay There is one particular kind of forgery that cannot me detected by MIC and this is called a replayed packet .Hackers do this by forging a particular packet and then sending it back at another instance of time .In this method each packet send by the network or system will have a sequence number attached to it .This is achieved by reusing the IV field .If the packet received at the receiver has an out of order or a smaller sequencing number as the packet received before this , it is considered as a reply and the packet is hence discarded by the system .c) Key mixing In WEP a secure key is generated by connecting end to end the base layer which is a 40 bit or 104 bit sequence obtained for the wireless device with the 24 bit IV number obtained from the administrator or the network. In the case of TKIP, the 24 bit base key is replaced by a temporary key which has a limited life time .It changes from one reference to another. This is can be explained in Phase one of the two phases in key mixing.In Phase I, the MAC address of the end system or the wireless router is mixed with the temporary base key .The temporary key hence keeps changing as the packet moves from one destination to another as MAC address for any router gateway or destination will be unique.In Phase II, the per packet sequence key is also encrypted by adding a small cipher using RC4 to it. This keeps the hacker from deciphering the IV or the per packet sequence number.d) Countering Key Collision Attacks or Rekeying This is basically providing fresh sequence of keys which can then be used by the TKIP algorithm .Temporal keys have already been mentioned which has a limited life time .The other two types f keys provided are the encryption keys and the master keys .The temporal keys are the ones which are used by the TKIP privacy and authentication algorithms .B. Advantages of WPAThe advantage of WPA over WEP can be clearly understood from the above descriptions .Summarising a fewa) Forgeries to the data are avoided by using MICb) WPA can actively avoid packet replay by the hacker by providing unique sequence number to each packets.c) Key mixing which generates temporal keys that change at every station and also per packet sequence key encryption.d) Rekeying which provides unique keys for that consumed by the various TKIP algorithms.IX. WPA2-WIFI PROTECTED ACCESS 2WPA 2 is the as the name suggests is a modified adjustment of WPA in which Micheal has be replaced with AES based algorithm known as CCMP instead of TKIP .WPA can operate in two modes one is the home mode and he enterprise mode .In the home mode all he users are requires to use a 64 bit pass phrase when accessing the network. This is the sort encryption used in wireless routers used at home or even in very small offices. The home version has the same problems which are faced by users of WEP and the original WPA security protocol.The enterprise version is of course for used by larger organisation where security of the network is too valuable to be compromised .This is based on 802.1X wireless architecture , authentication framework know as RADIUS and the another authentication protocol from the EAP ( Extensible authentication Protocol ) Family which is EAP-TLS and also a secure key .A. 802.1XFigure 7 802.1X Authentication ProtocolIn order to understand the security protocols used in WPA2 it is important know a little bit about the 802.1X architecture for authentication. This was developed in order to overcome many security issues in 802.11b protocol. It provides much better security for transmission of data and its key strength is of course authentication There are three important entities in 802.1x protocol which is the client, valuator and authentication.a) Client is the STA(station) in a wireless area network which is trying to access the network ,This station co uld be fixed , portable or even mobile. It of course requires client software which helps it connect to the network.b) Authenticator This is yet another name given to an AP (Access Point).This AP receives the signal from the client and send it over to the network which the client requires connection from There are two parts to the AP i.e. the non control port and the control port which is more of a logical partitioning than an actual partition..The non control port receives the signal and check its authentication to see if the particular client is allowed to connect to the network .If the authentication is approved the control port of the AP is opened for the client to connect with the network.c) Authentication RADIUS (Remote Authentication Dial in User Service) server .This has its own user database table which gives the user that has access to the he network, this makes it easier for the APs as user information database need not be stored in the AP .The authentication in RADIUS is more user based than device based .RADIUS makes the security system more scalable and manageable.Figure 8 EAP/RADIUS Message ExchangeB. EAP (Extended Authentication Protocol)The key management protocol used in WAP2 is the EAP (Extended Authentication Protocol).It can also be called as EAPOW (EAP over wireless).Since there are many versions of this protocols in the EAP family it will advisable to choose the EAP protocol which is very dress hat suited for that particular network .The diagram and the steps following it will describe how a suitable EAP can be selected for that network a) Step1 By checking the previous communication records of the node using a network analyser program, it can be easily detected if any malicious or considerably compromising packets has been send to other nodes or received from to her nodes to this node .b) Step 2 By checking the previous logs for the authentication protocols used, the most commonly used authentication protocol used and the most successf ul authentication protocol can be understood.Figure 9 EAP Authentication with Method Selection Mechanismc) Step 3 The specifications of the node itself have to be understood such as the operating system used the hardware software even the certificate availability of the node.After all this has been examined the following steps can be run in order to determine and execute the most suitable EAP authentication protocol1. explode2. if (communication_record available) then read communication_record if(any_suspicious_packets_from_the_other_node) then abort authentication go to 5 else if (authentication record available) then read authentication record if (successful authentication available) then read current_node_resources if (current_node_resources comply with last_successful_method) then method = last_successful_method go to 4elseif (current_node_resources comply withmost_successful_method) then method = most_successful_method go to 4 else go to 3 else go to 3 else go to 3 else go to 33. read current_node_resources execute method_selection(current_node_resources)4. execute authentication_process5.EndX. RSN-ROBUST SECURITY NETWORKSRSN was developed with reference to IEEE 802.11i wireless protocol .This connection can provide security from very moderate level to high level encryption schemes .The main entities of a 802.11i is same as that of 802.1x protocol which is the STA (Client), AP and the AS (authentication server).RSN uses TKIP or CCMP is used for confidentiality and integrity protection of the data while EAP is used as the authentication protocol.RSN is a link layer security i.e it provides encryption from one wireless station to its AP to from one wireless station to another..It does not provided end to end security IT can only be used for wireless networks and in the case of hybrid networks only the wireless part of the network .The following are the features of secure network that are supported by RSN ( WRITE REFERENCE NUMBER HERE) a) Enhanced user auth entication mechanismsb) Cryptographic key managementc) Data Confidentialityd) Data Origin and Authentication Integritye) Replay Protection.A. Phases of RSNRSN protocol functioning can be divided in the five distinct phases .The figure as well as the steps will describe the phases in briefa) Discovery Phase This can also be called as Network and Security Capability discovery of the AP.In this phase the AP advertises that it uses IEE 802.11i security policy .An STA which wishes to communicate to a WLAN using this protocol will up n receiving this advertisement communicate with the AP .The AP gives an option to the STA on the cipher suite and authentication mechanism it wishes to use during the communication with the wireless network.Figure 9 Security States of RSNb) Authentication Phase Also known as Authentication and Association Phase .In the authentication phase, the AP uses its non control part to check the authentication proved by the STA with the AS .Any other data other than th e authentication data is blocked by the AP until the AS return with the message that the authentication provided by the STA is valid .During this phase the client has no direct connection with the RADIUS server .c) Key Generation and Distribution During this phase cryptographic keys are generated by both the AP and the STA. Communication only takes place between the AP and STA during this phase.d) Protected Data Transfer Phase This phase as the name suggest is during which data is transferred through and from the STA that initiated .the connection through the AP to the STA on the other end of the network.e) Connection Termination Phase Again as the name suggests the data exchanged is purely between the AP and the STA to tear down the connection
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.