You are previewing Real 802.11 Security: Wi-Fi Protected Access and 802.11i.
O'Reilly logo
Real 802.11 Security: Wi-Fi Protected Access and 802.11i

Book Description

"Real 802.11 Securityprovides clear descriptions of current and emerging security techniques. The authors handle complex topics nicely, and offer significant clarification of IEEE draft standards."
--Russ Housley, IETF Security Area Director and founder of Vigil Security, LLC

"This is certainly the definitive text on the internals of 802.11 security!"
--John Viega, founder and chief scientist, Secure Software, Inc.

"This book keeps the exposition as straightforward as possible and enables you to cut through the maze of acronyms, hacking tools, rumored weaknesses, and vague vendor security claims to make educated security decisions when purchasing or deploying WLAN."
--Simon Blake-Wilson, Director of Information Security, BCI

Business professionals and advanced home users are captivated by the convenience of working on wireless networks. But how can privacy and security be maintained effectively? Real 802.11 Security describes an entirely new approach to wireless LAN security based on the latest developments in Wi-Fi technology. This is the book that will show you how to establish real security within your Wi-Fi LAN.

Recent developments in Wi-Fi security achieve what no amount of reconfiguration can do: They solve the problem at the source. Wi-Fi Protected Access (WPA) repairs weaknesses in existing Wi-Fi systems and is designed to allow software upgrades. The upcoming 802.11i standard will offer a much higher level of security than previously offered and will provide flexible, extremely secure solutions for future products.

Real 802.11 Security addresses the theory, implementations, and reality of Wi-Fi security. It provides an overview of security issues, explains how security works in Wi-Fi networks, and explores various security and authentication protocols. The book concludes with an in-depth discussion of real-world security issues and attack tools.

Written by two experts in wireless security, Jon Edney and William Arbaugh, this book shows you how to stay informed and aware when making security decisions, and what steps you can take to implement the most effective, proactive wireless security now and in the future.



0321136209B06242003

Table of Contents

  1. Copyright
  2. Praise for Real 802.11 Security: Wi-Fi Protected Access and 802.11i
  3. Preface
    1. Why This Book Now?
      1. To Wi-Fi or Not to Wi-Fi
      2. The Cavalry Is Here
    2. Audience
    3. Organization
    4. Disclaimer
  4. Acknowledgments
  5. I. What Everyone Should Know
    1. 1. Introduction
      1. Setting the Scene
      2. Roadmap to the Book
      3. Notes on the Book
    2. 2. Security Principles
      1. What Is Security?
      2. Good Security Thinking
        1. 1. Don't Talk to Anyone You Don't Know
        2. 2. Accept Nothing Without a Guarantee
        3. 3. Treat Everyone as an Enemy until Proved Otherwise
        4. 4. Don't Trust Your Friends for Long
        5. 5. Use Well-Tried Solutions
        6. 6. Watch the Ground You Are Standing on for Cracks
      3. Security Terms
      4. Summary
    3. 3. Why Is Wi-Fi Vulnerable to Attack?
      1. Changing the Security Model
      2. What Are the Enemies Like?
        1. Gaming Attackers
        2. Profit or Revenge Attackers
        3. Ego Attackers
      3. Traditional Security Architecture
        1. Option 1: Put Wireless LAN in the Untrusted Zone
        2. Option 2: Make Wi-Fi LAN Trusted
      4. Danger of Passive Monitoring
      5. Summary
    4. 4. Different Types of Attack
      1. Classification of Attacks
      2. Attacks Without Keys
        1. Snooping
        2. Man-in-the-Middle Attack (Modification)
      3. Attacks on the Keys
        1. One-Time Passwords
        2. Burying the Keys
        3. Wireless Attacks
        4. Attacking the Keys Through Brute Force
        5. Dictionary Attacks
        6. Algorithmic Attacks
      4. Summary
  6. II. The Design of Wi-Fi Security
    1. 5. IEEE 802.11 Protocol Primer
      1. Layers
      2. Wireless LAN Organization
      3. Basics of Operation in Infrastructure Mode
        1. Beacons
        2. Probing
        3. Connecting to an AP
        4. Roaming
        5. Sending Data
      4. Protocol Details
        1. General Frame Formats
        2. MAC header
        3. Management Frames
          1. Timestamp
          2. Beacon Interval
          3. Capabilities Information
          4. SSID
          5. Supported Data Rates
          6. Radio Parameters
          7. Power Save Flags (TIM)
          8. Others
      5. Radio Bits
      6. Summary
    2. 6. How IEEE 802.11 WEP Works and Why It Doesn't
      1. Introduction
      2. Authentication
      3. Privacy
        1. Use of RC4 Algorithm
        2. Initialization Vector (IV)
        3. WEP Keys
          1. Default Keys
          2. Key Mapping Keys
      4. Mechanics of WEP
        1. Fragmentation
        2. Integrity Check Value (ICV)
        3. Preparing the Frame for Transmission
        4. RC4 Encryption Algorithm
      5. Why WEP Is Not Secure
        1. Authentication
        2. Access Control
        3. Replay Prevention
        4. Message Modification Detection
        5. Message Privacy
          1. IV Reuse
        6. RC4 Weak Keys
        7. Direct Key Attacks
      6. Summary
    3. 7. WPA, RSN, and IEEE 802.11i
      1. Relationship Between Wi-Fi and IEEE 802.11
      2. What Is IEEE 802.11i?
      3. What Is WPA?
      4. Differences Between RSN and WPA
      5. Security Context
      6. Keys
      7. Security Layers
        1. How the Layers Are Implemented
      8. Relationship of the Standards
        1. List of Standards
        2. Pictorial Map
      9. Summary
    4. 8. Access Control: IEEE 802.1X, EAP, and RADIUS
      1. Importance of Access Control
      2. Authentication for Dial-in Users
      3. IEEE 802.1X
        1. IEEE 802.1X in a Simple Switched Hub Environment
        2. IEEE 802.1X in Wi-Fi LANs
      4. EAP Principles
        1. EAP Message Formats
      5. EAPOL
        1. EAPOL-Start
        2. EAPOL-Key
        3. EAPOL-Packet
        4. EAPOL-Logoff
      6. Messages Used in IEEE 802.1X
        1. Authentication Sequence
      7. Implementation Considerations
      8. RADIUS—Remote Access Dial-In User Service
        1. RADIUS Mechanics
          1. Core Messages
          2. Core Message Format and Attributes
          3. Attributes
        2. EAP over RADIUS
        3. Use of RADIUS in WPA and RSN
      9. Summary
    5. 9. Upper-Layer Authentication
      1. Introduction
      2. Who Decides Which Authentication Method to Use?
      3. Use of Keys in Upper-Layer Authentication
        1. Symmetric Keys
        2. Asymmetric Keys
        3. Certificates and Certification Authorities
      4. A Detailed Look at Upper-Level Authentication Methods
      5. Transport Layer Security (TLS)
        1. Functions of TLS
        2. Handshake Exchange
          1. Client Hello (client → server)
          2. Server Hello (server → client)
          3. Server Certificate (server → client)
          4. Client Certificate (client → server)
          5. Client Key Exchange (client → server)
          6. Client Certificate Verification
          7. Change Connection State
          8. Finished
        3. Relationship of TLS Handshake and WPA/RSN
        4. TLS over EAP
        5. Summary of TLS
      6. Kerberos
        1. Using Tickets
        2. Kerberos Tickets
        3. Obtaining the Ticket-Granting Ticket
        4. Service Tickets
        5. Cross-Domain Access
        6. How Tickets Work
        7. Use of Kerberos in RSN
      7. Cisco Light EAP (LEAP)
      8. Protected EAP Protocol (PEAP)
        1. Phase 1
        2. Phase 2
        3. Status of PEAP
      9. Authentication in the Cellular Phone World: EAP-SIM
        1. Overview of Authentication in a GSM Network
        2. Linking GSM Security to Wi-Fi LAN Security
        3. EAP-SIM
        4. Status of GSM-SIM Authentication
      10. Summary
    6. 10. WPA and RSN Key Hierarchy
      1. Pairwise and Group Keys
      2. Pairwise Key Hierarchy
        1. Creating and Delivering the PMK
        2. Computing the Temporal Keys
        3. Exchanging and Verifying Key Information
          1. Message (A): Authenticator → Supplicant
          2. Message (B): Supplicant → Authenticator
          3. Message (C): Authenticator → Supplicant
          4. Message (D): Supplicant → Authenticator
        4. Completing the Handshake
      3. Group Key Hierarchy
        1. Summary of the Key Establishment Process
      4. Key Hierarchy Using AES–CCMP
      5. Mixed Environments
      6. Summary of Key Hierarchies
      7. Details of Key Derivation for WPA
        1. Four-Way Handshake
          1. Message (A): Authenticator → Supplicant
          2. Message (B): Supplicant → Authenticator
          3. Message (C): Authenticator → Supplicant
          4. Message (D): Supplicant → Authenticator
        2. Group Key Handshake
      8. Nonce Selection
      9. Computing the Temporal Keys
      10. Summary
    7. 11. TKIP
      1. What Is TKIP and Why Was It Created?
      2. TKIP Overview
        1. Message Integrity
        2. IV Selection and Use
          1. IV Length
          2. IV as a Sequence Counter—the TSC
          3. Countering the FMS Attack
      3. Per-Packet Key Mixing
      4. TKIP Implementation Details
      5. Message Integrity—Michael
        1. Countermeasures
          1. MIC Failure at Mobile Device
          2. MIC Failure at Access Point
        2. Computation of the MIC
      6. Per-Packet Key Mixing
        1. Substitution Table or S-Box
        2. Phase 1 Computation
        3. Phase 2 Computation
      7. Summary
    8. 12. AES–CCMP
      1. Introduction
      2. Why AES?
      3. AES Overview
        1. Modes of Operation
          1. Electronic Code Book (ECB)
          2. Counter Mode
          3. Counter Mode + CBC MAC : CCM
        2. Offset Codebook Mode (OCB)
      4. How CCMP Is Used in RSN
        1. Steps in Encrypting a Transmission
        2. CCMP Header
        3. Overview of Implementation
        4. Steps in Encrypting an MPDU
          1. Computing the MIC
          2. Encrypting the MPDU
        5. Decrypting MPDUs
      5. Summary
    9. 13. Wi-Fi LAN Coordination: ESS and IBSS
      1. Network Coordination
        1. ESS Versus IBSS
        2. Joining an ESS Network
      2. WPA/RSN Information Element
        1. Validating the Information Elements
      3. Preauthentication Using IEEE 802.1X
      4. IBSS Ad-Hoc Networks
      5. Summary
  7. III. Wi-Fi Security in the Real World
    1. 14. Public Wireless Hotspots
      1. Development of Hotspots
        1. Public Wireless Access Defined
        2. Barriers to Growth
          1. Fax Machine Problem
          2. Multiparty Barrier
            1. Model 1: Wireless Internet Service Provider
            2. Model 2: Brand-Based Service Provider
            3. Model 3: Cellular Operator Extension Service
      2. Security Issues in Public Hotspots
      3. How Hotspots Are Organized
        1. Subscribers
        2. Access Points
        3. Hotspot Controllers
        4. Authentication Server
      4. Different Types of Hotspots
        1. Airports
        2. Hotels
        3. Coffee Shops
        4. Homes
      5. How to Protect Yourself When Using a Hotspot
        1. Personal Firewall Software
        2. Virtual Private Network (VPN)
          1. VPN Details
      6. Summary
    2. 15. Known Attacks: Technical Review
      1. Review of Basic Security Mechanisms
        1. Confidentiality
          1. Cryptography
            1. Asymmetric Encryption
            2. Symmetric Encryption
            3. Key Management
          2. Access Control
        2. Integrity
          1. Source Integrity
          2. Data Integrity
            1. Message Authentication Codes
            2. Digital Signatures
      2. Review of Previous IEEE 802.11 Security Mechanisms
        1. Confidentiality
        2. RC4 and WEP
          1. Initialization Vector
          2. Integrity Check Value
          3. WEP Datagram Format
          4. Key Management
          5. Access Control
        3. Integrity and Authentication
          1. Open System Authentication
          2. Shared-Key Authentication
      3. Attacks Against the Previous IEEE 802.11 Security Mechanisms
        1. Confidentiality
          1. RC4 Problems
            1. Mantin and Shamir Bias Flaw
            2. Fluhrer, Mantin, and Shamir Key Schedule Attack
          2. Other WEP Problems
            1. IV Space
            2. Replay Attacks
            3. WEP Message Modification
          3. An Active Implementation of Fluhrer, Mantin, and Shamir
          4. An Inductive Chosen Plaintext Attack
            1. Base Phase
            2. Inductive Phase
              1. MTU Recovery
              2. Building the Dictionary
              3. Cost of the Attack
              4. Effects of Filtering IVs
        2. Access Control
          1. Problems with MAC-Based Access Control Lists
          2. Problems with Proprietary Closed Network Access Control
        3. Authentication
          1. Shared-Key Authentication
      4. Man-in-the-Middle Attacks
        1. Management Frames
        2. ARP Spoofing
      5. Problems Created by Man-in-the-Middle Attacks
        1. 802.1x and EAP
        2. PEAP
      6. Denial-of-Service Attacks
        1. Layer 2 Denial-of-Service Attacks Against All Wi-Fi-Based Standards
        2. WPA Cryptographic Denial-of-Service Attack
      7. Summary
    3. 16. Actual Attack Tools
      1. Attacker Goals
      2. Process
        1. Reconnaissance
          1. NetStumbler
          2. Kismet
      3. Example Scenarios
        1. Planning
          1. WideOpen
          2. LockedUp
        2. Collection
        3. Analysis
          1. Recovery of WEP Key
          2. Passive Identification of Network Parameters
        4. Execution
      4. Other Tools of Interest
        1. Airsnort
        2. Airjack
          1. DoS Attack
          2. ESSID Determination
          3. Man-in-the-Middle Attack
      5. Summary
    4. 17. Open Source Implementation Example
      1. General Architecture Design Guidelines
      2. Protecting a Deployed Network
        1. Isolate and Canalize
        2. Upgrade Equipment's Firmware to WPA
        3. What to Do If You Can't Do Anything
      3. Planning to Deploy a WPA Network
      4. Deploying the Infrastructure
        1. Add a RADIUS Server for IEEE 802.1X Support
        2. Use a Public Key Infrastructure for Client Certificates
        3. Install Client IEEE 802.1X Supplicant Software
      5. Practical Example Based on Open Source Projects
        1. Server Infrastucture
          1. OpenSSL Instead of a PKI
            1. Downloading OpenSSL
            2. Compiling OpenSSL
            3. Configuring OpenSSL
          2. Making the Public Key Certificates
            1. Creating the Certificate Authority
            2. Creating a Server Certificate
            3. Creating a Client Certificate
          3. RADIUS Software
            1. Downloading FreeRADIUS
            2. Compiling FreeRADIUS
            3. Configuring FreeRADIUS
              1. clients.conf
              2. radiusd.conf
              3. users
            4. Testing FreeRADIUS
        2. Building an Open Source Access Point
          1. AP Hardware
          2. AP Software
            1. OpenBSD
            2. Linux
        3. Making It All Work
          1. Configuring Cisco Access Points to Use 802.1X
            1. Setting the RADIUS Server Properties
            2. Client Software
            3. Windows XP
            4. Installing Public Key Certificates
            5. Wireless Device Configuration
      6. Summary
      7. Acknowledgments
      8. References and More Information
  8. Appendixes
    1. A. Overview of the AES Block Cipher
      1. Finite Field Arithmetic
        1. Addition
        2. Subtraction
        3. Multiplication
        4. Division
        5. Galois Field GF()
        6. Conclusion
      2. Steps in the AES Encryption Process
        1. Round Keys
        2. Computing the Rounds
          1. SubBytes
          2. ShiftRows
          3. MixColumns
          4. XorRoundKey
        3. Decryption
        4. Summary of AES
    2. B. Example Message Modification
      1. Example Message Modification
    3. C. Verifying the Integrity of Downloaded Files
      1. Checking the MD5 Digest
      2. Checking the GPG Signature
  9. Acronyms
  10. References