Wireless Infidelity
By Randy Stauber, Security Engineer
Friday, 18 June 2004 17:31 EST
Friday, 18 June 2004 17:31 EST
While the growth of 802.11b wireless networking has been explosive, problems with security of data being transmitted have plagued the technology almost since its conception. Still in spite of its drawbacks 802.11b has some compelling reasons for its deployment, both by the consumer and in the enterprise. Those reasons include its low cost, its ease of deployment and the tremendous convenience that wireless networking offers.
As anyone knows who remembers the old Party Line telephone system, some times lack of good privacy can be lived with. Risk in general is discussed as well as basic ways to mitigate the risk. While Wireless Fidelity’s (Wi-Fi) main security algorithm Wireless Encryption Protocol or WEP as it is commonly referred to remains relatively easy to crack, it is still better than nothing. This and other counter measures are discussed from basic residential wireless setups to more advanced ways the enterprise environment might consider for deploying wireless for transmission of important corporate data.
While data security, confidentiality, integrity and user or access point authorization has left much to be desired in Wi-Fi’s past, the future of Wi-Fi seems, at least at present to be brighter. Perhaps the main reason for this has been Wi-Fi’s tremendous growth, which makes many of IT’s main players want to see it succeed. WPA, 802.11X and other technologies have support of such industry giants as Microsoft and Cisco.
So while secure wireless computing is still not a reality, it is a technology that merits close watch for the enterprise.
Wireless Fidelity’s (Wi-Fi) Past, Present and Future
802.11b wireless networking is experiencing tremendous growth. Every indication is that it will be around in one form or another for quite some time. The tremendous growth of Wi-Fi is due to of a couple of things, but the main reasons for its tremendous growth are the same for both the consumer and the enterprise. Wi-Fi as it is commonly called is inexpensive especially when compared to traditional Ethernet networking and it is convenient.
To appreciate what the cost savings are, consider a older commercial building made of concrete and steel. Think of the expense that a company moving in would have to go through to put fiber cabling through the many stories and walls into a data closet. When you consider those contractors drilling through the rebar reinforced walling you start to get an idea of the savings I am talking about.
Now imagine a company’s engineers holding an ad-hoc design meeting. With traditional networking this meeting had to be more formalized. Now the design engineer can walk over to the project manager with his laptop and show him the idea with full network support and resources. He can Ad-Hoc transfer the files over to the project managers desktop instantly. No network admin called or needed. This is a taste of the convenience factor mentioned earlier.
With all of this going for it, Wi-Fi has yet to prove itself in the area that is of most concern to the CFO’s and the CEO’s, and that is the area of information security. If the industry doesn’t work together to address these concerns, Wi-Fi may be doomed. But there is hope on the horizon and the economic reward of having a good solution is in all the major IT players’ interest.
The Growth of Wi-Fi
Almost everyone has heard of Wi-Fi. To many it seems the one ray of hope in an industry mired in gloom and doom due to a stagnate economy.
In fact, “According to new findings from IDC, shipments of desktops, notebooks, and servers will rise 8.3 percent in 2003 to 147.5 million units, then rise 11 percent to 163.8 million units in 2004. This growth is being driven by many factors, one of which is the proliferation of 802.11b. Shipments will likely reach 136.2 million units for 2002, a 1.6 percent increase over 2001, IDC said. Last year marked one of the worst years in the history of the PC industry, with shipments shrinking 4.2 percent worldwide and 11.4 percent in the United States”(Wi-Fi Growth Expected, December 2002)
In another article: “So-called Wi-Fi hotspots, or areas where public wireless access are available, increased by 327 percent in the European market, from 269 locations at the end of 2001 to around 1,150 locations at the end of 2002, IDC said in its latest report”(Oliva, Erwin Lemue, Tues. Feb 11)
Indeed, the growth is such that Cisco recently acquired LinkSys, a leading supplier of consumer Wi-Fi network equipment.
History of Wi-Fi Insecurity
In spite of this tremendous growth, Wi-Fi has been plagued throughout its existence with the question of it’s security. One writer for ZDNET, David Berlind on October 2, 2001 recommended that no wired networks be deployed without a special need and recommended that the Enterprise deploy Wi-Fi networks in their employees’ homes to allow seamless movement for employees’ laptops between office and home. While he acknowledged that compromises were possible, he implied that the attacks were too difficult to be any real threat.
Some of the early responses to his article painted a different picture. While many were happy with their experience deploying a wireless network, his first responder, Craig Ellison pointed out the security problems with Wi-Fi, and chided him for his recommendation of it. One reader almost immediately lost data and had to rebuild his system due to unauthorized access to his machine through the Wi-Fi connection.(Berlind, David, Oct 2)
One month earlier the September 2001 PC Magazine, Craig Ellison wrote “Exploiting and Protecting 802.11b Wireless Networks”. In it he detailed using a laptop, a wireless cards and a 14 db Yagi antenna to identify 61 open network connections within 6 blocks of PC Magazines Manhattan offices. Using NetStumbler, a shareware program he enumerated information about each network including the interesting fact that only 21% of the networks had WEP enabled. Expanding his search he found 808 wireless networks with only 38% WEP enabled. (Ellison, Cra, September 4, 2001)
Problems with Wi-Fi Security had been noted earlier. Borisov, Wagner and Goldberg reported that passive eavesdropping could determine plaintext from messages. They also detailed how Wi-Fi equipment could be easily modified to perform passive eavesdropping. (Nikita Borisov, Ian Goldberg And David Wagn, January 2001)
On March 30, 2001 researchers at the University of Maryland detailed the insecurity of the shared key authentication method. This paper also detailed that most Wi-Fi cards software allow the user to change the 48-bit MAC address. This invalidates Access Control Lists security since the MAC addresses are transmitted clear text, allowing eavesdroppers to intercept them.(William Arbaugh, Narendar Shankar And Justin W, 30 MAR 2001) In May 2001, Aubaugh designed a plaintext attack which recovered a RC4 encryption stream one bit at a time using trial and error. (Arbaugh, William, May 2001)
But the most devastating article appeared in August 2001, from SecurityFocus. Fluher, Mantin and Shamir discovered how to recover the secret key from the first few bits of several thousand messages. (Scott Fluher, Itsik Mantin And Adi Sham, August 2001, SecurityFocus.com)
In August a group from Rice University developed software that enabled them to recover the128 bit WEP key for a WLAN. (Adam Stubblefield, John Ioannidis And Aviel Rub, August 6) The same month AIRSnort and WEPCrack were released using the Fluher, Mantin and Shamir weakness.
Even earlier in October 2000 Jesse Walker from Intel published an article entitled: “Unsafe at Any Key size, an Analysis of WEP Encapsulation” which states in the abstract: “It is still repeatedly suggested, asserted or assumed that that WEP could meet its goal [of data privacy] by migrating from 40-bit to 104- or 128-bit RC4 keys instead. This reports seeks to dispel this notion once and for all…WEP encapsulation remains insecure whether the key bit is 1- or 1000- or any size whatsoever and the same remains true when any other stream cipher replaces RC4. The weakness stems from WEP’s usage of its initialization vector.” (Walker, Jesse, 25 OCT 2000)
The Basic Problems with Wi-Fi Security
WEP relies on a shared key between communicating computers to allow data privacy. Encryption of a data frame follows the following steps:
First a checksum is computed on the plaintext message to insure data integrity. This is combined with the plaintext to produce the input to the second step.
The next step, encryption, the output described above is encrypted using the RC4. The RC4 generates a keystream using an initialization vector and the key. The keystream is exclusive-OR’ed with the plaintext from above to obtain the cipher text.
XORing and Exclusive ORing are a form a digital addition in which two rows of binary numbers are compared and their similarity or difference is noted in a third row of binary.
Finally this cipher text is transmitted over the radio link to the receiving computer.
The stated goals of WEP are really threefold:
- Confidentiality which insures that the messages are not susceptible to eavesdropping.
- Access Control, which prevents unauthorized use of the Wi-Fi network infrastructure and
- Data Integrity which insures that the message is received as intended.
While even the 40-bit key would be difficult to brute force, there are shortcuts that render WEP security useless.
A well known weakness of cipher streams is that encrypting to messages under the same key and initialization vector can reveal information about both messages. In other works, XORing two messages will cancel out the cipher stream and the result will be the XOR of the two plain text messages.
Thus keystream reuse can lead to several types of attacks. For example if the plaintext of one of the messages above is known the other message becomes immediately apparent. But most of the time real world communication has enough redundancy to recover the plaintext messages if only the XOR sum is known. Deciphering the Plaintext becomes easier as the number of messages increases and many known solutions to such a problem exists such as frequency analysis and cribs.
For this type of attach to succeed the key has to be reused and some plaintext has to be known or discovered.
To prevent these attacks WEP uses an initialization vector on a per packet basis. Each packet uses the same key but the initialization vector is varied with each packet; therefore the keystream is different for each packet. The initialization vector is included in each packet unencrypted and is available to both the cracker and the intended recipient, but since the key is secret, the keystream remains unknown to the cracker.
The WEP standard recommends that the initialization vector be change after the transmission of each packet. Many PCMCIA cards implement this by resetting the initialization vector to zero after the cards are powered by and by incrementing the initialization vector by one after each transmitted packet. Consequently keystreams corresponding to low valued initialization vectors are likely to be reused many times during the life of a key value.
Worse, because the initialization vector is limited to 24-bits in width, there is almost a guarantee that the same keystream will be used for a communications session. This lack of variety in the keystream generation is a fundamental and fatal flaw in WEP implementation, it is impossible to avoid. Since many fields of IP traffic are predictable, finding known text becomes less of a challenge.
Another challenge to WEP security is the problem of key distribution. The distribution of the secret key, upon which so much of the illusion of Wi-Fi security rests, relies on the external distribution of 4 secret keys. Each frame contains a key identifier field which specifies which key to use. The specification also allows for an array which specifies a key for each mobile station; however this implementation is not widely supported. In reality most implementations use a single key for an entire network.
Obviously, the more this secret key is out on the network and known by users, the less the likelihood of it remaining secret. While some network managers might try to get around this problem by configuring the key themselves, the reality is that the key will be present on the users’ machine and therefore accessible to the user.
The reuse of secret keys also makes the reuse of the keystream much more likely. So to review, most wireless implementations of 802.11b are used without any security at all, and even when there are security measures taken, Wi-Fi networks are completely insecure to serious hackers. (Moluf, Allen, March 06)
Why 802.11B Still Even Exists
I think it is safe to say that where high level data security is needed, reliance on WEP for security should be eliminated. That is to say, medical information and important corporate data should NOT be transmitted over wireless networks that rely on WEP for security.
It is reminiscent of the lack of security in the old implementation of the multiparty lines by the American Telephone and Telegraph Corporation. Before each telephone user had a private line, at one time multiple households or parties shared the same line. The different users were alerted by different rings. One user might have a long ring, another two shorter rings. At one time everyone shared one line. Did that mean that everyone’s conversation was subject to being overheard? Yes. Did that mean that many people wanted to totally forgo the telephone?
The answer is no. People accepted the risk of being overheard, and were perhaps more careful with what they said. The possibility of being overheard still exists, especially on cellular phones, but this has not apparently diminished the popularity of this means of communication. Because of its convenience, there is still a place for cellular communication.
The same is true of Wi-Fi networking. Secure data transmission is not its market. Recalling the risk formula in it’s most basic form:
Risk= Odds of Successful attack times the Value of the Resource Compromised.
So let’s assume the odds of a successful attack are quite high. By keeping the value of the Resource jeopardized low, Wi-Fi still makes sense for some applications. I use Wi-Fi on my home network and I will attest to the fact that it makes sharing resources among my laptop, my wife’s laptop and my teenaged daughter’s laptop much easier. My 8 year old has a game desktop for her educational games and everyone shares a laser printer and an Epson Color printer for color printing. One cable modem services the entire 3200 square foot house and everyone uses a 160 Gig Maxtor drive for backup.
I am quite happy to have the ease of backup feature on my Wi-Fi network. I was recently Ghosting an image of a VMWared combination OS setup when I had a power surge toast my registry. Boot in last known Good Configuration option resulted in a blue screen. But, luckily for me, I had sent the My Documents folder to the Wi-Fi shared backup disk and had lost no data. Hours of configuration settings were gone, as was the System Restore feature. But, my important school work, and hundreds of megs of digital image files of family pictures were intact.
So while we in the Info Sec world have ruled out the idea of using Wi-Fi networking for important data, we are left with an ease of use factor that cannot be ignored. Like technology itself, I find few people willing to forgo its use simply because of the problems it engenders. So in the next section, I will go over the steps to be taken to make the wireless network more secure for non-critical data.
Configuring a Wi-Fi Network
No Wi-Fi network as we have established is completely secure that relies on WEP. But just because no door or no lock will stop a determined enough thief, this is not a good reason to leave your doors wide open.
With that in mind, the order in which to secure a Wi-Fi network, in my opinion is the following:
- Turn the access point off if it is not in use. No cracker can crack a well secured wireless network that is not broadcasting.
- Locate your access points away from outside walls. Again, if a cracker can’t get the signal he can’t exploit your network.
- Turn off SSID Broadcasting. This ensures that the access point doesn’t include the SSID(service set identifier) in the beacon frames that are sent out many times per second. This disables automatic configuration of the user’s radio NIC. As a result, an intruder will have to find out the SSID by more difficult means. But when someone is booting up and an eavesdropper is using AirMagnet or AiroPeek, he can sniff out the SSID as the user associates with an access point.
- Utilize static IP address. By default, most wireless LAN’s use DHCP. The problem is that DHCP doesn’t distinguish between the legitimate user and the cracker. This aids the cracker in establishing a connection to the access point and becoming a node on the network. Of course, some could use an 802.11 packet analyzer and learn what IP addresses are in use, but if the IP address is already on the network, he won’t be able to reliably use network services. The use of static IP addresses becomes very much an administration nightmare on larger networks, so this tip is only practical for small networks.
Use shared key authentication. Most wireless LANS allow the use of this feature, which helps avoid rogue radio NIC’s from gaining access to the network. When the authentication process occurs, the access point sends the radio NIC a string of challenge text. The radio NIC must encrypt the challenge text with its WEP key and send the encrypted version to the access point. After decrypting the encrypted text with the common key, the access point can determine whether or not the radio NIC has the correct key.
Another step is to install and to activate personal firewalls. Without this protection, someone can easily copy or erase your files. Use of ACL’s on encrypted file folders offers some protection as well. This applies to wired networks as well as wireless ones.
More advanced steps to protect your wireless network include:
Setting up a Virtual Private Network (VPN). Virtual Private networking requires the use of third party encryption like triple DES that affects all data transmission on the LAN. How this is usually implemented is that the users’ install wireless VPN client software on their radio which communicates securely with the access point. This solution can be difficult to implement and costly to deploy and maintain, but it offers security for both wired and wireless networks.
Use mutual authentication mechanisms. By using a RADIUS server (Remote Authentication Dial-in User Service) and 802.1X protocols and access controllers you can deploy a robust mutual authentication between users and access points. This protects against man in the middle attacks and rogue access points and nodes. Most enterprise grade wireless routers by companies like CISCO support these additional features. This is combined with an authentication mechanism like EAP-TLS (extensible authentication protocol, transport layer security). This with the implementation of encrypted user names or digital certificates allows for strong authentication to occur. The 802.1X also provides for distribution of encryption keys dynamically to wireless LAN devices, which solves one of the fundamental problems with the current implementation of 802.11 WEP.
Place access points outside the enterprise firewalls. Allow legitimate users to access resources based on MAC addresses. Remember you have important critical data protected with Access Control Lists and encryption as well.
So while 802.11b remains insecure for the time being, there are several ways to incorporate some of the features of this network without risking enterprise data. It is worth bearing in mind that the most robust solutions effectively eliminate the compelling reason for Wi-Fi’s existence, which is ease of use. Still wireless has some other secondary features which make it an attractive solution for certain enterprise functions. (Geier, J, June 20)
The Future of Wireless
Wi-Fi Protected Access or WPA is currently supported by Windows XP and many consumer products by firmware upgrades including products by LinkSys and D-Link. According to the Wi-Fi Alliance: “Wi-Fi Protected Access had several design goals, ie; be a strong interoperate, security replacement for WEP, be software upgradeable to existing Wi-Fi CERTIFIED products, be applicable to both home and large enterprise users and be available immediately.” (Grim, C Brian, 10/31/02)
Accordingly WPA was designed to provide data confidentiality which is weak in WEP and to provide strong authentication which largely absent in WEP.
Encryption in WPA is addressed with TKIP, or Temporal Key Integrity Protocol. This enhances data encryption by using a message integrity checker named Michael, an extended initialization vector with sequencing rules, a re-keying mechanism and a per-packet key mixing function.
Additionally WPA uses 802.1x and EAP for authentication. WPA supports mutual authentication. This prevents the wireless user from connecting to an Ad hoc rogue server that might obtain the users network credentials and passwords.
The next generation of wireless networking will include the features listed above and goes by the IEEE name of 802.11i. This specification also includes Secure IBSS, secure fast handoff, secure de-authentication and disassociation, as well as enhanced encryption protocols such as AES-CCMP. The IEEE 802.11i specification is expected to be published at the end of 2003. (Overview Of The WPA Wireless Security Update In Windows XP, 6/10/03)
Conclusion
So while the past of Wi-Fi has been plagued with security problems the economics are such that many players in the IT market want to see the insecure WEP replaced with something more robust. While nothing in the future is certain, it seem a given that Wi-Fi will overcome its adolescent growing pains and mature into a reasonably secure and easy to deploy method of networking.