[PDF](+37👁️) Télécharger DTIC ADA429868: Wireless Network Security: Design Considerations for an Enterprise Network pdf

NAVAL

POSTGRADUATE

SCHOOL


MONTEREY, CALIFORNIA


THESIS


WIRELESS NETWORK SECURITY: DESIGN

CONSIDERATIONS FOR AN ENTERPRISE NETWORK

by


Oh Khoon Wee


December 2004


Thesis Advisor:

Karen Burke

Thesis Co-Advisor:

Gurminder Singh


Approved for public release: distribution is unlimited




THIS PAGE INTENTIONALLY LEFT BLANK



REPORT DOCUMENTATION PAGE


Form Approved OMB No. 0704-
0188


Public reporting burden for this collection of information is estimated
including the time for reviewing instruction, searching existing data so
the data needed, and completing and reviewing the collection of inform
this burden estimate or any other aspect of this collection of inforn
reducing this burden, to Washington headquarters Services, Directoral
Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 2
Management and Budget, Paperwork Reduction Project (0704-0188) V

to average 1 hour per response,
urces, gathering and maintaining
lation. Send comments regarding
nation, including suggestions for
te for Information Operations and
12202-4302, and to the Office of
/ashington DC 20503.

1. AGENCY USE ONLY (Leave
blank)

2. REPORT DATE

December 2004

3. REPORT TYPE AND DATES COVERED

Master’s Thesis

4. TITLE AND SUBTITLE: Wireless Network Security: Design

Considerations for an Enterprise Network

5. FUNDING NUMBERS

6. AUTHOR(S) Oh Khoon Wee

7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)

Naval Postgraduate School

Monterey, CA 93943-5000

8. PERFORMING

ORGANIZATION REPORT

NUMBER

9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES)

N/A

10. SPONSORING / MONITORING
AGENCY REPORT NUMBER

11. SUPPLEMENTARY NOTES The views expressed in this thesis are those of the author and do not reflect the
official policy or position of the Department of Defense or the U.S. Government.

12a. DISTRIBUTION / AVAILABILITY STATEMENT

Approved for public release: distribution is unlimited

12b. DISTRIBUTION CODE

13. ABSTRACT (maximum 200 words)

Since its introduction in 1999, the Institute of Electrical and Electronics Engineers (IEEE) 802.11
Wireless Local Area Network (WLAN) has become the de-facto standard for wireless networking,
providing convenient and low cost connectivity. Increasingly, enterprises are extending their networks
with 802.11-based WLANs to provide mobility and information-on-the-move for its employees.
However, the introduction of WLANs into enterprise networks has raised major concerns about security.

A poorly implemented WLAN introduces weaknesses in the enterprise network which can be exploited
by attackers, resulting in severe consequences for the enterprise.

This thesis was sponsored by the DoD to study the problem of designing a secure wireless architecture
for an enterprise network. The specific requirements for the enterprise network were based extensively
on DoD and the intelligence community’s security guidelines and policies. This thesis provides an in-
depth analysis into the 802.11 standard and measures how far the standard goes in meeting the
specific requirements of the enterprise network. This thesis presents a layered-defense architecture to
provide a scalable design for secure wireless networks. A prototype system utilizing XML to control the
flow of classified information in wireless networks is also presented.

14. SUBJECT TERMS

802.11, WLAN, 802.11 i, WEP, WPA, WIRELESS

15. NUMBER OF
PAGES

79

16. PRICE CODE

17. SECURITY
CLASSIFICATION OF
REPORT

Unclassified

18. SECURITY

CLASSIFICATION OF THIS

PAGE

Unclassified

19. SECURITY
CLASSIFICATION OF
ABSTRACT

Unclassified

20. LIMITATION

OF ABSTRACT

UL


NSN 7540-01-280-5500


Standard Form 298 (Rev. 2-89)
Prescribed by ANSI Std. 239-18


I




























THIS PAGE INTENTIONALLY LEFT BLANK



Approved for public distribution: distribution is unlimited


WIRELESS NETWORK SECURITY: DESIGN CONSIDERATIONS FOR AN

ENTERPRISE NETWORK

Oh Khoon Wee

Defense Science and Technology Agency, Singapore
B.Eng., Nanyang Technological University, 1998

Submitted in partial fulfillment of the
requirements for the degree of

MASTER OF SCIENCE IN COMPUTER SCIENCE

from the

NAVAL POSTGRADUATE SCHOOL
December 2004


Author: Oh Khoon Wee


Approved by: Karen Burke

Thesis Advisor


Gurminder Singh
Co-Advisor


Peter Denning

Chairman, Department of Computer Science



THIS PAGE INTENTIONALLY LEFT BLANK


IV



ABSTRACT


Since its introduction in 1999, the Institute of Electrical and Electronics
Engineers (IEEE) 802.11 Wireless Local Area Network (WLAN) has become the
de-facto standard for wireless networking, providing convenient and low cost
connectivity. Increasingly, enterprises are extending their networks with 802.11-
based WLANs to provide mobility and information-on-the-move for its employees.
However, the introduction of WLANs into enterprise networks has raised major
concerns about security. A poorly implemented WLAN introduces weaknesses in
the enterprise network which can be exploited by attackers, resulting in severe
consequences for the enterprise.

This thesis was sponsored by the DoD to study the problem of designing a
secure wireless architecture for an enterprise network. The specific requirements
for the enterprise network were based extensively on DoD and the intelligence
community’s security guidelines and policies. This thesis provides an in-depth
analysis into the 802.11 standard and measures how far the standard goes in
meeting the specific requirements of the enterprise network. This thesis presents
a layered-defense architecture to provide a scalable design for secure wireless
networks. A prototype system utilizing XML to control the flow of classified
information in wireless networks is also presented.


v



THIS PAGE INTENTIONALLY LEFT BLANK


VI



TABLE OF CONTENTS


I. INTRODUCTION.1

A. BACKGROUND.1

B. SCOPE.1

C. REQUIREMENTS OVERVIEW.2

D. DESIGN STRATEGY.3

E. THESIS ORGANIZATION.5

II. REQUIREMENTS.7

A. DCID 6/9 “PHYSICAL SECURITY STANDARDS FOR

COMPARTMENTED INFORMATION FACILITIES”.7

B. DCID 6/3 “PROTECTING SENSITIVE COMPARTMENTED

INFORMATION WITHIN INFORMATION SYSTEMS”.8

1. Level-of-Concern.8

2. Protection Level.10

C. SPECIFIC REQUIREMENTS.11

D. REQUIREMENTS FOR AVAILABILITY.12

III. IEEE 802.11: LINK SECURITY MECHANISMS.13

A. WIRED EQUIVALENT PRIVACY (WEP).13

B. WEAKNESSES OF WEP.15

1. Integrity.16

2. Authentication.16

3. Confidentiality.16

C. IEEE 802.IX.17

1. Principle of Operation.17

2. Extensible Authentication Protocol (EAP).19

D. WI-FI PROTECTED ACCESS.20

1. Temporal Key Integrity Protocol (TKIP).20

2. Michael Message Integrity Check.21

E. IEEE 802.111.22

1. Counter Mode with CBC-MAC Protocol (CCMP).23

2. WRAP.25

F. REQUIREMENTS MATRIX.26

G. COMPARISON AND RECOMMENDATIONS.27

IV. ENTERPRISE ARCHITECTURE DESIGN.29

A. OVERVIEW.29

B. VIRTUAL PRIVATE NETWORKS.29

C. APPLICATION ENCRYPTION.30

D. MULTI-FACTOR AUTHENTICATION.32

E. MONITORING.32

F. DEVICE SECURITY.33

G. MEDIUM-BASED ACCESS CONTROL.34

1. Concept of Operation.35

2. implementation and Design.36

vii











































3. Demonstration Program.37

4. Limitations.39

H. SUMMARY.39

V. CONCLUSION.41

A. CONCLUSION.41

B. RECOMMENDATIONS AND FURTHER WORK.41

1. WLAN Security Test Bed.41

2. Medium-based Access Control Prototype.42

APPENDIX A. OVERVIEW OF IEEE 802.11 STANDARD.43

A. OVERVIEW.43

B. MODES OF OPERATION.44

C. COLLISION DETECTION AND AVOIDANCE.45

APPENDIX B. SOURCE CODES.47

A. CLIENT APPLICATION MODULE.47

1. ContentGui.java.47

2. GetMACAddress.java.50

3. HTTPFunctions.java.52

B. SERVER SIDE APPLICATIONS.53

1. NetServer.java.53

2. Sample Content Page (Page.html).57

3. Output Page Generated for Client on Wireless Network.... 58

4. Output Page Generated for Client on Wired Network.59

LIST OF REFERENCES.61

INITIAL DISTRIBUTION LIST.63


viii


























LIST OF FIGURES


Figure 1. Design Strategy.4

Figure 2. WEP Encryption Process.14

Figure 3. Overview of 802.lx Authentication Protocol

(from [Edney & Arbaugh 2004]).18

Figure 4. General EAP Message Flow in Authentication Process

(from [Edney & Arbaugh 2004]).19

Figure 5. AES Counter (CTR) Mode Encryption Process

(from [Kaufman 2002]).23

Figure 6. Message Integrity Check using CBC-MAC Computation.24

Figure 7. Integration of VPN with Wireless Network Architecture.30

Figure 8. PKI-based Infrastructure.31

Figure 9. Biometric Protected Device: HP IPAO Pocket PC 5450 PDA

(from[PCWorld 2004]).33

Figure 10. Concept of Operations for Medium-Based Access Control.35

Figure 11. Design Implementation.36

Figure 12, User Graphical Interface.38

Figure 13. View for User Connected Via the Wired Network.38

Figure 14. View for User Connected Via the Wireless Network.39

Figure 15. WLAN Operating in Infrastructure Mode.44

Figure 16. WLAN Operating in Ad-Hoc Mode.45



















THIS PAGE INTENTIONALLY LEFT BLANK


x



LIST OF TABLES


Table 1. Summary of Key Indicators for Confidentiality, Integrity and

Availability for Various Levels-of-Concern [DCID 6/3 1999].9

Table 2. Selection Criteria for Protection Levels [DCID 6/3 1999].10

Table 3. Specific Requirements for the Wireless Enterprise.11

Table 4. Specifications of Key Parameters used in WEP.15

Table 5. Comparison of WEP, WPA and IEEE 802.11 i Security Protocols.25

Table 6. Comparison of WEP, WPA and 802.11 i Security Functions Versus

DCID requirements.27

Table 7. Comparison of existing 802.11 Protocols.43










THIS PAGE INTENTIONALLY LEFT BLANK


XII



ACKNOWLEDGMENTS


I wish to express my gratitude to my thesis advisors Prof Karen Burke and
Prof Gurminder Singh for making this thesis possible. Thank you for your patient
guidance and invaluable advice. Special thanks also to my wife Mui Hua and my
daughter Hwee Shian for their love and support.



THIS PAGE INTENTIONALLY LEFT BLANK


XIV



I. INTRODUCTION


A. BACKGROUND

Since its introduction in 1999, the Institute of Electrical and Electronics
Engineers (IEEE) 802.11 Wireless Local Area Network (WLAN) has become the
de-facto standard for wireless networking, providing mobility and connectivity at
relatively low cost.

However, the key concern with the 802.11 WLANs has been security.
Wireless signals can travel long distances and are not bounded by physical
boundaries such as walls and perimeters. Since the Radio Frequency (RF)
spectrum is a shared medium, wireless signals can also be picked up by
unintended recipients such as potential attackers (with the right equipment). As
noted by [Borisov 2002], when wireless signals are sent across radio waves,
“interception and masquerading becomes trivial to anyone with a radio”. This
can compromise the confidentiality, availability and integrity of information in a
network.

This thesis studies the problem of designing a secure 802.11-based
wireless network architecture for an enterprise. The Department of Defense
(DoD) was the main sponsor for this study, and the design of the architecture is
based on requirements provided by the DoD and related intelligence agencies.

B. SCOPE

The thesis will answer the following questions, leading to the development
of a wireless enterprise architecture for the DoD network:

1. What are the requirements for the DoD enterprise system?

2. How do current wireless technologies, in particular the IEEE 802.11
standard, perform with respect to the specified requirements? Are
there areas of non-compliance that have to be addressed?


1



3. What are other supporting technologies that can be applied to
better secure the network?

The specific security requirements for the DoD enterprise system were
studied and analyzed. Extensive research was conducted on the IEEE 802.11
standard, focusing on the security protocols that are built-in with the 802.11
security standard, namely the Wired Equivalent Privacy (WEP), Wireless
Protected Access (WPA) and the IEEE 802.11 i protocols. These security
protocols were analyzed in detail, and examined for compliance to the
requirements for the enterprise network.

A key consideration in the design of the wireless enterprise architecture is
to be able to provide defense-in-depth for the network. [NIST 2002] recommends
that “the built-in security features of 802.11 (data link level encryption and
authentication protocols) be used as part of an overall defense-in-depth
strategy”. This thesis will look further into other security mechanisms and best
practices that can be built into a multi-layered defense mechanism for the
wireless network.

C. REQUIREMENTS OVERVIEW

The primary aim of this thesis is to design an enterprise architecture for
specific security requirements for Confidentiality, Integrity and Availability.
Since the DoD’s goal was to use this enterprise architecture in Sensitive
Compartmented Information Facilities (SCIF) or by organizations processing
intelligence information, the enterprise architecture must comply with the Director
of Central Intelligence Directives (DCID). The specific requirements that are used
in this thesis are found in the following documents:

• DCID 6/3 Manual, “Protecting Sensitive Compartmented
Information within Information Systems”

• DCID 6/9 Manual, “Physical Security Standards for Compartmented
Information Facilities”


2



For this study, we assume that Level of Concern for Confidentiality to be
HIGH with Protection Level 1 required. The Levels of Concern for Integrity
and Availability are assumed to be MEDIUM. The highest level of data that will
be processed within the enterprise network is restricted to “UNCLASSIFIED For
Official Use Only”.

D. DESIGN STRATEGY

The strategy for the design of the enterprise architecture takes into
consideration the following factors. In the current state of the art in wireless
technology, wireless networks are less secure compared to wired networks and
the data throughput supported in wireless networks is also often significantly
lower. Based on the security and performance considerations, it is not practical to
design a pure wireless network system for the enterprise. Furthermore, most
enterprises already deploy extensive wired networks, and considerable effort has
been spent to secure these networks. This strategy proposes a hybrid solution in
which the wireless network is designed to extend the services of an existing
wired network. The key points of the strategy is illustrated in Figure 1 and
discussed below.


3




Figure 1. Design Strategy


1. Segregate and secure the wired network. This involves building a
strong defensive perimeter around the boundary of the wired network, and
hosting the mission critical computers and servers within the wired
network. Standard techniques such as using firewalls and intrusion
detection tools can be applied. Since the techniques to secure wired
networks are well known, they will not be further discussed in this report.

2. Deploy the wireless infrastructure outside the perimeter of the wired
network. This will prevent inherent weaknesses in WLAN security from
creating vulnerabilities in the defensive perimeter of the wired network.

3. Protect the RF links used to carry information from between access
points and the mobile device. The link has to be secured to protect
information and data that is transmitted over the airwaves. In this study,
we will focus on the link layer WEP, WPA and the 802.11 i protocols.

4. Provide end to end security between hosts in the wired and
wireless networks. Note that link layer only protects data packets in transit


4





















over the RF medium. By providing end-to-end security, data in transit will

be protected over the wired and wireless networks.

E. THESIS ORGANIZATION

Chapter II provides an overview of the DCID specifications and an
analysis of the specific requirements that are applicable to the wireless network
architecture

Chapter III will focus on the protection of the wireless links between the
mobile nodes and the wireless infrastructure. This chapter provides a detailed
description of the key protocols used in 802.11 to provide link protection, namely
the WEP, WPA and the IEEE 802.11 i protocols.

Chapter IV studies the security mechanisms that can be built over the
IEEE 802.11 standard to provide end-to-end protection, and provide a strong
layered-defense architecture for the network. This chapter also provides a
description of an access control prototype that can be used to control the flow of
sensitive information in the enterprise network.

Finally, Chapter V concludes the findings of this thesis, and provides
recommendations for subsequent research work in the area of wireless security.


5



THIS PAGE INTENTIONALLY LEFT BLANK


6



II. REQUIREMENTS


This chapter provides an overview of the requirements that were specified
for the enterprise architecture. The requirements were based extensively on the
Director Of Central Intelligence Agency Directives (DCID) 6/3 and 6/9
documents. This chapter focuses on the relevant requirements that are
applicable to the wireless network, and is not intended to provide a
comprehensive study of the abovementioned DCID documents. For additional
details, refer to [DCID 6/3 1999] and [DCID 6/9 2002],

A. DCID 6/9 “PHYSICAL SECURITY STANDARDS FOR

COMPARTMENTED INFORMATION FACILITIES”

The DCID 6/9 manual establishes the physical security standards to
govern the construction and protection of facilities for storing, processing and
discussing Sensitive Compartmented Information (SCI) which requires
extraordinary safeguards. The focus of DCID 6/9 is to provide physical
protection requirements for SCIFs, with the intention to prevent as well as detect
visual, acoustical, technical, and physical access by unauthorized persons.
Detailed specifications on the physical controls and the construction criteria
required for a SCIF are provided.

For the most part, the DCID 6/9 manual is concerned with the
construction and physical security of facilities that are used to house SCI. The
sections that are related to the use of wireless technologies are Annex D Part I
which provides guidelines on the use of electronic equipment in SCIFs, and
Annex G which covers the approval process required for the deployment of
wireless technologies in SCIFs.


7



B. DCID 6/3 “PROTECTING SENSITIVE COMPARTMENTED

INFORMATION WITHIN INFORMATION SYSTEMS”

The DCID 6/3 manual provides policy guidance and requirements for the
protection of SCI stored or processed on an Information System (IS). An IS is
defined as any telecommunications and/or computer related equipment or
interconnected system or subsystems of equipment that is used in the
acquisition, storage, manipulation, management, movement, control, display,
switching, interchange, transmission, or reception of voice and/or data. DCID 6/3
applies to all United States Government departments and agencies, their
contractors and allied governments processing intelligence information.

The DCID 6/3 manual defines the concepts of Level of Concern and
Protection Level, and provides guidance on how to use these concepts to
determine the appropriate technical security requirements for confidentiality,
integrity and availability that each IS must meet.

1. Level-of-Concern

The DCID 6/3 manual defines Level-of-Concern as a rating assigned to an
IS. A separate Level-of-Concern is assigned for confidentiality, integrity and
availability, and this can be BASIC, MEDIUM, or HIGH.

The Level-of-Concern assigned to an IS for confidentiality is based on the
sensitivity of the information it maintains, processes, and transmits. By definition,
any system that processes intelligence information requires a HIGH Level-of-
Concern rating. MEDIUM and BASIC levels of concern are not applicable to
confidentiality, since any system that is accredited by the DCID 6/3 by definition
processes intelligence information. Since the architecture discussed in this paper
is accredited under the DCID 6/3 manual, it is assigned a HIGH confidentiality
Level-of-Concern.

The Level-of-Concern assigned to an IS for integrity is based on the
degree of resistance to unauthorized modifications. The Level-of-Concern
assigned to an IS for availability is based on the needed availability of the

8



information maintained, processed and transmitted by the system for mission
accomplishment, and how much tolerance for delay is allowed.

Table 1 provides a summary of the indicators for Confidentiality, Integrity


and Availability for the various Levels-of-Concern.


Level of
Concern

Confidentiality

Indicators

Integrity Indicators

Availability

Indicators

BASIC

Not applicable to DCID
6/3

Reasonable degree of
resistance required

against unauthorized

modification, or loss of
integrity will have an
adverse effect

Information must
be available with
flexible tolerance
for delay, or loss
of availability will
have an adverse
effect

MEDIUM

Not applicable to DCID
6/3

High degree of

resistance required

against unauthorized

modification, or bodily
injury might result from
loss of integrity, or loss
of integrity will have an
adverse effect on

organizational-level
interests.

Information must
be readily

available with

minimum

tolerance for

delay, or bodily
injury might result
from loss of

availability, or loss
of availability will
have an adverse
effect on

organizational-
level interests.

HIGH

All Information

protecting intelligence
sources, methods and
analytical procedures.

All Sensitive

Compartmented

Information

Very high degree of
resistance required

against unauthorized

modification, or loss of
life might result from loss
of integrity, or loss of
integrity will have an
adverse effect on

national-level interests,
or loss of integrity will
have an adverse effect
on confidentiality.

Information must
always be

available upon

request, with no
tolerance for

delay, or loss of
life might result
from loss of

availability, or loss
of availability will
have an adverse
effect on national
level interests, or
loss of availability
will have an

adverse effect on
confidentiality.

Table 1. Summary of Key Indicators for Confidentiality, In

tegrity and


Availability for Various Levels-of-Concern [DCID 6/3 1999]


9














2. Protection Level

The DCID 6/3 manual defines Protection Level as an “indication of the
implicit level of trust that is placed in a system’s technical capabilities”. The
concept of Protection Level is applicable only to confidentiality. A Protection
Level is determined based on the classification and sensitivity of information
processed on the system, relative to the clearance(s), formal access approval(s)
and need-to-know of all direct and indirect users that receive information from the
IS without manual intervention and reliable human review.

The DCID 6/3 manual specifies 5 different Protection Levels, ranging from
PL1 to PL5, and the criteria for selecting the suitable Protection Levels for an IS


is shown in Table 2.


Protection Level

Criteria

PL 1

An IS operates at Protection Level 1 when all users have all
required approvals for access to all information on the IS.
This means that all users have all required clearances,
formal access approvals, and the need to know for all
information on the IS.

PL 2

An IS operates at Protection Level 2 when all users have all
required formal approvals for access to all information on
the IS, but at least one user lacks administrative approval
for some of the information on the IS, This means that all
users have all required clearances and all required formal
access approvals, but at least one user lacks the need to
know for some of the information on the IS. ;

PL 3

An IS operates at Protection Level 3 when at least one user
lacks at least one required formal approval for access to all
information on the IS. This means that all users have all
required clearances, but at least one user lacks formal
access approval for some of the information on the IS.

PL 4

An IS operates at Protection Level 4 when at least one user
lacks sufficient clearance for access to some of the
information on the IS, but all users have at least a SECRET
clearance.

PL 5

An IS operates at Protection Level 5 when at least one user
lacks any clearance for access to some of the information
on the IS. ,


Table 2. Selection Criteria for Protection Levels [DCID 6/3 1999]


10

















C. SPECIFIC REQUIREMENTS

The broad requirements for specified by the DoD for the areas of
Confidentiality, Integrity and Availability are as follows:

Confidentiality: Level-of-Concern HIGH, Protection Level 1 (PL1)

Integrity: Level-of-Concern MEDIUM

Availability: Level-of-Concern MEDIUM

Based on the Level-of-Concern and Protection Level required, the policies
that are applicable to the design of the wireless enterprise architecture are
extracted. These are tabulated and shown in Table 3.


POLICY

REFERENCE

CONFIDENTIALITY (Level of Concern: HIGH, PL1)

Data Storage

Information encrypted using NSA-approved encryption
mechanisms appropriate for the classification of stored
data

DCID 6/3 4.B.1 .a(7)(d)

Data Transmission

Information distributed using NSA-approved encryption
mechanisms appropriate for the classification of the
information

DCID 6/3 4.B.1 .a(8)(a)(3)

Identification and Authentication

An identification and authentication (l&A) management
mechanism that ensures a unique identifier for each
user and that associates that identifier with auditable
actions taken by the user

DCID 6/3 4.B.1 .b(3)

Identification and Authentication

Access to the IS by privileged users who either reside
outside of the IS’s perimeter or whose communications
traverse data links(extranets, INTERNET, phone links)
that are outside of the IS’s perimeter shall require the
use of strong authentication (i.e., an l&A technique that
is resistant to replay attacks)

DCID 6/3 4.B.1 .b(4)

INTEGRITY (Level of Concern: MEDIUM)

Protect against unauthorized modification/tampering of
data in transit over the wireless medium



Table 3. Specific Requirements for the Wireless Enterprise


11






















D. REQUIREMENTS FOR AVAILABILITY

The policies and requirements shown in Table 3 are focused on the areas
of confidentiality and integrity. For the area of Availability with MEDIUM level of
concern, the DCID 6/3 manual specifies that adequate processes and
procedures to allow for the restoration of a system in the event of a failure. DCID
6/3 also requires the implementation of “communications capability that provides
adequate communications to accomplish the mission when the primary
operations communications capabilities are unavailable” [DCID 6/3 1999, Section
6.B.2.a(4)].

The requirements for availability are addressed by providing sufficient
redundancy and back-ups in the wired and wireless networks. In fact, the
redundancy design should be focused on the wired domain, since this is where
the mission critical servers and computers will be located. On the wireless
domain, provide sufficient spare network capacity which can be activated in the
event of a network failure. Mission critical functionalities provided in the wireless
network should also be replicated in the wired network. These measures will
provide continued mission capability in the event of a failure in the wireless
domain.


12



III. IEEE 802.11: LINK SECURITY MECHANISMS


This chapter examines the different link layer security protocols that are
provided in the IEEE 802.11 WLAN standard. (A simple overview of the 802.11
standard is provided in Appendix A). The purpose of these protocols is to protect
communications traveling over airwaves between mobile nodes and access
points, and prevent unauthorized access to information on the network.

In this chapter, we will first study the WEP protocol and look into its well-
publicized weaknesses. This will be followed by an analysis of the protocols that
were developed to replace WEP, specifically the IEEE 802.lx Port-Based
authentication, WPA and the IEEE 802.11 i protocols. An evaluation and
comparison of these protocols will be made with respect to the requirements of
the enterprise network.

A. WIRED EQUIVALENT PRIVACY (WEP)

The IEEE 802.11 standard specifies a security standard known as WEP to
provide security for the wireless network. A detailed discussion on the WEP is
provided to give a better understanding of its limitations, and how these
limitations will eventually be remedied by the WPA and IEEE 802.11i protocols.

WEP was designed to provide security on the wireless network at a level
equivalent to wired networks. The 3 main security goals for WEP are: [Borisov
2002 ]:

• Confidentiality: Prevent eavesdropping by using an encryption
scheme based on the RC4 stream cipher.

• Access Control: Protect access to a wireless network
infrastructure by requiring users to demonstrate knowledge of a
shared secret key k (more commonly known as the WEP key). This
key is shared among all legitimate users of the WLAN network.


13



• Data Integrity: To prevent tampering of the transmitted messages,
through a CRC-32 checksum.



Figure 2. WEP Encryption Process


A description of the encryption process used in WEP is shown in Figure 2.
We assume that the user has the correct secret key k to access the network. The
process to encrypt a user generated message M is as follows:

Step 1: A 32 bit Cyclic Redundancy Checksum (CRC) is computed for the
message M. The CRC is appended with message M to form the plaintext
message P.

Step 2: A RC4 keystream is generated using the secret key k and an
Initialization Vector (IV) as inputs. The IV is used to ensure that subsequent data
packets are encrypted with different keystreams, even though the same secret
key is used.

Step 3: The RC4 keystream is EXCLUSIVE-ORed (XOR) with the
plaintext message P, to generate the ciphertext C.

Step 4: The IV is concatenated with the ciphertext, and the entire frame is
transmitted. The IV is not encrypted and is transmitted in the clear.

Step 5: When the message frame arrives at the recipient (another host on
the wireless network also possessing the secret key k), the IV is extracted from

14



the frame. The IV is used together with the shared secret key k to generate the
original RC4 keystream. The original plaintext P is then recovered by performing
an XOR of the ciphertext and keystream.

Step 6: The recipient host performs an integrity check by computing the
checksum for the received message, and comparing it with the received CRC
checksum. The message passes the integrity check if the 2 checksums are
identical. If the checksums are different, the message is considered to be
compromised and will be discarded.


Table 4 provides a summary of the various parameters used in the WEP
mechanism


PARAMETER

PROPERTIES

Secret key, k (aka WEP key)

40 bits (used in early versions of WEP)


104 bits (current standard)

Initialization Vector, IV

24 bits

Integrity Checksum

32 bit CRC

Encryption Algorithm

RC4 Stream Cipher


Table 4. Specifications of Key Parameters used in WEP


B. WEAKNESSES OF WEP

The WEP mechanism came under intense scrutiny over the past few
years due to its inherent security flaws. [Borisov 2002] demonstrated that WEP
falls short of achieving its security goals for confidentiality, integrity and access
control. Based on their research, WEP was found to be insecure due to improper
implementation of the RC4 algorithm and the use of the CRC 32 checksum for
data integrity. The key issues with WEP are summarized as follows:


15



















1. Integrity

The CRC 32 checksum does not provide strong message integrity. It was
shown that an attacker can modify the contents of a message packet as well as
the corresponding CRC-32 checksum even without knowing the secret
encryption key.

2. Authentication

The authentication mechanism used in WEP is a simple “challenge and
response” scheme based on whether a user has knowledge of a shared secret.
In the case of WEP, this shared secret is the WEP key that is shared among all
users of the wireless network. The problem with using WEP authentication is that
users cannot be individually identified and authenticated, since anyone with the
WEP key will be granted access.

Another issue with WEP is that it does not support mutual authentication.
Hence a user cannot challenge and authenticate a network access point, and
cannot be assured that it is connecting to a legitimate network.

3. Confidentiality

WEP does not protect confidentiality due to improper implementation of
the RC4 algorithm in the WEP protocol. Poor key management, as well as the
reuse of IV can allow attackers to break the WEP key if sufficient packets are
sniffed and collected off the airwaves. Once the WEP key is broken, decrypting
information carried on the wireless network becomes a trivial affair. Tools have
been developed that exploit the weaknesses in WEP and these can be freely
downloaded via the Internet. Examples of such tools are AirSnort (available at
http://airsnort.shmoo.com ) and WEPCrack (available at
http://wepcrack.sourceforqe.net) .


16




c.


IEEE 802.IX

The IEEE 802.lx is a port based protocol that provides authentication and
authorization for both wired and wireless networks. It was included in the 802.11
standard to remedy the weaknesses in the authentication processes used in
WEP. IEEE 802.lx was ratified in Jun 2001, and is currently supported in many
802.11 cards and access points. (The full specification is available at
http://www.ieee802.Org/1/paqes/802.1x.html ).


1. Principle of Operation

802.lx defines three entities in the authentication process [Edney and
Arbaugh 2004]:

• Supplicant - entity that wants to join a network i.e. a wireless client.

• Authenticator - entity that controls access to the network. In the
case of WLANs, this refers to an access point.

• Authentication server - entity that makes the authorization
decisions.

A general overview of the authentication process used in 802.lx is
illustrated in Figure 3.


17



WIRELESS DEVICES

(SUPPLICANT) ACCESS POINT



Figure 3. Overview of 802.lx Authentication Protocol
(from [Edney & Arbaugh 2004])

In Figure 3, an authenticator is created together with a logical port for each
supplicant requesting access to the network. The authenticator controls access
to network resources by using manipulating logical switches within the access
point. By default, the logical switches are in the open position. A wireless device
has to submit credentials (such as user ID and a password) to the authenticator,
which in turn relays these messages to the authentication server. The
authentication server uses the credentials provided by the wireless device and
determines if access is to be granted. If access is granted, the logical switch
controlling the connection for that wireless device will be closed thereby enabling
access to the network.


18









































2. Extensible Authentication Protocol (EAP)

802.lx is intended to provide strong authentication, access control and
key management control, which is not provided in WEP. 802.lx is based on EAP
or more specifically EAP over Local Area Networks (EAPOL). EAP is general
messaging protocol that provides communications and message exchanges
between different parties in the authentication process. Note that EAP does not
specify the type of authentication method used. However, different authentication
methods have been implemented to work with EAP, including Kerberos,
public/private keys, as well as biometrics. For a full listing of EAP authentication
methods, refer to [Bersani 2004],


<

o

_i

0.

CL

3

W


Start


Request Identity


Response Identity


Request 1


Response 1


◄-

Response n


◄-

Success



DC

O

I-

<

o


LJJ

X



Request 1

—►


Response 1



1

i

i

i

Request n



Response n


◄—

Success



DC

LU

>

DC

LU

W


<

o


LU

X

I-

3

<


Figure 4. General EAP Message Flow in Authentication Process
(from [Edney & Arbaugh 2004])

The general authentication sequence using EAP is shown in Figure 4. A
supplicant starts the authentication process by sending an EAP-Start message to
the authenticator. On receiving the EAP-Start message, the authenticator


19






responds with an EAP Request Identity message to determine the identity of the
supplicant. The supplicant follows up by sending its identify information using the
EAP Response Identity message which is forwarded by the authenticator to the
authentication server. The authentication server initiates a series of challenges to
the supplicant, which provides responses to each challenge. The authentication
server checks the responses received from the supplicant, and returns a
Success message to the authenticator if the responses are correct. On receiving
the Success message from the authentication server, the authenticator grants
access to the supplicant.

Most current applications use the EAP-TLS method (one of the EAP
methods) for authentication with an authentication server. EAP-TLS (EAP-
Tunneled Layer Security) uses a certificate-based mechanism to perform mutual
authentication and key exchange, and is generally considered to be the strongest
EAP method. Since EAP-TLS uses certificates, PKI must be supported in the
enterprise network. The authentication server is usually a RADIUS-based
server. However, 802.lx does not specify RADIUS as the default authentication
server, and other authentication servers can be used as long as the servers
support EAP.

D. WI-FI PROTECTED ACCESS

The Wi-Fi Protected Access (WPA) is a standards based, interoperable
security specification developed by the Wi-Fi Alliance. The goal of WPA is to
provide intermediary fixes to the vulnerabilities of WEP. Existing 802.11 network
equipment can be upgraded to WPA through software or firmware upgrades.

The key features of WPA are as follows:

1. Temporal Key Integrity Protocol (TKIP)

TKIP is designed to address WEP’s weaknesses in data encryption. As
discussed in the earlier sections, the current WEP implementation uses a static
shared secret key together with a short (24 bit) initialization vector to generate
the encryption keystream using the RC4 algorithm.


20



TKIP continues to use the RC4 algorithm for data packet
encryption. However, unlike WEP which uses a static shared secret key, TKIP
uses a temporal key that is changed every 10000 packets. A longer 48 bit
initialization vector is also adopted to prevent the reuse of initialization vectors
over the life-time of a temporal key. These measures make it much more difficult
for potential attackers to break the TKIP key using existing WEP-breaking
techniques.


2. Michael Message integrity Check

The Michael Message Integrity Check (MIC) is intended to provide
protection data in transit against unauthorized modifications or tampering. The
Michael algorithm uses a cryptographic digest of the original message as an
integrity checksum. This protects the integrity of data packets on the wireless
networks, since any attempt to modify packets will be detected.

However, one important consideration in the design of WPA was to be
able to operate on existing 802.11 devices with low CPU capacity. With the
constraints of CPU power, it is not feasible to design the Michael MIC to provide
the same level of security as other integrity checksums such as MD5. In view of
this weakness, TKIP implements additional countermeasures to work with the
Michael MIC. Specifically, when an access point detects two packets that have
failed the Michael algorithm on a particular temporal key, it will drop the
association, generate new keys and wait for a minute before creating a new
association to the host.

A concern with the TKIP countermeasures is that attackers can launch a
denial of service attack by flooding access points with messages that have
corrupted integrity checksums. This can result in repeated time-outs at the
access points (for up to one minute each time), and thereby deny legitimate
users from access to the network.


21



However, this risk of a possible denial of service attack should be weighed
against the alternatives of WEP (which is fundamentally broken) or having no
security mechanism at all. In the latter cases, an attacker can gain unrestricted
access to the network and inflict damage while remaining undetected. In the case
of WPA, network monitoring tools can be programmed to look out for frequent
time-outs at access points which would indicate an active attack. This could
provide responsive detection and execution of contingency plans to contain an
attack.

E. IEEE 802.111

The IEEE 802.11 i standard was developed by the IEEE as a replacement
for the flawed WEP protocol. The protocol was recently ratified by IEEE in May
04, and first products supporting 802.11 i are expected to be on the market in the
early part of 2005.

IEEE 802.11 i is designed to be compatible with the WPA protocol. 802.11 i
supports TKIP encryption and the Michael Message Integrity Check used in
WPA, as well as the 802.lx protocol for authentication. However, it should be
noted that TKIP is built around the flawed implementation of the RC4 encryption
algorithm in WEP, and is therefore considered to be an interim solution for
encryption security.

To counter the weaknesses in the RC4-based encryption, 802.11 i
introduces 2 additional encryption protocols based on the FIPS-approved
Advanced Encryption Standard (AES) algorithm.


22



1. Counter Mode with CBC-MAC Protocol (CCMP)

CCMP is the mandated encryption technique in the 802.11 i standard. It
employs the AES algorithm using the CCM mode of operation. CCM utilizes the
Counter Mode (CTR) for data encryption and Cipher Block Chaining Message
Authentication Code (CBC-MAC) to ensure message authenticity and integrity.


CCMP uses the CTR mode in AES to encrypt data for transmission. The
basic mechanism for AES CTR mode encryption i
Lire la suite

• Taille
  2.94 MB
• Nombre de pages
  15