Wireless access points and associated infrastructure are similarly considered an extension of the data network. However, the increasing use of VoIP clients within this infrastructure creates several unique security considerations (particularly DoS given that wireless is a shared medium). In addition, wireless VoIP devices in the marketplace have lagged in implementation of the most current wireless encryption recommendations. All this should be taken into consideration in the design and operation of wireless VoIR.
Wireless Encryption: WEP
When wireless networking was first designed, its primary focus was ease of implementation, and certainly not security. As any security expert will tell you, it’s extremely difficult to secure a system after the fact. WEP, the Wired Equivalent Privacy encryption scheme, initially was targeted at preventing theft-of-service and eavesdropping attacks. WEP comes in two major varieties, standard 64-bit and 128-bit encryption. 256-bit and 512-bit implementations exist, but they are not nearly as supported by most vendors. 64-bit WEP uses a 24-bit initialization vector that is added to the 40-bit key itself; combined, they form an RC4 key. 128-bit WEP uses a 104-bit key, added to the 24 bit initialization vector. 128-bit WEP was implemented by vendors once a U.S. government restriction limiting cryptographic technology was lifted.
In August of 2001, Fluhrer, Mantin, and Shamir released a paper dissecting cryptographic weaknesses in WEP’s RC4 algorithm. They had discovered that WEPs 24-bit initialization vectors were not long enough, and repetition in the cipher text existed on busy networks. These so-called weak IVs leaked information about the private key An attacker monitoring encrypted traffic long enough was able to recreate the private key, provided enough packets were gathered. Access Point Vendors responded by releasing hardware that filtered out the weak IVs.
However, in 2004 a hacker named Korek released a new statistical-analysis attack on WEP, which led the way to a whole new series of tools. These new wireless weapons broke WEP using merely IVs, and no longer just IVs were considered weak. On a 64-bit WEP encrypted network, an attacker need gather only around 100,000 IVs to crack in (although more certainly increases the chance of penetration) and only 500,000 to 700,000 for 128-bit WEP. On a home network, it can take days, even weeks to see enough traffic to make cracking the key possible. However, clever attackers discovered a way to stimulate network traffic by replaying encrypted network level packets at the target. By mimicking legitimate network traffic, the target network would respond over and over, causing a flood of network traffic and creating IVs at an accelerated rate. With this new attack, a 128-bit WEP network can be broken in as little as 10 minutes.
Wireless Encryption: WPA2
WPA, WiFi Protected Access, was created to address overwhelming concerns with WEPs inadequacy. WPA uses RC4; however, it uses a 128-bit key appended to a 48-bit initialization vector. This longer key defeats the key recovery attacks made popular against WEP using the Temporal Key Integrity Protocol (TKIP), which changes keys mid-session, on the fly Additionally, the Message Integrity Code (MIC) includes a frame counter in the packet, which prevents the replay attacks that cripple WEP.
WPA2 was the child of the IEEE group, their certified form of 802.111. RC4 was replaced by the favorable AES encryption scheme, which is still considered secure. WPA’s MIC is replaced by CCMP, the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. CCMP checks to see if the MIC sum has been altered, and if it has, will not allow the message through.
Perhaps the most beneficial attribute of WPA2 is its ease of implementation. In most cases, hardware vendors needed only reflash the firmware of their Access Points to allow for WPA2 compatibility.
Although considerably stronger than its older brother, WEP, WPA2 is not without guilt. WPA2 encrypted traffic is still susceptible to dictionary attacks since WPA2 uses a hashing algorithm that can be reproduced. Joshua Wright released a tool called co WPAtty, which is a brute-force cracking tool that takes a list of dictionary words and encrypts them using WPA2s algorithms, one at a time. The encrypted value of each word then is compared against the encrypted value of captured traffic, and if the right password is found, POOF! The packet becomes intelligible.
Although brute-force cracking is not guaranteed to yield results, it leverages a weakness found in almost all security mechanisms—the user. If a user chooses a password that is not strong enough, or uses semipredictable modifications (the use of the number 3 instead of “e”), the network will fall. It is recommended that users install a pass-phrase instead of a traditional password. A pass-phrase longer than eight characters, which includes nonalphanu-meric characters, is much less likely to be discovered by brute-forcing methods. And never, ever, use a dictionary word as a password, as these will often be discovered within minutes using freely available software from the Internet.
When implementing wireless VoIP, always use WPA2 or use an alternative means for protecting the VoIP stream (i.e., media and signaling encryption or IPSEC tunneling). Given the speed with which WEP can be cracked, it’s almost pointless to use it since it adds encryption latency and creates a false sense of security.
Authentication: 802.1x
802.1x is an authentication (and to a lesser extent, authorization) protocol, whereas WEP/WPA are encryption protocols. And although 802.1x can be used on wired networks as well, it is most common today on wireless networks. It acts as an added layer of protection for existing wireless security implementations like WEP or WPA2 by requiring additional authentication to join a network beyond the shared secret associated with the encryption key.
802.1x works by forcing users (or devices) to identify themselves before their traffic is ever allowed onto the network. This happens through the use of the Extensible Authentication Protocol (EAP) framework. EAP orchestrates password negotiation and challenge-response tokens, coordinating the user with the authentication server. 802.1x sticks the EAP traffic inside of Ethernet, instead of over PPP, a much older authentication protocol used all over the Internet. Keep in mind that there are a lot of different EAP methods available, so when you are comparing vendor support for 802.1x in infrastructure and VoIP devices you need to pay careful attention to the specific methods supported.
As soon as the access point, called an authenticator, detects that the link is active, it sends an EAP Request Identity packet to the user requesting access, known as thesupplicant. The user then responds with an EAP Response Identity packet, which the authenticator passes to the authentication server, who grants or denies access (see Figure 1).
Figure 1: A Basic 802.1x Implementation for a Wireless Network
Think of the supplicant as the guy trying to get into “Club WLAN” who asks the guy at the door if he’s on the list. The authenticator then flags down the bouncer (authenticationserver) to see if he’s “on the list.” If he is, the bouncer lets him in to party with the rest of the party-packets. If not, it’s to the curb he goes!
Because of its moderately complex nature, 802.1x is not as quick to catch on with home users. The involvement of an authentication server (such as a RADIUS server) puts this technology just out of reach for most. However, 802.1x is ideal for businesses and public hot spots looking for more security than WEP or WPA2 alone provide.
No comments:
Post a Comment