Description
Preface.
Acknowledgments.
I. WHAT EVERYONE SHOULD KNOW.
1. Introduction.
Setting the Scene.
Roadmap to the Book.
Notes on the Book.
2. Security Principles.
What Is Security?
Good Security Thinking.
1. Don’t Talk to Anyone You Don’t Know.
2. Accept Nothing Without a Guarantee.
3. Treat Everyone as an Enemy until Proved Otherwise.
4. Don’t Trust Your Friends for Long.
5. Use Well-Tried Solutions.
6. Watch the Ground You Are Standing on for Cracks.
Security Terms.
Summary.
3. Why Is Wi-Fi Vulnerable to Attack?
Changing the Security Model.
What Are the Enemies Like?
Gaming Attackers.
Profit or Revenge Attackers.
Ego Attackers.
Traditional Security Architecture.
Option 1: Put Wireless LAN in the Untrusted Zone.
Option 2: Make Wi-Fi LAN Trusted.
Danger of Passive Monitoring.
Summary.
4. Different Types of Attack.
Classification of Attacks.
Attacks Without Keys.
Snooping.
Man-in-the-Middle Attack (Modification).
Attacks on the Keys.
One-Time Passwords.
Burying the Keys.
Wireless Attacks.
Attacking the Keys Through Brute Force.
Dictionary Attacks.
Algorithmic Attacks.
Summary.
II. THE DESIGN OF WI-FI SECURITY.
5. IEEE 802.11 Protocol Primer.
Layers.
Wireless LAN Organization.
Basics of Operation in Infrastructure Mode.
Beacons.
Probing.
Connecting to an AP.
Roaming.
Sending Data.
Protocol Details.
General Frame Formats.
AC header.
Management Frames.
Radio Bits.
Summary.
6. How IEEE 802.11 WEP Works and Why It Doesn’t.
Introduction.
Authentication.
Privacy.
Use of RC4 Algorithm.
Initialization Vector (IV).
WEP Keys.
Mechanics of WEP.
Fragmentation.
Integrity Check Value (ICV).
Preparing the Frame for Transmission.
RC4 Encryption Algorithm.
Why WEP Is Not Secure.
Authentication.
Access Control.
Replay Prevention.
Message Modification Detection.
Message Privacy.
RC4 Weak Keys.
Direct Key Attacks.
Summary.
7. WPA, RSN, and IEEE 802.11i.
Relationship Between Wi-Fi and IEEE 802.11.
What Is IEEE 802.11i?
What Is WPA?
Differences Between RSN and WPA.
Security Context.
Keys.
Security Layers.
How the Layers Are Implemented.
Relationship of the Standards.
List of Standards.
Pictorial Map.
Summary.
8. Access Control: IEEE 802.1X, EAP, and RADIUS.
Importance of Access Control.
Authentication for Dial-in Users.
IEEE 802.1X.
IEEE 802.1X in a Simple Switched Hub Environment.
IEEE 802.1X in Wi-Fi LANs.
EAP Principles.
EAP Message Formats.
EAPOL.
EAPOL-Start. BHEADS = EAPOL-Key.
EAPOL-Packet.
EAPOL-Logoff.
Messages Used in IEEE 802.1X.
Authentication Sequence.
Implementation Considerations.
RADIUS–Remote Access Dial-In User Service.
RADIUS Mechanics.
EAP over RADIUS.
Use of RADIUS in WPA and RSN.
Summary.
9. Upper-Layer Authentication.
Introduction.
Who Decides Which Authentication Method to Use?
Use of Keys in Upper-Layer Authentication.
Symmetric Keys.
Asymmetric Keys.
Certificates and Certification Authorities.
A Detailed Look at Upper-Level Authentication Methods.
Transport Layer Security (TLS).
Functions of TLS.
Handshake Exchange.
Relationship of TLS Handshake and WPA/RSN.
TLS over EAP.
Summary of TLS.
Kerberos V5V5.
Using Tickets.
Kerberos Tickets.
Obtaining the Ticket-Granting Ticket.
Service Tickets.
Cross-Domain Access.
How Tickets Work.
Use of Kerberos in RSN.
Cisco Light EAP (LEAP).
Protected EAP Protocol (PEAP).
Phase 1.
Phase 2.
Status of PEAP.
Authentication in the Cellular Phone World: EAP-SIM.
Overview of Authentication in a GSM Network.
Linking GSM Security to Wi-Fi LAN Security.
EAP-SIM.
Status of GSM-SIM Authentication.
Summary.
10. WPA and RSN Key Hierarchy.
Pairwise and Group Keys.
Pairwise Key Hierarchy.
Creating and Delivering the PMK.
Computing the Temporal Keys.
Exchanging and Verifying Key Information.
Completing the Handshake.
Group Key Hierarchy.
Summary of the Key Establishment Process.
Key Hierarchy Using AES-CCMP.
Mixed Environments.
Summary of Key Hierarchies.
Details of Key Derivation for WPA.
Four-Way Handshake.
Group Key Handshake.
Nonce Selection.
Computing the Temporal Keys.
Summary.
11. TKIP.
What Is TKIP and Why Was It Created?
TKIP Overview.
Message Integrity.
IV Selection and Use.
Per-Packet Key Mixing.
TKIP Implementation Details.
Message Integrity–Michael.
Countermeasures.
Computation of the MIC.
Per-Packet Key Mixing.
Substitution Table or S-Box.
Phase 1 Computation.
Phase 2 Computation.
Summary.
12. AES-CCMP.
Introduction.
Why AES?
AES Overview.
Modes of Operation.
Offset Codebook Mode (OCB).
How CCMP Is Used in RSN.
Steps in Encrypting a Transmission.
CCMP Header.
Overview of Implementation.
Steps in Encrypting an MPDU.
Decrypting MPDUs.
Summary.
13. Wi-Fi LAN Coordination: ESS and IBSS.
Network Coordination.
ESS Versus IBSS.
Joining an ESS Network.
WPA/RSN Information Element.
Validating the Information Elements.
Preauthentication Using IEEE 802.1X.
IBSS Ad-Hoc Networks.
Summary.
III. WI-FI SECURITY IN THE REAL WORLD.
14. Public Wireless Hotspots.
Development of Hotspots.
Public Wireless Access Defined.
Barriers to Growth.
Security Issues in Public Hotspots.
How Hotspots Are Organized.
Subscribers.
Access Points.
Hotspot Controllers.
Authentication Server.
Different Types of Hotspots.
Airports.
Hotels.
Coffee Shops.
Homes.
How to Protect Yourself When Using a Hotspot.
Personal Firewall Software.
Virtual Private Network (VPN).
Summary.
15. Known Attacks: Technical Review.
Review of Basic Security Mechanisms.
Confidentiality.
Integrity.
Review of Previous IEEE 802.11 Security Mechanisms.
Confidentiality.
RC4 and WEP.
Integrity and Authentication.
Attacks Against the Previous IEEE 802.11 Security Mechanisms.
Confidentiality.
Access Control.
Authentication.
Man-in-the-Middle Attacks.
Management Frames.
ARP Spoofing.
Problems Created by Man-in-the-Middle Attacks.
802.1x and EAP.
PEAP.
Denial-of-Service Attacks.
Layer 2 Denial-of-Service Attacks Against All Wi-Fi-Based Standards.
WPA Cryptographic Denial-of-Service Attack.
Summary.
16. Actual Attack Tools.
Attacker Goals.
Process.
Reconnaissance.
Example Scenarios.
Planning.
Collection.
Analysis.
Execution.
Other Tools of Interest.
Airsnort.
Airjack.
Summary.
17. Open Source Implementation Example.
General Architecture Design Guidelines.
Protecting a Deployed Network.
Isolate and Canalize.
Upgrade Equipment’s Firmware to WPA.
What to Do If You Can’t Do Anything.
Planning to Deploy a WPA Network.
Deploying the Infrastructure.
Add a RADIUS Server for IEEE 802.1X Support.
Use a Public Key Infrastructure for Client Certificates.
Install Client IEEE 802.1X Supplicant Software.
Practical Example Based on Open Source Projects.
Server Infrastucture.
Building an Open Source Access Point.
Making It All Work.
Summary.
Acknowledgments.
References and More Information.
APPENDIXES.
Appendix A. Overview of the AES Block Cipher.
Finite Field Arithmetic.
Addition.
Subtraction.
Multiplication.
Division.
Galois Field GF().
Conclusion.
Steps in the AES Encryption Process.
Round Keys.
Computing the Rounds.
Decryption.
Summary of AES.
Appendix B. Example Message Modification.
Appendix C. Verifying the Integrity of Downloaded Files.
Checking the MD5 Digest.
Checking the GPG Signature.
Acronyms.
References.
Index.
Real 802.11 Security describes an entirely new approach to wireless LAN security based on the latest developments in Wi-Fi technology. The author team addresses the theory, implementations, and reality of Wi-Fi security. It provides an overview of security issues, explains how security works in Wi-Fi networks, and explores various security and authentication protocols. The book concludes with an in-depth discussion of real-world security issues and attack tools.
Clear explanations and practical advice on how to use the Wi-Fi Alliance and IEEE standards to block hackers from derailing wireless LANs.
- Describes new approach to wireless security based on Wi-Fi Protected Access (WPA) and the 802.11i standard (releasing summer 2003).
- Wireless equipment based on the 802.11 standard accounts for up to 99% of the wireless networking market.
- Written by experts on wireless security. Arbaugh brings a hardcore security background and Edney brings industry experience.
“Real 802.11 Security provides clear descriptions of current and emerging security techniques. The authors handle complex topics nicely, and offer significant clarification of IEEE draft standards.”
–Russ Housley, IETF Security Area Director and founder of Vigil Security, LLC
“This is certainly the definitive text on the internals of 802.11 security!”
–John Viega, founder and chief scientist, Secure Software, Inc.
“This book keeps the exposition as straightforward as possible and enables you to cut through the maze of acronyms, hacking tools, rumored weaknesses, and vague vendor security claims to make educated security decisions when purchasing or deploying WLAN.”
–Simon Blake-Wilson, Director of Information Security, BCI
Business professionals and advanced home users are captivated by the convenience of working on wireless networks. But how can privacy and security be maintained effectively? Real 802.11 Security describes an entirely new approach to wireless LAN security based on the latest developments in Wi-Fi technology. This is the book that will show you how to establish real security within your Wi-Fi LAN.
Recent developments in Wi-Fi security achieve what no amount of reconfiguration can do: They solve the problem at the source. Wi-Fi Protected Access (WPA) repairs weaknesses in existing Wi-Fi systems and is designed to allow software upgrades. The upcoming 802.11i standard will offer a much higher level of security than previously offered and will provide flexible, extremely secure solutions for future products.
Real 802.11 Security addresses the theory, implementations, and reality of Wi-Fi security. It provides an overview of security issues, explains how security works in Wi-Fi networks, and explores various security and authentication protocols. The book concludes with an in-depth discussion of real-world security issues and attack tools.
Written by two experts in wireless security, Jon Edney and William Arbaugh, this book shows you how to stay informed and aware when making security decisions, and what steps you can take to implement the most effective, proactive wireless security now and in the future.
0321136209B06242003
Jon Edney specializes in wireless networking and is a key contributor to the development of IEEE 802.11 systems. As a member of the technology consultancy Symbionics Networks, he deployed the first low-cost 802.11 designs. In 1996, Edney cofounded InTalk, Inc., the first IEEE 802.11 company to develop WLAN access points. After InTalk was acquired by Nokia Corporation, he focused on the application of Wi-Fi to public access networks. He is an active member of the IEEE 802.11 TGi security group.
William A. Arbaugh is an assistant professor of computer science at the University of Maryland in College Park, where he conducts research in information systems security. Arbaugh served as a senior computer scientist for the National Security Agency’s Office of Research and Technology, and then as senior technical advisor for the Office of Advanced Network Programs. He has many publications to his credit and has delivered papers at security-related conferences such as IEEE, SANS, USENIX, and Comdex.
0321136209AB06242003