Upload
harry-acker
View
219
Download
2
Embed Size (px)
Citation preview
s
DI Christian PloningerInstitut für KommunikationsnetzeTechnische Universität Wien
IPSec & i-Sharesecure WLAN solutions
s
&
Page 2 DI Christian Ploninger
Security Threats
Counter Measurements
i-Share: secure WLAN
Vortragsübersicht
s
&
Page 3 DI Christian Ploninger
Interception: An unauthorized party (a person, a program, or a computer) gains access to the communication. This is an attack on confidentiality.
Interruption: An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability.
Modification: An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity.
Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity.
Interruption
Interception
Modification
Fabrication
Angriffskonzepte
[Stallings, 1995]: Network and Internetwork Security: Principals and Practice. Prentice Hall International, ISBN 0-13-180050-7.
s
&
Page 4 DI Christian Ploninger
Angriffe und Bedrohungen
Generally attacks may be categorized in passive and active attacks. While passive attacks can be defined as read-only attacks, active attacks include data generation, modification, or destruction.
s
&
Page 5 DI Christian Ploninger
Passive Angriffe
Passive attacks are based on interception. This attack type aims at message confidentiality.
Release of Message Contents (Eavesdropping): An attacker may read messages while they are in transfer. Eavesdropping on data transmission could result in the disclosure of sensitive information such as passwords, data, and procedures for performing functions, etc.
Traffic analysis: Traffic analysis is a form of passive attack in which an intruder observes data being transmitted. An attacker may make inferences of information from observation and analysis of the presence, absence, amount, direction, and frequency of the traffic flow.
Passive attacks are difficult to detect since they do not involve any alteration of data.The emphasis is on prevention rather than detection.
[2382-pt.8] ISO/IEC 2382-8, Information Technology - Vocabulary: Control, integrity, and security, 1998
s
&
Page 6 DI Christian Ploninger
Aktive Angriffe
Masquerading (Spoofing): In such attacks, a person (or machine) impersonates someone else to gain access to a resource.
Replay Attack: Often attacks are based on re-sending packets, or streams of packets, that have already been accepted by a recipient. The fact that it is not necessary to understood the received packets makes this attack quite dangerous.
Tampering (Packet Alteration): Instead of spoofing an identity, an attacker may choose to use a valid connection for his or her needs by altering the message content.
Denial of Service (DoS): DoS attacks aim to prevent access to network resources. Typical attacks involve flooding the network with traffic.
s
&
Page 7 DI Christian Ploninger
Aut
hent
icat
ion
Dat
a Tr
ansf
er
Esta
blis
h C
onne
ctio
n
Clo
se C
onne
ctio
n
Communication Process
Message TamperingMasquerade, ReplayDenial of Service
Eavesdropping
Active Attacks
Passive Attacks
States of Attack
s
&
Page 8 DI Christian Ploninger
Gegenmaßnahmen
Passive Angriffe GegenmaßnahmenRelease of Message Contents (Eavesdropping)
Message Encryption
Traffic Analysis Traffic PaddingAktive Angriffe GegenmaßnahmenDenial of ServiceMessage Tampering (Packet Alteration)
Key Derivation (Cryptographic Binding)
Replay Attacks Key FreshnessChallenge-Response (Challenge Entropy)
Masquerading (Spoofing) Pre-Shared SecretChallenge-Response
(Zero-Knowledge-Proof)
s
&
Page 9 DI Christian Ploninger
Countering Passive Attacks
Release of Message Contents (Eavesdropping): Using encryption cannot prevent from interception, but it protects the transmitted content and guarantees data confidentiality.
Traffic analysis: An appropriate counter measurement against this kind of attack is traffic padding. Traffic padding describes the generation of fake communications or data units to disguise the amount of real data units being sent.
s
&
Page 10 DI Christian Ploninger
Denial of Service (DoS): Especially in wireless communication it seems that there is no counter measurement against DoS attacks. Attackers easily can send noise traffic on the used radio frequencies making communication impossible.
Tampering (Packet Alteration): After the successful authentication of a valid user, an attacker may modify the transmitted data. This can be countered by the cryptographically binding of authentication and data transmission phase. Ordinary this is achieved by deriving session keys for the data transfer phase.
Countering Active Attacks
s
&
Page 11 DI Christian Ploninger
Replay Attacks: Cryptographic keys have to change frequently to protect against unauthorized key reuse (key freshness). Additionally challenge-response-protocols can be used to prevent from packet reuse.
Masquerading (Spoofing): Appropriate counter measurements against spoofing are: pre-shared secrets, challenge-response protocols.
Pre-shared secrets: The identity of a communication party can only be verified, if the party is known a-priori.
Challenge-Response-Protocols: The party’s identity has to be proofed without the transmission of the party‘s secret.
Countering Active Attacks (Cont.)
s
&
Page 12 DI Christian Ploninger
i-Sharei-Securityi-Motion
Wireless LANConnectivity
SecurityUsability
Application
Projekt i-Share
i-Share: Intelligente, von der Verfügbarkeit der Mitglieder abhängige Freigabe von dezentralen Daten über ein virtuelles Share.
i-Security: Schutz der über die Luftschnittstelle übertragenen Daten in Bezug auf Vertraulichkeit, Authentizität und Integrität.
i-Motion: Automatisiertes Handover zwischen verfügbaren Accesspoints ohne Datenverlust während Übertragungen.
Ziele der Unterprojekte:
Gesamtprojekti-Share
s
&
Page 13 DI Christian Ploninger
Design Goals
Schutz der über die Luftschnittstelle übertragenen Daten in Bezug auf Vertraulichkeit, Authentizität und Integrität.
• WLAN als ist ein unsicheres Extranet End-to-End Security zwischen Host und Security-
GW• Einbindung in das Firmennetz
Tunnelling Protocol zwischen Host und Security-GW• Schutz der Vertraulichkeit von firmeninternen Daten
Einsatz von Verschlüsselung• Schutz vor unbefugten Benutzern
Einsatz von User Authentication• Schutz vor Passwort Attacken
Einsatz von Device Authentication
s
&
Page 14 DI Christian Ploninger
Internet Protocol Security (IPSec)
s
&
Page 15 DI Christian Ploninger
IPSec AH/ESP
[RFC 2402]: IP Authentication Header (AH) [RFC 2406]: IP Encapsulating Security Payload (ESP)
s
&
Page 16 DI Christian Ploninger
• Standard auf vielen Plattformen• kein festgelegter Algorithmus (NEW: AES, Rijndeal)• unterstützt als sicher geltende Algorithmen (Twofish, AES, 3DES, IDEA, MD5, SHA,....)• keinerlei bekannte Design-Schwächen• NT: Client muss korrekt konfiguriert sein• IPSec gilt als zukunftssicher• fixer Bestandteil von IPv6
Vorteile von IPSEC
s
&
Page 17 DI Christian Ploninger
IP TrafficPPP Connection
Layer 2 Tunneling Protocol
Encrypted Data Transfer
Intranet
WirelessAccesspoint
+ FirewallVPN ServerWirless User
IPSEC Transport
IEEE 802.11gIEEE 802.11aIEEE 802.11b
IEEE 802.3
IP Traffic
• Sicher gegen Rouge APs• Sicher gegen Man-in-the-Middle Attacken (pre-shared secret)• Sicher gegen Eavesdropping (IPSEC-ESP)• State-of-the-art Algorithmen (3DES, AES) (kein WEP!)
[RFC 1171]: The Point-to-Point Protocol [RFC 2661]: Layer Two Tunneling Protocol "L2TP"
s
&
Page 18 DI Christian Ploninger
Packet Encapsulation
s
&
Page 19 DI Christian Ploninger
Authentication Process
VPN Server
Wirless User
Internet Key Exchange (Phase 1)Generation of Master Key
Mutual Device Authentication
PPP Authentication MS-CHAPv2Mutual User Authentication
PW-FilePassword
Generation of IPSec Session KeyInternet Key Exchange (Phase 2) ISAKMP SA
Master KeyMaster Key
IPSEC-ESP IPSEC SA
IPSec KeyIPSec Key
• Kombinierte Device/User Authentication • Beidseitige Authentifizierung (Mutual Authentication)
[RFC 2406]: IP Encapsulating Security Payload (ESP) [RFC 2409]: The Internet Key Exchange (IKE) [RFC 2759]: Microsoft PPP CHAP Extensions Version 2
s
&
Page 20 DI Christian Ploninger
Evaluation Chart
IKE MS-CHAPv2
Eavesdropping ProtectionEncryption (Auth.) 3-DESEncryption (Trans.) 3-DES 3-DES
Spoofing ProtectionPre-Shared Secret Passphra
sePassword
Device Authentication XUser Authentication XZero-Knowledge-Proof X XMutual Authentication X X
Tampering Protection Key Derivation X
Replay ProtectionKey Freshness X X
s
&
Page 21 DI Christian Ploninger
Schutz des firmeninternen Daten Sicherheit gegen Man-in-the-Middle
(pre-shared secrets) Sicherheit gegen Rouge APs
(End-to-End Security zwischen Host und Security-Gateway) Sicherheit gegen Tampering
(IKE Key Derivation) Sicherheit gegen Eavesdropping
(IPSEC-3DES) Sicherheit gegen Spoofing
(IKE Device Authentication, MS-CHAPv2 User Authentication, Mutual Authentiction, Zero-Knowledge-Proofs)
Sicherheit gegen Replay (IKE Key Lifetimes, MS-CHAPv2 Challenges)
Summary
s
&
Page 22 DI Christian Ploninger
IEEE 802.11bVPN / IPSec
Intranet
VPN Server+ Firewall
172.28.147.254
158.226.15.88
WWW Server158.226.15.100
172.28.147.4
WLAN Host172.28.147.x
Secured WLAN
Demonstrations Szenario
s
&
Page 23 DI Christian Ploninger
Vielen Dank für Ihre Aufmerksamkeit
s
DI Christian Ploninger+43 51707 42361
+43 (1) 58801 38829