Enterprise WLAN Security Attacks / Mohamed Ahmed Abo-Soliman

By:

Mohamed Ahmed Abo-Soliman

Material type: Text

TextLanguage: English Summary language: English Publication details: 2018Description: 100 p. ill. 21 cmSubject(s):

Genre/Form:

Dissertation, Academic

DDC classification:

Contents:

Contents: Introduction ........................................................................................................................................... 14 1.1 General Overview .......................................................................................................................... 14 1.2 Research Objectives ....................................................................................................................... 15 1.3 Research Goals .............................................................................................................................. 15 1.4 Research Approach ........................................................................................................................ 16 1.5 Thesis Organization ....................................................................................................................... 16 Chapter 2 ...................................................................................................................................................... 17 2 WLAN Security Overview .................................................................................................................... 18 2.1 History of WLAN Security ............................................................................................................ 18 2.1.1 Early Stages of Wi-Fi Security .............................................................................................. 18 2.1.2 Cryptography and Embedded Security Protocols .................................................................. 19 2.1.3 Wi-Fi Security Standardization (IEEE 802.11i) .................................................................... 19 2.1.4 Four-Way Handshake Security Protocols .............................................................................. 20 2.2 WPA2 Architecture ........................................................................................................................ 21 2.2.1 Key Generation ...................................................................................................................... 22 2.2.2 Key Distribution.................................................................................................................... 22 2.2.3 WPA2 Authentication ............................................................................................................ 23 2.2.3.1 WPA2 Personal .................................................................................................................. 24 2.2.3.2 WPA2 Enterprise ............................................................................................................... 24 2.3 IEEE 802.1x architecture ............................................................................................................... 24 Chapter 3 ...................................................................................................................................................... 27 3 WPA2 enterprise authentication methods .............................................................................................. 28 3.1 EAP Overview ............................................................................................................................... 28 3.2 EAP Messages Exchange ............................................................................................................... 29 3.3 Common EAP Methods ................................................................................................................. 30 3.3.1 Legacy EAP ........................................................................................................................... 31 3.3.2 Password Based EAP Methods .............................................................................................. 31 3.3.2.1 LEAP ................................................................................................................................ 31 3.3.2.2 EAP SIM ............................................................................................................................ 32 3.3.2.3 EAP AKA .......................................................................................................................... 32 3.3.2.4 EAP SPEKE ....................................................................................................................... 32 3.3.3 Tunnel Based EAP Methods .................................................................................................. 33 6 3.3.3.1 EAP-TTLS ......................................................................................................................... 33 3.3.3.2 EAP-PEAP ......................................................................................................................... 34 3.3.3.3 EAP-TLS ........................................................................................................................... 34 3.3.3.4 EAP-FAST ......................................................................................................................... 35 3.3.3.5 TEAP ................................................................................................................................ 35 3.4 EAP-Method Selection .................................................................................................................. 36 3.5 EAP Security Requirements .......................................................................................................... 36 3.5.1 General EAP Requirements ................................................................................................... 37 3.5.1.1 Mandatory Requirements ................................................................................................... 37 3.5.1.1.1 Generation of symmetric keying material .................................................................... 38 3.5.1.1.2 Key strength (Self Protecting) ...................................................................................... 38 3.5.1.1.3 Mutual authentication support ..................................................................................... 38 3.5.1.1.4 Shared state equivalence (Synchronization of state) .................................................... 39 3.5.1.1.5 Resistance to Dictionary Attacks ................................................................................. 39 3.5.1.1.6 Protection against Man-in-the-Middle Attack ............................................................. 39 3.5.1.1.7 Protected Ciphersuite Negotiation ............................................................................... 40 3.5.1.2 Recommended Requirements ............................................................................................ 40 3.5.1.2.1 Fragmentation .............................................................................................................. 40 3.5.1.2.2 End-user identity hiding ............................................................................................... 40 3.5.1.3 Optional Requirements ...................................................................................................... 41 3.5.1.3.1 Channel binding ........................................................................................................... 41 3.5.1.3.2 Fast reconnect .............................................................................................................. 41 3.5.2 Tunnel-Based EAP Requirements ......................................................................................... 42 3.5.2.1 General Requirements ........................................................................................................ 43 3.5.2.1.1 RFC Compliance .......................................................................................................... 43 3.5.2.2 Tunnel Requirements ......................................................................................................... 43 3.5.2.2.1 TLS Requirements ....................................................................................................... 44 3.5.2.2.1.1 Cipher Suite .......................................................................................................... 44 3.5.2.2.1.1.1 Cipher Suite Negotiation ................................................................................ 44 3.5.2.2.1.1.2 Tunnel data Protection Algorithm .................................................................. 44 3.5.2.2.1.1.3 Tunnel Authentication and Key Establishment .............................................. 44 3.5.2.2.1.2 Tunnel Replay Protection...................................................................................... 44 3.5.2.2.1.3 TLS Extensions ..................................................................................................... 44 3.5.2.2.1.4 Peer Identity Privacy ............................................................................................. 44 3.5.2.2.1.5 Session resumption ............................................................................................... 45 3.5.2.2.2 Fragmentation .............................................................................................................. 45 7 3.5.2.2.3 Protection of data external to tunnel ............................................................................ 45 3.5.2.3 Tunnel Payload Requirements ........................................................................................... 45 3.5.2.3.1 Extensible attribute Type ............................................................................................. 45 3.5.2.3.2 Request/Challenge Response Operation ...................................................................... 45 3.5.2.3.3 Indicating Criticality of Attributes ............................................................................... 45 3.5.2.3.4 Vendor-Specific Support.............................................................................................. 46 3.5.2.3.5 Result Indication .......................................................................................................... 46 3.5.2.3.6 Internationalization of Display Strings ........................................................................ 46 3.5.2.4 EAP Channel Binding Requirements ................................................................................. 46 3.5.2.5 Requirements Associated with Carrying Username and Passwords .................................. 47 3.5.2.5.1 Security ........................................................................................................................ 47 3.5.2.5.1.1 Confidentiality and Integrity ................................................................................. 47 3.5.2.5.1.2 Authentication of Server ....................................................................................... 47 3.5.2.5.1.3 Server Certificate Revocation Checking ............................................................... 47 3.5.2.5.2 Internationalization ...................................................................................................... 47 3.5.2.5.3 Metadata ....................................................................................................................... 47 3.5.2.5.4 Password Change ......................................................................................................... 48 3.5.2.6 Requirements Associated with Carrying EAP Methods .................................................... 48 3.5.2.6.1 Method Negotiation ..................................................................................................... 48 3.5.2.6.2 Chained Methods ......................................................................................................... 48 3.5.2.6.3 Cryptographic Binding with the TLS Tunnel .............................................................. 48 3.5.2.6.4 Peer-Initiated EAP Authentication ............................................................................... 48 3.5.2.6.5 Method Metadata ......................................................................................................... 48 3.6 Tunnel-Based EAP authentication compliance .............................................................................. 49 Chapter 4 ...................................................................................................................................................... 50 4 WLAN Threats & Attacks ..................................................................................................................... 51 4.1 Categories of Wireless attacks ....................................................................................................... 51 4.2 Effective enterprise wireless LANs Attacks .................................................................................. 52 4.2.1 Authentication Attacks ........................................................................................................... 52 4.2.1.1 Brute Force Attacks ........................................................................................................... 53 4.2.1.2 Dictionary Attacks ............................................................................................................. 53 4.2.1.2.1 Passive Dictionary Attack ............................................................................................ 53 4.2.1.2.2 Active Dictionary Attack ............................................................................................. 54 4.2.2 Confidentiality Attacks .......................................................................................................... 54 4.2.2.1 Evil Twin ........................................................................................................................... 54 4.2.2.2 Key Reinstallation Attacks ................................................................................................ 54 8 4.2.2.2.1 4-way Handshake Key-Reinstallation Attack .............................................................. 55 4.2.2.2.2 Group Key Handshake Key-Reinstallation Attack ...................................................... 55 4.2.2.2.3 Fast Transition Handshake Key-Reinstallation Attack ................................................ 55 4.2.3 Availability Attacks ............................................................................................................... 55 4.2.3.1 De-authentication Attacks .................................................................................................. 56 Chapter 5 ...................................................................................................................................................... 57 5 Evaluation & Proposed mitigations ....................................................................................................... 58 5.1 Evaluating WPA2 Authentication Protocols. ................................................................................. 58 5.1.1 EAP common methods Performance evaluation ................................................................... 58 5.1.1.1 LAB Architecture ............................................................................................................... 58 5.1.1.2 Test Bed ............................................................................................................................. 59 5.1.1.3 Test Scenario ...................................................................................................................... 59 5.1.1.4 Practical Evaluation and Lab Results................................................................................. 60 5.2 Practical monitoring and Protocols Analysis ................................................................................. 63 5.2.1 General EAP messages format ............................................................................................... 63 5.2.2 EAP-TTLS Messages format ................................................................................................. 64 5.2.2.1 Attribute Value Pairs (AVPs) ............................................................................................ 66 5.2.3 EAP-PEAP Messages format ................................................................................................. 66 5.2.3.1 PEAP Arbitrary Parameter Exchange ................................................................................ 67 5.2.4 EAP-TLS Messages format ................................................................................................... 67 5.3 EAP common methods Security evaluation................................................................................... 68 5.3.1 Test Lab Evaluation ............................................................................................................... 68 5.3.2 Live Attacks Evaluation ......................................................................................................... 70 5.3.2.1 Ethical Considerations ....................................................................................................... 71 5.4 DETECTED VULNERABILITIES AND PROPOSED MITIGATIONS .................................... 72 5.4.1 Detected Vulnerabilities ......................................................................................................... 73 5.4.1.1 Active Dictionary Attack Practical Evaluation .................................................................. 73 5.4.1.2 Vulnerabilities of Active Dictionary Attack ...................................................................... 74 5.4.2 Key Reinstallation Attack Practical Evaluation ..................................................................... 75 5.4.2.1 Direct GTK Installation after sending 1st message............................................................. 76 5.4.2.2 Standard GTK Installation ................................................................................................. 76 Chapter 6 ...................................................................................................................................................... 78 6 Conclusion & Future Directions ............................................................................................................ 79 6.1 Performance Evaluation Summary ................................................................................................ 79 6.2 Impact of attacks on Authentication methods .............................................................................. 80 6.3 Recommendations and Proposed Amendments ........................................................................... 81 9 6.3.1 Security Requirements for authentication attacks .................................................................. 81 6.3.2 Security Requirements for Confidentiality Attacks ............................................................... 81 6.3.3 Security Requirements for Availability Attacks .................................................................... 82 6.3.4 General Security Considerations ............................................................................................ 82 6.4 Future Directions ........................................................................................................................... 83 Appendix ....................................................................................................................................................... 85 References ...............................................................................................................................

Dissertation note: Thesis (M.A.)—Nile University, Egypt, 2018 . Abstract: Abstract: The increasing number of mobiles and handheld devices that allow wireless access to enterprise data and services is considered a major concern for network designers, implementers and analysts. Enhancements of wireless technologies also accelerate the adoptions of enterprise wireless networks that are widely deployed solely or as an extension to existing wired networks. Bring Your Own Device is an example of the new challenging wireless trends. BYOD environments allow the use of personal mobile computing devices like smart phones, tablets, and laptops for business activities. BYOD has become popular in work places since they keep users in their comfort zone leading to more productivity and cost reduction for businesses. Nevertheless, business data and services are consequentially subject to several wireless attacks, whether they are hosted on a cloud or on premises, especially when travelling through the open air. Corporates and organizations usually apply network-access-control systems for securing enterprise wireless LANs. However, the security systems may be compromised due to detected flaws posing the enterprise critical information to leakage or the entire network to interruption or complete failure. The study helps in evaluating the real risks that threatens wireless technologies. It also provides recommended mitigations and solutions to overcome the detected vulnerabilities and security flaws. This support to ensure adequate protection for wireless communication especially transmitted 802.11 data of corporates and large networks.

Tags from this library: No tags from this library for this title. Log in to add tags.

Average rating: 0.0 (0 votes)

Holdings
Item type	Current library	Call number	Status	Date due	Barcode
Thesis	Main library	005 / M.S.E/2018 (Browse shelf(Opens below))	Not for loan

Supervisor: Sherif Elkassas

Thesis (M.A.)—Nile University, Egypt, 2018 .

"Includes bibliographical references"

Contents:
Introduction ........................................................................................................................................... 14
1.1 General Overview .......................................................................................................................... 14
1.2 Research Objectives ....................................................................................................................... 15
1.3 Research Goals .............................................................................................................................. 15
1.4 Research Approach ........................................................................................................................ 16
1.5 Thesis Organization ....................................................................................................................... 16
Chapter 2 ...................................................................................................................................................... 17
2 WLAN Security Overview .................................................................................................................... 18
2.1 History of WLAN Security ............................................................................................................ 18
2.1.1 Early Stages of Wi-Fi Security .............................................................................................. 18
2.1.2 Cryptography and Embedded Security Protocols .................................................................. 19
2.1.3 Wi-Fi Security Standardization (IEEE 802.11i) .................................................................... 19
2.1.4 Four-Way Handshake Security Protocols .............................................................................. 20
2.2 WPA2 Architecture ........................................................................................................................ 21
2.2.1 Key Generation ...................................................................................................................... 22
2.2.2 Key Distribution.................................................................................................................... 22
2.2.3 WPA2 Authentication ............................................................................................................ 23
2.2.3.1 WPA2 Personal .................................................................................................................. 24
2.2.3.2 WPA2 Enterprise ............................................................................................................... 24
2.3 IEEE 802.1x architecture ............................................................................................................... 24
Chapter 3 ...................................................................................................................................................... 27
3 WPA2 enterprise authentication methods .............................................................................................. 28
3.1 EAP Overview ............................................................................................................................... 28
3.2 EAP Messages Exchange ............................................................................................................... 29
3.3 Common EAP Methods ................................................................................................................. 30
3.3.1 Legacy EAP ........................................................................................................................... 31
3.3.2 Password Based EAP Methods .............................................................................................. 31
3.3.2.1 LEAP ................................................................................................................................ 31
3.3.2.2 EAP SIM ............................................................................................................................ 32
3.3.2.3 EAP AKA .......................................................................................................................... 32
3.3.2.4 EAP SPEKE ....................................................................................................................... 32
3.3.3 Tunnel Based EAP Methods .................................................................................................. 33
6
3.3.3.1 EAP-TTLS ......................................................................................................................... 33
3.3.3.2 EAP-PEAP ......................................................................................................................... 34
3.3.3.3 EAP-TLS ........................................................................................................................... 34
3.3.3.4 EAP-FAST ......................................................................................................................... 35
3.3.3.5 TEAP ................................................................................................................................ 35
3.4 EAP-Method Selection .................................................................................................................. 36
3.5 EAP Security Requirements .......................................................................................................... 36
3.5.1 General EAP Requirements ................................................................................................... 37
3.5.1.1 Mandatory Requirements ................................................................................................... 37
3.5.1.1.1 Generation of symmetric keying material .................................................................... 38
3.5.1.1.2 Key strength (Self Protecting) ...................................................................................... 38
3.5.1.1.3 Mutual authentication support ..................................................................................... 38
3.5.1.1.4 Shared state equivalence (Synchronization of state) .................................................... 39
3.5.1.1.5 Resistance to Dictionary Attacks ................................................................................. 39
3.5.1.1.6 Protection against Man-in-the-Middle Attack ............................................................. 39
3.5.1.1.7 Protected Ciphersuite Negotiation ............................................................................... 40
3.5.1.2 Recommended Requirements ............................................................................................ 40
3.5.1.2.1 Fragmentation .............................................................................................................. 40
3.5.1.2.2 End-user identity hiding ............................................................................................... 40
3.5.1.3 Optional Requirements ...................................................................................................... 41
3.5.1.3.1 Channel binding ........................................................................................................... 41
3.5.1.3.2 Fast reconnect .............................................................................................................. 41
3.5.2 Tunnel-Based EAP Requirements ......................................................................................... 42
3.5.2.1 General Requirements ........................................................................................................ 43
3.5.2.1.1 RFC Compliance .......................................................................................................... 43
3.5.2.2 Tunnel Requirements ......................................................................................................... 43
3.5.2.2.1 TLS Requirements ....................................................................................................... 44
3.5.2.2.1.1 Cipher Suite .......................................................................................................... 44
3.5.2.2.1.1.1 Cipher Suite Negotiation ................................................................................ 44
3.5.2.2.1.1.2 Tunnel data Protection Algorithm .................................................................. 44
3.5.2.2.1.1.3 Tunnel Authentication and Key Establishment .............................................. 44
3.5.2.2.1.2 Tunnel Replay Protection...................................................................................... 44
3.5.2.2.1.3 TLS Extensions ..................................................................................................... 44
3.5.2.2.1.4 Peer Identity Privacy ............................................................................................. 44
3.5.2.2.1.5 Session resumption ............................................................................................... 45
3.5.2.2.2 Fragmentation .............................................................................................................. 45
7
3.5.2.2.3 Protection of data external to tunnel ............................................................................ 45
3.5.2.3 Tunnel Payload Requirements ........................................................................................... 45
3.5.2.3.1 Extensible attribute Type ............................................................................................. 45
3.5.2.3.2 Request/Challenge Response Operation ...................................................................... 45
3.5.2.3.3 Indicating Criticality of Attributes ............................................................................... 45
3.5.2.3.4 Vendor-Specific Support.............................................................................................. 46
3.5.2.3.5 Result Indication .......................................................................................................... 46
3.5.2.3.6 Internationalization of Display Strings ........................................................................ 46
3.5.2.4 EAP Channel Binding Requirements ................................................................................. 46
3.5.2.5 Requirements Associated with Carrying Username and Passwords .................................. 47
3.5.2.5.1 Security ........................................................................................................................ 47
3.5.2.5.1.1 Confidentiality and Integrity ................................................................................. 47
3.5.2.5.1.2 Authentication of Server ....................................................................................... 47
3.5.2.5.1.3 Server Certificate Revocation Checking ............................................................... 47
3.5.2.5.2 Internationalization ...................................................................................................... 47
3.5.2.5.3 Metadata ....................................................................................................................... 47
3.5.2.5.4 Password Change ......................................................................................................... 48
3.5.2.6 Requirements Associated with Carrying EAP Methods .................................................... 48
3.5.2.6.1 Method Negotiation ..................................................................................................... 48
3.5.2.6.2 Chained Methods ......................................................................................................... 48
3.5.2.6.3 Cryptographic Binding with the TLS Tunnel .............................................................. 48
3.5.2.6.4 Peer-Initiated EAP Authentication ............................................................................... 48
3.5.2.6.5 Method Metadata ......................................................................................................... 48
3.6 Tunnel-Based EAP authentication compliance .............................................................................. 49
Chapter 4 ...................................................................................................................................................... 50
4 WLAN Threats & Attacks ..................................................................................................................... 51
4.1 Categories of Wireless attacks ....................................................................................................... 51
4.2 Effective enterprise wireless LANs Attacks .................................................................................. 52
4.2.1 Authentication Attacks ........................................................................................................... 52
4.2.1.1 Brute Force Attacks ........................................................................................................... 53
4.2.1.2 Dictionary Attacks ............................................................................................................. 53
4.2.1.2.1 Passive Dictionary Attack ............................................................................................ 53
4.2.1.2.2 Active Dictionary Attack ............................................................................................. 54
4.2.2 Confidentiality Attacks .......................................................................................................... 54
4.2.2.1 Evil Twin ........................................................................................................................... 54
4.2.2.2 Key Reinstallation Attacks ................................................................................................ 54
8
4.2.2.2.1 4-way Handshake Key-Reinstallation Attack .............................................................. 55
4.2.2.2.2 Group Key Handshake Key-Reinstallation Attack ...................................................... 55
4.2.2.2.3 Fast Transition Handshake Key-Reinstallation Attack ................................................ 55
4.2.3 Availability Attacks ............................................................................................................... 55
4.2.3.1 De-authentication Attacks .................................................................................................. 56
Chapter 5 ...................................................................................................................................................... 57
5 Evaluation & Proposed mitigations ....................................................................................................... 58
5.1 Evaluating WPA2 Authentication Protocols. ................................................................................. 58
5.1.1 EAP common methods Performance evaluation ................................................................... 58
5.1.1.1 LAB Architecture ............................................................................................................... 58
5.1.1.2 Test Bed ............................................................................................................................. 59
5.1.1.3 Test Scenario ...................................................................................................................... 59
5.1.1.4 Practical Evaluation and Lab Results................................................................................. 60
5.2 Practical monitoring and Protocols Analysis ................................................................................. 63
5.2.1 General EAP messages format ............................................................................................... 63
5.2.2 EAP-TTLS Messages format ................................................................................................. 64
5.2.2.1 Attribute Value Pairs (AVPs) ............................................................................................ 66
5.2.3 EAP-PEAP Messages format ................................................................................................. 66
5.2.3.1 PEAP Arbitrary Parameter Exchange ................................................................................ 67
5.2.4 EAP-TLS Messages format ................................................................................................... 67
5.3 EAP common methods Security evaluation................................................................................... 68
5.3.1 Test Lab Evaluation ............................................................................................................... 68
5.3.2 Live Attacks Evaluation ......................................................................................................... 70
5.3.2.1 Ethical Considerations ....................................................................................................... 71
5.4 DETECTED VULNERABILITIES AND PROPOSED MITIGATIONS .................................... 72
5.4.1 Detected Vulnerabilities ......................................................................................................... 73
5.4.1.1 Active Dictionary Attack Practical Evaluation .................................................................. 73
5.4.1.2 Vulnerabilities of Active Dictionary Attack ...................................................................... 74
5.4.2 Key Reinstallation Attack Practical Evaluation ..................................................................... 75
5.4.2.1 Direct GTK Installation after sending 1st message............................................................. 76
5.4.2.2 Standard GTK Installation ................................................................................................. 76
Chapter 6 ...................................................................................................................................................... 78
6 Conclusion & Future Directions ............................................................................................................ 79
6.1 Performance Evaluation Summary ................................................................................................ 79
6.2 Impact of attacks on Authentication methods .............................................................................. 80
6.3 Recommendations and Proposed Amendments ........................................................................... 81
9
6.3.1 Security Requirements for authentication attacks .................................................................. 81
6.3.2 Security Requirements for Confidentiality Attacks ............................................................... 81
6.3.3 Security Requirements for Availability Attacks .................................................................... 82
6.3.4 General Security Considerations ............................................................................................ 82
6.4 Future Directions ........................................................................................................................... 83
Appendix ....................................................................................................................................................... 85
References ...............................................................................................................................

Abstract:
The increasing number of mobiles and handheld devices that allow wireless access to enterprise data
and services is considered a major concern for network designers, implementers and analysts.
Enhancements of wireless technologies also accelerate the adoptions of enterprise wireless networks
that are widely deployed solely or as an extension to existing wired networks. Bring Your Own
Device is an example of the new challenging wireless trends. BYOD environments allow the use of
personal mobile computing devices like smart phones, tablets, and laptops for business activities.
BYOD has become popular in work places since they keep users in their comfort zone leading to
more productivity and cost reduction for businesses. Nevertheless, business data and services are
consequentially subject to several wireless attacks, whether they are hosted on a cloud or on
premises, especially when travelling through the open air. Corporates and organizations usually
apply network-access-control systems for securing enterprise wireless LANs. However, the security
systems may be compromised due to detected flaws posing the enterprise critical information to
leakage or the entire network to interruption or complete failure. The study helps in evaluating the
real risks that threatens wireless technologies. It also provides recommended mitigations and
solutions to overcome the detected vulnerabilities and security flaws. This support to ensure
adequate protection for wireless communication especially transmitted 802.11 data of corporates and
large networks.

Text in English, abstracts in English .

There are no comments on this title.

to post a comment.