S Institut für Kommunikationsnetze Technische Universität Wien DI Christian Ploninger IPSec & i-Share secure WLAN solutions.

Präsentation zum Thema: "S Institut für Kommunikationsnetze Technische Universität Wien DI Christian Ploninger IPSec & i-Share secure WLAN solutions."—  Präsentation transkript:

1 s Institut für Kommunikationsnetze Technische Universität Wien DI Christian Ploninger IPSec & i-Share secure WLAN solutions

2 s & Page 2 DI Christian Ploninger  Security Threats  Counter Measurements  i-Share: secure WLAN Vortragsübersicht

3 s & Page 3 DI Christian Ploninger Interception: An unauthorized party (a person, a program, or a computer) gains access to the communication. This is an attack on confidentiality. Interruption: An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability. Modification: An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity. Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. Interruption Interception Modification Fabrication Angriffskonzepte [Stallings, 1995]: Network and Internetwork Security: Principals and Practice. Prentice Hall International, ISBN 0-13-180050-7.

4 s & Page 4 DI Christian Ploninger Angriffe und Bedrohungen Generally attacks may be categorized in passive and active attacks. While passive attacks can be defined as read-only attacks, active attacks include data generation, modification, or destruction.

5 s & Page 5 DI Christian Ploninger Passive Angriffe Passive attacks are based on interception. This attack type aims at message confidentiality. Release of Message Contents (Eavesdropping): An attacker may read messages while they are in transfer. Eavesdropping on data transmission could result in the disclosure of sensitive information such as passwords, data, and procedures for performing functions, etc. Traffic analysis: Traffic analysis is a form of passive attack in which an intruder observes data being transmitted. An attacker may make inferences of information from observation and analysis of the presence, absence, amount, direction, and frequency of the traffic flow. Passive attacks are difficult to detect since they do not involve any alteration of data. The emphasis is on prevention rather than detection. [2382-pt.8] ISO/IEC 2382-8, Information Technology - Vocabulary: Control, integrity, and security, 1998

6 s & Page 6 DI Christian Ploninger Aktive Angriffe Masquerading (Spoofing): In such attacks, a person (or machine) impersonates someone else to gain access to a resource. Replay Attack: Often attacks are based on re-sending packets, or streams of packets, that have already been accepted by a recipient. The fact that it is not necessary to understood the received packets makes this attack quite dangerous. Tampering (Packet Alteration): Instead of spoofing an identity, an attacker may choose to use a valid connection for his or her needs by altering the message content. Denial of Service (DoS): DoS attacks aim to prevent access to network resources. Typical attacks involve flooding the network with traffic.

7 s & Page 7 DI Christian Ploninger Authentication Data Transfer Establish ConnectionClose Connection Communication Process Message Tampering Masquerade, Replay Denial of Service Eavesdropping Active Attacks Passive Attacks States of Attack

8 s & Page 8 DI Christian Ploninger Gegenmaßnahmen Passive AngriffeGegenmaßnahmen Release of Message Contents (Eavesdropping) Message Encryption Traffic AnalysisTraffic Padding Aktive AngriffeGegenmaßnahmen Denial of Service Message Tampering (Packet Alteration) Key Derivation (Cryptographic Binding) Replay AttacksKey Freshness Challenge-Response (Challenge Entropy) Masquerading (Spoofing)Pre-Shared Secret Challenge-Response (Zero-Knowledge-Proof)

9 s & Page 9 DI Christian Ploninger Countering Passive Attacks Release of Message Contents (Eavesdropping): Using encryption cannot prevent from interception, but it protects the transmitted content and guarantees data confidentiality. Traffic analysis: An appropriate counter measurement against this kind of attack is traffic padding. Traffic padding describes the generation of fake communications or data units to disguise the amount of real data units being sent.

10 s & Page 10 DI Christian Ploninger Denial of Service (DoS): Especially in wireless communication it seems that there is no counter measurement against DoS attacks. Attackers easily can send noise traffic on the used radio frequencies making communication impossible. Tampering (Packet Alteration): After the successful authentication of a valid user, an attacker may modify the transmitted data. This can be countered by the cryptographically binding of authentication and data transmission phase. Ordinary this is achieved by deriving session keys for the data transfer phase. Countering Active Attacks

11 s & Page 11 DI Christian Ploninger Replay Attacks: Cryptographic keys have to change frequently to protect against unauthorized key reuse (key freshness). Additionally challenge-response-protocols can be used to prevent from packet reuse. Masquerading (Spoofing): Appropriate counter measurements against spoofing are: pre-shared secrets, challenge-response protocols. Pre-shared secrets: The identity of a communication party can only be verified, if the party is known a-priori. Challenge-Response-Protocols: The party’s identity has to be proofed without the transmission of the party‘s secret. Countering Active Attacks (Cont.)

12 s & Page 12 DI Christian Ploninger i-Share i-Security i-Motion Wireless LAN Connectivity Security Usability Application Projekt i-Share i-Share: Intelligente, von der Verfügbarkeit der Mitglieder abhängige Freigabe von dezentralen Daten über ein virtuelles Share. i-Security: Schutz der über die Luftschnittstelle übertragenen Daten in Bezug auf Vertraulichkeit, Authentizität und Integrität. i-Motion: Automatisiertes Handover zwischen verfügbaren Accesspoints ohne Datenverlust während Übertragungen. Ziele der Unterprojekte: Gesamtprojekt i-Share

13 s & Page 13 DI Christian Ploninger Design Goals Schutz der über die Luftschnittstelle übertragenen Daten in Bezug auf Vertraulichkeit, Authentizität und Integrität. WLAN als ist ein unsicheres Extranet  End-to-End Security zwischen Host und Security-GW Einbindung in das Firmennetz  Tunnelling Protocol zwischen Host und Security-GW Schutz der Vertraulichkeit von firmeninternen Daten  Einsatz von Verschlüsselung Schutz vor unbefugten Benutzern  Einsatz von User Authentication Schutz vor Passwort Attacken  Einsatz von Device Authentication

14 s & Page 14 DI Christian Ploninger Internet Protocol Security (IPSec)

15 s & Page 15 DI Christian Ploninger IPSec AH/ESP [RFC 2402]: IP Authentication Header (AH) [RFC 2406]: IP Encapsulating Security Payload (ESP)

16 s & Page 16 DI Christian Ploninger Standard auf vielen Plattformen kein festgelegter Algorithmus (NEW: AES, Rijndeal) unterstützt als sicher geltende Algorithmen (Twofish, AES, 3DES, IDEA, MD5, SHA,....) keinerlei bekannte Design-Schwächen NT: Client muss korrekt konfiguriert sein IPSec gilt als zukunftssicher fixer Bestandteil von IPv6 Vorteile von IPSEC

17 s & Page 17 DI Christian Ploninger IP Traffic PPP Connection Layer 2 Tunneling Protocol Encrypted Data Transfer Intranet Wireless Accesspoint + Firewall VPN Server Wirless User IPSEC Transport IEEE 802.11g IEEE 802.11a IEEE 802.11b IEEE 802.3 IP Traffic Sicher gegen Rouge APs Sicher gegen Man-in-the-Middle Attacken (pre-shared secret) Sicher gegen Eavesdropping (IPSEC-ESP) State-of-the-art Algorithmen (3DES, AES) (kein WEP!) [RFC 1171]: The Point-to-Point Protocol [RFC 2661]: Layer Two Tunneling Protocol "L2TP"

18 s & Page 18 DI Christian Ploninger Packet Encapsulation

19 s & Page 19 DI Christian Ploninger Authentication Process VPN Server Wirless User Internet Key Exchange (Phase 1) Generation of Master Key Mutual Device Authentication PPP Authentication MS-CHAPv2 Mutual User Authentication PW-File Password Generation of IPSec Session Key Internet Key Exchange (Phase 2) ISAKMP SA Master Key IPSEC-ESP IPSEC SA IPSec Key Kombinierte Device/User Authentication Beidseitige Authentifizierung (Mutual Authentication) [RFC 2406]: IP Encapsulating Security Payload (ESP) [RFC 2409]: The Internet Key Exchange (IKE) [RFC 2759]: Microsoft PPP CHAP Extensions Version 2

20 s & Page 20 DI Christian Ploninger Evaluation Chart IKEMS-CHAPv2 Eavesdropping Protection Encryption (Auth.)3-DES Encryption (Trans.)3-DES Spoofing Protection Pre-Shared SecretPassphrasePassword Device AuthenticationX User AuthenticationX Zero-Knowledge-ProofXX Mutual AuthenticationXX Tampering Protection Key DerivationX Replay Protection Key FreshnessXX

21 s & Page 21 DI Christian Ploninger Schutz des firmeninternen Daten Sicherheit gegen Man-in-the-Middle (pre-shared secrets) Sicherheit gegen Rouge APs (End-to-End Security zwischen Host und Security-Gateway) Sicherheit gegen Tampering (IKE Key Derivation) Sicherheit gegen Eavesdropping (IPSEC-3DES) Sicherheit gegen Spoofing (IKE Device Authentication, MS-CHAPv2 User Authentication, Mutual Authentiction, Zero-Knowledge-Proofs) Sicherheit gegen Replay (IKE Key Lifetimes, MS-CHAPv2 Challenges) Summary

22 s & Page 22 DI Christian Ploninger IEEE 802.11b VPN / IPSec Intranet VPN Server + Firewall 172.28.147.254 158.226.15.88 WWW Server 158.226.15.100 172.28.147.4 WLAN Host 172.28.147.x Secured WLAN Demonstrations Szenario

23 s & Page 23 DI Christian Ploninger Vielen Dank für Ihre Aufmerksamkeit s DI Christian Ploninger +43 51707 42361 +43 (1) 58801 38829