Hacking Exposed 5th Edition
| ||
| ||
|
The IEEE 802.11a and 802.11b standards have taken a substantial beating from the media, the commercial product sector, and most of all the information security community for their lack of adequate specifications for protocol-based security. Different efforts have been exhausted in the realms of security being layered on top of 802.11 and vendor-applied firmware upgrades, even to the extent that some vendors are now considering migrating to a Bluetooth-based infrastructure for their wireless solutions. In hopes of addressing the security concerns and risks associated with the current 802.11 infrastructure, the IEEE, in coordination with commercial and educational advocates, designed the 802.1x protocol.
The high-level design goals for 802.1x were simple. The specification provides for an expandable infrastructure that consistently allows for and provides additional clients and APs to be added with minimal technological effort. In addition to the infrastructure goals, security goals were addressed, including authentication and encryption. It was noted that some mechanism for continuous node encryption utilizing multiple secret keys beyond the means of WEP should be implemented. Lastly, dual-mode authentication needed to be addressed. Currently, nodes authenticate via a client-to-server handshake, instead of having a client-to-server, server-to-client schema.
In general, two main issues exist within the proposed 802.1x and 802.11 framework integration plans. The current 802.1x specification does not protect against man-in-themiddle attacks, nor does it address attacks on session-based hijacking. Man-in-the-middle attacks focus on redirecting traffic from a client node to the AP, thereby allowing the hijacker to view all data being transmitted to and from that node to the AP. This kind of attack is successful due to a lack of authentication made by the AP to the client, thereby inherently placing an amount of trust in the client-to-server authentication. For example, there is no current method in the 802.1x specification that allows the client to be certain that it is authenticating to the proper AP. The other attack, session-based hijacking, is successful because of the lack of message confidentiality and low-layer authentication. An attacker could disassociate a legitimate user and then spoof that user 's identity to continue the communication session without any notice from the AP. Tools such as AirJack and Libradiate can aid in attacks of this sort .
Unfortunately, the solution is not a simple one; hence, it cannot be solved with simply an additional authentication schema, nor can it be solved by creating a secure method for continuous key scheduling. The powers that be need to go back to the design table and create a robust and secure protocol for communicating over networks, specifically wireless networks, without losing the desired functionality.
Detailed research and information pertaining to 802.1x and 802.1x security research can be ascertained at the following websites :
-
http://www.cs.umd.edu/~waa/1x.pdf The University of Maryland's publication for its research into the current IEEE 802.1x protocol standard
-
http://grouper.ieee.org/groups/802/11/index.html The IEEE 802.11 communication protocol specification
-
http://www.ieee802.org/1/pages/802.1x.html The IEEE 802.1x communication protocol specification