Scenario – TJ Maxx data breach in January 2007; 45 million data records lost, $256 million spent to correct and rectify.1 Cause – Inadequate wireless network security; improper storage of customer data; failure to encrypt customer data.2
Encryption systems are critical to maintaining the confidentiality, integrity and authenticity of important data. A recent OneBeacon Technology whitepaper provides extensive information on various types of encryption systems and how they enable securing data, including securing password files through hashes and using digital certificates to authenticate users. We encourage you to review this whitepaper for a baseline understanding of some of the terms and concepts noted in this publication.
In this paper, we focus on wireless security and encryption systems used to protect data during wireless communications. Primary wireless communication systems include cell/mobile, WiFi, Bluetooth and radio. It is estimated that there will be roughly 6.8 billion active cell phones3 and 1.75 billion WiFi embedded devices4 in use worldwide this year. By 2015 there will be 1 billion machine-to-machine connections using the cellular network.5 Fast forward another two years and there will be an estimated 3 billion Bluetooth enabled devices6. This growth rate will likely continue as we evolve to a more wirelessly connected world. But already, a variety of encryption systems are
The critical requirements for wireless encryption systems are the same as those noted for wired encryption systems. The four goals of any cryptographical system include7:
- Confidentiality (or privacy) – ensures that the data is kept unseen so that no one other than the intended recipient can read it.
- Integrity – ensures that data received by the intended recipient has not been altered or modified from the original transmission. This includes processes to allow the recipient to confirm that there was no unauthorized modification (insertion, deletion or corruption) of the original message while it was in transit. The term “checksum” is also used in cryptography systems.
- Authentication – includes techniques to verify the identity of the user or system that sends and receives the message. It is done to prove who you are and techniques include the use of digital certificates from trusted third-party authorities referred to as Certificate Authorities (CA).
- Non-repudiation – uses techniques to prove that the sender did, in fact, send the message. It is “ensuring that a traceable legal record is kept and has not been changed by a malicious entity.”
Wireless communication systems are increasing in number and becoming more ubiquitous in our lives – they are present in our work, home and leisure environments. They operate seamlessly in the background, allowing us to become mobile, more effective and more functional. Consider some of the following applications:
- WiFi – Access points, routers, tablets/e-books, laptops/PCs, smartphones, handheld and home-based video gaming systems, LCD/LED displays, DVD players, printers, digital cameras and camcorders, medical devices, automotive systems, etc.
- Cellular Systems – Mobile and smartphones, cellular modems for field-based communications in industrial control systems/SCADA8, HVAC systems, ATM machines, smart meters, vending machines, remote alarm monitoring, etc.
- Bluetooth – mobile telephony and headsets, computer peripherals, tablet computers, 3D TV goggles, game consoles, fitness equipment, toys, etc.
These systems differ based on the type of wireless communication. They use different encryption algorithms with varying key lengths and degrees of strength. Consequently, some of the systems are more susceptible to being cracked. Let’s explore these briefly.
WiFi communications are based on IEEE (Institute of Electrical and Electronics Engineers) 802.11 standard and there are several variants – b, a, g, n that govern transmission bandwidth and range. There have been three primary encryption systems that have evolved over time – WEP, WPA and WPA2.
- WEP or Wired Equivalent Privacy – This was the initial encryption protocol for wireless communications and was officially in use in 1999 per IEEE 802.11. It was based on RC4 symmetric key cipher with a 40 bit key (240 key combinations). Later it was upgraded to a 128 bit key. However, the algorithm used for WEP was flawed, which made it unsecured and readily crackable. Flaws included the poor way it handled keys, how readily the access point could be spoofed and how easy it was for a hacker application to examine the packets being communicated between the access point and client thus deciphering the security key. It also used a preshared key (PSK), meaning that the key was shared by both the access point and the client/user. If someone obtained access to the client’s laptop, they could technically retrieve the key. By 2004, IEEE had declared WEP deprecated, but it remains in use for certain applications.
- WPA or WiFi Protected Access – This interim solution was created by the industry consortium while IEEE 802.11i standard was being developed. It officially replaced WEP as the encryption protocol in 2003. WPA used TKIP (Temporal Key Integrity Protocol) – a more secure key management system than WEP. It continued to use same encryption engine as WEP (RC4) and this allowed for backward compatibility to WEP-enabled devices. Larger key size (128 bits) was also in use.
- WPA2 or WiFi Protected Access 2 – This was introduced in 2004 once IEEE 802.11i became official. It made significant improvements over WPA by replacing the weaker RC4 cipher with 128 bit AES (Advanced Encryption Standard) symmetric cipher. Since it was introduced, all new devices that carry the WiFi logo are required to have AES 128 bit encryption. It also added roaming features to allow a user to roam between access points and share credentials in order to remain connected.
- WPA/WPA2 Improvements over WEP – In addition to the change in the encryption engine, the underlying protocol for WPA/WPA2 was more robust and secure than WEP. Designed with a better authentication protocol through a system called EAP (Extensible Authentication Protocol), it checks the user’s identity against a defined user list published on an internal directory. If the user is not on the list, they would not be allowed onto the access point and network. There are variants of EAP such as LEAP, EAP-D5, and PEAP with PEAP providing better authentication controls. These incorporate RADIUS (Remote Authentication Dial-In User Service), which is a network protocol that provides centralized authentication, authorization and accounting.9
This protocol comes in two flavors – Personal and Enterprise. Personal is for the SMB or home user and uses a preshared key that is manually defined on the client’s device and access point. The Enterprise version is for enterprise use and the keys are dynamically generated by the access point or backend server, and shared with the user after they have logged in and been authenticated. Since the keys are dynamically generated, the loss of a user’s laptop should not compromise the integrity of the system since the user does not store the key.
Newer WiFi systems allow for each user to have a separate, revocable private key, instead of a single shared key. This improves the network administrator’s ability to manage the system when an employee is let go. The new 802.11n standard (for the newest WiFi systems) requires that the WiFi device use WPA2 and AES for its communication/encryption protocol.
We think of cellular systems as being used primarily for mobile phone calls. In fact, there are cellular modems for specific applications (field-based ICS systems, ATMs, etc.) that use the cellular network to communicate with their own networks. The cellular providers (i.e. AT&T, Verizon, Vodafone, Deutsche Telekom, and others) generally establish voice and data communications with encryption. The phones are preconfigured with the keys and tools necessary to authenticate the phone and the user when they attempt to place a call. Smartphones also include the encryption protocols to encrypt the outgoing data stream. Similarly, the base stations have authentication challenge systems in place. This limits authentication to the user legitimately accessing the system and ensures the provider bills the user accordingly. If a controlled system were not in place, unauthorized users could be using the carrier networks for free.
Voice call data is encrypted but the level of encryption is dictated by the carrier. The level of carrier encryption eliminates most attempts at unauthorized eavesdropping but if additional protection is warranted, third-party encryption tools are available to the user. Globally, some carriers may not provide encryption for non-voice data because this allows the carrier to review and restrict traffic from bandwidth-intensive applications such as Skype.
There are two major cellular technologies used globally – CDMA (Code Division Multiple Access) and GSM/UMTS (Global System for Mobile Communications). There are other variations to CDMA and GSM/UMTS but this is not addressed in this paper. CDMA is prevalent in the United States, while GSM/UMTS is present worldwide. GSM accounts for 75-80 percent of the global marketplace, with CDMA accounting for the rest.
- GSM/UMTS – The current version uses Kasumi or A5/3, which is a block cipher using a 128 bit key10. Prior versions included A5/1 (or MISTY) and A5/2 but these have been cracked to varying extents. These ciphers may continue to be used on 2G systems in other parts of the world and this depends wholly on the carrier provider. Globally, many non-bandwidth intensive applications (i.e., ATM or remote monitoring) are likely using 2G networks and continue to rely on the A5/1 or 2 ciphers. Kasumi includes a challenge/response system to perform user authentication, with confidentiality of the data handled through its encryption engine. GSM phones use a SIM card that has the necessary information to authenticate the user and a key-generating algorithm that allows conversations and data to be encrypted using a randomly generated cipher key.
- CDMA – The current version uses an algorithm known as CAVE (Cellular Authentication and Voice Encryption Algorithm). CDMA operates rather differently than GSM and this makes it inherently less susceptible to eavesdropping. CAVE introduces an additional noise-type element to further obscure the voice communication signal, making it very difficult to eavesdrop on the call. In addition to CAVE, CDMA also uses CMEA (Cellular Message Encrypting Algorithm) to protect the sensitive control data transmission between the mobile phone and the base station – such as the digits being dialed by the mobile phone when making a call.
Bluetooth is a short-range wireless communication protocol for WPAN (wireless personal area network) that came into existence in the late 90s and was initially based on the IEEE 802.15 standard, but is now based on standards developed by the Bluetooth Special Interest Group. The operating range for Bluetooth-enabled devices ranges from one to 100 meters11. Version 4.0 is the most recent version and was adopted in June 2010. Current standards require that V4 uses AES 128 bit key symmetric encryption during wireless data communication.
The longer communication range now available does increase the potential of eavesdropping so it has clearly become important that such communications be strongly encrypted.
Pitfalls & Controls
The various encryption and authentication systems discussed above provide a fair degree of protection but deficiencies are constantly being discovered, and in many cases being exploited. WEP systems were cracked using the “Caffe Latte” expoit and researchers were able to crack a cellular call on a 2G network that used the A5/1 cipher within 11 minutes using $14 worth of radio components in 2010 12. Improvements are made as these deficienices become known, but a major pitfall is when the improvements are inconsistently adopted by the user and carrier. For example:
- Legacy Systems – Newer, stronger ciphers are introduced for newer services (i.e. A5/3) but older networks such as 2G systems may continue to use the older, crackable ciphers because that is the type of equipment in prevalent use on that particular network. Many parts of the developing world continue to use the older 2G GSM system for cellular communications.
- Backwards Compatibility - WiFi OEMs manufacture equipment with WPA2, WPA and WEP to allow the user the flexibility of backwards compatibility. Ideally, users should be using WPA2 and its better controls but may revert to using WEP or WPA to allow other pieces of legacy equipment to access the system. WiFi enabled medical equipment and remote systems in industrial control systems may be using older WiFi technology, making the data and the network more susceptible to hacks.
- Password/Passphrase Controls – In spite of strict controls, if the user uses weak passwords or passphrases, this increases the underlying network’s susceptibility to common dictionary attacks and intrusions.
- Uninformed, Naïve or Lazy Users – Users defeat effective security control by not changing default “admin” passwords on WiFi access points or Bluetooth equipment because they are uninformed, naive or too lazy, or simply think that an intrusion would ever happen on their network.
- Rogue Access Points – This is an unauthorized WiFi access point connected to a user’s network system. It could be installed by an incompetent/malicious employee or hacker and features a WiFi access point plugged into an unsecured switchport connected to the network. Once connected, it can give a hacker ready access to the user’s network. Users must implement good, port security control by managing, monitoring and securing all open ports to their network. Users should conduct scans to determine if rogue access points are present. Additionally, the use of WIPS/WIDS (wireless intrusion prevention/detection systems) can further mitigate this exposure.
- MITM (Man in the Middle) Attacks – These attacks occur when there is no mutual authentication and a hacker is able to hijack a user’s connection to a legitimate access point, and thereby view and retrieve the transmission data after it has been hijacked. Implementing strong authentication systems should limit the potential of such incidents.
- Misassociation13 - This occurs when hackers set up access points with SSID (Service Set Identification) that resemble legitimate hot spots such as those found at airports, train stations, libraries and other public facilities. If a user connects to a false hot spot and does not use a VPN tunnel or other form of encryption, a hacker would have easy access to all of the data being transmitted. Furthermore, this data could be saved and viewed later, and could potentially include user IDs, passwords and other sensitive information. Users have to be cognizant of their WiFi environment, what they are connecting to and using VPN-type systems to create secured tunnels for their data transmissions.
With the ubiquitous nature of wireless communications systems and how prevalent they are in our lives, it is essential that good encryption and authentication controls be in place to adequately secure our private information. Failing to do so can lead to significant data loss and potential downtime. Systems are constantly being updated to make them more secure but ultimately, it is up to the individual to use and implement these controls consistently and wisely.
To learn more about how OneBeacon Technology Insurance can help you manage online and other technology risks, please contact Dan Bauman, Vice President of Risk Control for OneBeacon Technology Insurance at firstname.lastname@example.org or 262.966.2739.