Wireless Security

WLAN 802.11
Part 2
Esp. Ing. Fernando Boiero
Wireless Security
Maestría en Ciber-Seguridad
[email protected]
 WEP: Wired Equivalent Privacy

•  A security protocol defined by the IEEE 802.11 standard

•  Enables encryption and decryption of data using
Rivest’s Cipher 4 (RC4) algorithm (Stream cipher
encryption)
•  WEP Keys are used for encryption (and de-)
•  WEP Keys: hexadecimal or alphanumerical sequences
of 64 or 128 bits
–  Manually entered into wireless devices
•  Provides wireless network access with a security level
comparable to a wired LAN
•  Provides confidentiality and data integrity

13/10/16 Wireless Security 2

 WEP: Wired Equivalent Privacy

•  Enables:
–  Communication between authorized wireless clients
–  Association of authorized wireless clients to an Access
Point (AP)
•  Uses shared encryption keys
•  The key is shared between wireless clients and an
AP
•  WEP algorithm can be implemented in HW or SW
•  It can be exported outside US
•  Key sizes: 64, 128, 152, 256 bits

13/10/16 Wireless Security 3

 WEP: Wired Equivalent Privacy

•  The WEP Key is concatenated with an

initialization vector (IV) and input into a pseudo
random number generator (PRNG) to produce a
key sequence
•  The key sequence is used for encrypting text
•  Integrity is also assured by WEP keys

IV PRNG Key Sequence

13/10/16 Wireless Security 4

 Authentication methods

•  Two authentication methods

–  Open Authentication
•  Simpler
•  Without utilizing a key
•  It may be difficult to limit the number of wireless clients
accessing the WLAN
–  Shared Key authentication
•  Wireless client and AP must use identical WEP keys
1-Challenge text
3-AP decrypts
and compares
to ch. text

2-Encrypted challenge text

13/10/16 Wireless Security 5
 WEP limitations

•  Keys need to be changed regularly

•  Keys are changed manually in each device
•  Hackers can deduce the key after certain
amount of monitoring

13/10/16 Wireless Security 6

 WEP Encryption Process

•  The WEP Key is concatenated with an initialization vector (IV) to

generate a 64-bit seed
•  The IV changes regularly
•  Key sequence are pseudo-random octets
–  Length equal to the number of data octets transmitted through the expanded
plaintext MPDU plus four octets corresponding to the integrity check value
•  The MPDU + ICV are XORed to the key sequence to produce an
encrypted message
•  CRC-32 is used to generate the 32-bit ICV

IV Seed

Seed PRNG Key Sequence

13/10/16 Wireless Security 7
 WEP Encryption Process

IV
Seed
II PRNG Key Sequence IV
Ciphertext
XOR

Plaintext II
Integrity Algorithm Integrity Check
Value (ICV)

13/10/16 Wireless Security 8

 WEP Encryption Process

802.2 SNAP Service Access Point (SAP) 0xaa 0xaa 0x00 0x00 0x00 0x00 0x80 0x00

802.11 Data
Hdr

Append ICV = CRC32(Data) Check ICV = CRC32(Data)

802.11 Data ICV

Hdr
Select and insert IV Remove IV from packet
Per-packet Key = IV || RC4 Base Per-packet Key = IV || RC4 Base
Key Key
RC4 Encrypt Data || ICV RC4 Decrypt Data || ICV

802.11 IV Data ICV

Hdr

24 bits

13/10/16 Wireless Security 9

 WEP Encryption Process

•  At the receiver a new ICV is generated from the

received plaintext (after decryption)
•  The new ICV is compared to the received ICV
for integrity check
•  Upon mismatch an error frame is sent back to
the sender

13/10/16 Wireless Security 10

 WEP Limitations

•  Manual change of static encryption keys

–  Keys must be changed periodically
–  In large enterprise networks with hundreds/thousands devices
this is a difficult task
•  Device-based authentication
–  No user-based
–  Lack of flexibility and portability
•  One-way authentication
–  The AP is not authenticated (danger of rogue AP)
•  Inability to integrate with existing network authentication
methods
–  LDAP, RADIUS
•  WEP is not enough for a security solution

13/10/16 Wireless Security 11

 WEP Vulnerabilities

•  Hackers can read and modify encrypted

messages
•  Attacks
–  Passive attacks to decrypt traffic
–  Active attacks: insert traffic from both ends
–  Table-based attacks

13/10/16 Wireless Security 12

 WEP Vulnerabilities

•  Passive attacks to decrypt traffic

–  When the IV is reused to encrypt messages
–  Through statistical analysis plaintext can be guessed
–  Then the WEP key may be discovered
•  Active attacks: insert traffic from both ends
–  With knowledge about the message content plus the encrypted
version
–  The key sequence may be deciphered
–  Then the hacker may create a new message
–  Creates the ICV with CRC-32
–  XOR’s plaintext + ICV with the found key sequence
–  A valid message is generated
–  Also integrity is compromised by intercepting a frame, modifying
selected bits, and recalculating the ICV

13/10/16 Wireless Security 13

 WEP Vulnerabilities

•  Table-based attacks
–  Having a table of all possible IV’s and their
corresponding key sequencesTable-based attacks

13/10/16 Wireless Security 14

 WEP Vulnerabilities

•  To overcome vulnerabilities
–  Use VPN
–  Authenticate clients centrally through RADIUS
–  Use at least 128-bit key
•  Other security measures:
–  Message Integrity Check (MIC)
–  Use of Advanced Encryption Standard (AES)
algorithms
–  WEP Key hashing (Temporal Key Integrity Protocol,
TKIP)

13/10/16 Wireless Security 15

 802.11i

•  Specifies security standards for wireless networks

–  Provides Robust Security Network (RSN) mechanisms
•  Data Confidentiality and integrity:
–  Two protocols to protect data transfer:
•  TKIP: Temporal Key Integrity Protocol for legacy devices (WPA)
•  CCMP: Counter Cipher Mode with Block Chaining Message
Authentication Code Protocol
–  A mode of operation for block cipher with AES
–  WPA2
•  Mutual authentication
–  RSNA: Robust Security Network Association
–  EAP-*/802.1X/RADIUS
–  Key management: 4-Way handshake and Group key handshake
(both use authentication services and port-based access control
described in 802.1X)

13/10/16 Wireless Security 16

 WiFi Protected Setup (WPS)

•  A protocol to allow home users to setup WiFi

Protected Access (WPA) and connect new devices
to an existing WLAN
•  It can fall to brute-force attacks
–  Wireless routers usually have this feature enabled and
security can be broken:
•  A device can be connected to a WLAN and the WPA/WPA2
passphrase can be obtained
•  Usage mode:
–  PIN
–  Push Button
–  NFC

13/10/16 Wireless Security 17

 802.11i

•  WPA:
–  TKIP: employs a per-packet key, meaning that it
dynamically generates a new 128-bit key for each packet
–  Message Integrity Check (MIC): Michael
•  WPA2 (IEEE 802.11i-2004):
–  CCMP: AES based
•  Target users:
–  WPA-Personal: WPA-PSK (pre-shared key): for small and
home office
–  WPA-Enterprise: WPA-802.1X. Uses EAP.

13/10/16 Wireless Security 18

 802.1X

•  Defines and authentication mechanism for

devices attaching to a LAN or WLAN
•  Also provides Port Access Control
•  Defines encapsulation of EAP over IEEE 802
–  EAPOL (EAP Over LAN): 802.3, FDDI, 802.11, etc.

13/10/16 Wireless Security 19

 EAP

13/10/16 Wireless Security 20

 RSNA Messages
•  EAP or WPA-PSK provides the shared secret key PMK (Pairwise Master Key)
•  Four-way handshake establishes PTK (Pairwise Transient Key) and GTK (Group Temporal
Key)
Supplicant Authenticator
Auth/Assoc Auth/Assoc
802.1X UnBlocked 802.1X UnBlocked
PTK/GTK PTK/GTK
Applicationserver
Authentication Server

802.11 Association

EAP/802.1X/RADIUS
Authentication

4-Way Handshake

Group Key Handshake

Data Communication

13/10/16 Wireless Security 21

 Alternative security solutions

•  Dynamic WEP Key

•  Mutual authentication scheme
•  Unique secure key feature
•  End-to-end secure connections
•  MAC filtering

13/10/16 Wireless Security 22

 Dynamic WEP Key

•  A unique key is generated for every user logging

on
•  Manual change is not required
•  A unique key is generated when the user is
authenticated while logging on to the network

13/10/16 Wireless Security 23

 Mutual Authentication Scheme

•  Uses Extensible Authentication Protocol (EAP)

framework
•  It requires a RADIUS server for authentication
•  The user can log on and access the WLAN only if
the encryption key was received
•  Lightweight (LEAP) requires a Cisco RADIUS server
–  LEAP broadcasts the WEP key encrypted with a session
key
–  Each session key is unique for a user
–  After user authentication and receipt of session key, the
WLAN can be accessed

13/10/16 Wireless Security 24

 Unique Secure Key Feature

•  The WEP key is encrypted using the one-way

irreversible hash method
•  Password replay attacks are not possible
•  The hash value is sent at the start of the
authentication process and can be used only
once
•  Forces the user to reauthenticate frequently and
generate new session keys
•  Passive attacks are minimized

13/10/16 Wireless Security 25

 End-to-end secure connections

•  VPN
•  Specific VPN client software
•  Authentication with user ID and dynamic
password

13/10/16 Wireless Security 26

 MAC filtering

•  Authorized MAC addresses are added to the

MAC address list of the AP
•  Only added MAC addresses can associate to
the AP
•  Drawback: a MAC address can be spoofed by a
hacker

13/10/16 Wireless Security 27