Wi-Fi Protected Access - PowerPoint PPT Presentation

About This Presentation

Title:

Wi-Fi Protected Access

Description:

When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP. ... Initial random number exchanges defeat man-in-the-middle attacks ... – PowerPoint PPT presentation

Number of Views:152

Avg rating:3.0/5.0

Slides: 40

Provided by: joobosco4

Category:

more less

Transcript and Presenter's Notes

Title: Wi-Fi Protected Access

1
Wi-Fi Protected Access

2
What is WPA?

Wi-Fi Protected Access (WPA) is a response by the
WLAN industry to offer an immediate, a stronger
security solution than WEP.
WPA is intended to be
A software/firmware upgrade to existing access
points and NICs.
Inexpensive in terms of time and cost to
implement.
Compatible with vendors.
Suitable for enterprise, small sites, home
networks.
Runs in enterprise mode or pre-shared key (PSK)
mode

3
History of WPA

WPA was created by the Wi-Fi Alliance, an
industry trade group, which owns the trademark to
the Wi-Fi name and certifies devices that carry
that name.
WPA is designed for use with an IEEE 802.1X
authentication server, which distributes
different keys to each user.

4
History of WPA

The Wi-Fi Alliance created WPA to enable
introduction of standard-based secure wireless
network products prior to the IEEE 802.11i group
finishing its work.
The Wi-Fi Alliance at the time already
anticipated the WPA2 certification based on the
final draft of the IEEE 802.11i standard.

5
History of WPA

Data is encrypted using the RC4 stream cipher,
with a 128-bit key and a 48-bit initialization
vector (IV).
One major improvement in WPA over WEP is the
Temporal Key Integrity Protocol (TKIP), which
dynamically changes keys as the system is used.
When combined with the much larger IV, this
defeats the well-known key recovery attacks on
WEP.

6
History of WPA

In addition to authentication and encryption, WPA
also provides vastly improved payload integrity.
The cyclic redundancy check (CRC) used in WEP is
inherently insecure it is possible to alter the
payload and update the message CRC without
knowing the WEP key.

7
History of WPA

A more secure message authentication code
(usually known as a MAC, but here termed a MIC
for "Message Integrity Code") is used in WPA, an
algorithm named "Michael".
The MIC used in WPA includes a frame counter,
which prevents replay attacks being executed.

8
History of WPA

By increasing the size of the keys and IVs,
reducing the number of packets sent with related
keys, and adding a secure message verification
system, WPA makes breaking into a Wireless LAN
far more difficult.

9
History of WPA

The Michael algorithm was the strongest that WPA
designers could come up with that would still
work with most older network cards.

10
History of WPA

Due to inevitable weaknesses of Michael, WPA
includes a special countermeasure mechanism that
detects an attempt to break TKIP and temporarily
blocks communications with the attacker.

11
History of WPA

However, it can also be used in a less secure
"pre-shared key" (PSK) mode, where every user is
given the same pass-phrase.

12
History of WPA

Wi-Fi Protected Access (WPA) had previously been
introduced by the Wi-Fi Alliance as an
intermediate solution to WEP insecurities.
WPA implemented a subset of 802.11i.
The design of WPA is based on a Draft 3 of the
IEEE 802.11i standard.

13
WPA Modes

Pre-Shared Key Mode
Does not require authentication server.
Shared Secret is used for authentication to
access point.
Enterprise Mode
Requires an authentication server
Uses RADIUS protocols for authentication and key
distribution.
Centralizes management of user credentials.

14
WPA

802.1x
Features
BSS
Key hierarchy
Key management
Cipher Authentication Negotiation
Data Privacy Protocol TKIP

15
Comparing WPA and 802.11i

802.1x
Features
BSS
Independent Basic Service Set
Pre-authentication
Key hierarchy
Key management
Cipher Authentication Negotiation
Data Privacy Protocols TKIP and CCMP

16
WPA Summary

Fixes all known WEP privacy vulnerabilities.
Designed by well-known cryptographers.
Best possible security to minimize
performance degradation on existing hardware.

17
Pre-Shared Key Mode Issues

Needed if there is no authentication server in
use.
If shared secret becomes known, network security
may be compromised.
No standardized way of changing shared secret.

18
Pre-Shared Key Mode Issues

Significantly increases the effort required to
allow passive monitoring and decrypting of
traffic.
The more complex the shared secret, the less
likely it will fall to dictionary attacks.

19
Migration from WEP to WPA

Existing authentication systems can still be
used.
WPA replaces WEP.
All access points and client will need new
firmware and drivers.
Some older NICs and access points may not be
upgradeable.
Once enterprise access points are upgraded, home
units will need to be, if they were using WEP.

20
Migration from WEP to WPA

Small Office/Home Office
Configure pre-shared key (PSK) or master password
on the AP.
Configure the PSK on client stations.
Enterprise
Select EAP types and 802.1X supplicants to be
supported on stations, APs, and authentication
servers.
Select and deploy RADIUS-based authentication
servers

21
How WPA Addresses the WEP Vulnerabilities

WPA wraps RC4 cipher engine in four new
algorithms
1. Extended 48-bit IV and IV Sequencing Rules
248 is a large number! More than 500 trillion
Sequencing rules specify how IVs are selected and
verified
2. A Message Integrity Code (MIC) called Michael
Designed for deployed hardware
Requires use of active countermeasures
3. Key Derivation and Distribution
Initial random number exchanges defeat
man-in-the-middle attacks
4. Temporal Key Integrity Protocol generates
per-packet keys

22
Wi-Fi Protected Access 2 WPA2

Uses the Advanced Encryption Standard (AES)
AES selected by National Institute of Standards
and Technology (NIST) as replacement for DES.
Symmetric-key block cipher using 128-bit keys.
Generates CCM Protocol (CCMP)
CCMP CTR CBC MAC
CTR Counter Mode Encryption
CBC/MAC Cipher Block Chaining/Message
Authentication Code

23
Encryption Method Comparison

WEP
WPA WPA2
Cipher RC4 128
bits encrytion AES
Key Size 40 bits 64 bits
authentication 128 bits
Key Life 24 bits IV
24 bits IV 24 bits IV
Packet Key concatened Mixing
Function Not Nedeed
Data Integrity CRC-32
Michael CCMP
Header Integrity none
Michael CCMP
Replay Attack none IV
sequence IV sequence
Management Key none
EAP-based EAP-based

24
General Recommendations

Conduct a risk assessment for all information
that will travel over the WLAN and restrict
sensitive information.
Policies and infrastructure for authenticating
remote access users can be applied to WLAN users.
Perform regular audits of the WLAN using network
management and RF detection tools.

25
General Recommendations

Minimize signal leakage through directional
antennas and placement of access points.
Make sure all equipment being purchased can be
upgraded to support WPA and WPA 2/AES.
If using Pre-Shared Key Mode consider that the
shared secret may become compromised.

26
Should you upgrade to WPA2 with AES after WPA?

An investment in new hardware (access points,
NICs) may be needed.
Does your risk analysis indicate the extra
protection ?
Is there a compelling business reason to do so?

27
Should you upgrade to WPA2 with AES after WPA?

However
WPA has not met the challenge of intensive
traffic.WPA has some vulnerabilities

28
WPA Vulnerabilties

Uso de senhas pequenas ou de fácil advinhação.
Está sujeito a ataques de força bruta (quando o
atacante testa senhas em sequência) ou ataques de
dicionário (quando o atacante testa palavras
comuns - dicionário).

29
WPA Vulnerabilties

Senhas de menos de 20 caracteres são mais
susceptíveis à ataque de força bruta.
É comum o fabricante deixar senhas de 8-10
caracters, imaginando que o administrador irá
alterá-las.

30
WPA Vulnerabilties

Existem ferramentas disponíveis que promovem
ataques de força bruta e/ou dicionário para
ataques ao WPA.
KisMAC para MacOS X (força bruta para
senhas/dicionário).
WPA Crack para Linux (força bruta para
senhas/dicionário).
Ethereal para
Cowpatty para Linux (dicionário) ou combinadas
com John the Ripper.

31
WPA Vulnerabilities

Não há dificuldades em modificar programas de
acesso ao WPA.
Como por exemplo, em WPA_supplicant) para
permitir a descoberta de chave pré-compartilhada
(PSK) ou do TKIP que muda a chave de tempos em
tempos de forma configurável.

32
WPA Vulnerabilities

O arquivo config.c pode ser modificado na função
wpa_config_psk, para ao invés de ler a chave no
arquivo de configuração, passa a ler palavras
recebidas como parâmetros, permitindo o uso de
dicionário e mais algum programa para quebra de
senha, como John The Ripper.

33
WPA Vulnerabilities

Problemas no armazenamento das chaves, tanto nos
clientes como nos concentradores, que podem
comprometer a segurança.

34
How WPA Addresses the WEP Vulnerabilities

WPA wraps RC4 cipher engine in four new
algorithms
1. Extended 48-bit IV and IV Sequencing Rules
248 is a large number! More than 500 trillion
Sequencing rules specify how IVs are selected and
verified
2. A Message Integrity Code (MIC) called Michael
Designed for deployed hardware
Requires use of active countermeasures
3. Key Derivation and Distribution
Initial random number exchanges defeat
man-in-the-middle attacks
4. Temporal Key Integrity Protocol generates
per-packet keys

35
Referências

KisMAChttp//binaervarianz.de/programmieren/kisma
c
Cowpattyhttp//www.remote-exploit.org/?pagecodes
WPA_attack
http//www.tinypeap.com/page8.html
WPA_Supplicant
http//hostap.epitest.fi/wpa_supplicant

36
Conclusions on WEP and WPA

WEP is insufficient to protect WLANs today from
determined attackers.
WPA resolves all of WEPs known weaknesses.
WPA is a dramatic improvement in Wi-Fi security.

37
Conclusions on WEP and WPA

WPA provides an enterprise-class security
solution for user authentication and encryption.
WPA is a subset of the 802.11i draft standard and
is expected to maintain forward compatibility
with the standard.

38
Conclusions on WEP and WPA