Wireless Security

1
Wireless Security

• Beyond WEP

2
Wireless Security

• Privacy
• Authorization (access control)
• Data Integrity (checksum, anti-tampering)

3
WEP

• RC4 stream cipher
• WEP key (40 or 60 bit) combined with 24-bit
  Initialization Vector (IV)
• Sender XORs stream cipher with data to encrypt
• IV and ciphertext sent, decoded using IV and
  stored WEP key

4
WEP Vulnerabilities

• Use of same WEP key among clients
• Limited keyspace for IV (16,777,215)
• With enough traffic, IVs are re-used
• Possible to collect packets with same IV and
  crack WEP key - then open to data capture and
  MITM attacks
• No key management - WEP key must be changed
  manually on each NIC

5
Attempts to secure WEP

• Larger WEP key length (Lucent 104/128-bit, Agere
  152-bit, USRs 256-bit)
• Just takes longer to retrieve WEP key
• VPN
• Can be difficult to achieve seamless routing when
  APs are crossed

6
Wi-Fi Alliance introduces WPA

• 802.1X EAP mutual authentication or PSK
  (Pre-Shared Key)
• TKIP for encryption
• MMIC (Michael Message Integrity Check) for data
  integrity

7
802.1X EAP Mutual Authentication

• Port-based access control
• Mutual authentication via authentication server

8
802.1X EAP has three elements

• Supplicant - client device
• Authentication Server - RADIUS server or similar
• Authenticator - intermediary between Supplicant
  and Authentication server (usually an AP)

9
Different types of EAP

• LEAP - Cisco proprietary, uses username/password
  to authenticate against RADIUS
• TLS - RFC 2716, uses X.509 certificates for
  authentication on both Supplicant and
  Authenticator
• TTLS - Developed by Funk Software, Authenticator
  uses a certificate to identify itself, Supplicant
  can use username/password
• PEAP - Authenticator uses certificate, Supplicant
  can use username/password

10
TKIP - Temporal Key Integrity Protocol

• Fixes the flaw of key reuse in WEP
• Comprised of three parts, guarantees clients us
  different keys
• - 128-bit temporal key, shared by clients and
  APs
• - MAC of client
• - 48-bit IV describes packet sequence number

11
TKIP continued

• Uses RC4 like WEP, so only software or firmware
  upgrade required
• Changes temporal keys every 10,000 packets

12
Michael Message Integrity Check (MMIC)

• Message Integrity Code (MIC) - 64-bit message
  calculated using Michael algortithm inserted in
  TKIP packet to detect content alteration
• Protects both data and header
• Implements a frame counter, which discourages
  replay attacks

13
Two modes of WPA

• WPA Enterprise
• WPA PSK (Pre-Shared Key)

14
WPA Enterprise

• Requires RADIUS server
• Uses RADIUS for both authentication and key
  distribution
• Central management

15
WPA PSK

• No RADIUS server required
• Uses shared secret
• Management is handled on the AP
• - Vulnerable to dictionary attacks
• - Still uses partial shared key

16
WPA Summary

• Requires authentication using 802.1X
• Keys change using TKIP
• Header as well as payload protected by adding MIC
  to ICV
• Frame counter to lower risk of replay attacks
• Still a temporary stopgap to 802.11i and/or WPA2
  since it still uses RC4 and PSK uses shared key