Wireless Security: The need for WPA and 802.11i - PowerPoint PPT Presentation

About This Presentation
Title:

Wireless Security: The need for WPA and 802.11i

Description:

Same static key used on AP as well as all clients. WPA: The solution for today. Wi-Fi Protected Access (WPA) created to fix vulnerabilities of WEP while keeping ... – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 22
Provided by: sitel203
Learn more at: http://www.cs.sjsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Wireless Security: The need for WPA and 802.11i


1
Wireless Security The need for WPA and 802.11i
  • By Abuzar Amini
  • CS 265 Section 1

2
Wireless Security Timeline
  • WEP - Part of original 802.11 specification
    published in 1999.
  • WPA - Developed to fix numerous WEP flaws.
    Ratified by Wi-Fi Alliance in 2003.
  • 802.11i - More robust, permanent security
    standard expected to be finalized soon. Currently
    in 7th draft.

3
WEP
  • Wired Equivalent Privacy
  • Uses RC4 Stream cipher
  • Has static 40-bit base key
  • 64-bit per-packet key
  • 24-bit Initialization Vector (IV)
  • Uses Integrity Check Value (ICV) to verify
    integrity

4
WEP Weaknesses (IV repetition)
  • Short 24-bit IV means RC4 key must be changed
    every 224 packets or data can be exposed via IV
    repetition.
  • With repeated IV -gt c1 ? c2 p1 ? p2
  • Not very feasible to change WEP key after 16
    million packets transmitted.

5
WEP Weaknesses (Replay Attack)
Authorized WEP communications
Alice
Eavesdrop and record
Replay packets
Bob
Trudy
6
WEP Weaknesses (Forgery Attack)
  • Packet data can be forged
  • WEP uses ICV (CRC-32) to verify integrity.
  • Create a blank message with same number of data
    bytes, flip some bits and compute ICV.
  • XOR bit-flipped message and ICV into captured
    message.
  • Result - Undetected forgery.
  • Identity can be forged
  • Source address, Destination address not
    protected.

7
WEP Weaknesses (Keys)
  • WEP uses same key for authentication and
    encryption.
  • No way to manage keys.
  • Same static key used on AP as well as all clients.

8
WPA The solution for today
  • Wi-Fi Protected Access (WPA) created to fix
    vulnerabilities of WEP while keeping the ability
    to run on legacy Access Points.
  • Subset of 802.11i Standard.
  • Two major components TKIP and 802.1X Extensible
    Authentication Protocol (EAP) based
    authentication.

9
TKIP
  • Temporal Key Integrity Protocol.
  • Consists of new algorithms to wrap WEP
  • A new Message Integrity Code (MIC) called
    Michael.
  • IV sequencing to defeat replay attacks.
  • A per-packet key mixing function to de-correlate
    IVs from weak keys.
  • A re-keying mechanism to provide fresh encryption
    and integrity keys.

10
TKIP (Michael)
  • Uses two 64-bit keys, one for each link
    direction.
  • Unlike WEP, packet Sender Address and Destination
    Address are computed as part of the MIC.
  • 8-byte MIC appended to the packet data.

11
TKIP (IV Sequencing)
  • IV sequencing used to protect against replay
    attacks.
  • Reset packet sequence number to 0 on rekey.
  • Increment sequence number by 1 each time packet
    transmitted.
  • Packets received out of sequence are dropped.

12
TKIP (Key mixing)
  • Per-packet mixing function implemented in 2
    phases
  • Phase 1 Combines local MAC address and temporal
    key. Then run through S-box to produce
    intermediate key.
  • Fistel cipher used to encrypt the packet sequence
    number under the intermediate key, producing
    128-bit per-packet key.

13
TKIP (Keys)
  • One 128-bit encryption key
  • Two 64-bit integrity keys
  • Master keys assigned by Authentication Server
    using the 802.1X architecture

14
802.1X EAP
  • WPA uses 802.1X as an authentication and key
    replacement mechanism.
  • 802.1X specifies the following components
  • Supplicant A user or a client that wants to be
    authenticated.
  • Authentication server An authentication system,
    such as a RADIUS server, that handles actual
    authentications.
  • Authenticator A device that acts as an
    intermediary between a supplicant and an
    authentication server. Usually, an AP.

15
802.1X EAP Messages
Supplicant
Authenticator
Auth. Server
Attach
EAP-identity request
EAP Identity Response
EAP Auth Request
EAP Auth Response
EAP Success / Optional Master Key
16
Different forms of EAP
  • EAP-Transport Layer Security(EAP-TLS)
  • Authentication requires use of PKI
  • EAP-Tunneled TLS (EAP-TTLS)
  • Favored by some for use in 802.11i
  • EAP-Protected EAP (PEAP)
  • Favored by some for use in 802.11i

17
802.11iRobust Security for Tomorrows WLANs
  • Still uses some WPA features
  • TKIP
  • 802.1X
  • Key hierarchy
  • Key management

18
802.11i
  • New cipher
  • AES block cipher replaces RC4
  • AP hardware needs to be upgraded to support more
    complex AES computations.
  • Mode of operation - AES Counter Mode Encryption
    with CBC-MAC (CCM).

19
AES-CCM Mode
Encrypted
MIC
Header
Payload
Authenticated
  • CBC-MAC used to compute MIC on header and
    payload.
  • CTR mode is used to encrypt the payload and MIC.

20
802.11i (Other Features)
  • EAP over an Ethernet LAN (EAPOL)
  • Roaming support
  • Allows clients to pre-authenticate with different
    APs, on wired or wireless LANs.
  • Independent Base Service Set (IBSS)
  • Allows clients to authenticate to each other,
    even if not in range of an AP.
  • Password-to-key mapping

21
WLAN Security Summary
Write a Comment
User Comments (0)
About PowerShow.com