1
Enhancing Wireless Security with WPA
CS-265 ProjectSection: 2 (11:30 – 12:20)
Shefali Jariwala
Student ID001790660
2
Agenda
Overview of WLAN WEP and its weaknesses Promise of WPA
- Modes of Operations- Security Mechanisms
What is WPA2? Encryption Method Comparison Table Conclusions
3
WLAN Standards• 802.11 1-2 Mbps speed 2.4 GHz band• 802.11a (Wi-Fi) 54 Mbps speed 5 GHz band• 802.11b (Wi-Fi) 11 Mbps speed 2.4 GHz band• 802.11g (Wi-Fi) 54 Mbps speed 2.4 GHz band
WLAN components• Wireless Clients• Access Points
Requirements for secure WLAN• Encryption and Data Privacy• Authentication and Access Control
Overview of WLAN
4
Security Mechanism – Wired Equivalent Privacy
• Confidentiality, Access Control and Data Integrity
• Both WEP Authentication and encryption are based on a secret key shared between AP and wireless client
• WEP uses RC4 encryption algorithm
Symmetric Key stream Cipher variable length key 64 bit = 40 bit WEP key and 24 bit random number known as IV to encrypt the data
Encryption: stream cipher plaintext = cipher text Sender sends the packet = cipher text + IV to receiver Decryption: WEP key and attached IV
5
WEP Encryption
WLAN security: Current and Future, Park, J.S; Dicoi, D.; IEEE Internet Computing, Volume:7, Issue:5, Sept-Oct, 2003, 60-65
6
Two modes of authentication:
Open System ( “No Authentication”) Shared Key
WEP Authentication
Client Access Point
Authentication request Random challenge
Encrypted RC
Success/failure response
7
A single key is used for all AP’s and wireless clients
Static WEP key ~ Dynamic WEP Key
Same key used for Access Control and Encryption which gives rise to problems
Initialization Vector (IV) Reuse Ci = Pi ksi and Ci’= Pi’ ksi’
Therefore, Ci Ci’= Pi Pi’
Known Plain text attacks
WEP provides no replay protection
When WEP was available it was not always turned on
WEP Weaknesses
8
stronger security solution via standards-based interoperable security specification known as WPA (Wi-Fi specification)
WPA is a subset of 802.11i standard and maintains forward compatibility
Run as software upgrade on AP’s and NIC’s and minimizes the impact of network performance
Inexpensive in terms of cost/time to implement and addresses all WEP weaknesses
Secure all versions of 802.11 devices including 802.11b, 802.11a and 802.11g
Promise of WPA - Wireless Protected Access
9
Enterprise Mode:
- Requires an authentication server – RADIUS (Remote Authentication Dial In Service) for authentication and key distribution
- RADIUS has centralized management of user credentials
Pre-shared key (PSK) Mode:
- Does not require authentication server
- A “shared secret” is used for authentication to access point
- vulnerable to dictionary attacks
WPA - Modes of Operation
10
Enterprise Mode Diagram
http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf
11
PSK Mode Diagram
http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf
12
Needed if no authentication server is in use
“shared secret” – revealed, network security is compromised
No standardized way of changing shared secret
It increases the attacker’s effort to do decryption of messages
The more complex the shared secret is, the better it is as there are less chances of dictionary attacks
Issues of PSK Mode
13
Security Mechanisms in WPA
http://www.intel.com/ebusiness/pdf/wireless/intel/wpa_cmt_security.pdf
14
802.1X Authentication prevents end users from accessing Enterprise networks
http://www.mtghouse.com/MDC_WP_052603.pdf
15
Simpler Representation
Authenticator(Access Point)
Initiates connection
Supplicant(Wireless Client)
Port = enabledState = unauthorizedrequests identity
responds with identity
Response ACCEPT/REJECT
Supplicant’sPort = enabledState = authorized
Forwards the identity
Forwards Response
requests identity from RADIUS Forwards the request
RADIUS passes its identity
Access points forwards the identity
RADIUS
16
Mutual Authentication
http://www.mtghouse.com/MDC_WP_052603.pdf
17
TKIP is responsible for generating the encryption key, encrypting the message and verifying its integrity TKIP ensures: - Encryption key changes with every packet - Encryption key is unique for every client - TKIP encryptions keys are 256 bit long WEP Encryption key = shared secret + IV TKIP packet comprises of: - 128 bit temporal key (shared by both clients and AP) - Client Device MAC address - 48 bit IV (Packet sequence number) to prevent known plain text attacks (WEP = 24 bit IV)
TKIP – Temporal Key Integrity Protocol
18
TKIP key mixing function + temporal key = per packet key
Temporal keys - 128 bit, change frequently, definite life
MAC Address + Temporal key + four most significant octets of the packet sequence number are fed into the S-Box to generate intermediate key
Results in a unique encryption key
Then, mix the intermediate key with two least significant octets of packet sequence number = 128 bit per packet key
Each key encrypts only one packet of data and prevents weak key attacks
TKIP for Data Privacy
19
Used to enforce data integrity
“Message Integrity Code” (MIC) = 64 bit message calc. using Michael’s algorithm
MIC is inserted in the TKIP packet
The sender and the receiver each compute MIC and then compare. MIC does not match = data is manipulated
Detects potential packet content altercation due to transmission error or purposeful manipulation
Uses 64 bit key and partitions the data into 32 bit blocks
Various operations: shifts, XOR’s, additions
Michael Message Integrity Check
20
WEP vs. WPA
http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf
21
Vulnerable to Denial-of-Service Attacks
AP receives 2 data packets that fail MIC check within 60 seconds - active attack
Counter measure for AP’s which includes disassociating each client using the AP
Prevents the attacker from getting encryption keys
Users can loose network connectivity for 60 seconds
Drawbacks of WPA
22
Uses the Advanced Encryption Standard (AES)
Symmetric key block 128 bit key
Full 802.11i support including Counter Mode with CBC- MAC Protocol (CCMP) encryption
CCMP = CTR + CBC + MAC
Will require or replacement hardware (AP’s and NIC’s)
Certified Equipments due in late 2004
Upcoming WPA2
23
Encryption Method Comparison Table
WEP WPA WPA2
Cipher RC4 RC4 AES
Key Size 40 bits128 bits encryption 64
bits authentication128 bits
Key Life 24 bit IV 48 bit IV 48 bit IV
Packet Key Concatenated Mixing Function Not needed
Data Integrity CRC-32 Michael Algorithm CCM
Header Integrity None Michael Algorithm CCM
Replay Attack None IV Sequence IV Sequence
Key Management None EAP Based EAP Based
http://www.wi-fi.org/opensection/pdf/Wi-Fi_ProtectedAccessWebcast_2003.pdf
24
WEP is not secure anymore !
WPA solves almost all WEP weaknesses
WPA still considered secure and provides secure authentication, encryption and access control
WPA is not yet broken…!
WPA2 is a stronger cipher than WPA and will provide robust security for WLANs
Conclusions
25
References
WLAN security: Current and Future, Park, J.S; Dicoi, D.; IEEE Internet Computing, Volume:7, Issue:5, Sept-Oct, 2003, 60-65
Wireless networking security: Security flaws in 802.11 data link protocols, Nancy Cam-Winget, Russ Housley, David Wagner, Jesse Walker; Communications of the ACM-Volume 46, Issue 5 (May 2003), Pages 35-39
http://www.cizgi.com.tr/makaleler/seminer/S2-1.pdf
http://www.dtm.ca/download/wireless_toshiba.pdf
http://www.intel.com/ebusiness/pdf/wireless/intel/wpa_cmt_security.pdf
http://www.mtghouse.com/MDC_WP_052603.pdf
26
http://www.sans.org/rr/papers/68/1109.pdf
http://www.sans.org/rr/papers/68/1301.pdf
http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf
http://www.wi-fi.org/opensection/pdf/Wi- Fi_ProtectedAccessWebcast_2003.pdf
http://www.hackfaq.org/wireless-networks/wpa-wi-fi-protected-access.shtml
http://techrepublic.com.com/5100-6265-5060773.html
References