WiFi security

1
WiFi security
2
Wireless vs hardwire

• No control over accessing NICs
• Shared AP (possible sniffing)

• Only attached NICs
• Switch-based installations

Figure 1
Result Wifi is unprotected and insecure
3
WEP

• First attempt to provide built-in security (part
  of 802.11 spec.)
• Uses RC4 ciphering for confidentiality
• Uses CRC-32 for integrity checks
• 40-bit and 104-bit keys 24 bit initialisation
  vector
• FLAWS
• WEP is optional (mostly not used by vendors in
  default configurations)
• Single static shared key
• Initialization vector (transmitted transparently)

4
WEP weaknesses

• RC4 proved easily breakable by eavesdropping
  larger amount of communication (cipher key can be
  calculated)
• RC4 principle
• Secret internal state vector initialized by
  IVkey
• Keystream generation

for i from 0 to 255 Si i j 0 for i
from 0 to 255 j (j Si keyi mod l)
mod 256 swap(Si,Sj)
5
WPA

• Enhancement over WEP (key changes every packet)
• Uses the same principles as WEP
• 128 bit key 48 bit initialisation vector
• MIC (message integrity check) instead of CRC
• MICkeymessageframe counter hash gt integrity
  and authenticity check at once
• Incorporates TKIP (Temporal Key Integrity
  Protocol)
• Key changes for every packet
• IV is also hashed by TKIP
• Two modes
• Pre-shared key
• Authentication server (EAP extensible
  authentication protocol)

6
WPA 2 (802.11i)

• Enhancement over WPA
• Uses the same principles but instead of RC4
  stream cipher new AES (Advanced Encryption
  Standard) block cipher is used (www.wikipedia.org
  -AES,802.11i)

• The AP sends a nonce-value to the STA (ANonce).
  The STA sends its own nonce-value (SNonce) to the
  AP together with a MIC.
• The AP sends the GTK and a sequence number
  together with another MIC. The sequence number is
  the sequence number that will be used in the next
  multicast or broadcast frame
• The STA sends a confirmation to the AP.

7
How to protect (higher levels)

• Dont broadcast SSID
• Use encryption if available (highest standard
  with longest possible key)
• Change the default settings of your APs
• Dont provide wireless access to the APs
  administration
• Use MAC based Access Control List
• Use static IP addresses
• Treat every AP as untrusted for LAN and Internet
  access
• Protect wireless endpoints with internal firewall
• Use authentication server if available