Wireless LAN Security

1
Wireless LAN Security

• Presented by
• Pallavi Priyadarshini
• Student ID 003503527

2
Agenda

• Brief background on Wireless LAN
• Basic security mechanisms in 802.11
• WEP Vulnerabilities
• Enhancing wireless security with WPA
• Comparing WEP and WPA
• Conclusion

3
Brief Background

• A local area network (LAN) with no wires
• Several Wireless LAN (WLAN) standards
• 802.11 - 1-2 Mbps speed, 2.4Ghz band
• 802.11b (Wi-Fi) 11 Mbps speed, 2.4Ghz band
• 802.11a (Wi-Fi) - 54 Mbps speed, 5Ghz band
• 802.11g (Wi-Fi) 54 Mbps speed, 2.4Ghz band

4
Wireless network components
5
Security Challenges and Solutions

• Challenges
• Beyond any physical boundaries
• Encryption, Authentication and Integrity
• Basic Security Mechanisms in 802.11
• Service Set ID (SSID) Acts like a shared
  secret, but sent in clear.
• MAC Address Lists Modifiable and also sent in
  clear.
• The WEP Algorithm

6
More on WEP

• Stands for Wired Equivalent Privacy
• Designed to encrypt data over radio waves
• Provides 3 critical pieces of security
• Confidentiality (Encryption)
• Authentication
• Integrity
• Uses RC4 encryption algorithm
• Symmetric key stream cipher
• 64-bit shared RC4 keys, 40-bit WEP key, 24-bit
  plaintext Initialization Vector (IV)

7
WEP Encryption and Integrity
Message
Data payload
PRNG RC4 Pseudorandom number generation
algorithm
8
WEP Authentication

• 2 levels of authentication
• Open No authentication
• Shared secret

Request for shared key auth.
Station B
Station A
Nonce N
E(N, KA-B)
Authentication response
9
WEP The flawed Solution

• Weakness in key management
• Single key for all access points and client
  radios
• Static unless manually changed
• Authentication and encryption keys are the same
• Shared key authentication failure
• No knowledge of secret to gain network access
• WEPPRC ? P (where C, P are passively recorded)

Authentication request
Attacker
Challenge R
AP
WEPPR ? R
Success
10
WEP The flawed Solution (contd.)

• Weakness in Encryption
• Short 24-bit IV, reuse mandatory
• Weak per-packet key derivation - exposes RC4
  protocol to weak key attacks. Given c1 and c2
  with same IV, c1? c2 p1?p2 p1? S ? p2 ? S,
  leading to statistical attacks to recover
  plaintexts
• Short 40-bit encryption scheme
• No forgery protection
• Using CRC-32 checksum possible to recompute
  matching ICV for changed data bits
• Given C RC4(IV, key) ? ltM, ICV(M)gt, can find C
  that decrypts to MM? such that C RC4(IV,
  key) ? ltM, ICV(M)gt

11
WEP The flawed Solution (contd.)

• No protection against replays
• Optional, mostly not turned on by users

12
Design Constraints

• WEP patches will rely entirely on software
  upgrade
• Access points have little spare CPU capacity for
  new functions
• Encryption functions are hard-wired in the access
  points

13
Enhancing WLAN Security with WPA

• WPA - Wireless Protected Access
• Strong, standards based, interoperable security
  for Wi-Fi
• Addresses all known weaknesses of WEP
• Subset of forthcoming IEEE 802.11i standard
• Designed to run as a software upgrade on most
  Wi-Fi certified products.

14
Security Mechanisms in WPA - TKIP

• Uses TKIP (Temporal Key Integrity Protocol)
  Encryption.
• Suite of algorithms wrapping WEP
• Adds 4 new algorithms to WEP
• New cryptographic message integrity code (MIC)
  called Michael - to defeat forgeries
• New IV sequencing discipline - to remove replay
  attacks
• A re-keying mechanism to provide fresh
  encryption and integrity keys

15
More on TKIP

• A per-packet key mixing function
• Phase 1 (Eliminates same key use by all links) -
  Combines MAC address and temporal key. Input to
  S-box to produce intermediate key
• Phase 2 (De-correlates IVs and per-packet keys) -
  Packet sequence number encrypted under the
  intermediate key using a fiestel cipher to
  produce 128-bit per packet key.
• TKIP leverages 802.1X/EAP framework for key
  management

16
802.1X/EAP Architecture
Supplicant (wireless client)
Authenticator (AP)
Authentication Server (RADIUS)
EAP-start
EAP-identity request
EAP-identity response
EAP success/reject
EAP success/reject
17
WPA Modes of Operation - Pre-shared key vs.
Enterprise

• Pre-shared Key Mode for home/SOHO users
• Does not require authentication server
• Shared Secret or password entered manually in
  the AP and wireless client.
• WPA takes over automatically.
• Only the clients with matching passwords are
  allowed to join the network.
• The password automatically kicks off the TKIP
  encryption process.
• Enterprise Mode for corporate users
• Requires an authentication server like RADIUS
• Centralized management of user credentials

18
WPA modes of operation Enterprise Mode
Wired Network Services
19
WEP vs. WPA
WEP WPA
Encryption Flawed Fixes all WEP flaws
40-bit keys 128-bit keys
Static-same keys used by everyone on network Dynamic session keys. Per-user, per-session, per-packet keys
Manual distribution Automatic Distribution
Authentication Flawed, uses WEP key itself Strong user authentication using 802.1X and EAP
20
Comparing WPA and 802.11i
802.11i
802.1X
Key management
Cipher Authentication negotiation
TKIP
AES
WPA
21
Conclusion

• WPA is not an ideal security protocol design
• However, it is a dramatic improvement in Wi-Fi
  security.
• Has not been broken (yet).
• Protects the original hardware investment.
• If hardware constraint removed, a more robust
  security solution possible.
• Such a solution is being developed based on a
  even stronger cryptographic cipher - Advanced
  Encryption Standard (AES).

22
References

• 1 Bruce Potter Bob Fleck, 802.11 Security,
  O-Reilly, December 2002
• 2James larocca Ruth larocca, 802.11
  Demystified, McGraw-Hill Telecom, 2002
• 3Whitepaper on Wireless LAN Security on
  http//www.wi-fi.org
• 4http//www.ieee802.org/1/pages/802.1x.html