802'11 Wireless Security

1
802.11 Wireless Security

• Wired Equivalent Privacy (WEP)
• Wi-Fi Protection Access (WPA)

Daniel Nysveen
2
WEP

• First 802.11 wireless security protocol
• Goals
• Confidentiality
• Access Control
• Integrity

3
Key Stream

• Uses RC4 Encryption Cipher
• 40-bit or 104-bit secret key
• Shared between the communicating devices.
• 24-bit Initialization vector
• Randomly generated number
• Sent unencrypted

4
XOR

• Plaintext is XOR with key stream
• A 1 is returned if either the plaintext or key
  stream bit is a 1
• If neither bit is a 1 or both bits are 1 then a 0
  is returned

5
Integrity

• Plaintext is hashed
• CRC-32 hash function
• Concatenated to the end of the plaintext message

6
Everything Put together
Initialization Vector
M checksum key stream
7
WEP Vulnerabilities

• Both 40 and 104 bit keys are easy to break
• Key stream reuse
• No frame counter
• CRC-32 checksum is weak

8
Problems with WEPs Key Stream and reuse

• Secret key never changes only the Initialization
  Vectors
• Initialization Vectors are sent unencrypted
• If two messages with the same initialization
  vector are intercepted it is possible to obtain
  the plaintext
• Initialization Vectors are commonly reused
• Initialization Vectors can be used up in less
  than 1 hour

9
No Frame Counter

• Attackers can inject a known plaintext and
  re-capture the ciphertext
• Leaves WEP susceptible to Replay Attacks.

10
Weak Hash Function

• Only meant to correct random errors, not
  tampering
• Vulnerable to collisions and it is possible that
  a sequence of bits in the ciphertext could be
  flipped that would generate the same checksum

11
Breaking WEPs Secret Key

• Brute force attack
• 40-bit key generators use a 32-bit seed
• Only values from 00000000 - 007f7f7f need
  to be checked
• Tim Newsham cracked a 40-bit WEP key in 35
  seconds
• 104-bit keys are not much stronger
• Takes about 2 hours when injecting packets using
  aircrack

12
WPA

• Designed to fix WEPs problems
• Backwards compatible with WEP
• Not as secure as it could be
• Subset of 802.11i
• WEP hardware does not fully support 802.11i

13
WPA Fixes

• Non-static secret key
• Initialization Vectors are used more effectively
• Message Origin Authentication
• Better Integrity
• Includes a Frame Counter

14
Temporal Key Integrity Protocol(TKIP)

• Secret key created during 4-way handshake
  authentication
• Dynamically changes secret key
• Function used to create new keys based on the
  original secret key created during authentication

15
TKIP Continued

• Initialization Vectors increased to 48-bits
• First 4-bits indicate QoS traffic class
• Remaining 44-bits are used as a counter
• Over 500 trillion key streams possible
• Initialization Vectors are hashed
• Harder to detect key streams with the same
  Initialization Vectors

16
Authentication

• WPA Enterprise
• Uses Authentication servers
• Users must login to Authentication servers before
  allowed access to network
• WPA Personal
• Similar to WEP, Pre-Shared Key generated and
  shared between communication devices.
• Primarily used because less expensive and simpler

17
Integrity

• Plaintext message is hashed
• Message Integrity Check called Michael
• Protects messages integrity and provides
  authentication
• Creates a 64-bit Message Integrity Code (MIC)
  based on sender and receivers MAC Addresses
• The MIC is sent encrypted between data and
  message hash

18
Michael Continued

• If 2 MIC failures are detected in less than 1
  minute the network is shutdown for 1 minute and
  new temporal keys are generated
• This defends against a brute force attack
• Attacker cannot inject packets to get chiphertext

19
WPA Put together
IV Key ID Frame
Counter
M MIC checksumkey stream
20
WPA Vulnerabilities

• Denial-of-Service attack
• Pre-Shared Key Dictionary attack

21
Denial- of- Service attack

• Attacker inject or corrupt packets
• Michael would continuously shutdown network.
• IV and Message Hash checked before MIC to reduce
  the number of false positives
• Only way around this is to use WEP

22
Dictionary Attack

• Weak Pass phrase used to generate Pre-Shared key
• 14 characters or less that form words
• More than 14 characters that do not form words is
  almost impossible to crack
• Use Ethereal along with WPA Cracker or coWPAtty

23
Wireless security still not perfect

• Best Buy stopped using wireless scanners because
  attackers could gain access to customers credit
  card information
• Secretary of Defense banned the use of many
  wireless devices in the Pentagon until the
  military develops their own security protocol

24
New Standards

• 802.11i
• WPA2
• Replaces RC4 algorithm with AES
• Replace Michael with a better Message
  Authentication Code
• Not Compatible with all older Hardware
• Microsoft and Apple have released software
  updates

25
Conclusion

• WEP is extremely weak and fails to meet any of
  its goals
• WPA fixes most of WEPs problems but adds some
  new vulnerabilities
• WPA2 is expect to make wireless networks as
  secure as wired networks.

26
Sources

• Wi-Fi Alliance. "Wi-Fi Protected Access Strong,
  Standards-Based, Interoperable Security for
  Todays Wi-Fi Networks." 29 April 2003
• IEEE Standards, "802.11i", IEEE Computer Society,
  23 July 2004
• Batista Elisa WiFi Encryption Not Perfect,
  Wired News lthttp//www.wired.com/news/business/0,1
  367,56350,00.html?twwn_story_page_prev21gt15
  November 2002
• Batista Elisa WiFi Networks Too Risky, Wired
  News lthttp//www.wired.com/news/business/0,1367,55
  556,00.htmlgt 8 October 2002
• Tech FAQ, "What is XOR Encryption
• lthttp//www.tech-faq.com/xor-encryption.shtmlgt
• Nikita Borisov, Ian Goldberg, David Wagner.
  "Intercepting Mobile Communications The
  Insecurity of 802.11." UC Berkeley WEP Security
  Analysis Presentation