Enhancing Wireless Security with WPA

1
Enhancing Wireless Security with WPA

• CS-265 Project
• Section 2 (1130 1220)
• Shefali Jariwala
• Student ID
• 001790660

2
Agenda

• Overview of WLAN
• WEP and its weaknesses
• Promise of WPA
• - Modes of Operations
• - Security Mechanisms
• What is WPA2?
• Encryption Method Comparison Table
• Conclusions

3
Overview of WLAN

• WLAN Standards
• 802.11 1-2 Mbps speed 2.4
  GHz band
• 802.11a (Wi-Fi) 54 Mbps speed
  5 GHz band
• 802.11b (Wi-Fi) 11 Mbps speed 2.4
  GHz band
• 802.11g (Wi-Fi) 54 Mbps speed 2.4
  GHz band
• WLAN components
• Wireless Clients
• Access Points
• Requirements for secure WLAN
• Encryption and Data Privacy
• Authentication and Access Control

4
Security Mechanism Wired Equivalent Privacy

• Confidentiality, Access Control and Data
  Integrity
• Both WEP Authentication and encryption are
  based on a secret key shared between AP and
  wireless client
• WEP uses RC4 encryption algorithm
• Symmetric Key stream Cipher
• variable length key
• 64 bit 40 bit WEP key and 24 bit random
  number known as IV to encrypt the data
• Encryption stream cipher ? plaintext cipher
  text
• Sender sends the packet cipher text IV to
  receiver
• Decryption WEP key and attached IV

5
WEP Encryption
WLAN security Current and Future, Park, J.S
Dicoi, D. IEEE Internet Computing, Volume7,
Issue5, Sept-Oct, 2003, 60-65
6
WEP Authentication

• Two modes of authentication
• Open System ( No Authentication)
• Shared Key

Client
Access Point
Authentication request
Random challenge
Encrypted RC
Success/failure response
7
WEP Weaknesses

• A single key is used for all APs and wireless
  clients
• Static WEP key Dynamic WEP Key
• Same key used for Access Control and Encryption
  which gives rise to problems
• Initialization Vector (IV) Reuse
• Ci Pi ? ksi and Ci Pi ? ksi
• Therefore, Ci ? Ci Pi ? Pi
• Known Plain text attacks
• WEP provides no replay protection
• When WEP was available it was not always turned
  on

8
Promise of WPA - Wireless Protected Access

• stronger security solution via standards-based
  interoperable security specification known as WPA
  (Wi-Fi specification)
• WPA is a subset of 802.11i standard and
  maintains forward compatibility
• Run as software upgrade on APs and NICs and
  minimizes the impact of network performance
• Inexpensive in terms of cost/time to implement
  and addresses all WEP weaknesses
• Secure all versions of 802.11 devices
  including 802.11b, 802.11a and 802.11g

9
WPA - Modes of Operation

• Enterprise Mode
• Requires an authentication server RADIUS
• (Remote Authentication Dial In Service) for
  authentication and key distribution
• RADIUS has centralized management of user
  credentials
• Pre-shared key (PSK) Mode
• Does not require authentication server
• A shared secret is used for authentication
  to access point
• vulnerable to dictionary attacks

10
Enterprise Mode Diagram
http//www.wi-fi.org/opensection/pdf/whitepaper_wi
-fi_security4-29-03.pdf
11
PSK Mode Diagram
http//www.wi-fi.org/opensection/pdf/whitepaper_wi
-fi_security4-29-03.pdf
12
Issues of PSK Mode

• Needed if no authentication server is in use
• shared secret revealed, network security is
  compromised
• No standardized way of changing shared secret
• It increases the attackers effort to do
  decryption of messages
• The more complex the shared secret is, the
  better it is
• as there are less chances of dictionary attacks

13
Security Mechanisms in WPA
http//www.intel.com/ebusiness/pdf/wireless/intel/
wpa_cmt_security.pdf
14
802.1X Authentication prevents end users from
accessing Enterprise networks
http//www.mtghouse.com/MDC_WP_052603.pdf
15
Simpler Representation
Authenticator (Access Point)
Supplicant (Wireless Client)
RADIUS
Initiates connection
Port enabled State unauthorized
requests identity
responds with identity
Forwards the identity
Forwards Response
Supplicants Port enabled State authorized
Response ACCEPT/REJECT
requests identity from RADIUS
Forwards the request
Access points forwards the identity
RADIUS passes its identity
16
Mutual Authentication
http//www.mtghouse.com/MDC_WP_052603.pdf
17
TKIP Temporal Key Integrity Protocol

• TKIP is responsible for generating the
  encryption key, encrypting the message and
  verifying its integrity
• TKIP ensures
• - Encryption key changes with every packet
• - Encryption key is unique for every client
• - TKIP encryptions keys are 256 bit long
• WEP Encryption key shared secret IV
• TKIP packet comprises of
• - 128 bit temporal key (shared by both
  clients and AP)
• - Client Device MAC address
• - 48 bit IV (Packet sequence number) to
  prevent known plain text attacks (WEP 24 bit
  IV)

18
TKIP for Data Privacy

• TKIP key mixing function temporal key per
  packet key
• Temporal keys - 128 bit, change frequently,
  definite life
• MAC Address Temporal key four most
  significant octets of the packet sequence number
  are fed into the S-Box to generate intermediate
  key
• Results in a unique encryption key
• Then, mix the intermediate key with two least
  significant octets of packet sequence number
  128 bit per packet key
• Each key encrypts only one packet of data and
  prevents weak key attacks

19
Michael Message Integrity Check

• Used to enforce data integrity
• Message Integrity Code (MIC) 64 bit
  message calc. using Michaels algorithm
• MIC is inserted in the TKIP packet
• The sender and the receiver each compute MIC
  and then compare. MIC does not match
  data is manipulated
• Detects potential packet content altercation
  due to transmission error or purposeful
  manipulation
• Uses 64 bit key and partitions the data into
  32 bit blocks
• Various operations shifts, XORs, additions

20
WEP vs. WPA
http//www.wi-fi.org/opensection/pdf/whitepaper_wi
-fi_security4-29-03.pdf
21
Drawbacks of WPA

• Vulnerable to Denial-of-Service Attacks
• AP receives 2 data packets that fail MIC check
  within 60 seconds -? active attack
• Counter measure for APs which includes
  disassociating each client using the AP
• Prevents the attacker from getting encryption
  keys
• Users can loose network connectivity for 60
  seconds

22
Upcoming WPA2

• Uses the Advanced Encryption Standard (AES)
• Symmetric key block 128 bit key
• Full 802.11i support including Counter Mode
  with CBC- MAC Protocol (CCMP) encryption
• CCMP CTR CBC MAC
• Will require or replacement hardware (APs and
  NICs)
• Certified Equipments due in late 2004

23
Encryption Method Comparison Table
http//www.wi-fi.org/opensection/pdf/Wi-Fi_Protect
edAccessWebcast_2003.pdf
24
Conclusions

• WEP is not secure anymore !
• WPA solves almost all WEP weaknesses
• WPA still considered secure and provides secure
  authentication, encryption and access control
• WPA is not yet broken!
• WPA2 is a stronger cipher than WPA and will
  provide robust security for WLANs

25
References

• WLAN security Current and Future, Park, J.S
  Dicoi, D. IEEE Internet Computing, Volume7,
  Issue5, Sept-Oct, 2003, 60-65
• Wireless networking security Security flaws in
  802.11 data link protocols, Nancy Cam-Winget,
  Russ Housley, David Wagner, Jesse Walker
  Communications of the ACM-Volume 46, Issue 5 (May
  2003), Pages 35-39
• http//www.cizgi.com.tr/makaleler/seminer/S2-1.pdf
  
• http//www.dtm.ca/download/wireless_toshiba.pdf
• http//www.intel.com/ebusiness/pdf/wireless/intel/
  wpa_cmt_security.pdf
• http//www.mtghouse.com/MDC_WP_052603.pdf

26
References

• http//www.sans.org/rr/papers/68/1109.pdf
• http//www.sans.org/rr/papers/68/1301.pdf
• http//www.wi-fi.org/opensection/pdf/whitepaper_wi
  -fi_security4-29-03.pdf
• http//www.wi-fi.org/opensection/pdf/Wi-
  Fi_ProtectedAccessWebcast_2003.pdf
• http//www.hackfaq.org/wireless-networks/wpa-wi-fi
  -protected-access.shtml
• http//techrepublic.com.com/5100-6265-5060773.html