Transcript WEP and WPA
WEP AND WPA by Kunmun Garabadu Wireless LAN • Hot Spot : Hotspot is a readily available wireless connection. Access Point : It serves as the communication hub so that a wireless device can gain access to a cabled network. Client Router Ethernet Cabling • Wireless Network Security vs Wired Network Security • Wireless Security Protocols • Wired Equivalent Privacy (WEP) • Wi-fi Protected Access (WPA) Why WEP ? •WEP implements part of the IEEE 802.11 standards.It was designed to protect networks from eavesdropping. Another function is to prevent unauthorised access to the network. •It operates at the data-link and physical layers. It does not provide end-to-end security. •It uses RC4 encryption which is a symmetric stream cipher to provide confidentiality •It uses 64 bit or128 bit key encryption. It uses a 24 bit initialisation vector (IV)which is randomly generated. It is used to augment the shared secret key and produce a different keystream for each packet. •It uses a CRC-32 checksum for data integrity check and this is part of the encrypted payload. Encryption is performed at the Access Point (AP) as follows : • The Integrated Check Value(ICV) is computed • The encryption key is selected • The Initialisation Vector ( IV) is generated using a pseudo random generator • The IV is appended to the key and the keystream is generated • The ICV is concated with the payload and then XORed with the generated key stream. • AP sends the IV,key number and cipher text to the client Encryption Process Decryption at the client : •Uses key number to get private key •Uses the sent IV to generate key stream •XORs the text that was received with the key stream •Computes ICV on payload •If the new ICV matches the sent ICV the packet is authenticated Decryption Process WEP’s vulnerabilities • Short and static key : Actual keyspace is 40 bits or 104 bits No easy way to exchange and distribute keys.Key change involves manually changing the key on each AP and Client. • Simple ASCII key strings are used as keys. Easy to crack by hackers. • IV is sent out in clear text usually at the starting of the packet. •IV collision. If the IV appears twice(assuming it is used with the same cipher key) it is known as a collision. Keystream is repeated every 2 ^ 24 times. This could be intercepted in a very short period of time on high traffic wireless networks.An attacker can then recover the plaintext. •No mutual authentication. Client does not authenticate the access point. Opens up the possibility for man-in-the-middle type attack. •CRC-32 is linear. If the message is manipulated the checksum can also be manipulated by a malicious user •Table Attack : Significant amount of traffic can be generated .A table of keystream/IV pairs can be created. The keystream can be obtained by doing xor of the plain text with the cipher text. This does not generate the key but can get decrypted data as long as IV/key stream pair exists for each packet •Passive Attack to Decrypt Traffic : A passive eavesdropper can snoop all packets till an IV collision occurs. Two packets having same IV can be xored to obtain the xor of the two plain-text messages. This XOR can be used to infer the contents of the packet. IP traffic is sometimes quite redundant. Educated guesses can be made to statistically reduce the possibilities of messages Sometimes is possible to get to the exact messages. •Active Attack to Inject Traffic : An attacker who gets to know the exact plain text of one encrypted message correctly can use it to construct another encrypted message. RC4(X) xor X xor Y = RC4(Y). The attacker flips bits in the encrypted message to change the contents,adjusts the CRC and sends it to the destination •Active Attack to change Header: An attacker can get to the contents of the header especially the IP destination. Can change IP address to a machine he controls. The port address also can be changed. •WEP provides minimum level of security in small network environments WPA : Wi-fi Protected Access Why WPA ? It was created to patch the security issues of WEP •WPA implements a subset of 802.11i standards. It was started as a temporary measure to replace WEP while 802.11i got fully prepared •It uses Temporal Key Integrity Protocol (TKIP) which provides for key changing dynamically. It replaces WEP without having the need to replace legacy hardware.It encrypts every`data packet with a unique key.It hashes the IV and the IV goes out encrypted.It is defined in 802.11i spec •It can work with pre-shared keys as well as use 802.1 x authentication •It uses RC4 stream cipher with a 128 bit key and a 48 bit IV The longer key and IV together defeat the key recovery attacks on WEP •It uses a solution called Michael, which is a Message Integrity Check (MIC), to thwart the checksum being corrupted issue, It uses a 32 bit Integrity Check Value(ICV).This is inserted after payload and before IV. The MIC includes a frame counter which helps to prevent replay attacks •WPA2 is the implementation of IEEE 802.11i. It implements all mandatory features specified in the standard By increasing the key size, number of keys and by providing a more secure message verification system WPA adds security to a wireless network. WPA can be used for providing more robust security in corporate environments