You are on page 1of 19

Encryption/Privacy/Authentication Project Report

Wireless Networks
Chris H, Chris R, Mindy C
04/27/07

Table of Contents
1
2

Overview......................................................................................................................4
Procedure.....................................................................................................................4
2.1
Packet Capture.....................................................................................................4
2.1.1
Overview......................................................................................................4
2.1.2
Procedure.....................................................................................................4
2.2
Encryption Cracking............................................................................................6
2.2.1
Overview......................................................................................................6
2.2.2
Procedure.....................................................................................................6
3
Results..........................................................................................................................8
3.1
Packet Capture.....................................................................................................8
3.1.1
Overview......................................................................................................8
3.1.2
Data..............................................................................................................8
3.2
Encryption Cracking..........................................................................................14
3.2.1
Overview....................................................................................................14
3.2.2
Data............................................................................................................15
4
Summary and Conclusions........................................................................................19

Table of Figures
Figure 1 - WEP64 Authentication........................................................................................9
Figure 2 - WEP128 Authentication......................................................................................9
Figure 3 WPA Personal TKIP Authentication...................................................................9
Figure 4 - WPA Personal AES Authentication.....................................................................9
Figure 5 - WPA2 Personal TKIP/AES Authentication......................................................10
Figure 6: Kismet Capturing Traffic...................................................................................15
Figure 7: Encrypted Traffic................................................................................................15
Figure 8: Network Selection..............................................................................................16
Figure 9: Key Found..........................................................................................................16
Figure 10: Failed crack attempt........................................................................................17
Figure 11: Airodump-ng capturing WEP traffic................................................................17
Figure 12: Airodump-ng capturing WPA traffic................................................................17
Figure 13: Aireplay-ng attempting to generate a handshake.............................................18
Figure 14: WPA Handshake Confirmation........................................................................18
Figure 15: WPA Key Found...............................................................................................18
Figure 16: WPA2 Key Found...........................................................................................19

1 Overview
Our goal was to evaluate the relative security between WEP 64-bit, WEP 128-bit, WPA,
and WPA2. The methods of evaluation were broken into two main efforts, cracking &
evaluation/setup of each system. Our encryption attacking efforts consisted of using a
range of tools to breach the security of each wireless protection scheme. The results of
our attempts have been recorded in this report. The other piece of our evaluation
consisted of setting up each security protocol, capturing traces, and comparing
data/communication.

2 Procedure
2.1 Packet Capture
2.1.1 Overview
The setup for these sets of experiments was accomplished in the ITL Wireless Evaluation
Network (ITL-WEN). The setup consisted of a Linksys N Access Point connected to a
server. The server acted as a host for two other machines with wireless network cards.
One of the clients was setup to connect, download, and generate traffic for the other
machine to capture traffic via Wireshark. Below we have listed the steps taken to setup
each protocol, connect to the access point, generate traffic, and trace the traffic.

2.1.2 Procedure
1) Wired Equivalent Privacy (WEP)
A) WEP 64 bit encryption (wep64.pcap)
1. Set the security on the Linksys to WEP, with 64 bit encryption.
2. Passphrase set to: goknights
3. After clicking generate 4 keys were created.
4. Save configuration.
5. On tracing machine, start trace.
6. On ITL-Wireless-1, connect to the test network by typing one of the keys.
7. Connect to: 192.168.1.102/files.
8. Begin downloading file FC-6-1386-disc1.iso
9. After about a minute of downloading, cancel the download.
10. Disconnect ITL-Wireless-1 from the test network.
11. On tracing machine: stop trace, save file.

B) WEP-128 bit encryption (wep128.pcap)


1. Set the security on the Linksys to WEP, with 128 bit encryption.
2. Passphrase set to: goknights
3. After clicking generate 4 keys were created.
Example of 128 bit key:7A08BC60865F25EA684F4801FA (Yikes!)
4. Save configuration.
5. On tracing machine, start trace.
6. On ITL-Wireless-1, connect to the test network by typing one of the keys.
7. Connect to: 192.168.1.102/files.
8. Begin downloading file FC-6-1386-disc1.iso
9. After about a minute of downloading, cancel the download.
10. Disconnect ITL-Wireless-1 from the test network.

5
11. On tracing machine: stop trace, save file.

2) WiFi Protected Access (WPA) Personal


A) WPA TKIP encryption (wpa-Personal-TKIP.pcap)
1. Set the security on the Linksys to WPA Personal, with TKIP encryption.
2. Pre-shared key: 7A85B6E2
3. Save configuration.
4. On tracing machine, start trace.
5. On ITL-Wireless-1, connect to the test network by typing in the pre-shared
key.
6. Connect to: 192.168.1.102/files.
7. Begin downloading file FC-6-1386-disc1.iso
8. After about a minute of downloading, cancel the download.
9. Disconnect ITL-Wireless-1 from the test network.
10. On tracing machine: stop trace, save file.

B) WPA AES encryption (wpa-Personal-AES.pcap)


1. Set the security on the Linksys to WPA Personal, with AES encryption.
2. Pre-shared key: 7A85B6E2
3. Save configuration.
4. On tracing machine, start trace.
5. On ITL-Wireless-1, connect to the test network by typing in the pre-shared
key.
6. Connect to: 192.168.1.102/files.
7. Begin downloading file FC-6-1386-disc1.iso
8. After about a minute of downloading, cancel the download.
9. Disconnect ITL-Wireless-1 from the test network.
10. On tracing machine: stop trace, save file.

3) WiFi Protected Access 2 (WPA2) Personal


A) WPA2 AES encryption
1. Set the security on the Linksys to WPA2 Personal, with AES encryption.
2. Pre-shared key: 7A85B6E2, 7A85B6A7 (tried twice)
3. Save configuration.
4. On tracing machine, tried connecting with two different pre-shared keys.
Unable to connect.

B) WPA2 TKIP or AES encryption (wpa2-Personal-(TKIP-AES).pcap)


1. Set the security on the Linksys to WPA2 Personal, with TKIP or AES
encryption.
2. Pre-shared key: 7A85B6A7
4. Save configuration.
5. On tracing machine, start trace.
6. On ITL-Wireless-1, connect to the test network by typing in the pre-shared
key.
7. Connect to: 192.168.1.102/files.
8. Begin downloading file FC-6-1386-disc1.iso
9. After about a minute of downloading, cancel the download.
10. Disconnect ITL-Wireless-1 from the test network.
11. On tracing machine: stop trace, save file.

4) Security Disabled (noSecurity.pcap)


1. Set the security on the Linksys to Security Disabled.
2. Save configuration.
3. On tracing machine, connect to the test network. *The message when connecting says,
connection established, however on the networks interface, it says not
connected to the
network.

6
4. Connect to: 192.168.1.102/files.
5. Begin downloading file FC-6-1386-disc1.iso
6. After about a minute of downloading, cancel the download.
7. Disconnect ITL-Wireless-1 from the test network.
8. On tracing machine: stop trace, save file.

2.2 Encryption Cracking


2.2.1 Overview
The setup for the encryption cracking portion of our project was accomplished in a
private residence away from Clarkson Universitys wireless network. A Linksys WRT54G wireless router was configured as solely an access point. It served as the main
connection to the Internet. This access point was running dd-wrt firmware, which allows
access to advanced options for the router. Two laptops were used to generate traffic one
running Windows 2000 and another running Mac OSX. The third laptop running Ubuntu
was used to capture traffic as well as was used to crack the three encryptions WEP, WPA,
WPA2. The program airodump-ng was used to capture the initialization vectors and
handshakes from the different encryption. Aircrack-ng was used to break each encyption
was enough packets were captured.

2.2.2 Procedure
1) Wired Equivalent Privacy (WEP)
A) WEP 64 bit encryption
1. Set the security on the Linksys to WEP, with 64 bit encryption.
2. Renamed router to test.
3. Save settings.
4. Passphrase set to: test
5. After clicking generate 4 keys were created.
6. Save settings.
7. On tracing machine, start trace to capture on channel 6.
Command: airodump-ng --ivs c 6 eth1
8. Connect to: test network (10.0.0.2).
9. Connect to: http://www.hp.com
10. Begin downloading large driver files > 200 MB each
11. Watch airodump-ng till about 500,000 initialization vectors.
12. Stop trace on tracing machine, stop airodump-ng.
13. Start aircrack-ng to begin cracking WEP
Command: aircrack ng a 1 n 64 WEP-64-Capture.dump
14. Wait for one of two outcomes from aircrack-ng
1. Key Found [network key contained here]
2. Try capturing more packets and try again.

B) WEP 128 bit encryption


1. Set the security on the Linksys to WEP, with 128 bit encryption.
2. Renamed router to test.
3. Save settings.
4. Passphrase set to: test
5. After clicking generate 4 keys were created.
6. Save settings.
7. On tracing machine, start trace to capture on channel 6.

7
Command: airodump-ng --ivs c 6 eth1
8. Connect to: test network (10.0.0.2).
9. Connect to: http://www.hp.com
10. Begin downloading large driver files > 200 MB each
11. Watch airodump-ng till about 1.5 million initialization vectors.
12. Stop trace on tracing machine, stop airodump-ng.
13. Start aircrack-ng to begin cracking WEP
Command: aircrack ng a 1 n 128 wep128_cap-01.ivs
14. Wait for one of two outcomes from aircrack-ng
1. Key Found [network key contained here]
2. Try capturing more packets and try again.

2) Wi-Fi Protected Access (WPA, WPA2)


A) WPA
1. Set the security on the Linksys to WPA with TKIP.
2. Renamed router to test.
3. Save settings.
4. Passphrase set to: engineering
5. After clicking generate 4 keys were created.
6. Save settings.
7. On tracing machine, start trace to capture on channel 6.
Command: airodump-ng c 6 eth1
8. Connect to: test network (10.0.0.2).
9. Disconnect laptop running Mac OS X
11. Reconnect laptop to generate a WPA handshake.
12. Stop trace on tracing machine, stop airodump-ng.
13. Start aircrack-ng to begin cracking WPA
Command: aircrack ng w length11.txt WPA-09.cap
14. Choose network that needs to be cracked: 1, 2, etc.
14. Wait for one of two outcomes from aircrack-ng
1. Key Found [network key contained here]
2. Key Not Found.

B) WPA2
1. Set the security on the Linksys to WPA2 with TKIP.
2. Renamed router to test.
3. Save settings.
4. Passphrase set to: construction
5. After clicking generate 4 keys were created.
6. Save settings.
7. On tracing machine, start trace to capture on channel 6.
Command: airodump-ng c 6 eth1
8. Connect to: test network (10.0.0.2).
9. Disconnect laptop running Mac OS X
11. Reconnect laptop to generate a WPA handshake.
12. Stop trace on tracing machine, stop airodump-ng.
13. Start aircrack-ng to begin cracking WPA
Command: aircrack ng w length12.txt WPA2-02.cap
14. Choose network that needs to be cracked: 1, 2, etc.
14. Wait for one of two outcomes from aircrack-ng
1. Key Found [network key contained here]
2. Key Not Found.

3 Results
3.1 Packet Capture
3.1.1 Overview
Our capturing efforts resulting in six different capture files:
noSecurity.pcap
wep64.pcap
wep128.pcap
wpa-Personal-AES.pcap
wpa-Personal-TKIP.pcap
wpa2-Personal-(TKIP-AES).pcap
We made sure that we filtered out traffic from other network devices so that we were
ONLY evaluating traffic on the ITL-WEN. Using a range of filters we evaluated the
different capture files and did comparisons between each capture file.

3.1.2 Data
To make sure that we were only evaluating traffic between the ITL-WEN we applied a
filter to the MAC addresses of every packet:
wlan.bssid == 00:18:f8:c5:5d:3e

After we applied this filter we also used a few other filters to look more closely at
particular packets. To filter out beacon frames we applied the following filter:
(wlan.fc.type_subtype != 8)

Filtering of probe frames was accomplished via the below filter:


(wlan.fc.type_subtype != 5) && (wlan.fc.type_subtype != 4)

Finally to just look at the authentication frames we applied the following expression:
(llc.type == 0x888e) || (wlan.fc.type_subtype == 11) ||
(wlan.fc.type_subtype == 0) || (wlan.fc.type_subtype == 1) ||
(wlan.fc.type_subtype == 12)

3.1.2.1 Authentication
This filter also allowed us to observe the key being passed to the server. Figure 1 through
5 show the results of filtering out everything but the authentication process. There are
some simple observations that can be made from just comparing each authentication
process. The authentication process involves the station sending some authentication

9
frames. Then the station must associate with the AP by sending an Association Request.
The AP grants access by returning with an Association Response.
WEP64 and WEP128 appear very similar in their authentication process. The
authentication time is hardly different between the two protocols. There is a much more
noticeable difference between WEP and WPA. The biggest difference is the presence of
KEY frames. The process of transferring a key appears to take about a second on a B/G
Mixed network.
WEP64 Authentication

Figure 1 - WEP64 Authentication

WEP128 Authentication

Figure 2 - WEP128 Authentication

WPA Personal TKIP Authentication

Figure 3 WPA Personal TKIP Authentication

WPA Personal AES Authentication

10

Figure 4 - WPA Personal AES Authentication

WPA2 Personal TKIP/AES Authentication

Figure 5 - WPA2 Personal TKIP/AES Authentication

Security
WEP64
WEP128
WPA Personal TKIP
WPA Personal AES
WPA2 TKIP/AES

Authentication Time (Seconds)


.0047
.0049
1.013
1.012
1.013

The table above summarizes the length of time, in seconds, it takes to complete the
authentication periods for each of the security schemes tested. Although the time
difference seems minimal, less than a second, WPAs authentication period is at least 200
times that of WEP.

3.1.2.2 WPAs Encryption


There are two types of encryption options for WPA Pre-Shared Key, both of which were
tested in this exercise, TKIP and AES. Temporal Key Integrity Protocol (TKIP) uses a
stronger encryption method and incorporates Message Integrity Code (MIC), shown in
figure 6, providing protection against hackers. This MIC enables devices to authenticate
that the packets are coming from the claimed source. This authentication is important
since in wireless technology traffic can be easily injected.
Since WPA was created to correct deficiencies in the older WEP standard, it was
important that TKIP work on the legacy hardware. For this reason, TKIP, like WEP, use a
key scheme based on RC4. However, unlike WEP, TKIP ensures that every data packet is
sent with its own unique encryption key with per-packet key mixing. TKIPs encryption
keys are also stronger, since they are 256 bits long.

11
While WEP generates the key using the shared secret key and the IV (Initialization
Vector) as an input, TKIP adds the transmitters MAC address to the list of the input
parameters which implies that all senders will have different encryption keys.
Furthermore, TKIP increases the size of the IV from 24-bit (used by WEP) to 48-bit and
mandates that it is used as a counter (also called TSC TKIP Sequence Counter), which
guarantees that it will only be reused once for every 281,474,976,710,656 (248) packets.
Although TKIP improved security especially for legacy hardware, a stronger alternative
was needed for newer hardware. Advanced Encryption System (AES) utilizes a
symmetric 128-bit block data encryption.
Both AES and TKIP, using 802.1X, offer much stronger encryption than that of WEP. The
stronger encryption will effect both the authentication periods as well as the packet size.
The 802.1X protocol offers an effective framework for authenticating and controlling
user traffic to a protected network, as well as dynamically varying encryption keys. This
public key authentication uses a protocol called EAP (Extensible Authentication
Protocol).
WPAs key exchange is established using the IEEE 802.11i EAPOL-key exchange. There
are two main EAPOL-key exchanges defined in IEEE 802.11i. The first is the four way
handshake and the second is the group key handshake. The four way handshake does
several things: Confirms the pairwise master key (PMK) between supplicant and
authenticator; establishes the temporal keys to be used by the data-confidentiality
protocol; authenticates the security parameters that were negotiated; performs the first
key handshake; and provides keying material to implement the group handshake. Not
surprisingly, the reason its called the 4-way handshake is because four packets are
exchanged between the supplicant and the authenticator. When comparing the third
message of the 4-way handshakes we can see the differences in the security parameters.
This can be shown in figures 6 through 8.
WPA Personal TKIP Authentication

12

Figure 6 WPA Personal TKIP Authentication

WPA Personal AES Authentication

13

Figure 7 WPA Personal AES Authentication

WPA2 Personal TKIP/AES Authentication

14

Figure 8 WPA2 Personal TKIP/AES Authentication

3.1.2.3 Data Packet Size


We had hoped to use Wireshark to look at different packet sizes and compare the relative
differences between WEP and WPA. We learned that from a third party viewer, such as
Wireshark it isnt possible to tell the difference between the overheads for each security.
This is because the data is encrypted in its entirety and then sent. According to some
outside sources implementing WEP or AES with TKIP slows down the overall data rate.
WPA2 is being built with extra hardware to handle encryption, so slowdown is reduced.

3.2 Encryption Cracking


3.2.1 Overview
Capturing packets to crack the three encryptions yielded three files:
WEP-64-Capture.dump
wep128_cap-01.ivs
WPA-09.cap
WPA2-02.cap

15
By keeping all of these traces on a private network, the risk of catching traffic that was
not intended for this project was at a minimum. Also for this reason, there was no needed
to implement filters to remove external traffic from the scans.

3.2.2 Data
WEP-64 Encryption
In order to crack WEP 64 bit approximately 500,000 packets needed to be captured in
order to facilitate an efficient crack.

Figure 6: Kismet Capturing Traffic

As shown in Figure 6, it took approximately 43 minutes to capture the necessary


encrypted traffic. Once the encrypted traffic was captured the initialization vectors could
be used to crack the traffic in aircrack-ng. Shown below is a view of the encrypted
traffic.

Figure 7: Encrypted Traffic

In figure 7, the symbols shown as DD and MB represent the type of data that Kismet is
capturing such as Management Beacons (MB) or Data (DD). Since the traffic was

16
encrypted with WEP, the actual type of data cannot be viewed, until after the key is
cracked.
Since there were multiple networks present (though only one was being captured on) the
correct network must be chosen for it to crack the key, as shown below. The BSSID and
ESSID of the other network have been removed to be more secure.

Figure 8: Network Selection

Once the network has been selected, as show in Figure 8, it only takes a short time (one
second for this key to be found. The more initialization vectors that are captured the
faster the cracking process will go. The key that was found, shown in Figure 9, was
1B:9D:DA:48:3D. This corresponds to the passphrase test was the first of the four
keys that were generated.

Figure 9: Key Found

WEP-128 Encryption
In order to crack 128 bit WEP encryption, Kismet was initially tried for capturing packets
but could not do so in a reasonable amount of time. It took Kismet approximately two
hours to capture only 700,000 thousand packets.

17

Figure 10: Failed crack attempt

As a result, Kismet was replaced with using the command line program airodump-ng.
Using airodump-ng allowed us to only capture initialization vectors (--ivs) and also could
specify to only capture traffic on channel six (-c 6)and therefore sped the process up
quite a bit and made the overall capture file much smaller, 8MB compared to 356MB.

Figure 11: Airodump-ng capturing WEP traffic

Once approximately, 1.5 million initialization vectors had been captured, the cracking
process took a bit longer than 64 bit but still was only 17 seconds.
WPA and WPA2 with TKIP Encryption
Since we had such great success with airodump-ng, we decided to abandon Kismet all
together and continue using airodump-ng to capture packets. Airodump-ng was once
again started, except told to look for WPA and WPA2 encryption (Figure 12).

Figure 12: Airodump-ng capturing WPA traffic

We found WPA and WPA2 encryption much easier to begin cracking since all that is
needed is one handshake as compared to WEP which requires one million packets or
more. To speed up the process of receiving handshakes, aireplay-ng (Figure 13) was used

18
to try and force the other laptop in the room to de-authenticate and re-authenticate, thus
generating a handshake. However, this method proved to be unsuccessful and we forced
a laptop to disconnect and reconnect. In a busy network, multiple machines would be
constantly connecting and disconnecting and finding a handshake would not be a
problem.

Figure 13: Aireplay-ng attempting to generate a handshake

Once the handshake was received, confirmed by aircrack-ng (Figure 14) the cracking
process was started by giving aircrack-ng a dictionary file that was downloaded from the
internet. This dictionary file contained all known eleven character words as well as some
clever combinations of capitals, lowercase, and symbols. For example engineering
became Engin33ring or something similar. There were multiple spellings for each word.

Figure 14: WPA Handshake Confirmation

Once the network was selected (only one to choose), the cracking process began and
lasted approximately six minutes before it found the key.

Figure 15: WPA Key Found

As shown below in Figure 16, the WPA2 key was also cracked but in a shorter run time,
approximately three minutes.

19

Figure 16: WPA2 Key Found

4 Summary and Conclusions


It seems that everyone agrees that there has got to be something better than Wired
Equivalent Privacy (WEP) for wireless security. While WEP does reduce the risk of
someone passively monitoring a transmission and gaining access to the information that
the frames are carrying, a major underlying problem of the 802.11 standard is that the
keys are very cumbersome to change. In our own tests it took us several times to connect
because the keys are so long. If the WEP keys are not updated often enough, an
unauthorized sniffing tool, such as AirSnort, can monitor the network and decode the
encrypted messages. However, 802.11 currently offer no standard method to update these
keys. As a result, companies dont use WEP at all, and use one of the other methods
weve researched in this project, or simply maintain the same keys for weeks, months,
and even years.
As far as cracking different security measures the WEP encryption, both 64 bit and 128
bit, results are very accurate and can represented multiple times. However the WPA and
WPA2 results are more for this project only. Because as the possibilities increase
(number of bits possible in key) for a passphrase, the time it takes increases
exponentially, it could possibly take multiple hours, if not days to complete. Also,
smarter users will implement extra characters, such as punctuation, in their passphrases
which makes a dictionary attack nearly impossible.