Security Protocols for

Wireless Networks
Justin Steffy
Brad Moore

Outline
z Motivation for using wireless
z Wireless challenges
z Common myths
z WEP - does it work?
z WPA and beyond
z Summary

1
 Motivation to use wireless
z Its mobile
z Don’t
be trapped at your desk
z How many of you are using it now?

z Its cheap
z No more messy wires running all through your
building
z Easy to retrofit an older building

Wireless… Its different

z Easy access for attackers
z Signal is not constrained by walls
z Equivalent to having an Ethernet drop on the
outside of your building
z Cheap to get the equipment to attack it
z Denial of service
z On unregulated frequencies
z Watch out for the 2.4ghz phones
z Microwaves could be a problem

2
 Common security myths
z Hidden SSID
z Don’t broadcast the SSID beacon
z Attackers can listen to network traffic

z MAC address lists

z Restrictaccess to set a MAC addresses
z Easy to find and spoof

Outline
z Motivation for using wireless
z Wireless challenges
z Common myths
z WEP - does it work?
z WPA and beyond
z Summary

3
Getting closer to secure - WEP
z The Wired Equivalency Protocol (WEP)
z Introduced with 802.11 to provide security for
wireless traffic
z Employs the RC4 stream cipher algorithm.
z Uses a shared key
z All
clients have the same shared key
z Keys must be configured manually on all clients

The workings of WEP

z Stream cipher – the basic idea
z Plaintext– data sent unencrypted
z Key stream – a sequence derived from the
key to encrypt the plain text
z Ciphertext – The encrypted data

Plain text - 100110101

Key stream - 001011010 XOR
===========================================================

Ciphertext - 101101111

4
 RC4 Encryption
z RC4 relies on the fact the every key
stream is unique
z Uses an IV of 24 bits
z IV + Shared Key is used to generate Key
Stream
z IV is sent in plain text for decryption

802.11 IV Data + ICV (encrypted)

header

WEP And RC4

z KSA = Key Scheduling
Algorithm
z PRGA = Pseudo
Random Generation
Algorithm

http://www.informit.com/articles/article.asp?p=27666&seqNum=10

5
 The problem with this?
z IV’s can be reused
z Nothing in the specification says how to deal
with selecting an IV
z Must be able to accept duplicate IV’s
z IV space is relatively small and can be used
up quickly
z Reused IV gives you access to the XOR of
the plaintexts

Weak IV’s – the FMS attack

z Fluhrer, Mantin and Shamir show that
certain IV’s contain information about the
shared key
z If you find packets with one of these IV’s,
you have a good chance of getting the first
byte of the secret key
z We know the first byte of the packet is
probably 0xAA for SNAP headers (IP and
ARP)

6
 Generating Traffic
z To speed up the process, you can
generate your own traffic
z More traffic means a better chance of weak
IV’s and reused IV’s being used
z How can we generate our own traffic without
the secret key?

An associated Machine

Associated

7
 Disassociate it

Disassociate

It will try to re-associate

Ask to associate

8
 Listen to the challenge text

Challenge text sent in plain text

Listen to the reply

Ciphertext reply

9
 What do we have now?
z The plaintext challenge text
z The ciphertext of that challenge text
z An IV used to encrypt it

Challenge Text XOR Ciphertext = Key stream

z Now we have an IV and key stream

z Generate our own packets

But that’s not all…

z Weak shared key generation
z Enter ascii text to generate key
z If key generator only uses ascii, then every 8th
bit is a 0.
z Much smaller space to guess
z Can be done in minutes (maybe seconds)
z Corrupting data
z Flippingbits is easy
z Predictable ICV algorithm

10
 But I don’t want to implement
that…
z Don’t despair, its already done
z WEPcrack
z AirSnort
z NetStumbler
z Aerosol

AirSnort

11
 Outline
z Motivation for using wireless
z Wireless challenges
z Common myths
z WEP - does it work?
z WPA and beyond
z Summary

Fixing WEP
z Long-term solution, 802.11i
z Short-term, WPA (WiFi Protected Access)
z Subsetof 802.11i
z Forwards compatible
z Released, 2003

12
 WPA

z Goal: Using WEP hardware, implement a

security fix
z Upgrade to WPA can be done on firmware
or software
z Needs to fix encryption problems
z Newfound need for authentication

WPA
z 2 Types: PSK and Enterprise
z WPA-PSK
z Uses a Shared Key between AP and User
z Authentication is the shared key

z WPA Enterprise
z Uses 802.1X and EAP to authenticate user
z Requires an authentication server
z Not practical for home users

13
 Fixing WEP Encryption
z TKIP – wrapper for WEP (uses RC4)
z Utilizessequence numbers (unique IV and
stops replay attack)
z 128-bit key (stronger key)
z Per packet key
z Based off MAC address and shared key for WPA-WPA-
PSK
z Based off of authentication credentials for enterpise
WPA

Providing Authentication
z 802.1X
z Protocol for restricting access to LAN ports in
public, semi-public locations
z Specifies a way to restrict access to
authenticated users
z Authentication method is Extensible
Authentication Protocol (EAP) – a specification
for a broad class of authentication methods

14
802.1X

802.1X

15
802.1X

802.1X

16
 After Authentication
z Both Supplicant and AS have Master Key
z Reflects successful authentication
z Both Supplicant and AS derive Pairwise-
Master Key (PMK)
z AS sends PMK to AP
z Supplicant and AP derive Pairwise-
Transient Key for session encryption

Different Kinds of EAP

z EAP protocol is responsible for protecting
user credentials
z Many methods specified
z EAP-TLS
z PEAP – Microsoft
z LEAP – CISCO
z EAP-FAST – CISCO
z EAP-TTLS

17
 EAP-TLS
z Basis for other EAP protocols
z PEAP, EAP-TTLS, EAP-FAST
z Uses digital certificates to authenticate AS
to Supplicant
z Uses Public Key/Private Key to establish an
encrypted channel between Supplicant and
AS
z Once channel is establish, many methods
can be used to authenticate Supplicant to
AS

802.11i/WPA2/RSN
z State of the art protocol for wireless security
z Differences from WPA
z Encryption
z Pre-Authentication

18
 Encryption
z Support for WPA TKIP
z Added support for AES-CCMP
z Government replacement for DES
z Supports 128, 192, 256 bit keys
z Only open source “Top Secret” protocol
z Requires more hardware, more complicated
algorithm
z WRAP – replaced by AES-CCMP

Fast Roaming
z Clients can cache PMK
z Clients can pre-authenticate
z Access Points may share the same PMK

19
 Summary
z WEP can stop your neighbor from using
your internet, but it is technically broken
z WPA is a necessary upgrade for WEP
z 802.11i is the future, but it hasn’t withstood
the test of time
z Isit good enough for corporate networks?
z How long will it take to crack it?
z Bottom Line: wireless security is evolving
and becoming a legitimate option

References
z Fluhrer,
Fluhrer, S., Mantin,
Mantin, I., and Shamir,
Shamir, A. “Weakness in the
key scheduling algorithm of RC4.”
RC4.” Either Annual
Workshop on Selected Areas in Cryptography (August
2001).
z Stubblefield, A., Ioannidis, J., and Rubin, A. D. Using
the fluhrer,
fluhrer, mantin and shamir attack to break WEP.
Technical Report TD-TD-4ZCPZZ, AT&T Labs, August
2001.
z Wong, Stanley. “The evolution of wireless security in
802.11 networks: WEP, WPA and 802.11 standards.”
standards.”
GSEC Practical v1.4b, 20, May, 2003.
z Potter, Bruce. “Wireless Security’
Security’s Future.”
Future.” IEEE
Security & Privacy, 2003.

20