Weaknesses in WEP:
● The RC4 pseudo-random number generator (PRNG) is not properly implemented.
● Initialization vector (IV) keys are reused.
● WEP does not prevent passive or active man-in-the-middle attacks.
Security Enhancements on WEP2
First, the IV was increased to 128 bits from 64 bits to address the weakness of encryption.
Second, a different authentication system known as Kerberos was used. Kerberos authentication server issues the user a ticket, they contain specific user information, they restrict what a user can do, and they expire after a few hours or a day.
Vulnerabilities of WEP2
First, collisions, or two packets derived from the same IV, were still common.
Second, Kerberos is known to be susceptible to an offline cracking password attack called a dictionary attack .
Dynamic WEP solves the weak IV problem by rotating the keys frequently, making it much more difficult to crack the encrypted wireless transmissions. Dynamic WEP uses different keys for different types of traffic.
A major advantage of using dynamic WEP is its straightforward deployment: dynamic WEP can be implemented without upgrading device drivers or AP firmware, making it a no-cost solution with minimal effort. However, dynamic WEP was still only a partial solution. Dynamic WEP does not protect against man-in-the-middle attacks and is susceptible to DoS attacks. Because it only offered a partial security solution, dynamic WEP was never widely implemented.
WPA (wifi protected Access)
WPA Personal was designed for individualsor small office/home office (SOHO) settings, which typically has ten or fewer employees.
A more robust WPA Enterprise was intended for larger enterprises, schools, and government agencies. WPA addresses both encryption and authentication.
Heart of WPA is TKIP, TKIP functions as a “wrapper” around WEP by adding an additional layer of security but still preserving WEP’s basic functionality.
IV ( initialization vector) is increased from 24 to 48 bits ( effectively eliminating collisions)
Unique “base key” is created for each wireless device using a master key derived in the authentication process along with the sender’s unique MAC address.
Use a 128 bit per-packet key.
Message Integrity check (MIC): designed to prevent an attacker from conducting active or passive man-in-the-middle attacks by capturing altering, and resending data packets.MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If it does not match, the data is assumed to have been tampered with and the packet is dropped.
Wireless device starts with two keys: temporal key and 64-bit MIC.
● Step 1. Instead of using an IV and secret key as with WEP, the temporal key is XORed
with the sender’s MAC address to create an intermediate Value 1
● Step 2. Value 1 is then mixed with a sequence number to produce Value 2, which is
the per-packet key. Value 2 is entered into the PRNG, just as with WEP.
● Step 3. Instead of running the text through the CRC generator, the MIC key, the sender’s MAC address, and the receiver’s MAC address are all run through a MIC function. This creates text with the MIC key appended. This value is then XORed with the keystream to create the ciphertext.
Authentication for WPA Personal is accomplished by using a preshared key (PSK)
Shared Key VS PSK
Some references confuse shared key authentication with PSK. They are not the same. With shared key authentication, the AP sends to a device wanting to join the network a block of text known as the challenge text, which it then encrypts with its WEP key and returns it to the AP.
By contrast, with PSK, the same secret key value is manually distributed to any approved device.
Block ciphers are considered more secure because the output is more random. When using a block cipher, the cipher is reset to
its original state after each block is processed. This results in the ciphertext being more difficult to break.
The Advanced Encryption Standard (AES) is the block cipher used in IEEE 802.11i/WPA2.
AES performs three steps on every block (128 bits) of plaintext. Within the second step,multiple iterations (called rounds) are performed depending upon the key size: a 128-bit key performs 9 rounds, a 192-bit key performs 11 rounds, and a 256-bit key, known as AES-256, uses 13 rounds.
The encryption protocol used for 802.11i/WPA2 is the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
- Both CCMP and TKIP use a 128-bit key for encryption.
- Also, CCMP includes a 48-bit value that is sent in cleartext as does TKIP. Although TKIP calls this value a TKIP sequence counter (TSC), CCMP more properly calls it a packet number (PN).
- Finally, both methods use a 64-bit MIC value. However, CCMP’s MIC protects everything in the 802.11 media access control (MAC) header (except for the duration field) while the TKIP MIC protects only the source and destination addresses.
The detailed steps for RADIUS authentication with a wireless device in an IEEE 802.1X network are illustrated in Figure:
1. A wireless device, called the supplicant (it makes an “appeal” for access), sends a request to an AP requesting permission to join the WLAN. The AP prompts the user for the user ID and password.
2. The AP, serving as the authenticator that will accept or reject the wireless device, creates a data packet from this information called the authentication request. This packet includes information such as identifying the specific AP that is sending the authentication request and the user name and password. For protection from eavesdropping, the AP (acting as a RADIUS client) encrypts the password before it is sent to the RADIUS server. The authentication request is sent over the network from the AP to the RADIUS server.
This communication can be done either over a local area network or a wide area network.
This allows the RADIUS clients to be remotely located from the RADIUS server. If the RADIUS server cannot be reached, the AP can usually route the request to an alternate server.
3. When an authentication request is received, the RADIUS server validates that the request is from an approved AP and then decrypts the data packet to access the user name and password information. This information is passed on to the appropriate security
user database. This could be a text file, a password file, a commercially available security system, or a custom database.
4. If the user name and password are correct, the RADIUS server sends an authentication acknowledgment that includes information on the user’s network system and service requirements. For example, the RADIUS server may tell the AP that the user needs TCP/IP. The acknowledgment can even contain filtering information to limit a user’s access to specific resources on the network. If the user name and password are not correct, the RADIUS server sends an authentication reject message to the AP and the user is denied access to the network. To ensure that requests are not responded to by unauthorized persons or devices on the network, the RADIUS server sends an authentication key, or signature, identifying itself to the RADIUS client.
5. If accounting is also supported by the RADIUS server, an entry is started in the accounting database.
6. Once the server information is received and verified by the AP, it enables the necessary configuration to deliver the wireless services to the user.
It is important that the communication between the supplicant, authenticator, and authentication server in an IEEE 802.1X configuration be secure. A framework for transporting the authentication protocols is known as the Extensible Authentication Protocol (EAP).
Wifi Protected Setup (WPS) was designed to help users who have little or no knowledge of security to quickly and easily implement WPA2 on their WLANs.
- PIN method: utilizes a Personal Identification Number (PIN) printed on a sticker of the wireless router or displayed through a software setup wizard. The user types in the PIN into the wireless device (like a wireless tablet or laptop computer) and the security configuration automatically occurs.This is the mandatory model and all devices certified for WPS must support it.
- Push-button method: the user pushes a button (usually an actual button on the wireless router and a virtual one displayed
through a software setup wizard on the wireless device) and the security configuration takes place. Support for this model is mandatory for wireless routers and optional for connecting devices. Behind the scenes of these two methods a series of EAP message exchanges occur.
Significant design and implementation flaws in WPS using the PIN method:
● There is no lockout limit for entering PINs, so an attacker can make an unlimited number of PIN attempts.
● The last PIN character is only a checksum.
● The wireless router reports the validity of the first and second halves of the PIN separately, so essentially an attacker only has to break two short PIN values (a 4-character PIN and a 3-character PIN).
Note: It is recommended that all users should disable WPS in the wireless router’s configuration menu.
Role-based Access Control (RBAC)
This allows different users to connect to different wireless VLANs based on different criteria. One method is to use Role-Based
Access Control (RBAC). Access under RBAC is based on a user’s job function within an organization. Instead of setting security permissions for each user or group, the RBAC model assigns permissions to particular roles in the organization, and then assigns users to those roles. For example, instead of creating a user account for Ahmed and assigning specific security settings to that account, the role Business_Manager can be created based on the privileges an individual in that job function should have.
Rogue AP Discovery Tools
The problem of rogue (unauthorized) APs is of increasing concern to organizations.
There are four types of wireless probes:
- Wireless device probe. A standard wireless device, such as a portable laptop computer,
can be configured to act as a wireless probe. At regular intervals during the normal
course of operation, the device can scan and record wireless signals within its range
and report this information to a centralized database. This scanning is performed when
the device is idle and not receiving any transmissions. When a large number of mobile
devices are used as wireless device probes, it can provide a high degree of accuracy in
identifying rogue APs.
However, there are limitations.
- First, because a wireless device cannot simultaneously listen and send, there can be gaps in the coverage.
- Also, not all wireless network interface card adapters can act as a wireless device probe.
- Desktop probe. Instead of using a mobile wireless device as a probe, a desktop probe utilizes a standard desktop PC. A universal serial bus (USB) wireless network interface card adapter is plugged into the desktop computer and it monitors the RF frequency in
the area for transmissions.
- AP probe. Some APs can detect neighboring APs, which may include both friendly APs as well as rogue APs. However, AP probes are not widely implemented. The range for a single AP to recognize other APs is limited because APs are typically located so that
their signals only overlap in such a way to provide roaming to wireless users. Also, not all vendors support AP probing.
- Dedicated probe. A dedicated probe is designed to exclusively monitor the RF frequency for transmissions. Unlike AP probes that serve as both an AP and a probe.
Once a suspicious wireless signal is detected by a wireless probe, the information is sent to a centralized database where WLAN management system software compares it to a list of approved APs. If the device is not on the list, then it is considered a rogue AP. The managed switch is “aware” of approved APs and the ports to which they are connected. The WLAN management system can cause the switch to disable the port to which the rogue AP is connected.