WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access...
-
Upload
jordan-french -
Category
Documents
-
view
218 -
download
0
Transcript of WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access...
![Page 1: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/1.jpg)
WEP, WPA, and EAP
Drew Kalina
![Page 2: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/2.jpg)
Overview
Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol
(EAP)
![Page 3: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/3.jpg)
WEP
Encryption method: RC4 Key size: 40 bits Hash method: ICV 802.11x authentication: optional Key distribution: manual
![Page 4: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/4.jpg)
WEP Vulnerabilities
ICV insecure – based on CRC32 (bad) ICV can be modified to match message
contents IV key reuse attack
Small IV allows this IV sent as plaintext
![Page 5: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/5.jpg)
WEP Vulnerabilities (cont)
Known plaintext attack Lots of unencrypted TCP/IP traffic Send pings from internet to access point String length N can be recovered for a
given IV Packets of size N can be forged using IV
![Page 6: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/6.jpg)
WEP Vulnerabilities (cont)
Partial Known Plaintext Only a portion of message is known (e.g.
IP header) Can recover M octets of key stream
where M<N Extend then known key stream from M to
N through probing Divert packets to attacker by flipping
CRC32 bits
![Page 7: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/7.jpg)
WEP Vulnerabilities (cont) Authentication forging
Use recovered key stream and IV because client specifies IV
Dictionary attacks Key derived from vulnerable password
Realtime decryption Dictionary of IVs and keystreams Only 2^24 possibilities Can be stored in 24GB disk space
![Page 8: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/8.jpg)
WEP summary
Weak encryption with other problems If possible, use some other protocol Still better than plaintext
![Page 9: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/9.jpg)
WPA
Encryption method: RC4, TKIP Key size: 128 bits (varies) Hash method: ICV, Michael 802.11x authentication: can be
required Key distribution: TKIP
![Page 10: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/10.jpg)
WPA (cont) Michael generates MIC (Message
Integrity Code) 8 bits Placed between data and ICV
TKIP (Temporal Key Integral Protocol) Resolves keys to be used, looks at
client’s configuration Changes encryption key every frame Sets unique default key for each client
![Page 11: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/11.jpg)
WPA Vulnerabilities
Birthday attack Get a pair D,M where D1 = MIC(M1) When Di = D1 where Di != 1, attack is
successful Probability for success: 2^32 If keys change during attack, forgery is
garbage
![Page 12: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/12.jpg)
WPA Vulnerabilities (cont) Differential cryptanalytic attack
Michael results have special characteristics
M = Mi XOR Mj and D = Di XOR Dj called characteristic differentials
After characteristic differentials obtained, try to find MIC (learn parts of the key)
Probability of success 2^30 Optimal attack exists with O(2^29)
![Page 13: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/13.jpg)
WPA Vulnerabilities (cont)
Temporal Key Lost RC4 Keys Can discover TK and MIC Can forge messages Not a practical attack, O(2^105) Does show susceptibility in parts of WPA
![Page 14: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/14.jpg)
WPA Vulnerabilities (cont) DOS
Access point shuts down for 60 seconds if forged unauthorized data detected
Possible to shut access points with little network activity
PSK Used in absence of 802.1x, 1 per ESS (usually). Internal person can use this, and a captured MAC
address/nonce to imitate another client Vulnerable to external dictionary attacks, if short
![Page 15: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/15.jpg)
WPA summary
Much better than WEP (if 802.1x) WEP2 even better using AES-CCMP There are still vulnerabilities Many WEP devices are upgradeable to
WPA (not WPA2)
![Page 16: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/16.jpg)
Suggestions for WPA
Rekey security associations after failures
Lower/eliminate timeouts after detecting forged packets Currently would take 1000+ years to
break with 60 second timeouts
![Page 17: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/17.jpg)
EAP
Transmission method and framework for authentication protocols
Works with many authen. protocols such as RADIUS, Kerberos.
Uses a variety of transport methods
![Page 18: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/18.jpg)
EAP Transport methods
EAP-TLS EAP-TTLS PEAP (Protected EAP) LEAP (Light EAP)
![Page 19: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/19.jpg)
Vulnerabilities in LEAP
Dictionary attack Early versions of MS-CHAP weak
![Page 20: WEP, WPA, and EAP Drew Kalina. Overview Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP)](https://reader036.fdocuments.us/reader036/viewer/2022082611/56649f055503460f94c19625/html5/thumbnails/20.jpg)
That’s all!