1 / 26

Enhancing Wireless Security with WPA

Enhancing Wireless Security with WPA. CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660. Agenda. Overview of WLAN WEP and its weaknesses Promise of WPA - Modes of Operations - Security Mechanisms What is WPA2? Encryption Method Comparison Table

hua
Download Presentation

Enhancing Wireless Security with WPA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660

  2. Agenda • Overview of WLAN • WEP and its weaknesses • Promise of WPA - Modes of Operations - Security Mechanisms • What is WPA2? • Encryption Method Comparison Table • Conclusions

  3. Overview of WLAN WLAN Standards 802.11 1-2 Mbps speed 2.4 GHz band 802.11a (Wi-Fi) 54 Mbps speed 5 GHz band 802.11b (Wi-Fi) 11 Mbps speed 2.4 GHz band 802.11g (Wi-Fi) 54 Mbps speed 2.4 GHz band WLAN components Wireless Clients Access Points Requirements for secure WLAN Encryption and Data Privacy Authentication and Access Control

  4. Security Mechanism – Wired Equivalent Privacy • Confidentiality, Access Control and Data Integrity • Both WEP Authentication and encryption are based on a secret key shared between AP and wireless client • WEP uses RC4 encryption algorithm • Symmetric Key stream Cipher • variable length key • 64 bit = 40 bit WEP key and 24 bit random number known as IV to encrypt the data • Encryption: stream cipher plaintext= cipher text • Sender sends the packet = cipher text + IV to receiver • Decryption: WEP key and attached IV

  5. WEP Encryption WLAN security: Current and Future, Park, J.S; Dicoi, D.; IEEE Internet Computing, Volume:7, Issue:5, Sept-Oct, 2003, 60-65

  6. WEP Authentication Two modes of authentication: Open System ( “No Authentication”) Shared Key Access Point Client Authentication request Random challenge Encrypted RC Success/failure response

  7. WEP Weaknesses A single key is used for all AP’s and wireless clients Static WEP key ~ Dynamic WEP Key Same key used for Access Control and Encryption which gives rise to problems Initialization Vector (IV) Reuse Ci = Pi  ksi and Ci’= Pi’  ksi’ Therefore, Ci  Ci’= Pi  Pi’ Known Plain text attacks WEP provides no replay protection When WEP was available it was not always turned on

  8. Promise of WPA - Wireless Protected Access stronger security solution via standards-based interoperable security specification known as WPA (Wi-Fi specification) WPA is a subset of 802.11i standard and maintains forward compatibility Run as software upgrade on AP’s and NIC’s and minimizes the impact of network performance Inexpensive in terms of cost/time to implement and addresses all WEP weaknesses Secure all versions of 802.11 devices including 802.11b, 802.11a and 802.11g

  9. WPA - Modes of Operation Enterprise Mode: Requires an authentication server – RADIUS (Remote Authentication Dial In Service) for authentication and key distribution RADIUS has centralized management of user credentials Pre-shared key (PSK) Mode: Does not require authentication server A “shared secret” is used for authentication to access point vulnerable to dictionary attacks

  10. Enterprise Mode Diagram http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf

  11. PSK Mode Diagram http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf

  12. Issues of PSK Mode Needed if no authentication server is in use “shared secret” – revealed, network security is compromised No standardized way of changing shared secret It increases the attacker’s effort to do decryption of messages The more complex the shared secret is, the better it is as there are less chances of dictionary attacks

  13. Security Mechanisms in WPA http://www.intel.com/ebusiness/pdf/wireless/intel/wpa_cmt_security.pdf

  14. 802.1X Authentication prevents end users from accessing Enterprise networks http://www.mtghouse.com/MDC_WP_052603.pdf

  15. Simpler Representation Supplicant (Wireless Client) Authenticator (Access Point) RADIUS Initiates connection Port = enabled State = unauthorized requests identity responds with identity Forwards the identity Forwards Response Supplicant’s Port = enabled State = authorized Response ACCEPT/REJECT requests identity from RADIUS Forwards the request Access points forwards the identity RADIUS passes its identity

  16. Mutual Authentication http://www.mtghouse.com/MDC_WP_052603.pdf

  17. TKIP – Temporal Key Integrity Protocol TKIP is responsible for generating the encryption key, encrypting the message and verifying its integrity TKIP ensures: - Encryption key changes with every packet - Encryption key is unique for every client - TKIP encryptions keys are 256 bit long WEP Encryption key = shared secret + IV TKIP packet comprises of: - 128 bit temporal key (shared by both clients and AP) - Client Device MAC address - 48 bit IV (Packet sequence number) to prevent known plain text attacks (WEP = 24 bit IV)

  18. TKIP for Data Privacy TKIP key mixing function + temporal key = per packet key Temporal keys - 128 bit, change frequently, definite life MAC Address + Temporal key + four most significant octets of the packet sequence number are fed into the S-Box to generate intermediate key Results in a unique encryption key Then, mix the intermediate key with two least significant octets of packet sequence number = 128 bit per packet key Each key encrypts only one packet of data and prevents weak key attacks

  19. Michael Message Integrity Check Used to enforce data integrity “Message Integrity Code” (MIC) = 64 bit message calc. using Michael’s algorithm MIC is inserted in the TKIP packet The sender and the receiver each compute MIC and then compare. MIC does not match = data is manipulated Detects potential packet content altercation due to transmission error or purposeful manipulation Uses 64 bit key and partitions the data into 32 bit blocks Various operations: shifts, XOR’s, additions

  20. WEP vs. WPA http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf

  21. Drawbacks of WPA Vulnerable to Denial-of-Service Attacks AP receives 2 data packets that fail MIC check within 60 seconds - active attack Counter measure for AP’s which includes disassociating each client using the AP Prevents the attacker from getting encryption keys Users can loose network connectivity for 60 seconds

  22. Upcoming WPA2 Uses the Advanced Encryption Standard (AES) Symmetric key block 128 bit key Full 802.11i support including Counter Mode with CBC- MAC Protocol (CCMP) encryption CCMP = CTR + CBC + MAC Will require or replacement hardware (AP’s and NIC’s) Certified Equipments due in late 2004

  23. Encryption Method Comparison Table http://www.wi-fi.org/opensection/pdf/Wi-Fi_ProtectedAccessWebcast_2003.pdf

  24. Conclusions WEP is not secure anymore ! WPA solves almost all WEP weaknesses WPA still considered secure and provides secure authentication, encryption and access control WPA is not yet broken…! WPA2 is a stronger cipher than WPA and will provide robust security for WLANs

  25. References • WLAN security: Current and Future, Park, J.S; Dicoi, D.; IEEE Internet Computing, Volume:7, Issue:5, Sept-Oct, 2003, 60-65 Wireless networking security: Security flaws in 802.11 data link protocols, Nancy Cam-Winget, Russ Housley, David Wagner, Jesse Walker; Communications of the ACM-Volume 46, Issue 5 (May 2003), Pages 35-39 • http://www.cizgi.com.tr/makaleler/seminer/S2-1.pdf • http://www.dtm.ca/download/wireless_toshiba.pdf • http://www.intel.com/ebusiness/pdf/wireless/intel/wpa_cmt_security.pdf • http://www.mtghouse.com/MDC_WP_052603.pdf

  26. References http://www.sans.org/rr/papers/68/1109.pdf http://www.sans.org/rr/papers/68/1301.pdf http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf http://www.wi-fi.org/opensection/pdf/Wi- Fi_ProtectedAccessWebcast_2003.pdf http://www.hackfaq.org/wireless-networks/wpa-wi-fi-protected-access.shtml http://techrepublic.com.com/5100-6265-5060773.html

More Related