Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Strawcutter
Document related concepts
Deep packet inspection wikipedia , lookup
Distributed firewall wikipedia , lookup
Computer security wikipedia , lookup
Cross-site scripting wikipedia , lookup
Hypertext Transfer Protocol wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Transcript
Kent Strawcutter COSC 352 Wireless Security with WEP, WPA, and WPA2 WEP (wired equivalent privacy) is a deprecated, meaning that it has been replaced and should be avoided, IEEE (institute of Electrical and Electronics Engineers) 802.11 algorithm used to secure wireless networks. It was introduced in 1999 in an attempt to make wireless networks comparably secure to wired networks. Only two years after it was introduced major weaknesses with WEP were found. It was discovered that WEP could be cracked within minutes with standard off the shelf equipment. The reason for this weakness is the short IV (initialization vector) and the keys aren’t changed, except by the user. Programs such as AirSnort-ng, AirCrack, Ethereal, wireshark, Cain&Abel are all tools that are easily accessed to help attackers gain access to secured networks. WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. The RC4 cipher stream is generated by a 40 or 64-bit RC4 key to encrypt and decrypt the data. There is also a 128 bit key that is used known as WEP2. The key is composed of a 24-bit IV (initialization vector) with a 40-bit WEP key. The user entered key is a 26 digit hexadecimal string where each character represents four bits of the key. The 26 digits represent 104 bit with addition of the 24-bit IV makes a 128-bit key. Another weakness is the ICV algorithm. Being that CRC-32 ICV is linear means that an attacker can changed the encrypted message and change the ICV so that the message looks authentic providing unlimited attacks. This give the attacker the ability to make the access point of the network decrypt packets and change the packets routing information to be forwarded to the attackers IP address. The use of RC4 has lead to weak keys because the first three bytes are from the IV, which is sent unencrypted in every packet. This leads to a passive attack where the attacker collects “interesting packets” which are about 9000 in 16 million IVs. After enough of these packets are collected they can be analyzed down so that only a few number of keys have to be tried to gain access to the network. A 104-bit key would only need about 3000 or more interesting packets to gain access to the network. The more traffic on the network leads to more interesting packets and less time needed to capture enough packets. Other weaknesses include shared keys, no per-packet authentication, vulnerability to disassociation attacks, no user identification or authentication, no central authentication. The next security protocol, WPA (Wi-Fi Protected Access) was implemented because of the weaknesses in the WEP protocol. WPA is usually backward compatible with a pre-WPA NIC (Network Interface Card). WPA was built upon WEP but with stronger protection mechanisms and extra security algorithms used in fighting intrusion. With APA there are two kinds of authentication types WPA-Enterprise and WPA-Home. A good choice for small office and home use is WPA-PSK (Pre-Shared Key) because it is simple to setup and is compatible with many types of hardware. WPA-PSK uses 8 to 63 ASCII or 64 hex digit character pass-phrase created by the user and entered in a client. The stronger this key, the stronger the security is because weak keys are subject to password cracking. WPA has greater encryption through its use of TKIP (Temporal Key Integrity Protocol) because TKIP scrambles keys by the use of a hashing algorithm this insures that keys have not been changed. TKIP can generate random encryption keys many times a second that gives greater security. Some of the strengths of TKIP over WEP are the use of a 48-bit initialization vector. The use of a larger IV results in much less reuse of an IV and result is much more time needed to collect special packets for a hacker to crack a networks encryption. The use of per-packet key construction and distribution generates a new unique encryption key randomly for each client. WPA uses a message integrity code which is sometimes called “Michael” that protects against forgery attempts. When used in enterprise environments WPA can use an authentication server, usually RADIUS (Remote Authentication Dial-In User Service) or LDAP (Lightweight Directory Access Protocol), which identifies users on the network and sets their privileges. RADIUS works by the user “dialing-in” and enters a username and password. The server checks the information and authorizes or denies access to the system. A vulnerability of WPA protected networks is DoS (Denial of Service) attacks. The way this works is an attacker sends at least two packets a second resulting in the access point thinking it’s under attack, shutting it shuts down for one minute. This could be a continuing attack if the hacker sends large amounts of unauthorized data continuing the shut downs. To jam any wireless network in this fashion the attacker would need a strong transmitter, but this would make it possible to discover the location of the attacker. The development of WPA’s strong security actually requires less packets and makes it harder to locate the attackers location. This type of attack is known as the “Michael” vulnerability. A stronger form of WPA released in 2004 is known as WPA2. WPA2 is based on the IEEE 802.11i standard. The advantage of WPA2 is that it provides stronger encryption with the use of AES (Advanced Encryption Standard) which may be a requirement for some government or corporate users. All WPA2 that are Wi-Fi certified are backward compatible with WPA. Some WPA devices may be able to upgrade to WPA2 through firmware upgrades. Like WPA, WPA2 has both Enterprise and Personal versions. The Enterprise mode uses authentication using 802.1x and EAP (Extensible Authentication Protocol) this usually requires LDAP or RADIUS. The person mode uses a pre-shared pass key. WPA and WPA2 both use “fresh” sessions using a unique encryption keys for each client which are specific to that client. Sources “802.11 WEP: Concepts and Vulnerability.” 13 Oct 2008 <http://www.wifiplanet.com/tutorials/article.php/1368661>. “Knowledge Center - Does WPA2 have session keys?.” 13 Oct 2008 <http://www.wifi.org/knowledge_center_overview.php?docid=3382>. “Knowledge Center - WPA2™ (Wi-Fi Protected Access 2).” 13 Oct 2008 <http://www.wifi.org/knowledge_center/wpa2/>. “Knowledge Center - WPA™ (Wi-Fi Protected Access™).” 13 Oct 2008 <http://www.wifi.org/knowledge_center/wpa>. “LDAP definition - Wi-FiPlanet.com.” 13 Oct 2008 <http://wifiplanet.webopedia.com/TERM/L/LDAP.html>. “RADIUS definition - Wi-FiPlanet.com.” 13 Oct 2008 <http://wifiplanet.webopedia.com/TERM/R/RADIUS.html>. “The 'Michael' Vulnerability.” 13 Oct 2008 <http://www.wifiplanet.com/columns/article.php/1556321>. “WEP (wired equivalent privacy).” 13 Oct 2008 <http://www.networkworld.com/details/715.html>. “What is WEP? - A Word Definition From the Webopedia Computer Dictionary.” 13 Oct 2008 <http://www.webopedia.com/TERM/W/WEP.html>. “Wired Equivalent Privacy - Wikipedia, the free encyclopedia.” 13 Oct 2008 <http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy>. “WPA - WiFi Protected Access.” 13 Oct 2008 <http://en.kioskea.net/wifi/wifi-wpa.php3>. “WPA - Wi-Fi Protected Access in Computer Networking.” 13 Oct 2008 <http://compnetworking.about.com/cs/wirelesssecurity/g/bldef_wpa.htm>. “WPA (Wi-Fi Protected Access).” 13 Oct 2008 <http://www.networkworld.com/details/4802.html>. “WPA Security Enhancements.” 13 Oct 2008 <http://www.wifiplanet.com/tutorials/article.php/2148721>.
