Wireless Security Beyond WEP
Wireless Security ü Privacy ü Authorization (access control) ü Data Integrity (checksum, anti-tampering)
WEP ü RC 4 stream cipher ü WEP key (40 or 60 bit) combined with 24 -bit Initialization Vector (IV) ü Sender XORs stream cipher with data to encrypt ü IV and ciphertext sent, decoded using IV and stored WEP key
WEP Vulnerabilities ü Use of same WEP key among clients ü Limited keyspace for IV (16, 777, 215) ü With enough traffic, IVs are re-used ü Possible to collect packets with same IV and crack WEP key - then open to data capture and MITM attacks ü No key management - WEP key must be changed manually on each NIC
Attempts to secure WEP ü Larger WEP key length (Lucent 104/128 -bit, Agere 152 -bit, USR’s 256 -bit) Just takes longer to retrieve WEP key ü VPN Can be difficult to achieve seamless routing when APs are crossed
Wi-Fi Alliance introduces WPA ü 802. 1 X EAP mutual authentication or PSK (Pre-Shared Key) ü TKIP for encryption ü MMIC (Michael Message Integrity Check) for data integrity
802. 1 X EAP Mutual Authentication ü Port-based access control ü Mutual authentication via authentication server
802. 1 X EAP has three elements ü Supplicant - client device ü Authentication Server - RADIUS server or similar ü Authenticator - intermediary between Supplicant and Authentication server (usually an AP)
Different types of EAP ü LEAP - Cisco proprietary, uses username/password to authenticate against RADIUS ü TLS - RFC 2716, uses X. 509 certificates for authentication on both Supplicant and Authenticator ü TTLS - Developed by Funk Software, Authenticator uses a certificate to identify itself, Supplicant can username/password ü PEAP - Authenticator uses certificate, Supplicant can username/password
TKIP - Temporal Key Integrity Protocol ü Fixes the flaw of key reuse in WEP ü Comprised of three parts, guarantees clients us different keys - 128 -bit temporal key, shared by clients and APs - MAC of client - 48 -bit IV describes packet sequence number
TKIP continued ü Uses RC 4 like WEP, so only software or firmware upgrade required ü Changes temporal keys every 10, 000 packets
Michael Message Integrity Check (MMIC) ü Message Integrity Code (MIC) - 64 -bit message calculated using “Michael” algortithm inserted in TKIP packet to detect content alteration ü Protects both data and header ü Implements a frame counter, which discourages replay attacks
Two modes of WPA ü WPA Enterprise ü WPA PSK (Pre-Shared Key)
WPA Enterprise ü Requires RADIUS server ü Uses RADIUS for both authentication and key distribution ü Central management
WPA PSK ü No RADIUS server required ü Uses shared secret ü Management is handled on the AP - Vulnerable to dictionary attacks - Still uses partial shared key
WPA Summary ü Requires authentication using 802. 1 X ü Keys change using TKIP ü Header as well as payload protected by adding MIC to ICV ü Frame counter to lower risk of replay attacks ü Still a temporary stopgap to 802. 11 i and/or WPA 2 since it still uses RC 4 and PSK uses shared key
Скачать презентацию Wireless Security Beyond WEP Wireless Security ü
1a2c5cb73fe23069389174a760031d8c.ppt