Encryption/Privacy/Authentication Project Report
Wireless Networks
Chris H, Chris R, Mindy C
04/27/07
2
Table of Contents
1
2
Overview ..................................................................................................................... 4
Procedure .................................................................................................................... 4
2.1
Packet Capture .................................................................................................... 4
2.1.1
Overview ..................................................................................................... 4
2.1.2
Procedure .................................................................................................... 4
2.2
Encryption Cracking ........................................................................................... 6
2.2.1
Overview ..................................................................................................... 6
2.2.2
Procedure .................................................................................................... 6
3 Results ......................................................................................................................... 8
3.1
Packet Capture .................................................................................................... 8
3.1.1
Overview ..................................................................................................... 8
3.1.2
Data ............................................................................................................. 8
3.2
Encryption Cracking ......................................................................................... 14
3.2.1
Overview ................................................................................................... 14
3.2.2
Data ........................................................................................................... 15
4 Summary and Conclusions ....................................................................................... 19
3
Table of Figures
Figure 1 - WEP64 Authentication....................................................................................... 9
Figure 2 - WEP128 Authentication..................................................................................... 9
Figure 3 – WPA Personal TKIP Authentication ................................................................. 9
Figure 4 - WPA Personal AES Authentication ................................................................... 9
Figure 5 - WPA2 Personal TKIP/AES Authentication ..................................................... 10
Figure 6: Kismet Capturing Traffic .................................................................................. 15
Figure 7: Encrypted Traffic .............................................................................................. 15
Figure 8: Network Selection ............................................................................................. 16
Figure 9: Key Found ......................................................................................................... 16
Figure 10: Failed crack attempt ....................................................................................... 17
Figure 11: Airodump-ng capturing WEP traffic ............................................................... 17
Figure 12: Airodump-ng capturing WPA traffic .............................................................. 17
Figure 13: Aireplay-ng attempting to generate a handshake ............................................ 18
Figure 14: WPA Handshake Confirmation ....................................................................... 18
Figure 15: WPA Key Found ............................................................................................. 18
Figure 16: WPA2 Key Found .......................................................................................... 19
4
1 Overview
Our goal was to evaluate the relative security between WEP 64-bit, WEP 128-bit, WPA,
and WPA2. The methods of evaluation were broken into two main efforts, cracking &
evaluation/setup of each system. Our encryption attacking efforts consisted of using a
range of tools to breach the security of each wireless protection scheme. The results of
our attempts have been recorded in this report. The other piece of our evaluation
consisted of setting up each security protocol, capturing traces, and comparing
data/communication.
2 Procedure
2.1 Packet Capture
2.1.1 Overview
The setup for these sets of experiments was accomplished in the ITL Wireless Evaluation
Network (ITL-WEN). The setup consisted of a Linksys N Access Point connected to a
server. The server acted as a host for two other machines with wireless network cards.
One of the clients was setup to connect, download, and generate traffic for the other
machine to capture traffic via Wireshark. Below we have listed the steps taken to setup
each protocol, connect to the access point, generate traffic, and trace the traffic.
2.1.2 Procedure
1) Wired Equivalent Privacy (WEP)
A) WEP – 64 bit encryption (wep64.pcap)
1. Set the security on the Linksys to WEP, with 64 bit encryption.
2. Passphrase set to: goknights
3. After clicking “generate” 4 keys were created.
4. Save configuration.
5. On tracing machine, start trace.
6. On ITL-Wireless-1, connect to the test network by typing one of the keys.
7. Connect to: 192.168.1.102/files.
8. Begin downloading file FC-6-1386-disc1.iso
9. After about a minute of downloading, cancel the download.
10. Disconnect ITL-Wireless-1 from the test network.
11. On tracing machine: stop trace, save file.
B) WEP-128 bit encryption (wep128.pcap)
1. Set the security on the Linksys to WEP, with 128 bit encryption.
2. Passphrase set to: goknights
3. After clicking “generate” 4 keys were created.
Example of 128 bit key:7A08BC60865F25EA684F4801FA (Yikes!)
4. Save configuration.
5. On tracing machine, start trace.
6. On ITL-Wireless-1, connect to the test network by typing one of the keys.
7. Connect to: 192.168.1.102/files.
8. Begin downloading file FC-6-1386-disc1.iso
9. After about a minute of downloading, cancel the download.
10. Disconnect ITL-Wireless-1 from the test network.
5
11. On tracing machine: stop trace, save file.
2) WiFi Protected Access (WPA) Personal
A) WPA – TKIP encryption (wpa-Personal-TKIP.pcap)
1. Set the security on the Linksys to WPA Personal, with TKIP encryption.
2. Pre-shared key: 7A85B6E2
3. Save configuration.
4. On tracing machine, start trace.
5. On ITL-Wireless-1, connect to the test network by typing in the pre-shared
key.
6. Connect to: 192.168.1.102/files.
7. Begin downloading file FC-6-1386-disc1.iso
8. After about a minute of downloading, cancel the download.
9. Disconnect ITL-Wireless-1 from the test network.
10. On tracing machine: stop trace, save file.
B) WPA – AES encryption (wpa-Personal-AES.pcap)
1. Set the security on the Linksys to WPA Personal, with AES encryption.
2. Pre-shared key: 7A85B6E2
3. Save configuration.
4. On tracing machine, start trace.
5. On ITL-Wireless-1, connect to the test network by typing in the pre-shared
key.
6. Connect to: 192.168.1.102/files.
7. Begin downloading file FC-6-1386-disc1.iso
8. After about a minute of downloading, cancel the download.
9. Disconnect ITL-Wireless-1 from the test network.
10. On tracing machine: stop trace, save file.
3) WiFi Protected Access 2 (WPA2) Personal
A) WPA2 – AES encryption
1. Set the security on the Linksys to WPA2 Personal, with AES encryption.
2. Pre-shared key: 7A85B6E2, 7A85B6A7 (tried twice)
3. Save configuration.
4. On tracing machine, tried connecting with two different pre-shared keys.
Unable to connect.
B) WPA2 – TKIP or AES encryption (wpa2-Personal-(TKIP-AES).pcap)
1. Set the security on the Linksys to WPA2 Personal, with TKIP or AES
encryption.
2. Pre-shared key: 7A85B6A7
4. Save configuration.
5. On tracing machine, start trace.
6. On ITL-Wireless-1, connect to the test network by typing in the pre-shared
key.
7. Connect to: 192.168.1.102/files.
8. Begin downloading file FC-6-1386-disc1.iso
9. After about a minute of downloading, cancel the download.
10. Disconnect ITL-Wireless-1 from the test network.
11. On tracing machine: stop trace, save file.
4) Security Disabled (noSecurity.pcap)
1. Set the security on the Linksys to Security Disabled.
2. Save configuration.
3. On tracing machine, connect to the test network. *The message when connecting says,
connection established, however on the networks interface, it says not connected to the
network.
6
4. Connect to: 192.168.1.102/files.
5. Begin downloading file FC-6-1386-disc1.iso
6. After about a minute of downloading, cancel the download.
7. Disconnect ITL-Wireless-1 from the test network.
8. On tracing machine: stop trace, save file.
2.2 Encryption Cracking
2.2.1 Overview
The setup for the encryption cracking portion of our project was accomplished in a
private residence away from Clarkson University’s wireless network. A Linksys WRT54G wireless router was configured as solely an access point. It served as the main
connection to the Internet. This access point was running dd-wrt firmware, which allows
access to advanced options for the router. Two laptops were used to generate traffic one
running Windows 2000 and another running Mac OSX. The third laptop running Ubuntu
was used to capture traffic as well as was used to crack the three encryptions WEP, WPA,
WPA2. The program airodump-ng was used to capture the initialization vectors and
handshakes from the different encryption. Aircrack-ng was used to break each encyption
was enough packets were captured.
2.2.2 Procedure
1) Wired Equivalent Privacy (WEP)
A) WEP – 64 bit encryption
1. Set the security on the Linksys to WEP, with 64 bit encryption.
2. Renamed router to test.
3. Save settings.
4. Passphrase set to: test
5. After clicking “generate” 4 keys were created.
6. Save settings.
7. On tracing machine, start trace to capture on channel 6.
Command: airodump-ng --ivs –c 6 eth1
8. Connect to: test network (10.0.0.2).
9. Connect to: http://www.hp.com
10. Begin downloading large driver files > 200 MB each
11. Watch airodump-ng till about 500,000 initialization vectors.
12. Stop trace on tracing machine, stop airodump-ng.
13. Start aircrack-ng to begin cracking WEP
Command: aircrack –ng –a 1 –n 64 WEP-64-Capture.dump
14. Wait for one of two outcomes from aircrack-ng
1. Key Found [network key contained here]
2. Try capturing more packets and try again.
B) WEP – 128 bit encryption
1. Set the security on the Linksys to WEP, with 128 bit encryption.
2. Renamed router to test.
3. Save settings.
4. Passphrase set to: test
5. After clicking “generate” 4 keys were created.
6. Save settings.
7. On tracing machine, start trace to capture on channel 6.
Command: airodump-ng --ivs –c 6 eth1
7
8. Connect to: test network (10.0.0.2).
9. Connect to: http://www.hp.com
10. Begin downloading large driver files > 200 MB each
11. Watch airodump-ng till about 1.5 million initialization vectors.
12. Stop trace on tracing machine, stop airodump-ng.
13. Start aircrack-ng to begin cracking WEP
Command: aircrack –ng –a 1 –n 128 wep128_cap-01.ivs
14. Wait for one of two outcomes from aircrack-ng
1. Key Found [network key contained here]
2. Try capturing more packets and try again.
2) Wi-Fi Protected Access (WPA, WPA2)
A) WPA
1. Set the security on the Linksys to WPA with TKIP.
2. Renamed router to test.
3. Save settings.
4. Passphrase set to: engineering
5. After clicking “generate” 4 keys were created.
6. Save settings.
7. On tracing machine, start trace to capture on channel 6.
Command: airodump-ng –c 6 eth1
8. Connect to: test network (10.0.0.2).
9. Disconnect laptop running Mac OS X
11. Reconnect laptop to generate a WPA handshake.
12. Stop trace on tracing machine, stop airodump-ng.
13. Start aircrack-ng to begin cracking WPA
Command: aircrack –ng –w length11.txt WPA-09.cap
14. Choose network that needs to be cracked: 1, 2, … etc.
14. Wait for one of two outcomes from aircrack-ng
1. Key Found [network key contained here]
2. Key Not Found.
B) WPA2
1. Set the security on the Linksys to WPA2 with TKIP.
2. Renamed router to test.
3. Save settings.
4. Passphrase set to: construction
5. After clicking “generate” 4 keys were created.
6. Save settings.
7. On tracing machine, start trace to capture on channel 6.
Command: airodump-ng –c 6 eth1
8. Connect to: test network (10.0.0.2).
9. Disconnect laptop running Mac OS X
11. Reconnect laptop to generate a WPA handshake.
12. Stop trace on tracing machine, stop airodump-ng.
13. Start aircrack-ng to begin cracking WPA
Command: aircrack –ng –w length12.txt WPA2-02.cap
14. Choose network that needs to be cracked: 1, 2, … etc.
14. Wait for one of two outcomes from aircrack-ng
1. Key Found [network key contained here]
2. Key Not Found.
8
3 Results
3.1 Packet Capture
3.1.1 Overview
Our capturing efforts resulting in six different capture files:
 noSecurity.pcap
 wep64.pcap
 wep128.pcap
 wpa-Personal-AES.pcap
 wpa-Personal-TKIP.pcap
 wpa2-Personal-(TKIP-AES).pcap
We made sure that we filtered out traffic from other network devices so that we were
ONLY evaluating traffic on the ITL-WEN. Using a range of filters we evaluated the
different capture files and did comparisons between each capture file.
3.1.2 Data
To make sure that we were only evaluating traffic between the ITL-WEN we applied a
filter to the MAC addresses of every packet:
wlan.bssid == 00:18:f8:c5:5d:3e
After we applied this filter we also used a few other filters to look more closely at
particular packets. To filter out beacon frames we applied the following filter:
(wlan.fc.type_subtype != 8)
Filtering of probe frames was accomplished via the below filter:
(wlan.fc.type_subtype != 5) && (wlan.fc.type_subtype != 4)
Finally to just look at the authentication frames we applied the following expression:
(llc.type == 0x888e) || (wlan.fc.type_subtype == 11) ||
(wlan.fc.type_subtype == 0) || (wlan.fc.type_subtype == 1) ||
(wlan.fc.type_subtype == 12)
3.1.2.1 Authentication
This filter also allowed us to observe the key being passed to the server. Figure 1 through
5 show the results of filtering out everything but the authentication process. There are
some simple observations that can be made from just comparing each authentication
process. The authentication process involves the station sending some authentication
frames. Then the station must associate with the AP by sending an Association Request.
The AP grants access by returning with an Association Response.
9
WEP64 and WEP128 appear very similar in their authentication process. The
authentication time is hardly different between the two protocols. There is a much more
noticeable difference between WEP and WPA. The biggest difference is the presence of
KEY frames. The process of transferring a key appears to take about a second on a B/G
Mixed network.
WEP64 Authentication
Figure 1 - WEP64 Authentication
WEP128 Authentication
Figure 2 - WEP128 Authentication
WPA Personal TKIP Authentication
Figure 3 – WPA Personal TKIP Authentication
WPA Personal AES Authentication
Figure 4 - WPA Personal AES Authentication
10
WPA2 Personal TKIP/AES Authentication
Figure 5 - WPA2 Personal TKIP/AES Authentication
Security
WEP64
WEP128
WPA Personal TKIP
WPA Personal AES
WPA2 TKIP/AES
Authentication Time (Seconds)
.0047
.0049
1.013
1.012
1.013
The table above summarizes the length of time, in seconds, it takes to complete the
authentication periods for each of the security schemes tested. Although the time
difference seems minimal, less than a second, WPA’s authentication period is at least 200
times that of WEP.
3.1.2.2 WPA’s Encryption
There are two types of encryption options for WPA Pre-Shared Key, both of which were
tested in this exercise, TKIP and AES. Temporal Key Integrity Protocol (TKIP) uses a
stronger encryption method and incorporates Message Integrity Code (MIC), shown in
figure 6, providing protection against hackers. This MIC enables devices to authenticate
that the packets are coming from the claimed source. This authentication is important
since in wireless technology traffic can be easily injected.
Since WPA was created to correct deficiencies in the older WEP standard, it was
important that TKIP work on the legacy hardware. For this reason, TKIP, like WEP, use
a key scheme based on RC4. However, unlike WEP, TKIP ensures that every data packet
is sent with its own unique encryption key with per-packet key mixing. TKIP’s
encryption keys are also stronger, since they are 256 bits long.
While WEP generates the key using the shared secret key and the IV (Initialization
Vector) as an input, TKIP adds the transmitter’s MAC address to the list of the input
parameters which implies that all senders will have different encryption keys.
Furthermore, TKIP increases the size of the IV from 24-bit (used by WEP) to 48-bit and
mandates that it is used as a counter (also called TSC – TKIP Sequence Counter), which
guarantees that it will only be reused once for every 281,474,976,710,656 (248) packets.
11
Although TKIP improved security especially for legacy hardware, a stronger alternative
was needed for newer hardware. Advanced Encryption System (AES) utilizes a
symmetric 128-bit block data encryption.
Both AES and TKIP, using 802.1X, offer much stronger encryption than that of WEP.
The stronger encryption will effect both the authentication periods as well as the packet
size. The 802.1X protocol offers an effective framework for authenticating and
controlling user traffic to a protected network, as well as dynamically varying encryption
keys. This public key authentication uses a protocol called EAP (Extensible
Authentication Protocol).
WPA’s key exchange is established using the IEEE 802.11i EAPOL-key exchange. There
are two main EAPOL-key exchanges defined in IEEE 802.11i. The first is the four way
handshake and the second is the group key handshake. The four way handshake does
several things: Confirms the pairwise master key (PMK) between supplicant and
authenticator; establishes the temporal keys to be used by the data-confidentiality
protocol; authenticates the security parameters that were negotiated; performs the first
key handshake; and provides keying material to implement the group handshake. Not
surprisingly, the reason it’s called the 4-way handshake is because four packets are
exchanged between the supplicant and the authenticator. When comparing the third
message of the 4-way handshakes we can see the differences in the security parameters.
This can be shown in figures 6 through 8.
WPA Personal TKIP Authentication
12
Figure 6 – WPA Personal TKIP Authentication
WPA Personal AES Authentication
13
Figure 7 – WPA Personal AES Authentication
WPA2 Personal TKIP/AES Authentication
14
Figure 8 – WPA2 Personal TKIP/AES Authentication
3.1.2.3 Data Packet Size
We had hoped to use Wireshark to look at different packet sizes and compare the relative
differences between WEP and WPA. We learned that from a third party viewer, such as
Wireshark it isn’t possible to tell the difference between the overheads for each security.
This is because the data is encrypted in its entirety and then sent. According to some
outside sources implementing WEP or AES with TKIP slows down the overall data rate.
WPA2 is being built with extra hardware to handle encryption, so slowdown is reduced.
3.2 Encryption Cracking
3.2.1 Overview
Capturing packets to crack the three encryptions yielded three files:
 WEP-64-Capture.dump
 wep128_cap-01.ivs
 WPA-09.cap
 WPA2-02.cap
15
By keeping all of these traces on a private network, the risk of catching traffic that was
not intended for this project was at a minimum. Also for this reason, there was no needed
to implement filters to remove external traffic from the scans.
3.2.2 Data
WEP-64 Encryption
In order to crack WEP 64 bit approximately 500,000 packets needed to be captured in
order to facilitate an efficient crack.
Figure 6: Kismet Capturing Traffic
As shown in Figure 6, it took approximately 43 minutes to capture the necessary
encrypted traffic. Once the encrypted traffic was captured the initialization vectors could
be used to crack the traffic in aircrack-ng. Shown below is a view of the encrypted
traffic.
Figure 7: Encrypted Traffic
In figure 7, the symbols shown as DD and MB represent the type of data that Kismet is
capturing such as Management Beacons (MB) or Data (DD). Since the traffic was
16
encrypted with WEP, the actual type of data cannot be viewed, until after the key is
cracked.
Since there were multiple networks present (though only one was being captured on) the
correct network must be chosen for it to crack the key, as shown below. The BSSID and
ESSID of the other network have been removed to be more secure.
Figure 8: Network Selection
Once the network has been selected, as show in Figure 8, it only takes a short time (one
second for this key to be found. The more initialization vectors that are captured the
faster the cracking process will go. The key that was found, shown in Figure 9, was
1B:9D:DA:48:3D. This corresponds to the passphrase “test” was the first of the four
keys that were generated.
Figure 9: Key Found
WEP-128 Encryption
In order to crack 128 bit WEP encryption, Kismet was initially tried for capturing packets
but could not do so in a reasonable amount of time. It took Kismet approximately two
hours to capture only 700,000 thousand packets.
17
Figure 10: Failed crack attempt
As a result, Kismet was replaced with using the command line program airodump-ng.
Using airodump-ng allowed us to only capture initialization vectors (--ivs) and also could
specify to only capture traffic on channel six (-c 6)and therefore sped the process up
quite a bit and made the overall capture file much smaller, 8MB compared to 356MB.
Figure 11: Airodump-ng capturing WEP traffic
Once approximately, 1.5 million initialization vectors had been captured, the cracking
process took a bit longer than 64 bit but still was only 17 seconds.
WPA and WPA2 with TKIP Encryption
Since we had such great success with airodump-ng, we decided to abandon Kismet all
together and continue using airodump-ng to capture packets. Airodump-ng was once
again started, except told to look for WPA and WPA2 encryption (Figure 12).
Figure 12: Airodump-ng capturing WPA traffic
We found WPA and WPA2 encryption much easier to begin cracking since all that is
needed is one handshake as compared to WEP which requires one million packets or
more. To speed up the process of receiving handshakes, aireplay-ng (Figure 13) was
18
used to try and force the other laptop in the room to de-authenticate and re-authenticate,
thus generating a handshake. However, this method proved to be unsuccessful and we
forced a laptop to disconnect and reconnect. In a busy network, multiple machines would
be constantly connecting and disconnecting and finding a handshake would not be a
problem.
Figure 13: Aireplay-ng attempting to generate a handshake
Once the handshake was received, confirmed by aircrack-ng (Figure 14) the cracking
process was started by giving aircrack-ng a dictionary file that was downloaded from the
internet. This dictionary file contained all known eleven character words as well as some
clever combinations of capitals, lowercase, and symbols. For example engineering
became Engin33ring or something similar. There were multiple spellings for each word.
Figure 14: WPA Handshake Confirmation
Once the network was selected (only one to choose), the cracking process began and
lasted approximately six minutes before it found the key.
Figure 15: WPA Key Found
As shown below in Figure 16, the WPA2 key was also cracked but in a shorter run time,
approximately three minutes.
19
Figure 16: WPA2 Key Found
4 Summary and Conclusions
It seems that everyone agrees that there has got to be something better than Wired
Equivalent Privacy (WEP) for wireless security. While WEP does reduce the risk of
someone passively monitoring a transmission and gaining access to the information that
the frames are carrying, a major underlying problem of the 802.11 standard is that the
keys are very cumbersome to change. In our own tests it took us several times to connect
because the keys are so long. If the WEP keys are not updated often enough, an
unauthorized sniffing tool, such as AirSnort, can monitor the network and decode the
encrypted messages. However, 802.11 currently offer no standard method to update these
keys. As a result, companies don’t use WEP at all, and use one of the other methods
we’ve researched in this project, or simply maintain the same keys for weeks, months,
and even years.
As far as cracking different security measures the WEP encryption, both 64 bit and 128
bit, results are very accurate and can represented multiple times. However the WPA and
WPA2 results are more for this project only. Because as the possibilities increase
(number of bits possible in key) for a passphrase, the time it takes increases
exponentially, it could possibly take multiple hours, if not days to complete. Also,
smarter users will implement extra characters, such as punctuation, in their passphrases
which makes a dictionary attack nearly impossible.