CWSP Guide to Wireless Security Chapter 5 Wireless Security Models Objectives • Explain the advantages of WPA and WPA2 • Explain the technologies that are part of the personal security model • List the features of the transitional security model • Define the enterprise security model CWSP Guide to Wireless Security 2 Wireless Security Solutions • WEP suffers from serious weakness • “Band-aid” solutions – WEP2 and Dynamic WEP • Better solutions – IEEE 802.11i – Wi-Fi Protected Access (WPA) – Wi-Fi Protected Access 2 (WPA2) CWSP Guide to Wireless Security 3 IEEE 802.11i • Addresses the two weaknesses of wireless networks: encryption and authentication • Encryption – Replaces the RC4 stream cipher algorithm with a block cipher • Manipulates an entire block of text at one time – 802.11i uses the Advanced Encryption Standard (AES) • Designed to be an encryption technique that is secure from attacks CWSP Guide to Wireless Security 4 IEEE 802.11i (continued) CWSP Guide to Wireless Security 5 IEEE 802.11i (continued) • Authentication and key management – Accomplished by the IEEE 802.1x standard • Implements port security • Blocks all traffic on a port-by-port basis – Until the client is authenticated using credentials stored on an authentication server • Key-caching – Stores information from a device on the network – If a user roams away and later returns • She does not need to re-enter all of the credentials CWSP Guide to Wireless Security 6 IEEE 802.11i (continued) CWSP Guide to Wireless Security 7 IEEE 802.11i (continued) • Pre-authentication – Allows a device to become authenticated to an AP • Before moving into range of the AP – Device sends a pre-authentication packet to the AP the user is currently associated with • And the packet is then routed to a remote AP or APs – Allows for faster roaming between access points CWSP Guide to Wireless Security 8 Wi-Fi Protected Access (WPA) • Subset of 802.11i and addresses both encryption and authentication • Temporal Key Integrity Protocol (TKIP) – TKIP keys are known as per-packet keys – TKIP dynamically generates a new key for each packet that is created – Prevent collisions • Which was one of the primary weaknesses of WEP • Authentication server can use 802.1x to produce a unique master key for that user session CWSP Guide to Wireless Security 9 Wi-Fi Protected Access (WPA) (continued) • TKIP distributes the key to wireless devices and AP – Setting up an automated key hierarchy and management system • WPA replaces the Cyclic Redundancy Check (CRC) with the Message Integrity Check (MIC) – Designed to prevent an attacker from capturing, altering, and resending data packets – Provides a strong mathematical function – Clients are de-authenticated and new associations are prevented for one minute if an MIC error occurs • Optional feature CWSP Guide to Wireless Security 10 Wi-Fi Protected Access (WPA) (continued) CWSP Guide to Wireless Security 11 Wi-Fi Protected Access (WPA) (continued) • WPA authentication – Accomplished by using either IEEE 802.1x or preshared key (PSK) technology • PSK authentication uses a passphrase to generate the encryption key – Passphrase must be entered on each access point and wireless device in advance – Serves as the seed for mathematically generating the encryption keys • WPA was designed to address WEP vulnerabilities with minimum inconvenience CWSP Guide to Wireless Security 12 Wi-Fi Protected Access 2 (WPA2) • Second generation of WPA security • Based on the final IEEE 802.11i standard • Uses the Advanced Encryption Standard (AES) for data encryption • Supports IEEE 802.1x authentication or PSK technology • WPA2 allows both AES and TKIP clients to operate in the same WLAN CWSP Guide to Wireless Security 13 Wi-Fi Protected Access 2 (WPA2) (continued) CWSP Guide to Wireless Security 14 Wi-Fi Protected Access 2 (WPA2) (continued) • Wi-Fi Alliance wireless security models based on WPA and WPA2 – – – – WPA—Personal Security WPA—Enterprise Security WPA2—Personal Security WPA2—Enterprise Security • Transitional security model – Used as a “bridge” solution in situations where WPA or WPA2 security is not available – Intended as a temporary fix CWSP Guide to Wireless Security 15 Wi-Fi Protected Access 2 (WPA2) (continued) CWSP Guide to Wireless Security 16 Transitional Security Model • Should only be implemented as a temporary solution CWSP Guide to Wireless Security 17 Authentication • Shared key authentication – Should be used instead of open system authentication – Uses WEP keys for authentication – Based on a challenge-response scheme • SSID beaconing – Should be turned off – May prevent a “casual” unauthorized user or novice attacker from capturing the SSID • And entering the network – Use a hard-to-guess SSID in a WLAN CWSP Guide to Wireless Security 18 Authentication (continued) • MAC address filtering limitations – Managing a large number of MAC addresses is difficult – Does not provide an easy means to temporarily allow a guest user to access the network – WLANs initially exchange MAC addresses in cleartext – A MAC address can be “spoofed” or substituted • DHCP restrictions – DHCP “leases” IP addresses to clients to use while they are connected to the network CWSP Guide to Wireless Security 19 Authentication (continued) CWSP Guide to Wireless Security 20 Authentication (continued) CWSP Guide to Wireless Security 21 WEP Encryption • Should be turned on – If no other options are available for encryption • The longest WEP key available should be used for added security – Most vendors have the option of a 128-bit WEP key • There is evidence that WEP passphrase generators may create predictable keys CWSP Guide to Wireless Security 22 WEP Encryption (continued) CWSP Guide to Wireless Security 23 Personal Security Model • Designed for single users or small office/home office (SOHO) settings – Generally 10 or fewer wireless devices • Intended for settings in which an authentication server is unavailable • Divided into two parts, WPA and WPA2 – WPA2 should always be used instead of WPA CWSP Guide to Wireless Security 24 WPA Personal Security • PSK authentication – Purchasing, installing, and managing an authentication server is costly • May require special technical skills – PSK functions • Used to authenticate the user • Plays a role in encryption – PSK vulnerabilities • Key management • Passphrases CWSP Guide to Wireless Security 25 WPA Personal Security (continued) CWSP Guide to Wireless Security 26 WPA Personal Security (continued) CWSP Guide to Wireless Security 27 WPA Personal Security (continued) • PSK authentication (continued) – PSK key management weakness • Distribution and sharing of PSK keys is performed manually • PSK only uses a single key • Changing the PSK key requires reconfiguring the key on every wireless device and all APs • To allow a guest user to have access to a PSKWLAN, the key must be given to that guest – PSK passphrase • 64-bit hexadecimal number CWSP Guide to Wireless Security 28 WPA Personal Security (continued) • PSK authentication (continued) – PSK passphrases of fewer than 20 characters can be subject to offline dictionary attacks – Linksys’ SecureEasySetup (SES) • Software and hardware interface • Creates and distributes a strong PSK key • TKIP encryption – TKIP is designed to fit into existing WEP procedure – Wireless device has two keys • 128-bit encryption key called the temporal key and a 64bit MIC CWSP Guide to Wireless Security 29 WPA Personal Security (continued) CWSP Guide to Wireless Security 30 WPA Personal Security (continued) • TKIP encryption (continued) – TKIP components • MIC • IV sequence • TKIP key mixing CWSP Guide to Wireless Security 31 WPA2 Personal Security • PSK authentication – PSK keys are automatically changed (called rekeying) • And authenticated between devices after a specified period – Known as the rekey interval • AES-CCMP encryption – AES is used in WPA2 for data encryption – AES-CCMP is the encryption protocol in the 802.11i standard • CCMP is based upon the Counter Mode with CBC-MAC (CCM) CWSP Guide to Wireless Security 32 WPA2 Personal Security (continued) • AES-CCMP encryption (continued) – CCM provides data privacy – CBC-MAC provides data integrity and authentication – AES algorithm processes blocks of 128 bits • Length of the cipher keys and number of rounds can vary – It is recommended that AES encryption and decryption be performed in hardware CWSP Guide to Wireless Security 33 WPA2 Personal Security (continued) CWSP Guide to Wireless Security 34 Enterprise Security Model • Most robust level of security • Designed for medium to large-sized organizations • Intended for settings in which an authentication server is available • Divided into two parts, WPA and WPA2 CWSP Guide to Wireless Security 35 WPA Enterprise Security • IEEE 802.1x authentication – Provides an authentication framework for all IEEE 802-based LANs – Elements • Supplicant • Authenticator • Authentication server – IEEE 802.1x supplicant • Software that implements the IEEE 802.1x framework • May be included in the client operating system or WNIC CWSP Guide to Wireless Security 36 WPA Enterprise Security (continued) CWSP Guide to Wireless Security 37 WPA Enterprise Security (continued) • IEEE 802.1x authentication (continued) – Authentication server • Stores the list of the names and credentials of authorized users to verify their authenticity • Typically a Remote Authentication Dial-In User Service (RADIUS) server is used – Allows a company to maintain user profiles in a central database that all remote servers can share • Other options – Structured Query Language (SQL) – Lightweight Directory Access Protocol (LDAP) – Microsoft Active Directory CWSP Guide to Wireless Security 38 WPA Enterprise Security (continued) • TKIP encryption – Should be considered an interim WPA enterprise security solution – A more robust encryption protocol is AES-CCMP CWSP Guide to Wireless Security 39 WPA2 Enterprise Security • IEEE 802.1x authentication – Disadvantage • High cost involved with purchasing, installing, and maintaining an authentication server • AES-CCMP encryption – A 128-bit key length is used – AES encryption includes four stages that make up one round • Each round is iterated 10 times CWSP Guide to Wireless Security 40 WPA2 Enterprise Security (continued) CWSP Guide to Wireless Security 41 WPA2 Enterprise Security (continued) • Robust Secure Network (RSN) – Uses dynamic negotiation of authentication and encryption algorithms • Between access points and wireless devices – RSNs evolve as vulnerabilities are exposed or improved security is introduced CWSP Guide to Wireless Security 42 Summary • Additional security solutions – IEEE 802.11i – Wi-Fi Protected Access (WPA) – Wi-Fi Protected Access Version 2 (WPA2) • IEEE 802.11i standard provided a more solid wireless security model – Uses AES and IEEE 802.1x port security • WPA is a subset of 802.11i and addresses both encryption and authentication – Uses Temporal Key Integrity Protocol (TKIP) and a Message Integrity Check (MIC) CWSP Guide to Wireless Security 43 Summary (continued) • The transitional security model should be implemented only as a temporary solution • The personal security model is designed for single users or small office home office (SOHO) • The enterprise security model is designed for medium to large-sized organizations CWSP Guide to Wireless Security 44