1 / 20

WEP, WPA, and EAP

WEP, WPA, and EAP. Drew Kalina. Overview. Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP). WEP. Encryption method: RC4 Key size: 40 bits Hash method: ICV 802.11x authentication: optional Key distribution: manual.

willa-poole
Download Presentation

WEP, WPA, and EAP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEP, WPA, and EAP Drew Kalina

  2. Overview • Wired Equivalent Privacy (WEP) • Wi-Fi Protected Access (WPA) • Extensible Authentication Protocol (EAP)

  3. WEP • Encryption method: RC4 • Key size: 40 bits • Hash method: ICV • 802.11x authentication: optional • Key distribution: manual

  4. WEP Vulnerabilities • ICV insecure – • based on CRC32 (bad) • ICV can be modified to match message contents • IV key reuse attack • Small IV allows this • IV sent as plaintext

  5. WEP Vulnerabilities (cont) • Known plaintext attack • Lots of unencrypted TCP/IP traffic • Send pings from internet to access point • String length N can be recovered for a given IV • Packets of size N can be forged using IV

  6. WEP Vulnerabilities (cont) • Partial Known Plaintext • Only a portion of message is known (e.g. IP header) • Can recover M octets of key stream where M<N • Extend then known key stream from M to N through probing • Divert packets to attacker by flipping CRC32 bits

  7. WEP Vulnerabilities (cont) • Authentication forging • Use recovered key stream and IV because client specifies IV • Dictionary attacks • Key derived from vulnerable password • Realtime decryption • Dictionary of IVs and keystreams • Only 2^24 possibilities • Can be stored in 24GB disk space

  8. WEP summary • Weak encryption with other problems • If possible, use some other protocol • Still better than plaintext

  9. WPA • Encryption method: RC4, TKIP • Key size: 128 bits (varies) • Hash method: ICV, Michael • 802.11x authentication: can be required • Key distribution: TKIP

  10. WPA (cont) • Michael generates MIC (Message Integrity Code) • 8 bits • Placed between data and ICV • TKIP (Temporal Key Integral Protocol) • Resolves keys to be used, looks at client’s configuration • Changes encryption key every frame • Sets unique default key for each client

  11. WPA Vulnerabilities • Birthday attack • Get a pair D,M where D1 = MIC(M1) • When Di = D1 where Di != 1, attack is successful • Probability for success: 2^32 • If keys change during attack, forgery is garbage

  12. WPA Vulnerabilities (cont) • Differential cryptanalytic attack • Michael results have special characteristics • M = Mi XOR Mj and D = Di XOR Dj called characteristic differentials • After characteristic differentials obtained, try to find MIC (learn parts of the key) • Probability of success 2^30 • Optimal attack exists with O(2^29)

  13. WPA Vulnerabilities (cont) • Temporal Key • Lost RC4 Keys • Can discover TK and MIC • Can forge messages • Not a practical attack, O(2^105) • Does show susceptibility in parts of WPA

  14. WPA Vulnerabilities (cont) • DOS • Access point shuts down for 60 seconds if forged unauthorized data detected • Possible to shut access points with little network activity • PSK • Used in absence of 802.1x, 1 per ESS (usually). • Internal person can use this, and a captured MAC address/nonce to imitate another client • Vulnerable to external dictionary attacks, if short

  15. WPA summary • Much better than WEP (if 802.1x) • WEP2 even better using AES-CCMP • There are still vulnerabilities • Many WEP devices are upgradeable to WPA (not WPA2)

  16. Suggestions for WPA • Rekey security associations after failures • Lower/eliminate timeouts after detecting forged packets • Currently would take 1000+ years to break with 60 second timeouts

  17. EAP • Transmission method and framework for authentication protocols • Works with many authen. protocols such as RADIUS, Kerberos. • Uses a variety of transport methods

  18. EAP Transport methods • EAP-TLS • EAP-TTLS • PEAP (Protected EAP) • LEAP (Light EAP)

  19. Vulnerabilities in LEAP • Dictionary attack • Early versions of MS-CHAP weak

  20. That’s all!

More Related