Wep wpa and eap
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

WEP, WPA, and EAP PowerPoint PPT Presentation


  • 40 Views
  • Uploaded on
  • Presentation posted in: General

WEP, WPA, and EAP. Drew Kalina. Overview. Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP). WEP. Encryption method: RC4 Key size: 40 bits Hash method: ICV 802.11x authentication: optional Key distribution: manual.

Download Presentation

WEP, WPA, and EAP

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Wep wpa and eap

WEP, WPA, and EAP

Drew Kalina


Overview

Overview

  • Wired Equivalent Privacy (WEP)

  • Wi-Fi Protected Access (WPA)

  • Extensible Authentication Protocol (EAP)


Wep wpa and eap

WEP

  • Encryption method: RC4

  • Key size: 40 bits

  • Hash method: ICV

  • 802.11x authentication: optional

  • Key distribution: manual


Wep vulnerabilities

WEP Vulnerabilities

  • ICV insecure –

    • based on CRC32 (bad)

    • ICV can be modified to match message contents

  • IV key reuse attack

    • Small IV allows this

    • IV sent as plaintext


Wep vulnerabilities cont

WEP Vulnerabilities (cont)

  • Known plaintext attack

    • Lots of unencrypted TCP/IP traffic

    • Send pings from internet to access point

    • String length N can be recovered for a given IV

    • Packets of size N can be forged using IV


Wep vulnerabilities cont1

WEP Vulnerabilities (cont)

  • Partial Known Plaintext

    • Only a portion of message is known (e.g. IP header)

    • Can recover M octets of key stream where M<N

    • Extend then known key stream from M to N through probing

    • Divert packets to attacker by flipping CRC32 bits


Wep vulnerabilities cont2

WEP Vulnerabilities (cont)

  • Authentication forging

    • Use recovered key stream and IV because client specifies IV

  • Dictionary attacks

    • Key derived from vulnerable password

  • Realtime decryption

    • Dictionary of IVs and keystreams

    • Only 2^24 possibilities

    • Can be stored in 24GB disk space


Wep summary

WEP summary

  • Weak encryption with other problems

  • If possible, use some other protocol

  • Still better than plaintext


Wep wpa and eap

WPA

  • Encryption method: RC4, TKIP

  • Key size: 128 bits (varies)

  • Hash method: ICV, Michael

  • 802.11x authentication: can be required

  • Key distribution: TKIP


Wpa cont

WPA (cont)

  • Michael generates MIC (Message Integrity Code)

    • 8 bits

    • Placed between data and ICV

  • TKIP (Temporal Key Integral Protocol)

    • Resolves keys to be used, looks at client’s configuration

    • Changes encryption key every frame

    • Sets unique default key for each client


Wpa vulnerabilities

WPA Vulnerabilities

  • Birthday attack

    • Get a pair D,M where D1 = MIC(M1)

    • When Di = D1 where Di != 1, attack is successful

    • Probability for success: 2^32

    • If keys change during attack, forgery is garbage


Wpa vulnerabilities cont

WPA Vulnerabilities (cont)

  • Differential cryptanalytic attack

    • Michael results have special characteristics

    • M = Mi XOR Mj and D = Di XOR Dj called characteristic differentials

    • After characteristic differentials obtained, try to find MIC (learn parts of the key)

    • Probability of success 2^30

    • Optimal attack exists with O(2^29)


Wpa vulnerabilities cont1

WPA Vulnerabilities (cont)

  • Temporal Key

    • Lost RC4 Keys

    • Can discover TK and MIC

    • Can forge messages

    • Not a practical attack, O(2^105)

    • Does show susceptibility in parts of WPA


Wpa vulnerabilities cont2

WPA Vulnerabilities (cont)

  • DOS

    • Access point shuts down for 60 seconds if forged unauthorized data detected

    • Possible to shut access points with little network activity

  • PSK

    • Used in absence of 802.1x, 1 per ESS (usually).

    • Internal person can use this, and a captured MAC address/nonce to imitate another client

    • Vulnerable to external dictionary attacks, if short


Wpa summary

WPA summary

  • Much better than WEP (if 802.1x)

  • WEP2 even better using AES-CCMP

  • There are still vulnerabilities

  • Many WEP devices are upgradeable to WPA (not WPA2)


Suggestions for wpa

Suggestions for WPA

  • Rekey security associations after failures

  • Lower/eliminate timeouts after detecting forged packets

    • Currently would take 1000+ years to break with 60 second timeouts


Wep wpa and eap

EAP

  • Transmission method and framework for authentication protocols

  • Works with many authen. protocols such as RADIUS, Kerberos.

  • Uses a variety of transport methods


Eap transport methods

EAP Transport methods

  • EAP-TLS

  • EAP-TTLS

  • PEAP (Protected EAP)

  • LEAP (Light EAP)


Vulnerabilities in leap

Vulnerabilities in LEAP

  • Dictionary attack

  • Early versions of MS-CHAP weak


That s all

That’s all!


  • Login