wep wpa and eap n.
Skip this Video
Loading SlideShow in 5 Seconds..
WEP, WPA, and EAP PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 20

WEP, WPA, and EAP - PowerPoint PPT Presentation

  • Uploaded on

WEP, WPA, and EAP. Drew Kalina. Overview. Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP). WEP. Encryption method: RC4 Key size: 40 bits Hash method: ICV 802.11x authentication: optional Key distribution: manual.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'WEP, WPA, and EAP' - willa-poole

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
  • Wired Equivalent Privacy (WEP)
  • Wi-Fi Protected Access (WPA)
  • Extensible Authentication Protocol (EAP)
  • Encryption method: RC4
  • Key size: 40 bits
  • Hash method: ICV
  • 802.11x authentication: optional
  • Key distribution: manual
wep vulnerabilities
WEP Vulnerabilities
  • ICV insecure –
    • based on CRC32 (bad)
    • ICV can be modified to match message contents
  • IV key reuse attack
    • Small IV allows this
    • IV sent as plaintext
wep vulnerabilities cont
WEP Vulnerabilities (cont)
  • Known plaintext attack
    • Lots of unencrypted TCP/IP traffic
    • Send pings from internet to access point
    • String length N can be recovered for a given IV
    • Packets of size N can be forged using IV
wep vulnerabilities cont1
WEP Vulnerabilities (cont)
  • Partial Known Plaintext
    • Only a portion of message is known (e.g. IP header)
    • Can recover M octets of key stream where M<N
    • Extend then known key stream from M to N through probing
    • Divert packets to attacker by flipping CRC32 bits
wep vulnerabilities cont2
WEP Vulnerabilities (cont)
  • Authentication forging
    • Use recovered key stream and IV because client specifies IV
  • Dictionary attacks
    • Key derived from vulnerable password
  • Realtime decryption
    • Dictionary of IVs and keystreams
    • Only 2^24 possibilities
    • Can be stored in 24GB disk space
wep summary
WEP summary
  • Weak encryption with other problems
  • If possible, use some other protocol
  • Still better than plaintext
  • Encryption method: RC4, TKIP
  • Key size: 128 bits (varies)
  • Hash method: ICV, Michael
  • 802.11x authentication: can be required
  • Key distribution: TKIP
wpa cont
WPA (cont)
  • Michael generates MIC (Message Integrity Code)
    • 8 bits
    • Placed between data and ICV
  • TKIP (Temporal Key Integral Protocol)
    • Resolves keys to be used, looks at client’s configuration
    • Changes encryption key every frame
    • Sets unique default key for each client
wpa vulnerabilities
WPA Vulnerabilities
  • Birthday attack
    • Get a pair D,M where D1 = MIC(M1)
    • When Di = D1 where Di != 1, attack is successful
    • Probability for success: 2^32
    • If keys change during attack, forgery is garbage
wpa vulnerabilities cont
WPA Vulnerabilities (cont)
  • Differential cryptanalytic attack
    • Michael results have special characteristics
    • M = Mi XOR Mj and D = Di XOR Dj called characteristic differentials
    • After characteristic differentials obtained, try to find MIC (learn parts of the key)
    • Probability of success 2^30
    • Optimal attack exists with O(2^29)
wpa vulnerabilities cont1
WPA Vulnerabilities (cont)
  • Temporal Key
    • Lost RC4 Keys
    • Can discover TK and MIC
    • Can forge messages
    • Not a practical attack, O(2^105)
    • Does show susceptibility in parts of WPA
wpa vulnerabilities cont2
WPA Vulnerabilities (cont)
  • DOS
    • Access point shuts down for 60 seconds if forged unauthorized data detected
    • Possible to shut access points with little network activity
  • PSK
    • Used in absence of 802.1x, 1 per ESS (usually).
    • Internal person can use this, and a captured MAC address/nonce to imitate another client
    • Vulnerable to external dictionary attacks, if short
wpa summary
WPA summary
  • Much better than WEP (if 802.1x)
  • WEP2 even better using AES-CCMP
  • There are still vulnerabilities
  • Many WEP devices are upgradeable to WPA (not WPA2)
suggestions for wpa
Suggestions for WPA
  • Rekey security associations after failures
  • Lower/eliminate timeouts after detecting forged packets
    • Currently would take 1000+ years to break with 60 second timeouts
  • Transmission method and framework for authentication protocols
  • Works with many authen. protocols such as RADIUS, Kerberos.
  • Uses a variety of transport methods
eap transport methods
EAP Transport methods
  • PEAP (Protected EAP)
  • LEAP (Light EAP)
vulnerabilities in leap
Vulnerabilities in LEAP
  • Dictionary attack
  • Early versions of MS-CHAP weak