Network Security

Wireless Network Security

Lecture 12
Anum Hasan
Lecture Outline
• Wireless Network Modes
• Network Attack
• Wireless Network Security
• WEP
• WPA/WPA2
Wireless Network Modes
• The 802.11 wireless networks operate in two basic
modes:
• Infrastructure mode
• Ad-hoc mode
• Infrastructure mode
• Each wireless client connects directly to a central device
called Access Point (AP)
• No direct connection between wireless clients
• AP acts as a wireless hub that performs the connections
and handles them between wireless clients
Wireless Network Modes
• Ad-hoc mode:
• Each wireless client connects directly with
each other
• No central device managing the connections
• Rapid deployment of a temporal network
where no infrastructures exist (advantage in
case of disaster…)
• Each node must maintain its proper
authentication list
Wireless Network Threats
No central
Accidental Malicious Ad hoc point
association association networks of control

Identity theft
Nontraditional Man-in-the
(MAC
networks middle attacks
spoofing)
Bluetooth,
PDAs (spoofing
Bogus reconfiguration
and eavesdropping) Denial of Network cmds to routers/switches
service (DoS) injection and degrade performance
Security Mechanism
 IEEE 802.11 Wireless LAN

• Wi-Fi refers to wireless local area networks (WLAN)

based on IEEE 802.11 standard
• It is a widely used technology for wireless
communication across a radio channel
• Devices such as personal computer, video game console,
smartphone etc use Wi-Fi to connect to network
resource such as the Internet via wireless network
access point
 Service Set Identifier (SSID)
• SSID is a token to identify a 802.11 (Wi-Fi) network. By default it is a part
of the frame header sent over a WLAN
• It act as a single shared identifier between the access points and clients
• Access points continuously broadcasts SSID, if enabled for the client
machines to identify the presence of wireless network
• If SSID of the network is changed, reconfiguration of the SSID on every
host is required, as every user of the network configures the SSID into
their system
• A non-secure access mode allows clients to connect to the access point
using the configured SSID, a blank SSID or an SSID configures as ‘any’
WIRED EQUIVALENT PRIVACY - WEP
Wireless Security
• The client has to authenticate before communication.
• Its can be done in two modes
1. Open system Authentication(Null Authentication)
2. Shared key authentication(based on a shared key)
• This leads to the encrypted communication.
 Open System Authentication
• In open system authentication, the access point is typically broadcasting its
SSID(s) for devices to easily find the network and associate to it.
Open System Authentication
Probe Request

Probe Response (Security

Parameter)

Authentication Request
Frame

Authentication Response
Frame

Association Request

Association Response
 Open System Authentication
• Provides authentication without performing any type of client
verification.
• It is essentially an exchange of hellos between the client and
the AP.
• It is considered a null authentication because no exchange or
verification of identity takes place between the devices.
• Open System authentication occurs with an exchange of
frames between the client and the AP.
• Wired Equivalent Privacy (WEP) security can be used with
Open System authentication; however, WEP is used only to
encrypt the upper-layer information of data frames and only after
the client station is 802.11 authenticated and associated.
• Because of its simplicity, Open System authentication is also
used in conjunction with more advanced network security
authentication methods such as PSK authentication and 802.1X/
EAP.
Shared Key Authentication Process
 WEP Encryption
• Wired Equivalent Privacy (WEP) is an IEEE 802.11 wireless protocol which
provides security algorithms for data confidentiality during wireless
transmissions
• WEP uses a 24-bit initialization vector (IV) to form stream cipher RC4 for
confidentiality and the CRC-32 checksum for integrity of wireless
transmissions

64-bit WEP uses a 40-bit key

128-bit WEP uses a 104-bit key size
256-bit WEP uses 232-bit key size
 How WEP Works
• CRC-32 checksum is used to calculate 32-bit integrity check value (ICV)
for the data which in turn is added to the data frame
• A 24-bit arbitrary number known as initialization vector (IV) is added to
WEP key, WEP key and IV are together called WEP seed
• The WEP seed is used as the input to RC4 algorithm to generate a key
stream (key stream is a bit wised XORed with the combination of data
and ICV to produce the encrypted data)
• The IV field (IV+PAD+KID) is added to the cipher text to generate a MAC
frame
 WEP Issues
• The IV is a 24 bit field is too small and is sent in the clear text portion of
a message
• Identical key streams are produced with the reuse of the same IV for
data protection as the IV is short key streams are repeated within short
time
• Lack of centralized key management makes it difficult to change the WEP
keys with any regularity
• When there is IV collision, it becomes possible to reconstruct the RC4
key stream based on the IV and the decrypted payload of the packet
• IV is a part of the RC4 encryption keys, lead to an analytical attack that
recovers the key after intercepting and analyzing a relatively small
amount of traffic
• Use of RC4 was designed to be one time cipher and not intended for
multiple message use
 WEP Issues
• No defined method for encryption key distribution
• Wireless adapters from the same vendor may all generate the same IV
sequence. This enables attackers to determine the key stream and
decrypt the cipher text
• WEP does not provide cryptographic integrity protection. By capturing
two packets an attacker can flip a bit in the encrypted stream and modify
the checksum so that the packet is accepted
• An attacker can construct a decryption table of the reconstructed key
stream and can use it to decrypt the WEP Packets in real-time
• Knowing seed value and some PT CT pairs,
key can be extracted
 Weak Initialization Vector (IV)
• In the RC4 algorithm, the key scheduling algorithm (KSA) creates an IV
based on the base key
• The IV value is too short and not protected from reuse and no protection
against message replay
• A flaw in the WEP implementation of RC4 allows weak IVs to be
generated
• The way the key stream is constructed from the IV makes it susceptible
to weak key attacks
• Those weak IVs reveal information about the key bytes they were
derived from
• No effective detection of message tampering (message integrity)
• An attacker will collect enough weak IVs to reveal bytes of the base key
• It directly uses the master key and has no built-in provision to update the
keys
Wi-Fi Protected Access – WPA / WPA2
 What is WPA
• Wi-Fi Protected Access (WPA) is a data encryption method for WLANs based
on 802.11 standards
• It is a snapshot of 802.11i providing stronger encryption and enabling PSK

128-bit Temporal Key

Temporal Key Integrity
Protocol (TKIP) • Under TKIP the client
starts with a 128 bit
• TKIP utilizes the RC4
“temporal key” that is
stream cipher
then combined with
encryption with 128
clients MAC address
bit keys and 64 bit
and with an IV to create
MIC integrity check
a key stream that is
• TKIP mitigated used to encrypt data via
vulnerability by RC4
increasing the size
• It implements a
of IV and using
sequence counter to
mixing functions
protect against replay
attacks
 WPA/ WPA2 Preshared Key

No matter which station (supplicant) logs on, these 2 values are always
the same. Hence, they will always get the same value for the PMK
PSK(Personal)
 How WPA Works(Encryption)
• Temporal encryption key transmit address and TKIP sequence counter
(TSC) is used as an input to RC4 algorithm to generate a key stream
• MAC service data unit (MSDU) and message integrity check (MIC) are
combined using Michael algorithm
• The combination of MSDU and MIC is fragmented to generate MAC
protocol data unit (MPDU)
• A 32 bit integrity check value (ICV) is calculate for the MPDU
• The combination of MPDU and ICV is bitwise XORed with key stream to
produce the encrypted data
• The IV is added to the encrypted data to generate MAC frame
How WPA Works(encryption-TKIP)
 What is WPA2
• WPA2 provides enterprise and Wi-Fi users with stronger data protection and
network access control
• Provides government grade security by implementing the NIST FIPS 140-2
compliant AES encryption algorithm
WPA2 Personal WPA2 Enterprise
• WPA2 –personal uses a set up • It includes EAP or RADIUS
password (preshared key (PSK) for centralized client
to protect unauthorized authentication using
network access multiple authentication
• In PSK mode each wireless methods such as token
network device encrypts the cards, Kerberos, certificates
network traffic using a 128-bit etc.
key that is derived from a • Users are assigned login
passphrase of 8 to 63 ASCII credentials by a centralized
characters server which they must
present when connecting to
the network
Keys for PSK(Authentication and encryption)
802.1x Authentication(Enterprise-EAP)
Open system
authentication
has taken Controlled and
place already uncontrolled ports
EAPoL Start are blocked

EAPoL Request / Identity The uncontrolled ports Keep in mind that the Radius server
open to allow EAP traffic to could proxy the AD server for
the Radius Server credentials verification
EAPoL Response / Identity
(Username, cert etc…) RADIUS REQUEST ACCESS
Valid username – send
EAP – Challenge Radius – Access
Challenge
Request Challenge
EAP – Challenge Radius – Access Valid username – send
Request Challenge Challenge

EAP Success Radius – Access Accept Correct Response

The Master key is shared only between the AS and Master key is generated
the supplicant between the AS and the
The supplicant and AS derive a Pairwise Master key and supplicant upon a successful
this key is moved from the AS to the authenticator 802.1x authentication and is
bound to the entire session
4 WAY HANDSHAKE(generating key for encryption)
Open System Authentication - Complete

802.1x EAP Authentication - Complete

EAPoL Key Frames
Anonce (Authenticator Nonce)

Supplicant checks the The Pairwise Transient

replay counter to make SNonce (Supplicant Nonce)
key is now generated on
sure no replay attacks AP
The Snonce is protected with a MIC
have been performed
Supplicant uses the PMK This way, the PTK is never sent between
and information in the nodes across the air
Snonce to generate the
Pairwise Transient key Validates/ verifies the RSN Sometimes the AP will
information element need to transmit a new
GTK. If needed, it does so
Protected with a MIC
during the message

EAPoL-Key ACK Frame

Closes this process
How WPA2 Works(CCMP)