You are on page 1of 39

Wi-Fi Protected Access

WPA

What is WPA?
Wi-Fi Protected Access (WPA) is a response by the WLAN industry to offer an immediate, a stronger security solution than WEP. WPA is intended to be: A software/firmware upgrade to existing access points and NICs. Inexpensive in terms of time and cost to implement. Compatible with vendors. Suitable for enterprise, small sites, home networks. Runs in enterprise mode or pre-shared key (PSK) mode

History of WPA
WPA was created by the Wi-Fi Alliance, an industry trade group, which owns the trademark to the Wi-Fi name and certifies devices that carry that name. WPA is designed for use with an IEEE 802.1X authentication server, which distributes different keys to each user.

History of WPA
The Wi-Fi Alliance created WPA to enable introduction of standard-based secure wireless network products prior to the IEEE 802.11i group finishing its work. The Wi-Fi Alliance at the time already anticipated the WPA2 certification based on the final draft of the IEEE 802.11i standard.

History of WPA
Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.
When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP.

History of WPA
In addition to authentication and encryption, WPA also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key.

History of WPA
A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael". The MIC used in WPA includes a frame counter, which prevents replay attacks being executed.

History of WPA

By increasing the size of the keys and IVs, reducing the number of packets sent with related keys, and adding a secure message verification system, WPA makes breaking into a Wireless LAN far more difficult.

History of WPA

The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards.

History of WPA

Due to inevitable weaknesses of Michael, WPA includes a special countermeasure mechanism that detects an attempt to break TKIP and temporarily blocks communications with the attacker.

History of WPA

However, it can also be used in a less secure "pre-shared key" (PSK) mode, where every user is given the same pass-phrase.

History of WPA
Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities.
WPA implemented a subset of 802.11i.

The design of WPA is based on a Draft 3 of the IEEE 802.11i standard.

WPA Modes
Pre-Shared Key Mode
Does not require authentication server. Shared Secret is used for authentication to access point.

Enterprise Mode
Requires an authentication server Uses RADIUS protocols for authentication and key distribution. Centralizes management of user credentials.

WPA
802.1x Features:
BSS Key hierarchy Key management Cipher & Authentication Negotiation

Data Privacy Protocol:

TKIP

Comparing WPA and 802.11i


802.1x Features:
BSS Independent Basic Service Set Pre-authentication Key hierarchy Key management Cipher & Authentication Negotiation

Data Privacy Protocols: TKIP and CCMP

WPA Summary
Fixes all known WEP privacy vulnerabilities.

Designed by well-known cryptographers.


Best possible security to minimize performance degradation on existing hardware.

Pre-Shared Key Mode Issues


Needed if there is no authentication server in use.
If shared secret becomes known, network security may be compromised. No standardized way of changing shared secret.

Pre-Shared Key Mode Issues


Significantly increases the effort required to allow passive monitoring and decrypting of traffic. The more complex the shared secret, the less likely it will fall to dictionary attacks.

Migration from WEP to WPA


Existing authentication systems can still be used. WPA replaces WEP. All access points and client will need new firmware and drivers. Some older NICs and access points may not be upgradeable. Once enterprise access points are upgraded, home units will need to be, if they were using WEP.

Migration from WEP to WPA


Small Office/Home Office:
Configure pre-shared key (PSK) or master password on the AP. Configure the PSK on client stations.

Enterprise:
Select EAP types and 802.1X supplicants to be supported on stations, APs, and authentication servers. Select and deploy RADIUS-based authentication servers

How WPA Addresses the WEP Vulnerabilities WPA wraps RC4 cipher engine in four new algorithms 1. Extended 48-bit IV and IV Sequencing Rules
248 is a large number! More than 500 trillion Sequencing rules specify how IVs are selected and verified

2. A Message Integrity Code (MIC) called Michael


Designed for deployed hardware Requires use of active countermeasures

3. Key Derivation and Distribution


Initial random number exchanges defeat man-in-themiddle attacks

4. Temporal Key Integrity Protocol generates perpacket keys

Wi-Fi Protected Access 2 WPA2


Uses the Advanced Encryption Standard (AES) AES selected by National Institute of Standards and Technology (NIST) as replacement for DES.

Symmetric-key block cipher using 128-bit keys. Generates CCM Protocol (CCMP): CCMP = CTR + CBC + MAC

CTR = Counter Mode Encryption CBC/MAC = Cipher Block Chaining/Message Authentication Code

Encryption Method Comparison


WEP
RC4
40 bits 24 bits IV WPA 128 bits encrytion 64 bits authentication 24 bits IV WPA2 AES 128 bits 24 bits IV

Cipher
Key Size Key Life

Packet Key
Data Integrity Header Integrity Replay Attack Management Key

concatened
CRC-32 none none none

Mixing Function
Michael Michael IV sequence EAP-based

Not Nedeed
CCMP CCMP IV sequence EAP-based

General Recommendations
Conduct a risk assessment for all information that will travel over the WLAN and restrict sensitive information. Policies and infrastructure for authenticating remote access users can be applied to WLAN users. Perform regular audits of the WLAN using network management and RF detection tools.

General Recommendations
Minimize signal leakage through directional antennas and placement of access points. Make sure all equipment being purchased can be upgraded to support WPA and WPA 2/AES. If using Pre-Shared Key Mode consider that the shared secret may become compromised.

Should you upgrade to WPA2 with AES after WPA?

An investment in new hardware (access points, NICs) may be needed. Does your risk analysis indicate the extra protection ? Is there a compelling business reason to do so?

Should you upgrade to WPA2 with AES after WPA?

However

WPA has not met the challenge of intensive traffic. WPA has some vulnerabilities:

WPA Vulnerabilties
Uso de senhas pequenas ou de fcil advinhao. Est sujeito a ataques de fora bruta (quando o atacante testa senhas em sequncia) ou ataques de dicionrio (quando o atacante testa palavras comuns - dicionrio).

WPA Vulnerabilties
Senhas de menos de 20 caracteres so mais susceptveis ataque de fora bruta. comum o fabricante deixar senhas de 8-10 caracters, imaginando que o administrador ir alter-las.

WPA Vulnerabilties
Existem ferramentas disponveis que promovem ataques de fora bruta e/ou dicionrio para ataques ao WPA.
KisMAC para MacOS X (fora bruta para senhas/dicionrio). WPA Crack para Linux (fora bruta para senhas/dicionrio). Ethereal para Cowpatty para Linux (dicionrio) ou combinadas com John the Ripper.

WPA Vulnerabilities
No h dificuldades em modificar programas de acesso ao WPA.
Como por exemplo, em WPA_supplicant) para permitir a descoberta de chave prcompartilhada (PSK) ou do TKIP que muda a chave de tempos em tempos de forma configurvel.

WPA Vulnerabilities
O arquivo config.c pode ser modificado na funo wpa_config_psk, para ao invs de ler a chave no arquivo de configurao, passa a ler palavras recebidas como parmetros, permitindo o uso de dicionrio e mais algum programa para quebra de senha, como John The Ripper.

WPA Vulnerabilities

Problemas no armazenamento das chaves, tanto nos clientes como nos concentradores, que podem comprometer a segurana.

How WPA Addresses the WEP Vulnerabilities WPA wraps RC4 cipher engine in four new algorithms 1. Extended 48-bit IV and IV Sequencing Rules
248 is a large number! More than 500 trillion Sequencing rules specify how IVs are selected and verified

2. A Message Integrity Code (MIC) called Michael


Designed for deployed hardware Requires use of active countermeasures

3. Key Derivation and Distribution


Initial random number exchanges defeat man-in-themiddle attacks

4. Temporal Key Integrity Protocol generates perpacket keys

Referncias
KisMAC http://binaervarianz.de/programmieren/kismac Cowpatty http://www.remote-exploit.org/?page=codes WPA_attack http://www.tinypeap.com/page8.html

WPA_Supplicant http://hostap.epitest.fi/wpa_supplicant

Conclusions on WEP and WPA


WEP is insufficient to protect WLANs today from determined attackers. WPA resolves all of WEPs known weaknesses. WPA is a dramatic improvement in Wi-Fi security.

Conclusions on WEP and WPA


WPA provides an enterprise-class security solution for user authentication and encryption. WPA is a subset of the 802.11i draft standard and is expected to maintain forward compatibility with the standard.

Conclusions on WEP and WPA

WPA2 will provide an even stronger cryptographic cipher than WPA.

Conclusions on WEP and WPA

Unless there is a significant flaw found in WPA or RC4 is broken, there may be no reason to move to WPA2 in the future.