Seminar Report

on

Wi-Fi Security
Protocols
Presented by: Surbhi
CUPB/M.Tech-CS/SET/CST/201415/15

Introduction to Wi-Fi
security
Wireless makes life incredibly easy
and gives us great mobility.
Requires no physical connection.
They are more vulnerable than wired
networks.
These extends beyond walls.
Difficult to locate attacker.
Passive attacks.

Wired Equivalence Privacy

(WEP)
Shared key between stations and an Access
Point.
Key used in stream cipher to encrypt WLAN
traffic.
Uses RC4 stream cipher
RC4 algorithm generates a stream of pseudo-random
bits using key and Initialisation Vector (IV) as input.
RC4 is also used in the decryption of the cipher text.

Uses 32-bit Cyclic Redundancy Check (CRC32)

Basically a hash function
Used to compute Integrity Check Vector (ICV)

Shared Key Authentication

WEP Encryption
Initialisation
Vector (IV)

IV
||

RC4

Key-stream

Secret key

Plaintext
ICV computation
using CRC32

|| append

XOR

||

Cipher
text

Insecurities of WEP
Key Generation
ICV Generation
Weak IVs
WEP Attacks

Key Generation Problem

Secret Keys are directly used for
encryption and no key updates.
Certain keys are more susceptible to
showing the relationship between
plaintext and cipher text.
IV is too small so its reuse is
unavoidable.
Key distribution is done manually.

Initialization Vector (IV)

IV should be different for every message
transmitted.
But 802.11 standard doesnt specify how
IV is calculated.
Wireless cards use several methods:
Some use a simple ascending counter for each
message.
Some switch between alternate ascending and
descending counters.
Some use a pseudo-random IV generator.

If 24-bit IV is an ascending counter, and if

AP transmits at 11 Mbps, then all IVs are
exhausted in roughly 5 hours!

ICV Generation Problem

The ICV is generated from a cyclic
redundancy check (CRC-32).
Easy for attacker to even change
encrypted packet and then change ICV
to generate valid packet so as to get
response from AP.

WEP attacks
Packet injection
A packet sent in a WEP protected
network which has been intercepted
by an attacker, can later be injected
into the network again, as long as
the key has not been changed .
WEP was never designed to
resistant against such an attack.

be

WEP attacks
Fake authentication
Allows an attacker to join a WEP
protected network, even if the
attacker has not got the secret root
key.
Shared Key Authentication(SKA)
The attacker has to be able to sniff an
SKA handshake between the AP and
another station.

WEP attacks
Chop-chop attack
Allows an attacker to interactively decrypt the last
m bytes of plaintext of an encrypted packet by
sending m128 packets in average to the network.
Procedure:
Select a captured packet for decryption
Truncate the packet by one byte, correct the
checksum and send the packet to the AP to find out if
the guess is correct
If the guess is correct, we know the last byte of
plaintext and we can continue with the second last
byte
If the guess was incorrect make another different
guess for that byte (at most 256 guesses guesses per
byte)

WEP attacks
FMS attack
First key recovery attack against the RC4
algorithm.
Main idea:
If the RC4 key is composed from a known IV and an unknown
secret part by concatenation;
And if the attacker knows the first byte of key-stream for enough
different IVs;
Then the whole RC4 key can be determined in a statistical
attack.
Attack only makes use of some of the IVs so-called weak IVs.

Complexity of attack grows only linearly

with key size rather than exponentially.

WEP attacks
Generating traffic for the FMS
attack
Capture encrypted ARP request
packets (associate an IP address with
its physical address).
address)
Replay encrypted ARP packets to
generate encrypted ARP replies.
These replies provide more traffic,
potentially with IVs indicating weak
keys.

Wi-Fi Protected Access

(WPA)
The IEEE 802.11 community has
responded to the many security
problems identified in WEP.
Intermediate solution: Wi-Fi Protected
Access (WPA).
Longer-term solution: WPA2.
WPA and WPA2 are standardised in
IEEE 802.11i

Wi-Fi Protected Access

(WPA)
Wi-Fi Protected Access (WPA)
Works with 802.11b, a and g.
An intermediate solution to address WEPs problems.
Existing hardware can still be used; only firmware
upgrade needed.

WPA introduced new authentication protocol,

improved integrity protection measure and perpacket keys.
To provide stronger authentication than in WEP.
To prevent replay attacks.
To prevent spoofing attacks (i.e. bit flipping on WEP
CRC).

WPA-PSK
(Wireless Protected Access)

WPA- Enterprise
(Wireless Protected Access)

Temporal Key Integrity Protocol

(TKIP)
WPA introduced Temporal Key Integrity
Protocol (TKIP).
It is designed to be usable on already existing
hardware by installing a new firmware.
It is known to have several security
weaknesses, but raises bar considerably
compared to WEP.

TKIP Security Measures

TKIP uses MIC(Message Integrity Check) to
ensure the integrity of message.
If more than two messages with invalid ICV are
received by a station within a minute, TKIP is
disabled for a minute and a renegotiation of the
keys is suggested.

A per packet sequence counter is used to

prevent replay attacks.
If a packet is received out of order, it is dropped
by the receiving station.
This prevents all kind of injection attacks where a
packet is replayed.

WPA
TKIP Encryption

WPA
(Wireless Protected Access)

WPA attacks
Dictionary attack on pre-shared key
mode
Denial of service attack
If WPA equipment sees two packets with
invalid MICs in 1 second, then:
All clients are disassociated.
All activity stopped for one minute.
So two malicious packets per minute is
enough to stop a wireless network.

WPA2
WPA2 is interim solution to WEP issues but does
require new hardware.
An enterprise level key management was added to
IEEE 802.11, which allows a lot of modes of
authentication:
No need for a single secret pre-shared key.
Use of a username and a password,
certificates, hardware security tokens etc.

smartcards,

Every station uses individual keys to communicate

with an AP
Eavesdropping by another station in the same network is
not possible anymore.

Conclusion
WEP allows a lots of attacks due to use of weak IV,
small IV space and poor encryption technique being
used. On the other hand WAP is better then WEP as
WAP key is not directly used in encryption. Key mixing
is done for every session and same IV cannot be used
in the same session. Thus prevent message replay
attacks and message injection attacks are also
prevented using MIC.
WPA2 is the best Wi-Fi protocol as it uses AES
encryption technique that is the most robust and very
hard to crack.