SKNCOE

Wi-Fi Protected Access

14 March, 2008

BY: Seminar Guide:

Chirag. D. Doshi Prof P. N. Mahalle

1 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

Contents

Wireless network
Security
WAP Wireless Application Protocol.
WEP Encryption and its vulnerabilities.
WPA Overcoming the vulnerabilities of WEP.
Mechanism, Advantages & Limitations of WPA and WPA2.

2 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

Wireless Network

While the term wireless network may technically be used to

refer to any type of computer network that is wireless.

Wireless telecommunications networks are generally

implemented with transmission system that uses
electromagnetic waves for the carrier and this
implementation usually takes place at the physical level.

3 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WLAN

4 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

Wireless LAN (WLAN)

A WLAN is a flexible data communication system implemented as
an alternative for, a wired LAN within a building.

Using electromagnetic waves, WLANs transmit and receive data

over the air.

WLANs use electromagnetic airwaves to communicate information

from one point to another.

Access points act as a central transmitter and receiver of WLAN

radio signals.
5 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE
SKNCOE

A typical home network

SKNCOE
SKNCOE

Wi-Fi Security
How do you encrypt your Access Point? There are
several flavors of encryption:

WAP Wireless Application Protocol.

WEP Wired Equivalency Protocol

WPA Wi-Fi Protected Access

SKNCOE
 SKNCOE

Security to these Wireless Network

Security in Easy Steps

1. Change the System ID:

Devices come with a default system ID called the SSID (Service Set
Identifier). It is easy for a hacker to find out the default identifier.

2. Disable Identifier Broadcasting:

Announcing that you have a wireless connection to the world is an

invitation for hackers. Check the manual for your hardware and figure
out how to disable broadcasting.

8 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

Security to these Wireless Network - II

Security in Easy Steps

3. Restrict Unnecessary Traffic:

By restricting the unnecessary traffic around our machine we

can secure our wireless network.

4. Change the Default Administrator Password:

The default passwords are easily obtained so Make sure you

change the default password.

9 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

Wireless Application Protocol (WAP)

Empowers mobile users with wireless devices to easily
access and interact with information and services.

A standard created by wireless and Internet companies to

enable Internet access from a cellular phone.

Goals

deliver Internet services to mobile devices.

independence from wireless network standards.

10 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WAP: Main Features

Markup language
Similar to HTML, adapted to mobile devices

Script language
Similar to JavaScript, adapted to mobile devices

Protocol layers
Transport layer, security layer, session layer etc.

Telephony application interface

Access to telephony functions

11 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WAP Architecture

Client Web Server

WAP Gateway
WML

with WML-Script
WML Encoder CGI

WML Decks
WML- Scripts
WSP/WTP WMLScript
HTTP etc.
Script
Compiler
WTAI
Protocol Adapters Content
Etc.

12 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WAP Specifies

Wireless Protocol Stack

Wireless Session Protocol (WSP).

Wireless Transport Layer Security (WTLS).

Wireless Transaction Protocol (WTP).

Wireless Datagram Protocol (WDP).

Wireless Telephony Application Interface (WTAI).

13 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WLAN Security - WEP

The Wired Equivalent Privacy

(WEP), was implemented as a way
to provide an equivalent level of
security to a standard wired
connection.
WEP does this by using what are
known as shared secret keys,
the RC4 stream cipher, and an
Integrity Check Value or ICV.
These are used in combination to
encrypt each piece of data, or
frame, that is sent from the
wireless NIC to the access point

14 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WEP Encryption and its Vulnerabilities(1)

First, the data is passed through a CRC32 algorithm. CRC32 is

commonly used to detect noise in data transmissions and is just a
basic checksum function.
CRC32 is a poor cryptographic algorithm and doesn't have the
same level of security such as MD5.
ICV is appended to the data block and is then encrypted with RC4.
The RC4 cipher uses a stream of randomly generated bits.
WEP uses initial vectors (IV), and shared keys to seed the RC4
cipher.

15 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WEP Encryption and its Vulnerabilities(2)

While the secrete keys are common to all the nodes in the wireless
network, the IV is unique to each client.
The only means of sharing this key is publishing this key to a
distribution medium from where each and every user copies it to
the respective user machine which makes it potentially unsafe.
These IV's are 24bits in length and are generated by the wireless
Network just before the data is encrypted.
The IV used is appended to the top of the wireless frame
unencrypted.
Also use of cryptographically weak CRC mechanism further makes
this protocol vulnerable.

16 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WEP
Can you believe that a WEP was cracked in less than a 60
seconds? Its not the safest.

First WEP versions have used the 64-bit shared key. 40 bits are for
a shared secret and 24 bits are for IV initialization vector. IV is
used that receiver could decrypt the frame.

Next improvement of first WEP key was the 128-bit shared WEP
key. With that WEP version 104 bits are used for the shared key and
24 for initialization vector.

IEEE proposed in 2004 a new version of WEP WEP2. It same as

WEP but It only increases time for cracking.

17 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

Cracking WEP

AirSnort is a wireless LAN (WLAN) tool that

recovers encryption keys.
http://freshmeat.net/projects/airsnort/

WEPCrack is a tool that cracks 802.11 WEP

encryption keys using the latest discovered
weakness of RC4 key scheduling.
http://sourceforge.net/projects/wepcrack

18 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

Limitations of WEP
1) Manual key management is a big security problem.

2) WEP depends on the secret keys that are widely shared.

3) The same IV (initialization vector) can be used more than once.

This feature makes WEP very vulnerable, especially to collision-
based attacks.

4) Most users usually do not change their keys. This gives hackers
more time to crack the encryption.

5) Master keys are directly used.

19 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE
 SKNCOE

Advantages of WPA over WEP

1) Length of IV (initialization vector) is now 48, comparing to WEPs

24. This gives you over 500 trillion possible key combinations.

2) IV has much better protection with better encryption methods.

This is prevention of reuse of IV keys.

3) Master keys are never directly used.

4) Better key management.

5) Impressive message integrity checking.

When you take all this into account, you can see that WPA is much
better solution for your wireless network.
20 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE
 SKNCOE

WPA Overcoming the vulnerabilities of WEP

WPA Algorithm is a part of 802.11i specification.

WPA enhances the MIC(Message Integrity Check) field instead of
ICV. MIC uses a stronger algorithm called Michael.
It uses 48 bit IV keys compared to 24 bit WEP. Now to further
overcome the shared-key issues in WEP, TKIP (Temporal Key
Integrity Protocol) is used which provides a single IV per user per
session.
TKIP then calculates the base key using
MAC addresses of the Access Point and client,
a special secret number for the session and
some random numbers.

21 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WPA Overcoming the vulnerabilities of WEP - II

This base key is then seeded with the RC4 keys.

WEP the same key could be used for weeks, months, or even years
before being changed, with WPA the key is changed with every
user and every frame, providing a target much harder to attack.

This change in the RC4 keys makes the detection these keys by the
automated tools more difficult.

Hence WPA is almost a fool-proof and secure solution to wireless

LAN Security.

22 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WPA

The Wi-Fi Alliance created WPA to enable introduction of standard-

based secure wireless network products prior to the IEEE 802.11i
group finishing its work.
Data is encrypted using the RC4 stream cipher, with a 128-bit key
and a 48-bit initialization vector (IV).
One major improvement in WPA over WEP is the Temporal Key
Integrity Protocol (TKIP), which dynamically changes keys as the
system is used.
WPA2 implements the full standard, but will not work with some
older network cards.

23 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

How WPA Actually Works

In the WPA-enabled network, the client first associates with the

access point.

Then after that access point is waiting for the permission of server.

Then server gives some type encrypted key to access points and
access points gives it to client.

Then after that client gives decrypted key back to the server and if
it is proper then server gives full permission to client and access
points to use the server.

24 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

WPA & WPA2 Security

WPA Personal This method is less secure than WPA2, but is

designed to work with equipment originally designed for WEP.

WPA2 Personal The best available encryption for the home

network. Use this one if it is available.

Unlike WEP, the WPA methods can only be cracked by dictionary

attack. If the passphrase is 20 characters or more, cracking is
essentially impossible. Use a strange combination of upper/lower
case and special characters and/or numbers. My phrase is 28
characters, and includes special characters. WPA and WPA2
passphrase conversion is unique.

SKNCOE
 SKNCOE

WAP & WAP2 Security

You will be presented with this window.

No User Name is required. Note: If you have not

already changed the default password, do so now!

SKNCOE
SKNCOE

WAP & WAP2 Security

After logging into the router, select the Wireless
and Wireless Security tabs, and pull down
Security to get

SKNCOE
SKNCOE

WPA & WPA2 Security

To set up your AP for WPA2 with TKIP + AES, you

would select

SKNCOE
 SKNCOE

Some more Advantages Of WPA

1) Provides extremely strong wireless security for the 2003

computing environment.

2) Adds authentication to WEP's basic encryption.

3) Has backward compatible WEP support for devices that are not
upgraded.

4) Integrates with RADIUS (Remote Authentication Dial In User

Services) servers to allow administration, auditing, and logging.

& many more..

29 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

Disadvantages of WPA

1) Except when using with the preshared key (WPA-PSK),

complicated setup is required, unsuitable for typical home users.

2) Older firmware usually will not be upgraded to support it.

3) Incompatible with older operating systems such as Windows 95.

4) Greater performance overhead than WEP.

5) Remains vulnerable to Denial of Service attacks.

30 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

THANKS To,

My Seminar Guide:

Prof P. N. Mahalle.

31 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE

 SKNCOE

32 Information Security - Session IV - Wireless LAN 7/19/2017 SKNCOE