WEP, WPA, and EAP - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

WEP, WPA, and EAP

Description:

WEP, WPA, and EAP. Drew Kalina. Overview. Wired Equivalent Privacy (WEP) ... Divert packets to attacker by flipping CRC32 bits. WEP Vulnerabilities (cont) ... – PowerPoint PPT presentation

Number of Views:334
Avg rating:3.0/5.0
Slides: 21
Provided by: Kal6153
Category:
Tags: eap | wep | wpa | flipping

less

Transcript and Presenter's Notes

Title: WEP, WPA, and EAP


1
WEP, WPA, and EAP
  • Drew Kalina

2
Overview
  • Wired Equivalent Privacy (WEP)
  • Wi-Fi Protected Access (WPA)
  • Extensible Authentication Protocol (EAP)

3
WEP
  • Encryption method RC4
  • Key size 40 bits
  • Hash method ICV
  • 802.11x authentication optional
  • Key distribution manual

4
WEP Vulnerabilities
  • ICV insecure
  • based on CRC32 (bad)
  • ICV can be modified to match message contents
  • IV key reuse attack
  • Small IV allows this
  • IV sent as plaintext

5
WEP Vulnerabilities (cont)
  • Known plaintext attack
  • Lots of unencrypted TCP/IP traffic
  • Send pings from internet to access point
  • String length N can be recovered for a given IV
  • Packets of size N can be forged using IV

6
WEP Vulnerabilities (cont)
  • Partial Known Plaintext
  • Only a portion of message is known (e.g. IP
    header)
  • Can recover M octets of key stream where MltN
  • Extend then known key stream from M to N through
    probing
  • Divert packets to attacker by flipping CRC32 bits

7
WEP Vulnerabilities (cont)
  • Authentication forging
  • Use recovered key stream and IV because client
    specifies IV
  • Dictionary attacks
  • Key derived from vulnerable password
  • Realtime decryption
  • Dictionary of IVs and keystreams
  • Only 224 possibilities
  • Can be stored in 24GB disk space

8
WEP summary
  • Weak encryption with other problems
  • If possible, use some other protocol
  • Still better than plaintext

9
WPA
  • Encryption method RC4, TKIP
  • Key size 128 bits (varies)
  • Hash method ICV, Michael
  • 802.11x authentication can be required
  • Key distribution TKIP

10
WPA (cont)
  • Michael generates MIC (Message Integrity Code)
  • 8 bits
  • Placed between data and ICV
  • TKIP (Temporal Key Integral Protocol)
  • Resolves keys to be used, looks at clients
    configuration
  • Changes encryption key every frame
  • Sets unique default key for each client

11
WPA Vulnerabilities
  • Birthday attack
  • Get a pair D,M where D1 MIC(M1)
  • When Di D1 where Di ! 1, attack is successful
  • Probability for success 232
  • If keys change during attack, forgery is garbage

12
WPA Vulnerabilities (cont)
  • Differential cryptanalytic attack
  • Michael results have special characteristics
  • ?M Mi XOR Mj and ?D Di XOR Dj called
    characteristic differentials
  • After characteristic differentials obtained, try
    to find MIC (learn parts of the key)
  • Probability of success 230
  • Optimal attack exists with O(229)

13
WPA Vulnerabilities (cont)
  • Temporal Key
  • Lost RC4 Keys
  • Can discover TK and MIC
  • Can forge messages
  • Not a practical attack, O(2105)
  • Does show susceptibility in parts of WPA

14
WPA Vulnerabilities (cont)
  • DOS
  • Access point shuts down for 60 seconds if forged
    unauthorized data detected
  • Possible to shut access points with little
    network activity
  • PSK
  • Used in absence of 802.1x, 1 per ESS (usually).
  • Internal person can use this, and a captured MAC
    address/nonce to imitate another client
  • Vulnerable to external dictionary attacks, if
    short

15
WPA summary
  • Much better than WEP (if 802.1x)
  • WEP2 even better using AES-CCMP
  • There are still vulnerabilities
  • Many WEP devices are upgradeable to WPA (not WPA2)

16
Suggestions for WPA
  • Rekey security associations after failures
  • Lower/eliminate timeouts after detecting forged
    packets
  • Currently would take 1000 years to break with 60
    second timeouts

17
EAP
  • Transmission method and framework for
    authentication protocols
  • Works with many authen. protocols such as RADIUS,
    Kerberos.
  • Uses a variety of transport methods

18
EAP Transport methods
  • EAP-TLS
  • EAP-TTLS
  • PEAP (Protected EAP)
  • LEAP (Light EAP)

19
Vulnerabilities in LEAP
  • Dictionary attack
  • Early versions of MS-CHAP weak

20
Thats all!
Write a Comment
User Comments (0)
About PowerShow.com