Security Issues with todays Wireless Network with emphasis on WLAN

1
Introduction

• Security Issues with todays Wireless Network
  with emphasis on WLAN
• Presented by
• Olusesan Ogunsakin
• Student 2720808
• sesano_at_yahoo.com

2
Problem

• The encryption protocols currently deployed with
  IEEE 802.11 WLAN standards do not offer 100
  security to data exchanged over the wireless
  medium.
• This paper will identify these flaws and suggest
  solutions that will offer enhancement to these
  protocols to secure wireless data.

3
Wireless medium
Data Encryption
Open Communication Channel
Hacker
4
Existing Solutions

• The following encryption protocols are currently
  being deployed in WLAN environment
• Wired Equivalent Privacy (WEP) was deployed in
  IEEE 802.11b
• WiFi Protected Access (WPA2) was deployed in IEEE
  802.11i

5
Cryptography

• Cryptography is the discipline which embodies
  principles, means and methods for the
  transformation of data in any medium in order to
  hide its information content, prevent its
  undetected modification, or prevent its
  unauthorized use
• Cryptographic encryption are generally divided
  into 2 classes namely
• Symmetrical encryption
• Asymmetrical encryption
• Symmetrical entails the use of single shared key
  on all devices sharing the network while
  asymmetrical entails use of public key combined
  with private keys

6
Cryptography contd..

• IEEE 802.11 deploys symmetrical encryption and
  this class is sub-divided into 2 groups namely
• Stream ciphers
• Block ciphers

Stream ciphers encrypt data bit by bit. Block
ciphers encrypt data in chunks called blocks (for
example a whole document page or words).
7
Wired Equivalent Privacy (WEP)

• WEP is a security protocol designed to secure
  wireless data between wireless entities.
• It is designed to use the RSAs stream cipher
  algorithm called RC4.
• Original design comes in two flavors (64-bit
  128-bit implementations).
• For 64-bit implementation, WEP uses 40-bit to
  encrypt every data with 24-bit Initialization
  Vector (IV).
• For 128-bit implementation, WEP uses 104-bit to
  encrypt data with 24-bit IV bits.

8
Operation of WEP
1
Step 1 WEP generates a random 24-bit
Initialization Vector (IV) and it combines this
with the shared password as an input into Key
Scheduling Algorithm (KSA) which generate a
scrambled array of 256 8-bit value. Step 2 The
Pseudo Random Generation Algorithm (PRGA) uses
the output of KSA to generate the streaming key.
Multiples keys are created by looping through the
algorithm Step 3 The streaming key is then XORed
with the plaintext data (with CRC) to create the
ciphertext (encrypted data) which is transmitted.
Both ciphertext and plain text IV are
transmitted into the wireless medium.
2
3
Cipher Function (data, pass phrase) Output
9
Data Flow with WEP

• Every packets as shown above, is encrypted
  before transmission. This packet is combined with
  the CRC and IV values. The receiver combines the
  IV value for each packet with the pre-shared
  password to decrypt the packets, it then
  re-calculate the CRC to confirms packets
  corruption

10
Problems with WEP

• Vulnerability in the transmission of the IV in
  plaintext with data.
• In order to decrypt each packet by receiver
  device, both shared password and the value of the
  IV used to encrypt each packet is required. To
  achieve this, WEP transmit each ciphertext with
  the IV value in plaintext.
• Reusability of IV values due to limited value
  range of 24-bit.
• 24-bit IV generate 224 (16777216) different
  IV values. In a busy network, the IV values can
  be re-used by after transmitting just 5MB of
  data. Hacker can easily obtain 2 encrypted data
  with same IV values which makes it quicker/easier
  to crack the code.
• Password Administration
• The password (shared key) administration relies
  on a human administration. This can easily be
  compromised by disgruntled staff.

11
Problems with WEP

• Weak Keys in RC4
• One in every 256 RC4 key has been proven to
  be weak , which means the key schedules for
  these keys are less correlated with the key than
  they ought to be. This makes it far easier to
  cryptanalyze data encrypted under these keys.
• Lack of User Authentication Mechanism
• Anyone can connect to network secured by WEP
  due to lack of any user authentication in WEP.
  The challenge text used for authentication is
  transmitted as clear text by the BS to the node.
  This open up what could be considered the first
  line of defense.

12
Wi-Fi Protected Access

• By 2001, a series of independent studies from
  various academic and commercial institutions had
  identified weaknesses in Wired Equivalent Privacy
  (WEP), the original native security mechanism for
  wireless local area networks (WLANs) in the
  (IEEE) 802.11 specification.
• As shown in previous slides, even with WEP
  enabled, an intruder equipped with the proper
  tools and a moderate amount of technical
  knowledge could gain unauthorized access to the
  wireless network via the WLAN.
• To address this situation, Wi-Fi Alliance
  introduced 2 new interoperable Wi-Fi security
  specifications for both enterprise and home
  networks namely
• WPA based on Temporal Key Integrity Protocol
  (TKIP) encryption.
• WPA2 based on Advanced Encryption System (AES)
  encryption

13
Wi-Fi Standards
Both WPA and WPA2 protect the wireless network
from a variety of threats, including lost or
stolen devices and hacker attacks such as
man-in-the-middle, authentication forging,
replay, key collision, weak keys, packet forging,
and brute-force/dictionary attacks. WPA
addresses the weaknesses of original WEP security
resulting from WEPs imperfect encryption key
implementation and its lack of authentication.
Using TKIP, it brings an enhanced encryption
algorithm and with IEEE 802.1X/EAP authentication
it brings standards-based mutual authentication
to Wi-Fi networks. Together, TKIP encryption and
mutual authentication insulate the Wi-Fi network
from a variety of threats when WPA-Enterprise
mode is used. WPA2 offers advanced protection
from wireless network attacks. Using AES,
government grade encryption and IEEE 802.1X/EAP
authentication WPA2 provides stronger
standards-based mutual authentication and
advanced encryption to protect the Wi-Fi network
from a variety of threats and attacks.
14
WiFi Protected Access (WPA)

• The WPA standard was introduced in 2003 as a
  strong, standards-based interoperable Wi-Fi
  security specification.
• It was designed to overcome the shortcoming of
  WEP.
• It use the pre-shared key (PSK) technology to
  provides a scheme of mutual authentication of
  clients who wish to connect.
• WPA also uses Temporal Key Integrity Protocol
  (TKIP) for data encryption with Message Integrity
  Check (MIC) instead of RC4.

15
WiFi Protected Access (WPA2)
In 2004, the Wi-Fi Alliance introduced Wi-Fi
Protected Access 2 (WPA2), the second generation
of WPA security. Like WPA, It use the
pre-shared key (PSK) technology and Extensible
Authentication Protocol (EAP) authentication in
the enterprise to provides a scheme of mutual
authentication of clients who wish to connect.
WPA2 is based on the final IEEE 802.11i
amendment to the 802.11 standard ratified in June
2004. WPA2 uses the Advanced Encryption
Standard (AES) for data encryption and is
eligible for FIPS (Federal Information Processing
Standards) 140-2 compliance.
16
Operation of WPA2
WPA2 operates in 2 modes Personal Mode - This
mode is designed for Small Office/Home Office
(SOHO) Enterprise Mode This mode is designed
for corporate organizations.
Aunthentication PSK Encryption AES
Personal Mode
Aunthentication IEEE802.1X/EAP Encryption AES
Enterprise Mode
17
Authentication with WPA2

• WPA2 Aunthentication in Personal Mode
• WPA2 in Personal mode operates in an unmanaged
  mode that uses a pre-shared key (PSK) for
  authentication.
• This mode uses applied authentication in which a
  pass-phrase (the PSK) is manually entered on the
  access point to generate the encryption key. The
  PSK is typically shared among users.
• A PSK of sufficient strengthone that uses a mix
  of letters, numbers and non-alphanumeric
  characters is preferred.

18
Operation of WPA2

• WPA2 Authentication in Enterprise Mode
• WPA2-Enterprise mutual authentication is
  initiated when a user associates with an access
  point.
• The AP blocks access to the network until the
  user can be authenticated.
• The user provides credentials which are
  communicated to the authentication server. The
  authentication process is enabled by the IEEE
  802.1X/EAP framework. With EAP, IEEE 802.1X
  creates a framework in which client workstations
  and the authentication server mutually
  authenticate with one another via the AP.
• Once the user has been authenticated, the
  authentication server and the client
  simultaneously generate a Pairwise Master Key
  (PMK).

19
AES Encryption
The AES algorithm is based on permutations and
substitutions. Permutations are rearrangements of
data, and substitutions replace one unit of data
with another. AES performs permutations and
substitutions using several different techniques.
Let the following be the 128-bit value that you
will encrypt with the indexes array 00 11 22
33 44 55 66 77 88 99 aa bb cc dd ee ff 0 1
2 3 4 5 6 7 8 9 10 11 12 13 14
15 The 192-bit key value is 00 01 02 03 04 05
06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15
16 17 0 1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20 21 22 23
Figure 1

• When the AES constructor is called, two tables
  that will be used by the encryption method are
  initialized.
• The first table is a substitution box named Sbox.
  It is a 16 16 matrix. The first five rows and
  columns of Sbox are shown in Figure 1.

Figure 2
20
AES Encryption

• Behind the scenes, the encryption routine takes
  the key array and uses it to generate a "key
  schedule" table named w , shown in Figure 2.
• The first Nk (6) rows of w are seeded with the
  original key value (0x00 through 0x17) and the
  remaining rows are generated from the seed key.
  The variable Nk represents the size of the seed
  key in 32-bit words.
• The point is that there are now many keys to use
  instead of just one. These new keys are called
  the round keys to distinguish them from the
  original seed key.
• The AES encryption routine begins by copying the
  16-byte input array into a 44 byte matrix named
  State (see Figure 3).
• The AES encryption algorithm is named Cipher and
  operates on State and can be described in
  pseudo-code (see Figure 4).

Figure 3
21
AES Encryption

• The encryption algorithm performs a preliminary
  processing step that's called AddRoundKey in the
  specification.
• AddRoundKey performs a byte-by-byte XOR operation
  on the State matrix using the first four rows of
  the key schedule, and XORs input Stater,c with
  round keys table wc,r.
• For example, if the first row of the State matrix
  holds the bytes 00, 44, 88, cc , and the first
  column of the key schedule is 00, 04, 08, 0c ,
  then the new value of State0,2 is the result of
  XORing State0,2 (0x88) with w2,0 (0x08), or
  0x80
• 1 0 0 0 1 0 0 0
• 0 0 0 0 1 0 0 0 XOR
• 1 0 0 0 0 0 0 0

Pseudo-code
Cipher(byte input, byte output) byte4,4
State copy input into State AddRoundKey
for (round 1 round lt Nr-1 round)
SubBytes ShiftRows MixColumns AddRoundKey
SubBytes ShiftRows AddRoundKey copy State
to output
Figure 4
22
AES Encryption

• The main loop of the AES encryption algorithm
  performs four different operations on the State
  matrix
• The AddRoundKey operation is the same as the
  preliminary AddRoundKey except that each time
  AddRoundKey is called, the next four rows of the
  key schedule are used.
• The SubBytes routine is a substitution operation
  that takes each byte in the State matrix and
  substitutes a new byte determined by the Sbox
  table. For example, if the value of State0,1 is
  0x40 and you want to find its substitute, you
  take the value at State0,1 (0x40) and let x
  equal the left digit (4) and y equal the right
  digit (0). Then you use x and y as indexes into
  the Sbox table to find the substitution value, as
  shown in Figure 1.
• The MixColumns operation is a substitution
  operation that is the trickiest part of the AES
  algorithm to understand. It replaces each byte
  with the result of mathematical field additions
  and multiplications of values in the byte's
  column.

23
AES Encryption
4. The ShiftRows is a permutation operation that
rotates bytes in the State matrix to the left.
Figure 5 shows how ShiftRows works on State.
Row 0 of State is rotated 0 positions to the
left, row 1 is rotated 1 position left, row 2 is
rotated 2 positions left, and row 3 is rotated 3
positions left.
Figure 5
24
Problems with WPA2

• Weakness in Passphrase Choice in WPA Interface
• Anyone with knowledge of the PSK can
  determine any PTK in the ESS through passive
  sniffing of the wireless network, listening for
  those all-important key exchange data frames.
  Also, if a weak passphrase is used, for example,
  a short passphrase, an offline dictionary attack
  can readily guess the PSK. Since the common usage
  will be a single PSK for the Extended Service Set
  (ESS), once this is learned by the attacker, the
  attacker is now a member of the ESS, and the
  whole ESS is compromised. The attacker can now
  read and forge any traffic in the ESS.
• Differential cryptanalysis.
• This is a type of attack that relies on an
  analysis of the evolution of the differences
  between two related plaintexts as they are
  encrypted under the same key. By careful analysis
  of the available data, probabilities can be
  assigned to each of the possible keys, and
  eventually the most probable key is identified as
  the correct one
• Linear cryptanalysis
• This is a known plaintext attack which uses a
  linear approximation to describe the behavior of
  the block cipher. Given sufficient pairs of
  plaintext and corresponding ciphertext, bits of
  information about the key can be obtained, and
  increased amounts of data will usually give a
  higher probability of success
• Algebraic attacks
• The belongs to a class of techniques that rely
  for their success on block ciphers exhibiting a
  high degree of mathematical structure. For
  instance, it is conceivable that a block cipher
  might exhibit a group structure. If this were the
  case, then encrypting a plaintext under one key
  and then encrypting the result under another key
  would always be equivalent to single encryption
  under some other single key. If so, then the
  block cipher would be considerably weaker, and
  the use of multiple encryption would offer no
  additional security over single encryption

25
Conclusion

• The weakness in security protocol can be looked
  at in 2 ways
• The inherent weakness in the algorithm used in
  the protocol implementation
• The implementation of this algorithm in the
  protocol
• WEP suffers from both ways while WPA2 known
  attack is currently limited to Dictionary attack
  on weak keys.
• It has been established that most block ciphers
  (AES as an example) can be represented by
  algebraic equation with a certain number of
  unknown variables. Therefore, with the
  appropriate computing power, solving such
  equation will break the ciphers. For example, AES
  can be represented in 6,296 equations with 16,096
  terms!.
• The good news is with today Computing power, it
  is practically impossible to achieve.

. .
26
Proposed Solution

• Based on the analysis of the 2 major protocols
  deployed in the WLAN and the concluding
  statement, the preferred protocol as at today is
  still WPA2. But in its deployment, users should
  note the following
• Use a more complex pass-phrase as your password
• Change password (pass-phrase) more frequently
• Avoid the use of words that can be found in the
  Dictionary

27
Questions

• Question 1
• What are the 2 security protocol ratified to be
  used with IEEE 802.11 specifications
• Answer 1
• Wired Equivalent Privacy (WEP) Wi-Fi Protected
  Standards (WPA2)
• Question 2
• What is the cryptographic algorithm used in WEP
  protocol and who holds the patent to this
  algorithm
• Answer 2
• RC4 algorithm, patent held by RSA
• Question 3
• Advanced Encryption Standards (AES) belongs to
  what groups of ciphers ?
• Answer 3
• Block ciphers.

28
End of Presentation !
Thanks!