1 / 39

Wi-Fi Protected Access

Wi-Fi Protected Access. WPA. What is WPA?. Wi-Fi Protected Access (WPA) is a response by the WLAN industry to offer an immediate, a stronger security solution than WEP. WPA is intended to be: A software/firmware upgrade to existing access points and NICs.

payton
Télécharger la présentation

Wi-Fi Protected Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wi-Fi Protected Access WPA

  2. What is WPA? • Wi-Fi Protected Access (WPA) is a response by the WLAN industry to offer an immediate, a stronger security solution than WEP. • WPA is intended to be: • A software/firmware upgrade to existing access points and NICs. • Inexpensive in terms of time and cost to implement. • Compatible with vendors. • Suitable for enterprise, small sites, home networks. • Runs in enterprise mode or pre-shared key (PSK) mode

  3. History of WPA • WPA was created by the Wi-Fi Alliance, an industry trade group, which owns the trademark to the Wi-Fi name and certifies devices that carry that name. • WPA is designed for use with an IEEE 802.1X authentication server, which distributes different keys to each user.

  4. History of WPA • The Wi-Fi Alliance created WPA to enable introduction of standard-based secure wireless network products prior to the IEEE 802.11i group finishing its work. • The Wi-Fi Alliance at the time already anticipated the WPA2 certification based on the final draft of the IEEE 802.11i standard.

  5. History of WPA • Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). • One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. • When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP.

  6. History of WPA • In addition to authentication and encryption, WPA also provides vastly improved payload integrity. • The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key.

  7. History of WPA • A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael". • The MIC used in WPA includes a frame counter, which prevents replay attacks being executed.

  8. History of WPA • By increasing the size of the keys and IVs, reducing the number of packets sent with related keys, and adding a secure message verification system, WPA makes breaking into a Wireless LAN far more difficult.

  9. History of WPA • The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards.

  10. History of WPA • Due to inevitable weaknesses of Michael, WPA includes a special countermeasure mechanism that detects an attempt to break TKIP and temporarily blocks communications with the attacker.

  11. History of WPA • However, it can also be used in a less secure "pre-shared key" (PSK) mode, where every user is given the same pass-phrase.

  12. History of WPA • Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. • WPA implemented a subset of 802.11i. • The design of WPA is based on a Draft 3 of the IEEE 802.11i standard.

  13. WPA Modes • Pre-Shared Key Mode • Does not require authentication server. • “Shared Secret” is used for authentication to access point. • Enterprise Mode • Requires an authentication server • Uses RADIUS protocols for authentication and key distribution. • Centralizes management of user credentials.

  14. WPA • 802.1x • Features: • BSS • Key hierarchy • Key management • Cipher & Authentication Negotiation • Data Privacy Protocol:TKIP

  15. Comparing WPA and 802.11i • 802.1x • Features: • BSS • Independent Basic Service Set • Pre-authentication • Key hierarchy • Key management • Cipher & Authentication Negotiation • Data Privacy Protocols: TKIPandCCMP

  16. WPA Summary • Fixes all known WEP privacy vulnerabilities. • Designed by well-known cryptographers. • Best possible security to minimize performance degradation on existing hardware.

  17. Pre-Shared Key Mode Issues • Needed if there is no authentication server in use. • If shared secret becomes known, network security may be compromised. • No standardized way of changing shared secret.

  18. Pre-Shared Key Mode Issues • Significantly increases the effort required to allow passive monitoring and decrypting of traffic. • The more complex the shared secret, the less likely it will fall to dictionary attacks.

  19. Migration from WEP to WPA • Existing authentication systems can still be used. • WPA replaces WEP. • All access points and client will need new firmware and drivers. • Some older NICs and access points may not be upgradeable. • Once enterprise access points are upgraded, home units will need to be, if they were using WEP.

  20. Migration from WEP to WPA • Small Office/Home Office: • Configure pre-shared key (PSK) or master password on the AP. • Configure the PSK on client stations. • Enterprise: • Select EAP types and 802.1X supplicants to be supported on stations, APs, and authentication servers. • Select and deploy RADIUS-based authentication servers

  21. How WPA Addresses the WEP Vulnerabilities • WPA wraps RC4 cipher engine in four new algorithms • 1. Extended 48-bit IV and IV Sequencing Rules • 248 is a large number! More than 500 trillion • Sequencing rules specify how IVs are selected and verified • 2. A Message Integrity Code (MIC) called Michael • Designed for deployed hardware • Requires use of active countermeasures • 3. Key Derivation and Distribution • Initial random number exchanges defeat man-in-the-middle attacks • 4. Temporal Key Integrity Protocol generates per-packet keys

  22. Wi-Fi Protected Access 2 – WPA2 • Uses the Advanced Encryption Standard (AES) • AES selected by National Institute of Standards and Technology (NIST) as replacement for DES. • Symmetric-key block cipher using 128-bit keys. • Generates CCM Protocol (CCMP): • CCMP = CTR + CBC + MAC • CTR = Counter Mode Encryption • CBC/MAC = Cipher Block Chaining/Message Authentication Code

  23. Encryption Method Comparison WEP WPA WPA2 Cipher RC4 128 bits encrytion AES Key Size 40 bits 64 bits authentication 128 bits Key Life 24 bits IV 24 bits IV 24 bits IV Packet Key concatened Mixing Function Not Nedeed Data Integrity CRC-32 Michael CCMP Header Integrity none Michael CCMP Replay Attack none IV sequence IV sequence Management Key none EAP-based EAP-based

  24. General Recommendations • Conduct a risk assessment for all information that will travel over the WLAN and restrict sensitive information. • Policies and infrastructure for authenticating remote access users can be applied to WLAN users. • Perform regular audits of the WLAN using network management and RF detection tools.

  25. General Recommendations • Minimize signal leakage through directional antennas and placement of access points. • Make sure all equipment being purchased can be upgraded to support WPA and WPA 2/AES. • If using Pre-Shared Key Mode consider that the shared secret may become compromised.

  26. Should you upgrade to WPA2 with AES after WPA? • An investment in new hardware (access points, NICs) may be needed. • Does your risk analysis indicate the extra protection ? • Is there a compelling business reason to do so?

  27. Should you upgrade to WPA2 with AES after WPA? • However… WPA has not met the challenge of intensive traffic.WPA has some vulnerabilities:

  28. WPA Vulnerabilties • Uso de senhas pequenas ou de fácil advinhação. Está sujeito a ataques de força bruta (quando o atacante testa senhas em sequência) ou ataques de dicionário (quando o atacante testa palavras comuns - dicionário).

  29. WPA Vulnerabilties • Senhas de menos de 20 caracteres são mais susceptíveis à ataque de força bruta. • É comum o fabricante deixar senhas de 8-10 caracters, imaginando que o administrador irá alterá-las.

  30. WPA Vulnerabilties • Existem ferramentas disponíveis que promovem ataques de força bruta e/ou dicionário para ataques ao WPA. • KisMAC para MacOS X (força bruta para senhas/dicionário). • WPA Crack para Linux (força bruta para senhas/dicionário). • Ethereal para • Cowpatty para Linux (dicionário) ou combinadas com John the Ripper.

  31. WPA Vulnerabilities • Não há dificuldades em modificar programas de acesso ao WPA. • Como por exemplo, em WPA_supplicant) para permitir a descoberta de chave pré-compartilhada (PSK) ou do TKIP que muda a chave de tempos em tempos de forma configurável.

  32. WPA Vulnerabilities • O arquivo config.c pode ser modificado na função wpa_config_psk, para ao invés de ler a chave no arquivo de configuração, passa a ler palavras recebidas como parâmetros, permitindo o uso de dicionário e mais algum programa para quebra de senha, como John The Ripper.

  33. WPA Vulnerabilities • Problemas no armazenamento das chaves, tanto nos clientes como nos concentradores, que podem comprometer a segurança.

  34. How WPA Addresses the WEP Vulnerabilities • WPA wraps RC4 cipher engine in four new algorithms • 1. Extended 48-bit IV and IV Sequencing Rules • 248 is a large number! More than 500 trillion • Sequencing rules specify how IVs are selected and verified • 2. A Message Integrity Code (MIC) called Michael • Designed for deployed hardware • Requires use of active countermeasures • 3. Key Derivation and Distribution • Initial random number exchanges defeat man-in-the-middle attacks • 4. Temporal Key Integrity Protocol generates per-packet keys

  35. Referências • KisMAChttp://binaervarianz.de/programmieren/kismac • Cowpattyhttp://www.remote-exploit.org/?page=codes • WPA_attack http://www.tinypeap.com/page8.html • WPA_Supplicant http://hostap.epitest.fi/wpa_supplicant

  36. Conclusions on WEP and WPA • WEP is insufficient to protect WLANs today from determined attackers. • WPA resolves all of WEP’s known weaknesses. • WPA is a dramatic improvement in Wi-Fi security.

  37. Conclusions on WEP and WPA • WPA provides an enterprise-class security solution for user authentication and encryption. • WPA is a subset of the 802.11i draft standard and is expected to maintain forward compatibility with the standard.

  38. Conclusions on WEP and WPA • WPA2 will provide an even stronger cryptographic cipher than WPA.

  39. Conclusions on WEP and WPA • Unless there is a significant flaw found in WPA or RC4 is broken, there may be no reason to move to WPA2 in the future.

More Related