Wi-Fi Protected Access

WPA
What is WPA?

 Wi-Fi Protected Access (WPA) is a response by the

WLAN industry to offer an immediate, a stronger
security solution than WEP.

 WPA is intended to be:

 A software/firmware upgrade to existing access
points and NICs.
 Inexpensive in terms of time and cost to implement.
 Compatible with vendors.
 Suitable for enterprise, small sites, home networks.
 Runs in enterprise mode or pre-shared key (PSK)
mode
History of WPA

 WPA was created by the Wi-Fi Alliance, an

industry trade group, which owns the trademark
to the Wi-Fi name and certifies devices that carry
that name.

 WPA is designed for use with an IEEE 802.1X

authentication server, which distributes different
keys to each user.
History of WPA

 The Wi-Fi Alliance created WPA to enable

introduction of standard-based secure wireless
network products prior to the IEEE 802.11i group
finishing its work.

 The Wi-Fi Alliance at the time already anticipated

the WPA2 certification based on the final draft of
the IEEE 802.11i standard.
History of WPA
 Data is encrypted using the RC4 stream cipher, with
a 128-bit key and a 48-bit initialization vector (IV).

 One major improvement in WPA over WEP is the

Temporal Key Integrity Protocol (TKIP), which
dynamically changes keys as the system is used.

 When combined with the much larger IV, this

defeats the well-known key recovery attacks on
WEP.
History of WPA

 In addition to authentication and encryption, WPA

also provides vastly improved payload
integrity.

 The cyclic redundancy check (CRC) used in WEP is

inherently insecure; it is possible to alter the
payload and update the message CRC without
knowing the WEP key.
History of WPA

 A more secure message authentication code

(usually known as a MAC, but here termed a MIC
for "Message Integrity Code") is used in WPA, an
algorithm named "Michael".

 The MIC used in WPA includes a frame counter,

which prevents replay attacks being executed.
History of WPA

 By increasing the size of the keys and IVs,

reducing the number of packets sent with related
keys, and adding a secure message
verification system, WPA makes breaking into a
Wireless LAN far more difficult.
History of WPA

 The Michael algorithm was the strongest that

WPA designers could come up with that would still
work with most older network cards.
History of WPA

 Due to inevitable weaknesses of Michael, WPA

includes a special countermeasure mechanism
that detects an attempt to break TKIP and
temporarily blocks communications with the
attacker.
History of WPA

 However, it can also be used in a less secure

"pre-shared key" (PSK) mode, where every
user is given the same pass-phrase.
History of WPA
 Wi-Fi Protected Access (WPA) had
previously been introduced by the Wi-Fi
Alliance as an intermediate solution to WEP
insecurities.

 WPA implemented a subset of 802.11i.

 The design of WPA is based on a Draft 3 of

the IEEE 802.11i standard.
WPA Modes
 Pre-Shared Key Mode
 Does not require authentication server.
 “Shared Secret” is used for authentication to
access point.

 Enterprise Mode
 Requires an authentication server
 Uses RADIUS protocols for authentication and
key distribution.
 Centralizes management of user credentials.
WPA
 802.1x
 Features:
 BSS
 Key hierarchy
 Key management
 Cipher & Authentication Negotiation
 Data Privacy Protocol: TKIP
Comparing WPA and 802.11i

 802.1x
 Features:
 BSS
 Independent Basic Service Set
 Pre-authentication
 Key hierarchy
 Key management
 Cipher & Authentication Negotiation
 Data Privacy Protocols: TKIP and CCMP
WPA Summary

 Fixes all known WEP privacy vulnerabilities.

 Designed by well-known cryptographers.

 Best possible security to minimize

performance degradation on existing hardware.
Pre-Shared Key Mode Issues

 Needed if there is no authentication server in

use.

 If shared secret becomes known, network

security may be compromised.

 No standardized way of changing shared

secret.
Pre-Shared Key Mode Issues

 Significantly increases the effort required to

allow passive monitoring and decrypting of
traffic.

 The more complex the shared secret, the less

likely it will fall to dictionary attacks.
Migration from WEP to WPA

 Existing authentication systems can still be

used.
 WPA replaces WEP.
 All access points and client will need new
firmware and drivers.
 Some older NICs and access points may not
be upgradeable.
 Once enterprise access points are
upgraded, home units will need to be, if
they were using WEP.
Migration from WEP to WPA

 Small Office/Home Office:

 Configure pre-shared key (PSK) or master
password on the AP.
 Configure the PSK on client stations.

 Enterprise:
 Select EAP types and 802.1X supplicants to be
supported on stations, APs, and authentication
servers.
 Select and deploy RADIUS-based authentication
servers
How WPA Addresses the WEP Vulnerabilities

 WPA wraps RC4 cipher engine in four new algorithms

 1. Extended 48-bit IV and IV Sequencing Rules
 248 is a large number! More than 500 trillion
 Sequencing rules specify how IVs are selected and
verified
 2. A Message Integrity Code (MIC) called Michael
 Designed for deployed hardware
 Requires use of active countermeasures
 3. Key Derivation and Distribution
 Initial random number exchanges defeat man-in-the-
middle attacks
 4. Temporal Key Integrity Protocol generates per-
packet keys
Wi-Fi Protected Access 2 – WPA2

 Uses the Advanced Encryption Standard (AES)

 AES selected by National Institute of Standards
and Technology (NIST) as replacement for DES.
 Symmetric-key block cipher using 128-bit keys.
 Generates CCM Protocol (CCMP):
 CCMP = CTR + CBC + MAC
 CTR = Counter Mode Encryption
 CBC/MAC = Cipher Block Chaining/Message
Authentication Code
Encryption Method Comparison

WEP WPA WPA2

Cipher RC4 128 bits encrytion AES

Key Size 40 bits 64 bits authentication 128 bits

Key Life 24 bits IV 24 bits IV 24 bits IV

Packet Key concatened Mixing Function Not Nedeed

Data Integrity CRC-32 Michael CCMP

Header Integrity none Michael CCMP

Replay Attack none IV sequence IV sequence

Management Key none EAP-based EAP-based

General Recommendations
 Conduct a risk assessment for all
information that will travel over the WLAN
and restrict sensitive information.

 Policies and infrastructure for

authenticating remote access users can be
applied to WLAN users.

 Perform regular audits of the WLAN using

network management and RF detection
tools.
General Recommendations
 Minimize signal leakage through directional
antennas and placement of access points.

 Make sure all equipment being purchased

can be upgraded to support WPA and WPA
2/AES.

 If using Pre-Shared Key Mode consider that

the shared secret may become
compromised.
Should you upgrade to WPA2 with AES
after WPA?

 An investment in new hardware

(access points, NICs) may be needed.

 Does your risk analysis indicate the

extra protection ?

 Is there a compelling business reason

to do so?
Should you upgrade to WPA2 with AES
after WPA?

 However…

WPA has not met the challenge of

intensive traffic.

WPA has some vulnerabilities:

WPA Vulnerabilties

 Uso de senhas pequenas ou de fácil

advinhação.

Está sujeito a ataques de força

bruta (quando o atacante testa
senhas em sequência) ou ataques
de dicionário (quando o atacante
testa palavras comuns - dicionário).
WPA Vulnerabilties

 Senhas de menos de 20 caracteres

são mais susceptíveis à ataque de
força bruta.

 É comum o fabricante deixar senhas

de 8-10 caracters, imaginando que o
administrador irá alterá-las.
WPA Vulnerabilties
 Existem ferramentas disponíveis que
promovem ataques de força bruta
e/ou dicionário para ataques ao WPA.
 KisMAC para MacOS X (força bruta para
senhas/dicionário).
 WPA Crack para Linux (força bruta
para senhas/dicionário).
 Ethereal para
 Cowpatty para Linux (dicionário) ou
combinadas com John the Ripper.
WPA Vulnerabilities
 Não há dificuldades em modificar
programas de acesso ao WPA.

 Como por exemplo, em

WPA_supplicant) para permitir a
descoberta de chave pré-
compartilhada (PSK) ou do TKIP que
muda a chave de tempos em tempos
de forma configurável.
WPA Vulnerabilities

 O arquivo config.c pode ser modificado

na função wpa_config_psk, para ao
invés de ler a chave no arquivo de
configuração, passa a ler palavras
recebidas como parâmetros,
permitindo o uso de dicionário e
mais algum programa para quebra
de senha, como John The Ripper.
WPA Vulnerabilities

 Problemas no armazenamento das

chaves, tanto nos clientes como nos
concentradores, que podem
comprometer a segurança.
How WPA Addresses the WEP Vulnerabilities

 WPA wraps RC4 cipher engine in four new algorithms

 1. Extended 48-bit IV and IV Sequencing Rules
 248 is a large number! More than 500 trillion
 Sequencing rules specify how IVs are selected and
verified
 2. A Message Integrity Code (MIC) called Michael
 Designed for deployed hardware
 Requires use of active countermeasures
 3. Key Derivation and Distribution
 Initial random number exchanges defeat man-in-the-
middle attacks
 4. Temporal Key Integrity Protocol generates per-
packet keys
Referências
 KisMAC
http://binaervarianz.de/programmieren/kismac

 Cowpatty
http://www.remote-exploit.org/?page=codes

 WPA_attack
http://www.tinypeap.com/page8.html

 WPA_Supplicant
http://hostap.epitest.fi/wpa_supplicant
Conclusions on WEP and WPA
 WEP is insufficient to protect WLANs
today from determined attackers.

 WPA resolves all of WEP’s known

weaknesses.

 WPA is a dramatic improvement in

Wi-Fi security.
Conclusions on WEP and WPA

 WPA provides an enterprise-class

security solution for user
authentication and encryption.

 WPA is a subset of the 802.11i draft

standard and is expected to maintain
forward compatibility with the
standard.
Conclusions on WEP and WPA

 WPA2 will provide an even stronger

cryptographic cipher than WPA.
Conclusions on WEP and WPA

 Unless there is a significant flaw

found in WPA or RC4 is broken, there
may be no reason to move to WPA2
in the future.