Wired Equivalent Privacy
Open networks are susceptible to eavesdropping, as the traffic o them is not
encrypted.
WEP aims at providing some degree of privacy to data exchanged on the
wireless network.
WEP is part of the IEEE 802.11 standard and is a scheme used to secure
wireless networks using Rivest Cipher 4 (RC4) to encrypt traffic and performs
CRC32 checksums for message integrity.
WEP encryption only uses a 24-bit initialization vector (V) as when the WEP
standard was being drafted; the key size was limited due to US government
export restrictions on cryptographic technologies. A 64-bit key was
permitted, of which, 24 bits are used for IVs, thus reducing the real key size
to 40 bits. Once the export restrictions were lifted, 128 bit WEP (using the
same 24-bit IV) was implemented.
RC4
RC4 was designed by Ron Rivest from RSA Security and was chosen foe
wireless encryption due to its simplicity and impressive speed,
RC4 is a symmetric cipher meaning that the same key is used to both
encrypt and decrypt the data. It creates a stream of bits that are XORd with
plain text to get the encrypted data.
To decrypt it, we can simply XOR the encrypted text with the key stream in
order to recover the plain text.
RC4 consists of 2 key elements:
1.- The key Scheduling Algorithm (KSA), which initializes the state table with
IV and the WEP key
2.- The Pseudo-Random Generation Algorithm (PRGA), which creates the key
stream
Wi-Fi Protected Access
The IEEE 802.11i group, aimed at improving wireless security, proceeded to
develop two new link layer encryption protocols: Temporal Key Integrity
Protocol (TKIP) and Counter Mode with CBC-MAC (CCMP).
CCMP was designed from the ground up and took much more time to
complete in comparison to TKIP. TKIP ended up with the commercial name
WPA1 while WPA2 was given to CCMP.
WPA encryption comes in 2 flavors:
�1.- WPA Personal: makes use of pre-shared key authentication (WPA-PSK), a
passphrase shared by all peers of the network.
2.- WPA Enterprise: uses 802.1X and a Radius sever for Authentication,
Authorization, and Accounting (AAA).
WPA1
WPA1 is based on the third draft of 802.11i and uses TKIP. It was designed to
be backward compatible with legacy hardware and still uses WEP as the
encryption algorithm although it addresses the flaws found in WEP with the
following elements:
Per packet key mixing
IV sequencing to avoid replay attacks
New Message Integrity Check (MIC), using the Michael algorithm and
countermeasures on MIC failures.
Key distribution and rekeying mechanism.
WPA2
WPA is the full implementation of 802.11i and is also called Robust Security
Network (RSN). It makes use of new Advanced Encryption Standard (AES)
based algorithm, CCMP. It was designed from the ground up and is not
compatible with older hardware.
The secure communication channel is set up in 4 steps:
1.- Agreement on security protocols
2.- Authentication
3.- Key distribution and verification
4.- Data encryption and integrity
Agreement on Security Protocols
The different security protocols allowed by the AP are provided in its
beacons:
Authentication means, either by PSK or by 802.1x using a AAA server
Unicast and multicast/broadcast traffic encryption suite: TKIP, CCMP
�The STA first sends a probe request in order to receive network information
(i.e. rates, encryption, channel, etc.) and will join the network by using open
authentication followed by association.
Authentication
The authentication step is only done in WPA Enterprise configurations. It is
based on the Extensible Authentication Protocol (EAP) and can be done with
the following:
EAP-TLS with client and server certificates
EAP-TTLS
PEAP for hybrid authentication where only the server certificate is
required
This authentication is started when the client selects the authentication
mode to use.
Several EAP messages, depending on the authentication mode, will be
exchanged between the authenticator and the supplicant in order to
generate a Master Key (MK).
At the end of the procedure, if successful, a Radius Accept message is sent
to the AP containing the MK and another message, an EAP message sent to
the client to indicate success.
Key Distribution and Verification
The third phase focuses on the exchange of the different keys used for
authentication, message integrity, and message encryption. This is done via
the 4-way handshake to exchange the Pairwise Transient Key (PTK) and the
current Group Temporal Key (GTK), respectively the keys used for unicast and
multicast/broadcast, and then the Group Key handshake to renew the GTK.
This part allows:
Confirmation of the cipher suite used
Confirmation of the PMK knowledge by the client
Installation of the integrity and encryption keys
Send GTK securely
Note: In Wi-Fi networks, the authenticator is the AP and the supplicant is STA.
1.- The authenticator sends a nonce to the supplicant, called A Nonce
�2.- The supplicant creates the PKT and sends its nonce, SNonce, with the
MIC. After the construction of the PTK, it will check if the supplicant has the
right PMK. If the MIC check fails, the supplicant has the wrong PMK.
3.- The Authenticator sends the current GTK to the supplicant. This key is
used to decrypt multicast/broadcast traffic. If that messages fails to be
received, it is re-sent.
4.- Finally, the supplicant sends an acknowledgement to the authenticator.
The supplicant installs the keys and starts encryption.
