Scribd
Upload
20 views12 pages

Secure Communication: Project I

Uploaded by

Ali Moharram
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
20 views12 pages

Secure Communication: Project I

Uploaded by

Ali Moharram
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Secure Communication

Project I
Securing Communication

Confidentiality Integrity Availability


WPA Networks
Confidentiality Basics
Integrity

• Made in 2003 to replace WEP networks


• Retains the use of RC4 cypher (WPA1) and CCMP (WPA2)
• Encrypts the data using TKIP (WPA1) and AES (WPA2)
• Uses Message Integrity Code (MIC) to check the integrity of the
message
• Includes a 4-way handshake to authenticate users
• Refreshes all keys incase of multiple TKIP or MIC failures
Availability
WPA Networks
Encryption

Temporal Key Integrity Protocol (TKIP) Addresses the two main


weaknesses in WEP networks:
• Static encryption keys
• Lack of a proper message integrity check
WPA Networks
Encryption

• TKIP offers dynamic key generation, where each packet has its own
key
• While TKIP uses the same cypher (RC4) as WEP networks, it changed
the way RC4 is used by using a more sophisticated key management
scheme
• To achieve proper dynamic per-packet key generation, TKIP mixes
the the Pre-Shared key (PSK) or the Pairwise Master Key (PMK), with
a temporal key (TK) that is regularly changed, and an Initialization
Vector (IV)
WPA Networks
Encryption

• TKIP also introduced MIC, which is a small checksum hash added to


each packet.
• This hash allows the receiver to verify that the packet has not been
tampered with. If an attacker altered a packet, the hashed message
will not match the MIC, and the receiver will reject the packet.
• TKIP also employs a sequence counter to prevent replay attacks. The
system will reject any packet with an out-of-sequence packet
number.
WPA Networks
Encryption
WPA Networks
Keys

WPA networks uses a lot of keys, and knowing what each key is will
help us understand WPA networks on a deeper level:
1) PSK: Pre-shared Key, which consists of 8-63 ASCII characters. This is
the WiFi Password.
2) PMK: Pairwise Master Key, which is 256 bits long, and is equal to
SSID + PSK
3) PTK: Pairwise Transient Key, which is 384 bits long. It is a static key
and is equal to PMK + Anonce + Snonce + MAC Add. Of STA & AP.
4) GTK: Group Temporal Key, used to encrypt all broadcast and
multicast traffic between an access point and multiple client
devices.
WPA Networks
Keys

WPA networks uses a lot of keys, and knowing what each key is will
help us understand WPA networks on a deeper level:
5) GMK: Group master key. It is used in a 4-way handshake to create
GTK discussed above.
6) MSK: Master Session Key. The master session is the first key which
is generated either from 802.1X/EAP or derived from PSK
authentication.
7) Snonce & Anonce: Random numbers generated at the client
(Snonce) and AP (Anonce) Sides.
More info can be found here.
WPA Networks
Authentication

WPA networks performs a 4-way


handshake to authenticate users using the
network. More info can be found here or
here.
WPA Networks
Vulnerabilities

POP QUIZ
Knowing all the details we now know about how WPA
networks operate. How do we hack it?
WPA Networks
Vulnerabilities

The PMK, by definition, consists of the Passcode, the


SSID, the Anonce, Snonce, MAC(SA), and MAC(AP). We
can capture the Anonce and Snonce during the first two
handshakes. The third and forth handshakes will give us
MIC hashes of the PTK/PMK. As such, we can calculate
the PTK using a guessed password, apply MIC on the
calculated PTK, and compare it to the captured MIC. If
they are equal, we are in. Otherwise, we change the
password and try again.

More info can be found here.

You might also like