WPA Attacks



Chop-Chop Attack


The main attack against TKIP is called the Chopchop attack and it is not a key recovery attack. The chopchop attack was implemented originally against WEP and allows the “attacker to interactivelydecrypt the last m bytes of plaintext of an encrypted packet by sending m*128 packets in average to the network .It relies on the weakness of the CRC32 checksum called the ICV which is appended to the data of the packet. The attacker truncates the last byte of the encrypted packet and guesses the value and returns the packet to the access point. If it is incorrect then the packet will be discarded due to an incorrect checksum and the attacker knows the guess was wrong. Once they have guessed the right value for the last byte they continue backwards through the rest of the bytes until they have guessed the entire packet. It takes an average of 128 guesses per byte to guess the right value. However, since the MIC and sequence counters are now included in WPA it can prevent this attack from working in the original manner. The attacker now captures a packet and finds a low traffic channel where the sequence counter will still be low and tries the attack. If the attacker guesses the last byte wrong then the access point will still silently drop the packet, but if the guess is correct then a MIC failure report frame is sent to the client. Once this is received the attacker knows their guess is correct and must wait at least 60 seconds before guessing in order to prevent the client from being disconnected. Once the attacker has decrypted the last 12 bytes they will have the MIC and the ICV in plaintext. Using the ICV, the attacker can guess the rest of the packet and perform the CRC32 until the values match and they know they have decrypted the packet. With the recovered MIC the attacker can reverse the algorithm to recover the MIC key. With the MIC key recovered the attacker and send packets to the clients on any channel where the sequence counter is low and perform a number of attacks such as traffic rerouting.

WPA2 Attacks


WPA2-PSK (Pre-Shared Key) is the most secure form of encryption used on personal wireless networks. It employs the Advanced Encryption Standard (AES) to encrypt the data instead of the RC4 stream cipher. Although there are some published theoretical attacks on AES, it is still considered very secure and attacking the encryption itself would be very complex. However, this does not make WPA2 secure against key recovery attacks. When a client connects to a WPA2-PSK a four way handshaking is performed to authenticate the client with the access point. During this handshake, the client performs the Secure Hash Algorithm 1 (SHA-1) on the shared key salted with the access point’s Service Set Identifier (SSID) and sends it to the access point for verification. By passively listening to network traffic, an attacker can capture this packet. If no clients connect in the time the attacker is waiting, they can perform a deauthentication attack in order to force the handshaking to occur. A deauthenticationattack is when the attacker sends a deauthentication packet to the client after disguising themselves as the access point. If the client accepts this packet they will reauthenticate with the access point and the attacker can capture the handshake. Once the attacker has the handshake it is as easy as performing either a brute force or dictionary attack to recover the plaintext of the shared key. The speed of this attack mainly depends purely on processor speed as once the handshake is captured the attacker can break the shared key at their leisure. With the availability of dictionary files containing the most common passwords as well as programs such as John the Ripper which can generate different permutations based upon those passwords, a fairly comprehensive dictionary can be built. In addition, the process can be sped up using Rainbow Tables which are pre-hashed compilations of the most common passwords and base station SSIDs. It was also discovered in 2005 that collisions may exist in the SHA-1 hashing function.

Wireless Security Attacks




Encryption-Based Attacks

As wireless networks were being developed the need for security was a top priority. With the ratification of the IEEE 802.11 protocol in 1999, Wired Equivalent Privacy (WEP) was introduced to fulfill that need. The motivation behind WEP was to provide the same level of security that wired networks allowed protecting the integrity of the data being sent. WEP uses the RC4 stream cipher to encrypt data with a 40-bit user defined key that is salted (pre-pended) with a 24-bit initialization vector (IV). The small key size was a result of export restrictions on cryptographic technology. Within several years of release the WEP protocol was shown to be vulnerable to several attacks which could recover the shared key and hackers could access the network. WEP was soon superseded by Wi-Fi Protected Access (WPA) which was developed by the Wi-Fi Alliance to temporary replace the WEP standard as amore secure alternative. WPA implements several features that were intended to protect wireless networks against the attacks developed for WEP. WPA replaces the 40-bit key with Temporal Key Integrity Protocol (TKIP) which provides a 128-bit per packet key that is dynamically generated to prevent collisions. It also included a Message Integrity check to prevent hackers from capturing, altering, and/or resending data packets. While WPA implemented most of the IEEE 802.11i standard, it did not include everything. However, WPA was superseded by WPA2 which was fully compliant with the standard. WPA2 completely replaced the RC4 stream cipher with Counter Mode with Cipher Block Chaining Message Authentication Protocol (CCMP) which uses the Advanced Encryption Standard (AES) algorithm.

WEP Attacks

Most of the encryption based attacks on the WEP protocol rely on the weakness of the Rivest Cipher 4/Ron’s Code 4 (RC4) stream cipher. While the algorithm itself would be fairly secure since it allows for up to a 256 bit key, the implementation in WEP cripples RC4 by using only a 64-bit key. One of the main weaknesses is the relatively small IV which is only 24-bits. This limits it to around 16.7 million permutations which cause the IVs to be repeated when the network is busy. The IVs are also appended to the packet in plaintext so anyone capturing the network packets can recover one third of the key without even trying. The attack of a network will also know the plaintext of certain areas of certain packets and using this information as well as the IVs and the encrypted data they can recover the shared key. The attacker can simulate the first three rounds of the RC4 algorithm since they have the first 3 bytes of the key (the IV). Once they have done so they can guess the next byte of the key continually using the previous byte. Using a decision tree based approach they are able to eventually recover the entire key given enough packets.


FMS Attack


The first attack on the WEP protocol was called the FMS attack which was named after Fluhrer, Martin, and Shamir who published an article describing the weakness in 2001. The paper describes several “weak” IVs which have “a format of B+3::ff:X (where B is the byte of the key to be found, ff is the constant 255, and X is irrelevant).” By using our knowledge of the plaintext in the headers of certain packets such as Address Resolution Protocol (ARP) packets we can determine the value of B. The original FMS attack is determined to have approximately a 50% success probability with about
9,000,000 packets [14]. The above weak IVs are not the only the ones described in the paper as there are several types of varying usefulness to attackers and other attacks were developed from these other IVs.

Korek Attack


Another famous attack was developed by an internet user posting under the name of KoreK. In 2004, KoreK released a cracking suite on an internet forum which implemented 17 different attacks. While some of these attacks were previously discovered, most were found by KoreK. [14] There were three groups of attacks in the KoreK suite. The first group is similar to the FMS attack using the first word of output from the RC4 algorithm to recover the key. The second group uses both the first and the second word. And the third group, which is called inverse attacks, is able to exclude certain values from being in the key. Instead of guessing what the key values could be it determines what the key values could not be. The KoreK attacks were able to achieve almost a 97% probability of success using only 300,000 packets.


PTW Attack


The newest and most powerful attack on WEP is called the PTW attack which is named after its creators Pyshkin, Tews, and Weinmann and released in 2007. The PTW is much more powerful than all the other attacks because it can make use of every packet captured. The PTW attack is based on another attack released in 2005 called the Klein attack after its creator. The PTW attack implements a key ranking strategy which instead of trying all possible combinations of the key, picks a set number of likely keys and continues the RC4 algorithm based on those. Using different voting strategies the attacker can pick the most likely key byte at each decision in the tree to determine the correct key. The PTW Attack was able to achieve around a 97% probability of success using only 70,000 packets, although in real world trials only 20,000 to 40,000 packets are normally required.

How to Build a Secure Wireless Network

Encryption: The Secret Code

The single most important way to secure a wireless network is to protect it with strong encryption. Encryption technology basically scrambles network traffic using mathematical algorithms that prevents eavesdroppers from understanding the content. Encryption is fairly straightforward to set up, but there are two important choices that must be made when using encryption to properly secure a network.

First, choose a good encryption method. Refrain from using the Wired Equivalent Privacy (WEP) encryption algorithm. This technology is outdated, and there are many known vulnerabilities that essentially render it useless. An attacker with a little knowledge and some free tools can defeat WEP encryption in a matter of seconds. Instead, choose Wi-Fi Protected Access (WPA or WPA2) encryption. Both versions employ strong encryption algorithms to protect traffic sent over a wireless network.

Second, choose whether to use a pre-shared encryption key or enterprise authentication technology. In a pre-shared key approach, a network has a single shared password that all users must key in to access the network. This is the approach commonly used on home networks, but it is only appropriate for the smallest business networks. It's simply too difficult to control knowledge of the shared key without changing it every time someone leaves an organization or a guest is given access to the key.

If using pre-shared key authentication, there are some potential vulnerabilities that might allow an attacker to crack an organization's encryption key if the company uses a common service set identifier (SSID) for its wireless network. Be sure to check the 1000 Most Common SSIDs from the Wireless Geographic Logging Engine and choose something that's not on the list.

The alternative, enterprise encryption, leverages an existing authentication infrastructure to allow users to join the wireless network using the same username and password they provide to access their computers, e-mail and other enterprise resources. Using enterprise encryption makes dealing with employee terminations a breeze. When an enterprise account is deactivated, a user simultaneously loses access to the wireless network. No key changes are required.
Wireless, BYOD and Visitors

Network administrators have always grappled with the challenges posed by those who want to bring outside devices onto corporate networks. In the past, the quick response to those requests was “No, the corporate network is limited to company-owned devices.” Over the past few years, however, two emerging trends have rendered this position indefensible in many environments. First, many businesses are instituting a “bring your own device” (BYOD) strategy that allows employees to bring smartphones, tablets and notebook computers from home into the office, where they expect to have access to the company network.

At the same time, company guests are starting to have the same expectations for ubiquitous network access. While these guests certainly don't need access to corporate data, guest network access has become a standard expectation, especially in facilities where cell phone signals might not penetrate to interior conference rooms. Organizations need to develop clear policies around who may join external devices to the network, what access is afforded to those devices, and who may approve such requests.

One increasingly common approach to this problem is to create an open, unsecured wireless network that allows access to the Internet and nothing else. Visitors can then connect their personal devices to this network without affecting the security of corporate systems or data. It essentially recreates the coffee shop wireless experience within the facility while isolating the guest network from a business's secure systems. Anyone on the guest network who attempts to access company resources would have the same experience as if they were working at home: They'd have to secure their connection using a VPN or other security technology.
Battling Rogue Access Points

Once an organization builds a secure wireless network, there's still one big issue to worry about - rogue wireless access points. It's far too easy for an employee, frustrated with security controls or coverage issues, to drop $60 on a wireless AP and connect it to a wired network. This creates a small “private” wireless network that may not be appropriately secured and limits IT staff's visibility into the devices that connect to it.

In order to reduce this risk, conduct periodic scans for rogue APs. This may be as simple as having a technician walk around the building with a notebook running a tool such as NetStumbler to discover wireless networks. Another option is to invest in an automated wireless intrusion prevention system that continuously monitors an environment and automatically alerts IT staff to the presence of rogue wireless networks. These systems fingerprint the unique electronic characteristics of wireless devices to identify APs not on the approved list.

Wireless networking is changing the way employees interact with corporate resources. It is increasingly common for staff to go days or weeks without ever connecting to a traditional wired network. It's essential for the administrators running these networks to understand user behavior and develop secure, flexible options that balance security concerns with business requirements. Developing solid wireless policies and backing them up with strong encryption technology and rogue AP detection capabilities can go a long way toward creating a secure wireless environment.

Wireless Technology Overview

Wireless Technology Overview


Wireless technologies enable one or more devices to communicate without an actual wired connection. Radio frequency is used
to transmit the data. Such technologies are rapidly evolving to meet a variety of communications needs, from simple to complex.
Wireless communications needs can all be classified in one of three ways, based on the distance they are meant to cover. These
include: wireless personal area networks (WPAN), wireless local area networks (WLAN), and wireless wide area networks (WWAN).

 





Wireless networks form the transport mechanism between devices and traditional wired networks. WPANs are limited
to distances under about 10 meters and include technologies such as infrared (IR), Bluetooth® technology, and
ultra-wideband (UWB). WLANs cover a local area with distances of individual access points reaching to about 100 meters,
and include technologies such as Wi-Fi (802.11a/b/g/n). WWANs cover even larger areas, using cellular data networks.
This section discusses some of the most popular and widely used wireless technologies to provide readers with a point
of reference for the use of 3G technology.


WPAN

WPANs typically provide ad hoc network connections designed to dynamically connect devices to other devices within close
range of each other. These connections are termed ad hoc because they do not generally need to connect to any network
infrastructure to operate. They can simply connect to each other and perform necessary communications without the need of
any access network devices, such as access points or base stations.

Bluetooth

Bluetooth has emerged as the most widely used WPAN network standard. The Bluetooth standard is an industry specification
that describes how mobile phones, headsets, computers, handhelds, peripherals, and other computing devices should
interconnect with each other. Bluetooth network applications include wireless headsets, hands-free operation, wireless
synchronization, wireless printing, advanced stereo audio, dial-up networking, file transfer, and image exchange, to name a few.

WLAN

WLANs provide connections designed to connect devices to wired networks. Unlike a wired LAN, a WLAN does not require cabling
to connect the device to a switch or router. Devices connect wirelessly to nearby wireless access points that are attached to the
local network using an Ethernet connection. A single access point communicates with nearby WLAN devices in a coverage area of
about 100 meters. This coverage area allows users to move freely within range of an access point with their notebook computers,
handhelds, or other network devices. Multiple access points can be coordinated together by a network WLAN switch to allow
users to hand off between access points.

Wi-Fi

Wi-Fi (or IEEE 802.11) is the set of standards established to define wireless LANs. A number of different protocols are defined
in the 802.11 family of standards, addressing various operating frequencies and maximum throughputs. The 802.11g standard
is currently the predominant protocol deployed in WLAN implementations.

WWAN


WWANs provide broadband data networks with a far greater range, using cellular technologies such as GPRS, HSPA, UMTS, 1xRTT,
1xEV-DO, and LTE. Wireless data devices connect to a wireless broadband network through a commercial carrier’s data network,
allowing broadband performance without the need for a cabled connection to a network infrastructure (much like a WLAN), while
providing end users with far greater mobility. These WWANs typically incorporate sophisticated user identification techniques to
ensure that only authorized users are accessing the network. Multiple base stations are coordinated by base station controllers
to allow users to hand off between base stations (cell sites).



1xEV-DO is the broadband wireless network standard developed by the Third-Generation Partnership Project 2 (3GPP2) as part
of the CDMA2000 family of standards. EV-DO networks were first launched based on release 0 of the standard. The standard is
currently in revision A, which has been deployed nationally by Verizon Wireless, and provides average download speeds of 600
Kbps to 1.4 Mbps, and average upload speeds of 500 to 800 Kbps, with low latency, typically between 150 and 250 milliseconds.