Upload
mshari-alabdulkarim
View
18.878
Download
8
Embed Size (px)
Citation preview
Wi-Fi Protected Access 2 (WPA2)Eng. Mshari Alabdulkarim
Wi-Fi Protected Access 2 (WPA2)
Outline: Introduction. WPA2 Process. WPA2 Authentication. WPA2 Encryption. WPA2 Pros and Cons. Procedures to improve the Wi-Fi security.
Wi-Fi Protected Access 2 (WPA2)
Introduction:Wireless Equivalent Privacy (WEP): WEP is consider as the original system for securing a wireless Wi-
Fi network. It uses the RC4 encryption protocol to secure the data. It uses CRC-32 checksum to verify integrity of the data.
Message CRC
Key stream = RC4(v, k)
Cipher textV
Plain Text
Transmitted Data
Wi-Fi Protected Access 2 (WPA2)
Introduction (2):Wi-Fi Protected Access (WPA): Constructed by Wi-Fi Alliance and IEEE.
It uses the RC4 encryption protocol to secure the data.
It uses MIC (Message Integrity Code) and frame counter to verify integrity of the data.
It uses EAP(Extended Authentication Protocol) to authenticate the clients.
More secure than WEP.
Wi-Fi Protected Access 2 (WPA2)
Introduction (3):Wi-Fi Protected Access 2 (WPA2): Based on the IEEE 802.11i standard. The primary enhancement over WPA is the use of the AES
(Advanced Encryption Standard) algorithm.
EnterprisePersonal
WPA2 Versions
Wi-Fi Protected Access 2 (WPA2)
Introduction (4): The encryption in WPA2 is done by utilizing one of two methods,
either by using the AES or TKIP (Temporal Key Integrity Protocol).
The Personal mode uses a PSK (Pre-Shared Key) and doesn't require a separate authentication of users.
The Enterprise mode requires the users to be separately authenticated by using the Extended EAP (Extensible Authentication Protocol).
Wi-Fi Protected Access 2 (WPA2)
Extensible Authentication Protocol Standards
• EAP-Transport Layer SecurityEAP-TLS
• EAP-Tunneled Transport Layer SecurityEAP-TTLS
• Protected EAP vo/EAPMicrosoft’s Challenge Handshake Authentication Protocol v2
PEAPv0/EAP-MSCHAPv2
• Protected EAP v1/EAP-Generic Token CardPEAPv1
/EAPGTC• EAP-Subscriber Identity Module of the Global
System of Mobile CommunicationsEAPSIM
802.1x Dynamic WEP
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access 2 (WPA2)
Access Control 802.1X 802.1X or Pre-Shared Key
802.1X or Pre-Shared Key
Authentication EAP methods EAP methods or Pre-Shared Key
EAP methods or Pre-Shared Key
Encryption RC4 TKIP (RC4) AES / TKIP
Wi-Fi Protected Access 2 (WPA2)
802.11 Security Solutions
WEP WPA WPA2
Cipher RC4 RC4 AES
Key Size 40 bits 128 bits encryption64 bits authentication 128 bits
IV Size 24 bits 48 bits 48 bits
Data Integrity CRC-32 Michael CCM
Header Integrity None Michael CCM
Replay Attack None IV Sequence IV Sequence
Key Management None EAP-Based EAP-Based
Wi-Fi Protected Access 2 (WPA2)
Wi-Fi Protected Access 2 (WPA2)
WPA2 ProcessWPA2 establishes a secure communication context in four phases:
Phase (1): The AP and the client will agree on the security policy (authentication and pre-authentication method).
Phase (2): Generate the master key.
Phase (3): Creating temporary keys in regular manner.
Phase (4): All keys generated in phase (3) will be used by the CCMP protocol to provide data confidentiality and integrity.
Wi-Fi Protected Access 2 (WPA2)
WPA2 Process (2)Phase (1):
The access point advertises the security policies which it supports through the Beacon or through the probe respond message.
After the standard open authentication, the client will send his response in the association request message which will be validated by an association response from the access point.
Wi-Fi Protected Access 2 (WPA2)
Agreeing on the security policy (Phase (1))
Prop Request
802.11 Open system authentication
Association Request + RSN IESTA Request CCMP Mcast, CCMP Ucast, 802.1x auth
Prop Response + RSN IECCMP Mcast, CCMP Ucast, 802.1x auth
802.11 Open system authentication - Success
Association Response - Success
Wi-Fi Protected Access 2 (WPA2)
WPA2 Process (3)The security policy information is included in the RSN IE (Information Element) field, and it contains the following:
The supported authentication methods (802.1X, Pre-Shared Key (PSK)).
The security protocols for unicast traffic (CCMP, TKIP etc.) – the pairwise cipher suite.
The security protocols for multicast traffic (CCMP, TKIP etc.) – the group cipher suite.
Wi-Fi Protected Access 2 (WPA2)
WPA2 Process (4)Phase (2):
This phase is based on EAP and the authentication method which has been agreed on in phase 1.
The access point will send "request identity" message to the client, then he will response with a message containing the preferred authentication method.
Wi-Fi Protected Access 2 (WPA2)
WPA2 Process (5)Phase (2):
After that, few messages will be exchanged between the client and the authentication server to generate a common master key (MK).
At the end of this phase, the authentication server will send a "Radius Accept" message to the access point, containing the MK and a final EAP Success message for the client.
Wi-Fi Protected Access 2 (WPA2)
802.1x authentication (Phase (2))
802.1X/EAP – Request Identity
802.1X/EAP – Response Identity
Radius AccessRequest Identity
EAP messages specific to the chosen method
Radius Accept
802.1X/EAP success
MK derivation MK derivation
MK distribution
Wi-Fi Protected Access 2 (WPA2)
WPA2 Process (6)Phase (3):
In this phase there are two handshakes:
4-Way Handshake for PTK (Pairwise Transient Key) and GTK (Group Transient Key) derivation.
Group Key Handshake for GTK renewal.
Wi-Fi Protected Access 2 (WPA2)
WPA2 Process (7)Phase (3):
The PMK (Pairwise Master Key) derivation depends on what we have used on the authentication method:
If we used PSK (Pre-Shared Key), then the PMK will be equal to PSK.
If we used an authentication server, then the PMK will be derived from the 802.1X authentication MK.
Wi-Fi Protected Access 2 (WPA2)
Key derivation and distribution
Step2: 4 way handshakePTK and GTK derivation and distribution
Step3: Group key handshakeGTK derivation and distribution(for GTK renewal)
Step1: MK transmission from AS to AP
Wi-Fi Protected Access 2 (WPA2)
WPA2 Authentication
WPA2 separates the user authentication from the message integrity and privacy, which makes it provide more flexibility.
The authentication in the WPA2 Personal mode does not require having an authentication server.
WPA2 Enterprise mode consists of the following components:
Supplicant (client). Authenticator (access point). Authentication server (RADIUS).
Wi-Fi Protected Access 2 (WPA2)
WPA2 Authentication (2)
The access point makes the PAE (Port Access Entity) by dividing each virtual port into two logical ports: One for service “only open to allow the successful
authentications”. One for authentication “open to allow any authentication
frames”.
Layer 2 EAPoL (EAP over LAN)
Communications:RADIUS message
Client Access point RADIUS
Wi-Fi Protected Access 2 (WPA2)
WPA2 Authentication (3)As we mentioned before, the key generation in WPA2 is done by
using two handshakes: a 4-Way Handshake and a Group Key Handshake.
The 4-Way Handshake is initiated by the access point and it performs many tasks like: Verify that the client knows about the PMK. Generate a PTK. Install encryption and integrity keys. Encrypt transport of the GTK. Make sure that the cipher suite the selection.
The Group Key Handshake is used to disassociate a host, renew the GTK or encrypt the GTK by using the KEK.
Wi-Fi Protected Access 2 (WPA2)
PTK bits 0 - 127 PTK bits 128 - 255 PTK bits 256 - 383
Master Key (MK)
Pair-wise Transient Key (PTK)
Pair-wise Master Key (PMK)
Key Conformation Key (KCK)
Key Encryption Key (KEK) Temporal Key (TK)
Wi-Fi Protected Access 2 (WPA2)
Authentication process (Summary)
Start
Identity ?
Identity
Identity
Accept
Forwarding
Wi-Fi Protected Access 2 (WPA2)
WPA2 Encryption
WPA2 uses AES with a key length of 128 bit to encrypt the data.The AES uses the Counter-Mode/CBC-MAC Protocol (CCMP). The CCMP uses the same key for both encryption and
authentication, but with different initialization vectors.
CBC-MAC
CCMP
CTR
AES encryption
IV
P1
TK AES encryption
P2
TK AES encryption
PN
TK
Wi-Fi Protected Access 2 (WPA2)
WPA2 Encryption Steps
128-bit
128-bit
128-bit
128-bit 128-bit
128-bit
128-bit
CBC-MAC
MIC is the first 64-bit
Wi-Fi Protected Access 2 (WPA2)
AES encryption
Counter
P1
C1
AES encryption
Counter + 1
P2
C2
AES encryption
Counter + (N-1)
PN
CN
128-bit
WPA2 Encryption Steps (2)Counter Mode
TK TK TK
128-bit 128-bit
128-bit 128-bit 128-bit
128-bit 128-bit 128-bit
128-bit 128-bit 128-bit
C1 C2 CN
Wi-Fi Protected Access 2 (WPA2)
AES encryption
Counter
MIC
C0
128-bit
WPA2 Encryption Steps (3)Counter Mode
TK
128-bit
128-bit
128-bit
C1 C2 CN
C0
C0
Wi-Fi Protected Access 2 (WPA2)
AES encryption
Counter
P1
C1
AES encryption
Counter + 1
P2
C2
AES encryption
Counter + (N-1)
PN
CN
128-bit
WPA2 decryption StepsCounter Mode
TK TK TK
128-bit 128-bit
128-bit 128-bit 128-bit
128-bit 128-bit 128-bit
128-bit 128-bit 128-bit
P1 P2 PN
Wi-Fi Protected Access 2 (WPA2)
AES encryption
Counter
MIC
C0
128-bit
WPA2 decryption Steps (2)Counter Mode
TK
128-bit
128-bit
128-bit
MIC
Wi-Fi Protected Access 2 (WPA2)
WPA2 decryption Steps (3)
AES encryption
IV
TK AES encryption
TK AES encryption
TK
128-bit
128-bit
128-bit
128-bit 128-bit
128-bit
128-bit
MIC is the first 64-bit
CBC-MAC
MIC
P1 P2 PN
Wi-Fi Protected Access 2 (WPA2)
WPA2 Pros
The WPA2 has immunity against many types of hacker attacks, like:• Man-in-the-middle.• Authentication forging.• Replay.• Key collision.• Weak keys.• Packet forging.• Brute–force/dictionary attacks.
Wi-Fi Protected Access 2 (WPA2)
WPA2 Pros (2)
WPA2 adds two enhancements to support fast roaming as follow:
• Allow the client to reconnect to the access points which he has recently been connected to without needing to re-authenticate because of the PMK caching feature.
• Allow the client to pre-authenticate himself with the access point which he is moving toward while he is still connected to the access point which he is moving away from.
Wi-Fi Protected Access 2 (WPA2)
WPA2 Pros (3)
WPA2 is based on the Robust Security Network (RSN) which makes it support all the features available in WPA and the following extra features:
• It supports strong encryption and authentication for both infrastructure and an ad-hoc network; in contrast WPA just supports the infrastructure networks.
• It reduced the overhead of the key derivation process.
Wi-Fi Protected Access 2 (WPA2)
WPA2 Cons
Like all Wi-Fi security standard, the WPA2 can't stand in front of the physical layer attacks like:
• RF jamming.• Data flooding.• Access points failure.
Also, it can’t protect against layer 2 session hijacking.
Wi-Fi Protected Access 2 (WPA2)
WPA2 Cons (2)
The attacker can get and discover lots of network information by analyzing the unprotected control and management frames.
It is vulnerable for the DoS attack.
It is vulnerable to the MAC addresses spoofing and the mass de-authentication attacks.
Wi-Fi Protected Access 2 (WPA2)
Procedures to improve the Wi-Fi security
Manage the access point from central source to protect the information which relate to client roaming.
Good planning for the Wi-Fi coverage will improve the availability and reduce the risk of RF jamming attacks.
Use wireless intrusion prevention system (WIPS).
Wi-Fi Protected Access 2 (WPA2)
?Questions