WPA2

Wi-Fi Protected Access 2 (WPA2)Eng. Mshari Alabdulkarim

Wi-Fi Protected Access 2 (WPA2)

Outline: Introduction. WPA2 Process. WPA2 Authentication. WPA2 Encryption. WPA2 Pros and Cons. Procedures to improve the Wi-Fi security.


Introduction:Wireless Equivalent Privacy (WEP): WEP is consider as the original system for securing a wireless Wi-

Fi network. It uses the RC4 encryption protocol to secure the data. It uses CRC-32 checksum to verify integrity of the data.

Message CRC

Key stream = RC4(v, k)

Cipher textV

Plain Text

Transmitted Data


Introduction (2):Wi-Fi Protected Access (WPA): Constructed by Wi-Fi Alliance and IEEE.

It uses the RC4 encryption protocol to secure the data.

It uses MIC (Message Integrity Code) and frame counter to verify integrity of the data.

It uses EAP(Extended Authentication Protocol) to authenticate the clients.

More secure than WEP.


Introduction (3):Wi-Fi Protected Access 2 (WPA2): Based on the IEEE 802.11i standard. The primary enhancement over WPA is the use of the AES

(Advanced Encryption Standard) algorithm.

EnterprisePersonal

WPA2 Versions


Introduction (4): The encryption in WPA2 is done by utilizing one of two methods,

either by using the AES or TKIP (Temporal Key Integrity Protocol).

The Personal mode uses a PSK (Pre-Shared Key) and doesn't require a separate authentication of users.

The Enterprise mode requires the users to be separately authenticated by using the Extended EAP (Extensible Authentication Protocol).


Extensible Authentication Protocol Standards

• EAP-Transport Layer SecurityEAP-TLS

• EAP-Tunneled Transport Layer SecurityEAP-TTLS

• Protected EAP vo/EAPMicrosoft’s Challenge Handshake Authentication Protocol v2

PEAPv0/EAP-MSCHAPv2

• Protected EAP v1/EAP-Generic Token CardPEAPv1

/EAPGTC• EAP-Subscriber Identity Module of the Global

System of Mobile CommunicationsEAPSIM

802.1x Dynamic WEP

Wi-Fi Protected Access (WPA)


Access Control 802.1X 802.1X or Pre-Shared Key

802.1X or Pre-Shared Key

Authentication EAP methods EAP methods or Pre-Shared Key

EAP methods or Pre-Shared Key

Encryption RC4 TKIP (RC4) AES / TKIP


802.11 Security Solutions

WEP WPA WPA2

Cipher RC4 RC4 AES

Key Size 40 bits 128 bits encryption64 bits authentication 128 bits

IV Size 24 bits 48 bits 48 bits

Data Integrity CRC-32 Michael CCM

Header Integrity None Michael CCM

Replay Attack None IV Sequence IV Sequence

Key Management None EAP-Based EAP-Based



WPA2 ProcessWPA2 establishes a secure communication context in four phases:

Phase (1): The AP and the client will agree on the security policy (authentication and pre-authentication method).

Phase (2): Generate the master key.

Phase (3): Creating temporary keys in regular manner.

Phase (4): All keys generated in phase (3) will be used by the CCMP protocol to provide data confidentiality and integrity.


WPA2 Process (2)Phase (1):

The access point advertises the security policies which it supports through the Beacon or through the probe respond message.

After the standard open authentication, the client will send his response in the association request message which will be validated by an association response from the access point.


Agreeing on the security policy (Phase (1))

Prop Request

802.11 Open system authentication

Association Request + RSN IESTA Request CCMP Mcast, CCMP Ucast, 802.1x auth

Prop Response + RSN IECCMP Mcast, CCMP Ucast, 802.1x auth

802.11 Open system authentication - Success

Association Response - Success


WPA2 Process (3)The security policy information is included in the RSN IE (Information Element) field, and it contains the following:

The supported authentication methods (802.1X, Pre-Shared Key (PSK)).

The security protocols for unicast traffic (CCMP, TKIP etc.) – the pairwise cipher suite.

The security protocols for multicast traffic (CCMP, TKIP etc.) – the group cipher suite.



This phase is based on EAP and the authentication method which has been agreed on in phase 1.

The access point will send "request identity" message to the client, then he will response with a message containing the preferred authentication method.



After that, few messages will be exchanged between the client and the authentication server to generate a common master key (MK).

At the end of this phase, the authentication server will send a "Radius Accept" message to the access point, containing the MK and a final EAP Success message for the client.


802.1x authentication (Phase (2))

802.1X/EAP – Request Identity

802.1X/EAP – Response Identity

Radius AccessRequest Identity

EAP messages specific to the chosen method

Radius Accept

802.1X/EAP success

MK derivation MK derivation

MK distribution



In this phase there are two handshakes:

4-Way Handshake for PTK (Pairwise Transient Key) and GTK (Group Transient Key) derivation.

Group Key Handshake for GTK renewal.



The PMK (Pairwise Master Key) derivation depends on what we have used on the authentication method:

If we used PSK (Pre-Shared Key), then the PMK will be equal to PSK.

If we used an authentication server, then the PMK will be derived from the 802.1X authentication MK.


Key derivation and distribution

Step2: 4 way handshakePTK and GTK derivation and distribution

Step3: Group key handshakeGTK derivation and distribution(for GTK renewal)

Step1: MK transmission from AS to AP


WPA2 Authentication

WPA2 separates the user authentication from the message integrity and privacy, which makes it provide more flexibility.

The authentication in the WPA2 Personal mode does not require having an authentication server.

WPA2 Enterprise mode consists of the following components:

Supplicant (client). Authenticator (access point). Authentication server (RADIUS).


WPA2 Authentication (2)

The access point makes the PAE (Port Access Entity) by dividing each virtual port into two logical ports: One for service “only open to allow the successful

authentications”. One for authentication “open to allow any authentication

frames”.

Layer 2 EAPoL (EAP over LAN)

Communications:RADIUS message

Client Access point RADIUS


WPA2 Authentication (3)As we mentioned before, the key generation in WPA2 is done by

using two handshakes: a 4-Way Handshake and a Group Key Handshake.

The 4-Way Handshake is initiated by the access point and it performs many tasks like: Verify that the client knows about the PMK. Generate a PTK. Install encryption and integrity keys. Encrypt transport of the GTK. Make sure that the cipher suite the selection.

The Group Key Handshake is used to disassociate a host, renew the GTK or encrypt the GTK by using the KEK.


PTK bits 0 - 127 PTK bits 128 - 255 PTK bits 256 - 383

Master Key (MK)

Pair-wise Transient Key (PTK)

Pair-wise Master Key (PMK)

Key Conformation Key (KCK)

Key Encryption Key (KEK) Temporal Key (TK)


Authentication process (Summary)

Start

Identity ?

Identity

Identity

Accept

Forwarding


WPA2 Encryption

WPA2 uses AES with a key length of 128 bit to encrypt the data.The AES uses the Counter-Mode/CBC-MAC Protocol (CCMP). The CCMP uses the same key for both encryption and

authentication, but with different initialization vectors.

CBC-MAC

CCMP

CTR

AES encryption

IV

P1

TK AES encryption

P2

TK AES encryption

PN

TK


WPA2 Encryption Steps

128-bit

128-bit

128-bit

128-bit 128-bit

128-bit

128-bit

CBC-MAC

MIC is the first 64-bit


AES encryption

Counter

P1

C1

AES encryption

Counter + 1

P2

C2

AES encryption

Counter + (N-1)

PN

CN

128-bit

WPA2 Encryption Steps (2)Counter Mode

TK TK TK

128-bit 128-bit

128-bit 128-bit 128-bit

128-bit 128-bit 128-bit

128-bit 128-bit 128-bit

C1 C2 CN


AES encryption

Counter

MIC

C0

128-bit

WPA2 Encryption Steps (3)Counter Mode

TK

128-bit

128-bit

128-bit

C1 C2 CN

C0

C0


AES encryption

Counter

P1

C1

AES encryption

Counter + 1

P2

C2

AES encryption

Counter + (N-1)

PN

CN

128-bit

WPA2 decryption StepsCounter Mode

TK TK TK

128-bit 128-bit

128-bit 128-bit 128-bit

128-bit 128-bit 128-bit

128-bit 128-bit 128-bit

P1 P2 PN


AES encryption

Counter

MIC

C0

128-bit

WPA2 decryption Steps (2)Counter Mode

TK

128-bit

128-bit

128-bit

MIC


WPA2 decryption Steps (3)

AES encryption

IV

TK AES encryption

TK AES encryption

TK

128-bit

128-bit

128-bit

128-bit 128-bit

128-bit

128-bit

MIC is the first 64-bit

CBC-MAC

MIC

P1 P2 PN


WPA2 Pros

The WPA2 has immunity against many types of hacker attacks, like:• Man-in-the-middle.• Authentication forging.• Replay.• Key collision.• Weak keys.• Packet forging.• Brute–force/dictionary attacks.


WPA2 Pros (2)

WPA2 adds two enhancements to support fast roaming as follow:

• Allow the client to reconnect to the access points which he has recently been connected to without needing to re-authenticate because of the PMK caching feature.

• Allow the client to pre-authenticate himself with the access point which he is moving toward while he is still connected to the access point which he is moving away from.


WPA2 Pros (3)

WPA2 is based on the Robust Security Network (RSN) which makes it support all the features available in WPA and the following extra features:

• It supports strong encryption and authentication for both infrastructure and an ad-hoc network; in contrast WPA just supports the infrastructure networks.

• It reduced the overhead of the key derivation process.


WPA2 Cons

Like all Wi-Fi security standard, the WPA2 can't stand in front of the physical layer attacks like:

• RF jamming.• Data flooding.• Access points failure.

Also, it can’t protect against layer 2 session hijacking.


WPA2 Cons (2)

The attacker can get and discover lots of network information by analyzing the unprotected control and management frames.

It is vulnerable for the DoS attack.

It is vulnerable to the MAC addresses spoofing and the mass de-authentication attacks.


Procedures to improve the Wi-Fi security

Manage the access point from central source to protect the information which relate to client roaming.

Good planning for the Wi-Fi coverage will improve the availability and reduce the risk of RF jamming attacks.

Use wireless intrusion prevention system (WIPS).


?Questions

Technology

WPA2