Wireless Security Mitigation
Techniques
WLANs employ specific methods for encryption, hashing, and
authentication. Figure 7-1 illustrates
the general elements that make up the embedded WLAN security.
Encryption
Encryption is the action taken to mask the elements in a data
stream. This is done by applying a variable (key), which is known by a sending
station and a receiving station, to an algorithm that encodes and decodes the
transmission. In this section, you will find three basic flavors of encryption
that have been applied to WLANs for securing over-the-air transmissions. Each is
still suitable for use today. However, they are typically not used in Enterprise
environments as they are insufficiently robust.
The initial encryption method was WEP, which provided
sufficient protection in early WLAN deployments. Over the years, the ability and
desire of people to crack encryption algorithms and break cyphers has increased.
As such, more robust encryption schemes are continuously developed to offset
weakened methods and to retain the possibility of secure communication. WLANs
have thus seen the displacement of WEP by the schemes named CCMP and AES. Let us
compare these three methods.
WEP
WEP is an encryption algorithm that is built into the original
802.11 standard. WEP encryption uses the RC4 stream cipher with either 40- or
104-bit keys and a 24-bit initialization vector. WEP was initially deployed as a
static key written onto the client, which caused a burden on key management.
Counter Mode with Cipher Block
Chaining Message Authentication Code Protocol (CCMP)
CCMP is a 128-bit keys cipher with a 48-bit initialization
vector (IV), which helps prevent replay attacks. The Cipher Block Chaining
Message Authentication Code (CBC-MAC) component of CCM
provides data integrity and authentication.
Note
Although CCMP is a very strong encryption standard but it
requires more computing power than WEP. This is important because some wireless access points might
not have sufficient computing power to support CCMP.
Advanced Encryption Standard (AES)
AES was developed for securing sensitive but unclassified
material by the U.S. government. By directive of the National Institute of
Standards and Technology (NIST), a replacement for the Data Encryption Standard
(DES) and to a lesser degree 3DES was commissioned. The specification required a
symmetric algorithm using a block encryption of no less than 128 bits in size.
Note that AES also forms the underlying encryption algorithm used in CCM. Its
requirement and subsequent ratification by the U.S. government prompted
acceptance by the general public.
The capability of AES encryption to remain protected is
estimated to be years as opposed to weeks or days of current encryption
methods.
Note
AES was built on the cipher developed by two Belgian
cryptographers, Joan Daemen and Vincent Rijmen, called Rijndael.
Hashing
Hashing prevents man-in-the-middle attacks as it ensures that
messages that have been tampered with, while they were in transit, can be
identified by the receiver. This is independent of whether the message is
encrypted. This section details Temporal Key Integrity Protocol (TKIP) and Message Integrity Check
(MIC), which we refer to as radio side protection
throughout this chapter. Both of these are used to maintain the integrity of the
information sent over the RF.
TKIP (Temporal Key Integrity
Protocol)
You can think of TKIP as a wrapper or enhancement for WEP. WEP
is still the underlying encryption standard, but TKIP significantly improves the
security by addressing its weak hashing capabilities. Using TKIP, every key is
"rehashed," effectively giving each packet its own key. Because the attacks upon
WEP rely on capturing tens of thousands of packets that use the same key to
attempt to identify the actual key, TKIP never reuses the same key. As such, it
greatly reduces the risk of the key being discovered.
TKIP is also part of the WPA standard.
Message Integrity Check
In order to combat the ability of a hacker to intercept,
examine, and forward on a packet to an AP, there is a need to provide an
additional layer of radio side protection. This is done through the insertion of
an 8-byte MIC placed between the data portion of the 802.11 frame and the 4-byte
Integrity Check Value (ICV). The MIC field is encrypted along with the frame data and the ICV. This is
essentially a cyclic redundancy check (CRC) for wireless and is intended to
prevent replay attacks, that is replay of an intercepted packet.
Table 7-1 summarizes
the different security models described.
Table 7-1. Different Security Models at a
Glance
| |
WEP |
TKIP |
CCMP |
|
Cipher Type |
RC4 |
RC4 |
AES |
|
Key Size |
40 or 128 bits |
128 bits |
128 bits |
|
Key Life |
24-bit IV |
48-bit IV |
48-bit IV |
|
Integrity Check |
CRC-32 (Data only) |
MIC |
CCM |
|
Replay Counter |
None |
Inherent |
Inherent |
|
Key Management |
None |
EAP-based |
EAP-based |
Authentication
Authentication is the process in which the identity of a user
or device is validated. This is typically done using passwords or certificates.
Note that authentication assumes some degree of implicit trust. For example, the
use of passwords assumes that it is only known by the authenticating entity. The
same is true for certificates as they, in theory, can be handed off to somebody
else. Furthermore, in the case of certificates, you need to trust the authority
that extends the certificates.
This book does not cover this topic in-depth. However, you
should be aware of these nontrivial challenges regarding trust and
authentication. In the remainder of this section, we cover the methods and
frameworks that are commonly used in WLANsspecifically, 802.1x, Wi-Fi Protected Access (WPA),
and 802.11i.
802.1x
The 802.1x standard is a framework that defines a common
process of communication for both wired and wireless LAN-based devices to
initiate and secure point-to-point authentication. The 802.1x LAN standard can
be applied to any subset of the 802 family. Its mainstream debut came at the
time when WLAN products hit the mass market. Because standalone WEP was already
known to be weak, 802.1x found a niche in which it could help to ensure the
secure transmission of data in a WLAN. It is very important to understand that
the standard only outlines the framework for communication. This freamework
allowed vendors to provide various underlying authentication methods (which you
learn more about in the section "EAP
Types"), each with its own distinctive features.
The framework defines mutual authentication of devices and
recommends the use of RADIUS as an authentication protocol. There are three key
components to the 802.1x framework:
-
Supplicant (STA) The client
device that is requesting access. Typically this device is enabled by software,
which performs the actual process.
-
Authenticator (Auth) Plays the
role of the middle man, providing an entry point from an untrusted network to a
trusted one.
-
Authentication server (AS)
Acts as the validation point of contact. The authentication server maintains a
database of all known authenticators and also maintains entitlement for the user
or device. This user database can reside on a separate system.
The authentication communication between a client device and
the authentication server is broken into two stages, as shown in Figure 7-2:
-
The first mode is Extensible Authentication Protocol (EAP), or
EAP over LAN (EAPoL), which is the encapsulation format.
-
The second mode is RADIUS, where the credentials are passed for
validation against the authentication database.
Note
In Figure 7-2, the
supplicant can be any end device (laptop, desktop, PDA, phone). The
authenticator can be a switch or AP.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a standard developed by the
Wi-Fi Alliance primarily as a method for interoperability between Wi-Fi
vendors. The
Wi-Fi Alliance is a coalition of vendors with the charter of finding a common
solution for wireless security. The WPA standard helps to mitigate the inherent
shortcomings of WEP by protecting the transmission of data in the RF space by
mandating the use of TKIP, MIC, and 802.1x.
WPA has two modes:
WPA is built to support WEP as the encryption method, whereas
the second phase of WPA, WPA2, supports the addition of CCMP for
authentication.
Table 7-2 summarizes
the features of the different WPA types.
Table 7-2. Differences Between WPA Types at a
Glance
|
WPA Enterprise Mode |
WPA PSK Mode |
|
Requires an authentication server |
Does not require an authentication server |
|
Uses RADIUS protocols for authentication and key
distribution |
Uses shared secret keys for authentication |
|
Centralizes management of user credentials |
Provides device-oriented management of user
credentials |
|
Uses 802.1x as an identity framework |
-- |
802.11i
Based on WPA, the IEEE has ratified 802.11i as a wireless
security standard to help provide a more robust method of protection. This
standard introduces new and stronger encryption and hashing methods. It expands
the initial validation (handshake) between the AP and client while still using
802.1x for the actual authentication process. 802.11i also
mandates the use of AES. The principle enhancements are
-
Discovery A four-way handshake to authenticate the AP
and client
-
Authentication The 802.1x
framework for end-to-end authentication
-
Key management Method through
which systems derive an encryption key that ensures integrity for the whole
session
-
Data Protection Encryption of
parts of the data packet
Figure 7-3 illustrates
the relationship between these four parts of 802.11i. Each shaded area refers to
one of the four functions listed previously.
802.11i uses EAP as the end-to-end transport for authentication
and 802.1X (EAPoL) to encapsulate these EAP messages over WLANs.
During the discovery phase, participants determine the parties
with whom they will communicate. The AP informs the client
which security features are required to be used for communications.
Authentication employs 802.1x as a framework and further
specifies the following:
-
The use of centralized network admission policyat the
AS.
-
Determination of the STA as to whether it does indeed want to
communicate.
-
Mutual authentication between the STA and Auth.
-
Generation of a master key as a side effect of
authentication.
-
Use of a master key to generate session
keys.
Key management also uses the 802.1x framework with the addition
of a four-way handshake, which ensures that the client and AP are valid devices
(trusted). Because the session key used in client and AP transmissions is valid
for the length of the session, an additional mechanism was added to the protocol
to help maintain the integrity of the key. Specifically, the following actions
take place (four-way handshake):
|
1. |
Bind Pair-Wise Master Key (PMK) to STA and
AP.
|
|
2. |
Confirm that both AP and STA possess a
PMK.
|
|
3. |
Generate new Pairwise Transmit Key
(PTK).
|
|
4. |
Prove each peer is live.
|
|
5. |
|
EAP Types
The Extensible Authentication Protocol (EAP) is a framework for
sending authentication information and encryption keys from the authentication
server (AS) to the client (STA) and AP (Auth). The authentication
methodologypassword-based, public key infrastructure (PKI), or certificateis set
by the organization.
The EAP session thus adopts the following
event sequence:
-
A wireless client associates with an access point, which
prohibits the client from gaining access to anything (except the authentication
server) on the network until it has logged in and authenticated.
-
The client (STA) and AP (Auth) perform a mutual authentication
(handshake). The AP receives an authentication request from the client and sends
back a challenge. The client then completes this challenge. The AP then forwards
the information to the authentication server (AS), using the client's and AP's
credentials.
-
When successful, the client and authentication server derive an
encryption key. The key can be derived in several ways, and each EAP type
defines the specifics. Additionally, during the process, the client and server
also derive a broadcast key. All data is subsequently encrypted using this key
pair.
-
As a further measure to maintain integrity, the key pairs can
be changed at regular intervals. The AAA server manages this
function.
The following list describes different EAP types. Note that
this is not a comprehensive catalog of all EAP types. However, it does include
all the mainstream versions:
-
EAP-TLS (Transport Layer Security) Developed by
Microsoft as a LAN-based authentication type.
-
EAP-LEAP
(Lightweight Extensible Authentication Protocol) The Cisco version that
was developed exclusively for WLAN security. It is also
known as Cisco-EAP.
-
EAP-PEAP (Protected Extensible
Authentication Protocol) Developed by Microsoft, Cisco, and RSA
Security.
-
EAP-FAST (Flexible Authentication via
Secure Tunneling) Second-generation WLAN security EAP type from
Cisco.
-
EAP-TTLS (Tunneled Transport Layer
Security) Developed by Funk Software and Certicom.
Table 7-3 summarizes
the features of different EAP types.
Table 7-3. EAP Type Features
|
Security Type |
User Auth |
Device Auth |
Tunneled |
Certificate Based |
TKIP / MIC |
| |
|
|
|
Server |
Client |
|
|
WEP |
|
X |
|
|
|
|
|
EAP-TLS |
X |
|
|
X |
X |
|
|
EAP-TTLS |
X |
|
X |
X |
X |
|
|
Cisco-EAP (LEAP) |
X |
|
|
|
|
X |
|
EAP-FAST |
X |
|
X |
|
|
X |
|
VPN |
X |
|
X |
|
|
X |
|
PEAP |
X |
X |
X |
|
X |
X |
Sections
Archive
Syndication
