Ready to Start Your Career?
June 8, 2017
WiFi Security: WEP, WPA, and WPA2
June 8, 2017
Nowadays everyone uses the internet - most commonly through WIFI (wireless fidelity). Wifi is a short-range wireless transmission technology that can send signals up to hundreds of feet away to support access to the Internet. But what about the security of our data which is easily breached by any attacker through these airwaves. In this article, I mainly concentrate on the hacking of Wifi passwords which is the first step of taking the privacy of our confidential data. In WIFI there are two main devices used as a wireless client and an access point (router) which gives us radio signals to connect to the internet.An attack on a WIFI network can be divided into two classes:1. On network access control, data confidentiality and data integrity protection.2. On wireless communication network design, deployment, and maintenance.These attacks are performed due to the weaknesses in wireless security protocols, Access Point broadcast message feature or much more. The access point broadcast feature can be performed on a physical access point. But wireless protocol weaknesses are still a very common vulnerability which can easily perform the attacks because these protocols are mainly used for encryption, confidentiality, integrity, and authenticity of packets or data. There are three main wireless protocols used:1. WEP (Wired Equivalency Privacy )+ RC42. WPA(Wi-Fi Protected Access)+TKIP3. WPA2(Wi-Fi Protected Access Version 2)+AES(WPA and WPA2 are counted as 1 in this list).4. OPEN(no password)In WEP, Confidentiality is provided from the encryption of the frame body using RC4 algorithm, Integrity is maintained through the Integrity Check Algorithm (CRC), and Authentication is provided by the use of a shared key that is only known by authorized users on the network.WEP WEAKNESSES:1. The Size of IV (RC4 Key) is short and reused.2. Problem in the RC4 algorithm itself (outdated algorithm).3. Easy forging of authentication messages.4. WEP does not Prevent forgery of packets due to plain text of IV’s5. WEP does not prevent replay attacks. An attacker can simply record and replay packets as desired due to key size is very short. WPA came with the purpose of solving the problems in the WEP cryptography method, without the user needing to change the hardware. The standard WPA, similar to WEP, specifies two operation manners: WPAPSK (Pre-Shared Key) that is used for small office and home/domestic use, authentication which does not use an authentication server and the data cryptography key can go up to 256 bits. Unlike WEP, this can be any alphanumeric string and is used only to negotiate the initial session with the AP. Because both the client and the AP already possess this key, WPA provides mutual authentication, and the key is never transmitted over the air. Another one is Enterprise WPA or Commercial. In this, authentication is made by an authentication server 802.1x, generating excellent control and security in the users' traffic on the wireless network. This WPA uses 802.1X+EAP for authentication, but again replaces WEP with the more advanced TKIP encryption. No preshared key is used here, but you will need a RADIUS (Remote Authentication Dial-In User Service) server for data transfer.WPA IMPROVEMENTS:1. A cryptographic message integrity code, or MIC, called Michael, to defeat forgeries.2. A new IV sequencing discipline, to remove replay attacks from the attacker’s arsenal.3. A per-packet key mixing function, to de-correlate the public IVs from weak keys.4. TKIP (Temporary Key Integrity Protocol) is used for encryption instead of RC4.WPA WEAKNESSES:1. “Weakness in Passphrase Choice in WPA Interface”, reveal the passphrase by performing a dictionary attack against WPA-PSK networks by capturing the four-way authentication handshake.2. TKIP protocol also has the weakness.In WPA2 Encryption is done using AES algorithm, authentication using EAP-TLS protocol and data integrity using CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol). In WPA2-PSK , a pre-shared secret is used, much like WEP or WPA. Access points and clients are all manually configured to use the same secret of up to 64 ASCII characters, such as “this_is_our_secret_password" and WPA2 corporate security is based on 802.1X (the EAP authentication framework including RADIUS server).The main problem of WPA as a pairwise solved by divided the type of security to three categories:1. The pairwise cipher suite used to encrypt unicast (point-to-point) traffic.2. The group cipher suite used to encrypt multicast and broadcast (point-to-multipoint) traffic.3. The use of either a pre-shared key (PSK, or “home user” security, using a shared secret) or 802.1X authentication.WPA2 WEAKNESSES:1. AES-128 bits protocol is breakable, but it takes a lot of time.2. Moderate security due to the insider attacks (group transient key is broadcasted to all the clients which means all clients connected to particular AP having same group key).3. Stealth mode ARP Poisoning/Spoofing attack is possible.WPA2 SOLUTIONS:1. Use endpoint security.2. Use wireless traffic monitoring using WIPS sensors.There are various tools available today which are used for breaking the WEP, WPA, WPA2 protocols as aireplay-ng .