Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Wi-Fi Security with Wi-Fi P+


Published on

Just a concept paper

Published in: Education
  • Be the first to comment

Wi-Fi Security with Wi-Fi P+

  1. 1. After conducting a study and analysis of theWi-Fi Security vulnerabilities of current Wi Fi Security industrial standards, we consider the possibility a new security architecture forwith Wi-Fi Wi Fi which we call Wi Fi P+. Wi-Fi P+ is not a complex security architecture. It act as an additional security layer implemented overProtection WPA/WPA2. It also implements some already available features that are not built in with WPA/WPA2.Plus Vulnerabilities inAjin Abraham, Joseph Sebastian Current Wi-Fi SecurityVimal Jyothi Engineering The current Wi-Fi Security standards are+91-9495587202  WEP – Wired Equivalent PrivacyAbstract  WPA– Wi-Fi Protected AccessCurrent Industrial standards of Wi-Fi  WPA2 – Wi-Fi Protected Access 2security are found to have security loopholes, making it possible for hackers to Vulnerabilities in WEPbreak it. So we consider the possibility of anew technology for Wi-Fi security. We call it WEP (Wired Equivalent Privacy) is based onWi-Fi P+ or Wireless Fidelity Protection Plus the RC4 encryption algorithm, with a secretIntroduction key of 40 bits or 104 bits being combined with a 24-bit Initialization Vector (IV) toWi-Fi is common nowadays. Every encrypt the plaintext message M and itseducational institutions and business checksum – the ICV (Integrity Check Value).organizations has got their perimeter The encrypted message C was thereforecovered in Wi-Fi. All the confidential data determined using the following formula:being transmitted through Wi-Fi, makes it atarget for Hackers. To secure it, some Wi-Fi C = [ M || ICV(M) ] + [ RC4(K || IV) ]security standards like WEP, WPA, andWPA2 are introduced. Each of them is Where || is a concatenation operator andintroduced when the previous security + is a XOR operator. Clearly, thearchitecture was found to be a failure. But initialization vector is the key to WEPin present situation all of these industrial security, so to maintain a decent level ofstandard Wi Fi security architectures are security and minimize disclosure the IVfound to have vulnerabilities so that a should be incremented for each packet sohacker can hack into the Wi Fi network. that subsequent packets are encrypted withWi-Fi Security with Wi-Fi Protection Plus | Ajin Abraham
  2. 2. different keys. Unfortunately for WEPsecurity, the IV is transmitted in plain textand the 802.11 standard does not mandate Vulnerability in WPA andIV incrimination, leaving this securitymeasure at the option of particular wireless WPA2access point implementations. The most practical vulnerability is the attack against WPA/WPA2’s PSK key. The PSK (Pre- Shared Key) same as PMK (Pairwise Master Key) is a string of 256 bits or a passphrase of 8 to 63 characters used to generate such a string using a known algorithm: PSK = PMK = PBKDF2(password, SSID, SSID length, 4096, 256), where PBKDF2 is a method used in encryption, 4096 is the number of hashes and 256 is the length of the output. The PTKThe WEP protocol was not created by (Pairwise Transient Key) is derived from the PSKexperts in security or cryptography, so it using the 4-Way Handshake and all infor-quickly proved vulnerable to RC4 issues mation used to calculate its value isdescribed by David Wagner four years transmitted in plain text. The strength ofearlier. Then a lot of vulnerabilities were PTK therefore relies only on the PSK value,discovered during the later years. Some of which for PSK effectively means thethem are: strength of the passphrase. The second message of the 4-Way Handshake could beDate DescriptionSeptember Potential RC4 vulnerability (Wagner) subjected to both dictionary and brute1995 force offline attacks. The cowpatty utilityOctober First publication on WEP weaknesses: was created to exploit this flaw, and its2000 Unsafe at any key size; An analysis of the WEP encapsulation (Walker) source code was used and improved byMay 2001 An inductive chosen plaintext attack Christophe Devine in Aircrack to allow PSK against WEP/WEP2 (Arbaugh)July 2001 CRC b it flipping attack – Intercepting dictionary and brute force attacks on WPA. Mob ile Communications: The InsecurityAugust of 802.11 (Borisov, Goldberg, Wagner) FMS attacks – Weaknesses in the Key Threats on Wi-Fi2001 Scheduling Algorithm of RC4 (Fluhrer, Mantin, Shamir)August Release of AirSnort Ad-hoc networks2001 Ad-hoc network can pose to high securityFebruary Optimized FMS attacks by h1kari2002 threat. Ad-hoc networks are defined asAugust KoreK attacks (unique IVs) – release of peer-to-peer networks between wireless2004 chopchop and chopperJuly/August Release of Aircrack (Devine) and computers that do not have an access point2004 WepLab (Sanchez ) implementing KoreK in between them. While these types of attacks networks usually have little protection, encryption methods can be used to provideThe WEP Cracking tool released on 2004, security.Aircrack was able to crack 128 bit WEP key.Wi-Fi Security with Wi-Fi Protection Plus | Ajin Abraham
  3. 3. network and may even cause the network to crash.MAC SpoofingMAC spoofing occurs when a cracker is ableto listen in on network traffic and identify Caffe Latte attack The Caffe Latte attack is another way tothe MAC address of a computer with defeat WEP. It is not necessary for thenetwork privileges. Most wireless systems attacker to be in the area of the networkallow some kind of MAC filtering to only using this exploit. By using a process thatallow authorized computers with specific targets the Windows wireless stack, it isMAC addresses to gain access and utilize possible to obtain the WEP key from athe network. However, a number of remote client. By sending a flood ofprograms exist that have network “sniffing” encrypted ARP requests, the assailant takescapabilities. Combine these programs with advantage of the shared key authenticationother software that allow a computer to and the message modification flaws inpretend it has any MAC address that the 802.11 WEP. The attacker uses the ARPcracker desires, and the cracker can easily responses to obtain the WEP key in lessget around that hurdle. than 6 minutes.Man-in-the-middle attacks War drivingA man-in-the-middle attacker entices War driving is the act of searching for opencomputers to log into a computer which is Wi-Fi networks by a person in a movingset up as a soft AP (Access Point). Once this vehicle using a portable computer,is done, the hacker connects to a real access smartphone or PDA.point through another wireless cardoffering a steady flow of traffic through thetransparent hacking computer to the realnetwork. The hacker can then sniff the Need for a Newtraffic. One type of man-in-the-middleattack relies on security faults in challenge Security Architectureand handshake protocols to execute a “de- Wi-Fi is widely used in different institutionsauthentication attack”. This attack forces and terabytes of confidential data are beingAP-connected computers to drop their transmitted through it. These data includeconnections and reconnect with the everything from contacts/clientscracker’s soft AP. information, patented data, trade secret, legal and financial information. So it’s aDenial of service target for hackers. Since the PSKA Denial-of-Service attack (DoS) occurs vulnerability exists in WPA and WPA2, if thewhen an attacker continually bombards a passphrase is not strong enough then it istargeted AP (Access Point) or network with easy for a hacker to decrypt the key usingbogus requests, premature successful cowpatty or Aircrack. So the institution isconnection messages, failure messages, under the threat of confidential data theft.and/or other commands. These cause So a new security architecture should belegitimate users to not be able to get on theWi-Fi Security with Wi-Fi Protection Plus | Ajin Abraham
  4. 4. implemented that can safe guard from this  MAC Spoofing detection by wirelessattack and data theft. Intrusion Detection System.  Logging Wi-Fi users. The IP address,Solution is Wi-Fi P+ MAC addresses as well as computer name and operating system name isThe WPA/WPA2 is vulnerable because all logged.the information required for the generationof Pairwise Transient Key (PTK) formed from  Network Encryption using simplePre-shared Key (PSK) is transmitted in plain random key. This encryption methodtext. Hackers can do dictionary attack or doesn’t make your data transfer slow asbrute force attack on the plain text data to it uses simple and fast random keyget the password key. So here comes the encryption.need of Wi-Fi P+. Wireless FidelityProtection Plus adds up an additional  Wi-Fi range limiting can besecurity layer for WPA/WP2 by encrypting implemented with Wi-Fi P+.the plain text information transferred fromPMK. It uses a simple but powerful  Controlling of Wi-Fi sharing by the usersencryption method given by the equation: who are under a Wi-Fi network. Administrator can restrict peer to peerP-PMK = PMK + (256 bit random protection Wi-Fi sharing by genuine users underkey) the Wi-Fi network.Where P-PMK is the protected PMK and ‘+’  DOS attack discovery and blacklistingis XOR operator. Here we are doing the XOR the attacker.operation of plaintext information derivedfrom PMK and a randomly generated  Using Static IP instead of Dynamic IP.number, simply generated using a random() Disabling at least the IP Addressfunction which makes this encryption assignment function of the networksmethod simple, fast and almost solid secure DHCP server, with the IP addresses ofsince it is almost impossible to decrypt 256 the various network devices then set bybit random numbers even by performing a hand will also make it more difficult fordictionary attack or brute forcing with a a casual or unsophisticated intruder tosuper computer. Wi-Fi P+ also imparts log onto the network.additional inbuilt security features like:  Built-in Honey Pot for intrusion and MAC address filtering allows the attack detection. Honey Pots are traps, administrator to restrict the access to a waiting for hackers, which seems to be Wi-Fi network based on MAC address. vulnerable, but actually traps the By implementing MAC address filtering, attacker and reveals his identity. the computers with MAC addresses allowed by the administrator can only  VPN (Virtual Private Network) for data connect to the Wi-Fi network. security and privacy. It is a credible andWi-Fi Security with Wi-Fi Protection Plus | Ajin Abraham
  5. 5. a popular way for securing data in  LANs. April 2002. URL: wireless transmissions. ibrary/downloads/msn1710.pdf  CERT. Configure firewall packetImplementation of filtering. July 1999. URL: http://w P+ improvement/practices/p058.htmlImplementation of Wi-Fi P+ on an existing  Cisco. Wireless LAN security whiteWPA/WPA2 is simple. It can act as an add- paper – Cisco Aironet 1200 series.on for the router firmware. It can be  URL:installed along with the router firmware. cts/hw/wireless/ps430/products_w hite_paper09186a00800b469f.shtmlConclusion  Geier Jim. OptimumPath secureCurrent dominant standards of wireless access wireless router. August 28,security are found to be vulnerable even 2003.with their complex security architecture  URL:and here comes the importance of Wi-Fi P+ its flaw less secure layer along with /AP/article.php/3070111other additional protective features, ease of  Kelley Diana, Phifer Lisa. 802.11use and implementation makes it a good Planet - WLAN security tutorial. Juneoption for organizations, where secure data 2003.transmission is a concern.  Marshall Trevor. Antennas Enhance WLAN Security.  URL:  & eless-trevormarshall.shtml  Roberts Paul. Expert releases CiscoBibliography wireless hacking tool. April 8, 2004.  URL:  Wi-Fi security – WEP, WPA and WPA2 -Guillaume Lehembre curitytopics/security/hacking/story/  Avaya. Configuration and 0,10801,92049,00.html deployment of IPSec VPN security  Schafer Marlon. How to Pick the for 802.11 wireless Right Antenna. 2001.  The evolution of wireless security in  URL: 802.11  networks: WEP, WPA and 802.11 ess/antenna/how_to_pick_the_right standards-SANS institute _antenna.htm  Wireless Network Security  Symbol. Why ‘Not Broadcasting the  802.11, Bluetooth and Handheld SSID is not a Form of Security. Devices- Tom Karygiannis, March 25,2003.  Les OwensWi-Fi Security with Wi-Fi Protection Plus | Ajin Abraham
  6. 6.  URL: od/workingwithipaddresses/qt/stati wireless/broadcasting_ssid_.html cipaddress.htm  Wi-Fi Alliance. Wi-Fi protected  URL: access overview. October 31, 2002.  URL: ving pdf/WiFi_Protected_Access_Overvie w.pdf  Deploying Wi-Fi Protected Access (WPA™) and WPA2™ in the Enterprise- Wi-Fi Alliance  The State of Wi-Fi® Security Wi-Fi CERTIFIED™ WPA2® Delivers Advanced Security to Homes, Enterprises and Mobile Devices- Wi- Fi Alliance  URL: cs/wirelesssecurity/g/ m  URL: ure-your-wireless-wifi- network/10549/  URL: shared_key  URL: od/wirelesssecurity/tp/wifisecurity. htm  URL: cs/wirelessfaqs/f/adhocwireless.htm  URL: cs/wirelessproducts/qt/macaddress. htm  URL: ss security  URL:Wi-Fi Security with Wi-Fi Protection Plus | Ajin Abraham