The document discusses various aspects of 802.11 security, focusing on current security definitions, vulnerabilities like weak IV problems, and implementations such as WEP and WPA. It outlines authentication, integrity, and privacy measures and critiques the limitations of 802.11i regarding management frame security. The content highlights improvements made in WPA and its components like TKIP and EAP for enhanced network security.

1. Outline
Outline
 Security definitions
Security definitions
 Current 802.11 security
Current 802.11 security
 Weak IV problem
Weak IV problem
 Wi-Fi Protected WPA security
Wi-Fi Protected WPA security
 802.11i
802.11i

2. Security Definitions
Security Definitions
 Security context between two (network)
Security context between two (network)
entities should provide
entities should provide
 Authentication - to prove identity
Authentication - to prove identity
 Integrity - to detect altered packets
Integrity - to detect altered packets
 Privacy - to prevent eavesdropping
Privacy - to prevent eavesdropping
..DesktopNAEavesdropping.docx

3. Current 802.11 Security
Current 802.11 Security
 (as per the 1999 spec)
(as per the 1999 spec)
 Authentication
Authentication
 Tied to association (session between station
Tied to association (session between station
and AP)
and AP)
 Open system - all stations may associate
Open system - all stations may associate
 Shared key - stations must know secret
Shared key - stations must know secret
 Integrity
Integrity
 Privacy
Privacy

4. Current 802.11 Security
Current 802.11 Security
 (as per the 1999 spec)
(as per the 1999 spec)
 Authentication
Authentication
 Integrity - Integrity Check (IC) field
Integrity - Integrity Check (IC) field
 32 bit CRC in encrypted payload
32 bit CRC in encrypted payload
 Not separately keyed
Not separately keyed
 Vulnerable to bit-flipping attacks
Vulnerable to bit-flipping attacks
 Privacy
Privacy

5. Current 802.11 Security
Current 802.11 Security
 (as per the 1999 spec)
(as per the 1999 spec)
 Authentication
Authentication
 Integrity
Integrity
 Privacy - Wired Equivalent Privacy (WEP)
Privacy - Wired Equivalent Privacy (WEP)
 RC4 cipher (relies on XOR)
RC4 cipher (relies on XOR)
 Up to 4 keys per station (40 bit or 104 bit)
Up to 4 keys per station (40 bit or 104 bit)
 Initialization Vector (IV)
Initialization Vector (IV)
 24 bit extension to key
24 bit extension to key
 Provides some randomization to key
Provides some randomization to key
 Unfortunately, keyspace is small!
Unfortunately, keyspace is small!

6. Big WEP Attack - Weak IV
Big WEP Attack - Weak IV
 Say an AP constantly sends 1500 byte frames at
Say an AP constantly sends 1500 byte frames at
11 Mbps
11 Mbps
 Keyspace is exhausted in 5 hours
Keyspace is exhausted in 5 hours
 Will be quicker if packets are smaller
Will be quicker if packets are smaller
 Original IV algorithms made things much worse
Original IV algorithms made things much worse
 Some cards used same IV for multiple packets Some
Some cards used same IV for multiple packets Some
cards reset IV to 0 after initialization
cards reset IV to 0 after initialization
 Some cards increment IV by 1 after each packet
Some cards increment IV by 1 after each packet
 WEP+ fixed these “Weak IV” issues
WEP+ fixed these “Weak IV” issues

7. Improving Security
Improving Security
 Improve authentication
Improve authentication
 System wide common login
System wide common login
 Improve integrity
Improve integrity
 Separate integrity key
Separate integrity key
 Stronger integrity algorithm
Stronger integrity algorithm
 Improve privacy
Improve privacy
 Increase keyspace size (make cracker analyze more
Increase keyspace size (make cracker analyze more
data in order to recover key)
data in order to recover key)
 Per -user keys
Per -user keys
 Key rollover
Key rollover
 Stronger privacy algorithm
Stronger privacy algorithm

8. 802.11i and WPA
802.11i and WPA
 IEEE 802.11i - IEEE 802.11 task group
IEEE 802.11i - IEEE 802.11 task group
“MAC enhancement for wireless security”
“MAC enhancement for wireless security”
 Wi-Fi Alliance WPA - subset of 802.11i
Wi-Fi Alliance WPA - subset of 802.11i
 Compatible with earlier draft
Compatible with earlier draft
 Defined for BSS only
Defined for BSS only
 Defined for current hardware
Defined for current hardware
 WPA has two major components
WPA has two major components
 Authentication
Authentication
 TKIP encryption
TKIP encryption

9. WPA
WPA
 Authentication
Authentication
 802.1x (not 802.11x) - defined for both wired
802.1x (not 802.11x) - defined for both wired
and wireless session establishment
and wireless session establishment
EAP (Extensible Authentication Protocol) - generic
EAP (Extensible Authentication Protocol) - generic
wrapper for authentication traffic
wrapper for authentication traffic
EAP impact
EAP impact
 Authentication is between laptop and server - AP is pretty
Authentication is between laptop and server - AP is pretty
clueless
clueless
 Different auth methods, updating auth methods do not
Different auth methods, updating auth methods do not
require upgrades on AP
require upgrades on AP
 Pre-Shared Key (PSK) - for SOHO networks
Pre-Shared Key (PSK) - for SOHO networks

10. WPA
WPA
 Temporal Key Integrity Protocol (TKIP)
Temporal Key Integrity Protocol (TKIP)
 Stronger privacy
Stronger privacy
 Still uses RC-4 encryption
Still uses RC-4 encryption
 Key rollover (temporal key)
Key rollover (temporal key)
 Stronger integrity
Stronger integrity
 Message Integrity Code (MIC) - computed with own integrity
Message Integrity Code (MIC) - computed with own integrity
algorithm (MICHAEL)
algorithm (MICHAEL)
 Separate integrity key
Separate integrity key
 Integrity counter measures
Integrity counter measures

11. 802.11i
802.11i
 Additions over WPA
Additions over WPA
 IBSS (ad-hoc mode) authentication - what does
IBSS (ad-hoc mode) authentication - what does
a security context mean without a trusted third
a security context mean without a trusted third
party? Is PSK enough?
party? Is PSK enough?
 Counter-Mode/CBC-MAC Protocol (CCMP)
Counter-Mode/CBC-MAC Protocol (CCMP)
Privacy: AES-CCM (128 bit key)
Privacy: AES-CCM (128 bit key)
Integrity: CBC-MAC
Integrity: CBC-MAC

12. 802.11i criticisms
802.11i criticisms
 Does not secure 802.11 management
Does not secure 802.11 management
control and action frames
control and action frames
 Disassociate, output power, etc.
Disassociate, output power, etc.
 Fundamental dilemma: does 802.11i secure
Fundamental dilemma: does 802.11i secure
 1. Traffic carried by the network?
1. Traffic carried by the network?
 2. Network elements themselves?
2. Network elements themselves?