This document discusses wireless security using WPA2. It begins by describing the types of wireless security including open networks, WEP, WPA, and WPA2. It then provides an overview of WPA2, including how it uses AES for encryption and integrity checking. The document compares WEP, WPA, and WPA2 and describes WPA2 authentication in personal and enterprise modes. It details how WPA2 generates keys through a 4-way handshake and uses AES in counter mode for encryption and CBC-MAC for integrity. The document concludes by discussing benefits and vulnerabilities of WPA2 as well as procedures to improve wireless security.
5. WPA2 OVERVIEW
• Wi-Fi Protected Access 2
•
Security standard developed by the Wi-Fi Alliance and is an
implementation of IEEE’s 802.11i
•
Uses Advance Encryption Standard (AES) protocol
• AES in Counter-Mode for encryption
• AES in Cipher Block Chaining-Message Authentication Code (CBC-MAC)
for integrity checking
9. PERSONAL MODE AUTHENTICATION
•
Authentication performed between
client and access point
•
PSK(Pre Shared Key) &
SSID(Service Set Identification) is
used
•
AP generates 256 bit from plain text
pass phrase
•
PMK(Pairwise Master Key) is
generated after authentication
10. ENTERPRISE MODE AUTHENTICATION
•
•
Based on IEEE 802.1x standard
Authentication performed between
:-
1. Client
2. Access Point
3. Authentication Server
• After authentication MK(Master
Key)
Is generated
11. WPA 2 KEY GENERATION
• 4 way handshake initiated by AP
• Confirms client’s knowledge of
PMK in personal mode & MK in
enterprise mode
• Pairwise Transient Key created
at client’s
• Fresh PTK is derived at AP
1. Key confirmation key
2. Key encryption key
3. Temporal key
12. WPA 2 KEY GENERATION
• Install encryption and integrity
key
• Control port are unblocked
13. WPA2 ENCRYPTION
• Two Process happens
1. Data encryption
2. Data integrity
• AES is used in encryption & authentication is a block symmetric cipher
• CCM is new mode of operation for block cipher
• Two underlying modes of CCM
Counter mode(CTR) achieves data encryption
Cipher block chaining message authentication code(CBCMAC) to provide data
integrity
14. MESSAGE INTEGRITY CODE(MIC)
• IV(Initialization Vector) encrypted
with AES & TK to produce 128
bit result
• 128 bit result is XOR with next
128 bits of data
• Result of XOR is continued until
all IV are exhausted
• At end,first 64 bits are used to
produce MIC
Figure :AES CBC-MAC
15. WPA2 ENCRYPTION
• Counter mode algorithm encrypts
the data with MIC
• Initialize counter for first time or
increment counter.
• First 128 bits are encrypted using
AES & TK to produce 128 bits.
• XOR is performed on result and first
message block to give an first
encrypted block.
• Repeat until all 128 bit of blocks has
been encrypted.
Figure: AES counter mode
16. WPA2 DECRYPTION
• It works in reverse using same algorithm for encryption the counter
value is derived.
• By using the counter mode algorithm and TK , the
MIC and decrypted
data are found out.
• The data is processed by CBC-MAC to recalculate MIC
• If MIC does not match then packet is dropped otherwise data is sent
to network stack and to client
17. BENEFITS OF WPA2
• Provides solid wireless security model(RSN)
• Encryption accomplished by a block cipher
• Block cipher used is Advanced Encryption Standard (AES)
• IEEE 802.11i authentication and key management is accomplished by
IEEE 802.1x standard
• Key-caching
• Pre-authentication
18. WPA2 VULNERABILITIES
Can’t stand in front of the physical layer attacks:
RF jamming
Data flooding
Access points failure
Vulnerable to the Mac addresses spoofing
19. PROCEDURES TO IMPROVE WIRELESS
SECURITY
Use wireless intrusion prevention system (WIPS)
Enable WPA-PSK
Use a good passphrase
Use WPA2 where possible
Change your SSID every so often
Wireless network users should use or upgrade their network to the
latest security standard released
20. FUTURE SCOPE
• A new standard IEEE 802.1W task group(TG) approved in
March,2005
Main Goals
Improve security by protecting the management frames and also being able to
identify
Spoofed management frames normally used to launch DoS attack