Another attack has been proven possible on unbreakable wireless networks. I have heard WEP called "unbreakable" and I have heard the word "unbreakable" used for WPA after WEP was broken. But now both WEP and WPA have been broken. WPA2 seems to be the next best thing. However, the situation is not as dire as some make it sound. There are four items that must be secured to be able to resist the latest wireless exploits. Break these rules and you are you are vulnerable to the attack:
This write-up focuses on an enterprise network, but a quick overview for the home network is included in the conclusion. If all you are worried about is a home situation then you may want to skip directly to the conclusion.
WPA2 debut in March of 2006 so any administered network has no excuses if the first criteria is not met.
When it comes to encryption and authentication the main difference between WPA and WPA2 is two-fold. First, authentication is made much more flexible and more likely to be properly used because there are several different authentication modes or EAPs (Extensible Authentication Protocol) to meet a enterprises needs. There were only two in WPA enterprise. Next, WPA2 mandates strong encryption (either TKIP or AES) whereas WPA left their use optional.
The five authentication methods currently available are:
Both WPA and WPA2 personal mode calls for a PSK (Pre-Shared Key) and the enterprise mode in WPA used EAP-TLS. The PSK option could be made more secure by using a long and complex shared secret. The WPA or WPA2 enterprise option is more secure because even if a key is broken it would be useless unless the intruder already had the certificate.
The EAP-TLS method that was used in WPA is secure but very difficult because of the need to have an x.509 certificate on the Radius server, a certificate on every client that connected to the AP, and a PKI must already be in place for key distribution- a major headache for cryptography for years. So while EAP-TLS is considered very secure, it was rarely used properly because of the implementation problems.
This is an improvement in terms of ease-of-use over EAP-TLS in that the client does not need to be authenticated via a CA-signed PKI certificate to the server. It only needs the server to authenticate the client. So a certificate does not need to be installed on every client which just makes implementation much easier.
The problem is that it is not natively supported in XP, 2000, or mobile 2003. There are, however, options to patch Windows XPsp2.
This method has rather fragmented by vendors. For example; Microsoft has an implementation they call PEAP-EAP-TLS which no other vendor supports. That version is very secure and very similar to the EAP-TLS method because it requires the PKI infrastructure except that it does a more thorough job at encrypting all parts of the packet. In the standard PEAPv0, the user name is left unencrypted which leaves the network open to privacy concerns and possible Denial-of-Service attacks.
This was created by Cisco as a replacement for PEAPv0 and used Generic Tokens (GTC) instead of Microsoft's MSCHAP as an internal authentication protocol. However, between Microsoft's disinterest in a protocol beyond their own, and Cisco's interest in other authentication protocols (LEAP, FAST-EAP), this has no native OS support and is rarely used.
Tkip (Temporary Key Integrity Protocol) was a temporary stop-gap to replace WEP and allow for more secure certificate based authentication with legacy hardware. It has outlived it's use and will soon be deprecated.
While it is much more secure by making encrypted data much less predictable by mixing the IV (Initialization Vector) with the secret key and using a different encryption key for every packet. In WEP, the IV and the key were concatenated which creates predictable text giving someone breaking in a clue they could use to figure the rest out. The fact that the key was consistent though out the document only made it even easier.
In November 2008, researchers Martin Beck and Erik Tews found a way to break into TKIP secured networks in about 12 minutes. The only reason it took so long is that if a TKIP protected access point gets a couple of wrongly keyed packets within a certain time frame, it will create a completely new encryption key. So they slow the attack down to not trigger the re-keying methods.
Later, Japanese researchers Toshihiro Ohigashi and Masakatu Morii found a way to perform the same attacks without the need for WMM.
Both attacks only works on TKIP and is immune if the AES standard is used.
Of course an access point that is either unsecured or secured with only WEP is vulnerable for other reasons. According to George Ou at ZD-Net, unsecured wireless networks are still common. Even in the mobile home park I live in most people know enough to secure their wireless networks.
This paper only worries about the authentication and encryption benefits of WPA2, but there are others such as a faster connection time.
If you are maintaining a home network then your best bet is to use the WPA2 personal mode with a strong shared secret (password). WPA2 personal has two ease-of-use benefits. First of all, encryption is automatically turned on once you use it, and both encryption and authentication use the same key. Not a secure option on the enterprise, but a good compromise in the home where keeping track of several keys would be difficult and probably result in fewer people using it. Just be suree to use a long and complex password/passphrase which will make bruteforce attacks difficult if not impossible.
In an enterprise network, you would want to use WPA2 enterprise (surprise!) using For encryption, always use AES instead of TKIP encryption. Which authentication option you choose depends on your situation.
Comments
Post new comment