Module 3: Wi-Fi Encryption
Last updated
Last updated
WEP uses a 24-bit initialization vector (IV). A 64-bit key was permitted, 24 bits are used for IVs, resulting in a real key size of 40 bits.
RC4 is a symettric cipher. Streams of bits are XOR'd with plain text to get the encrypted data. Decrypting it is simply XORing the encrypted text with the key stream.
RC4 costs of two key elements:
Key Scheduling Algorithm (KSA): Initializes the state table with the IV and WEP key.
Pseudo-Random Generation Algorithm (PRGA): Creates the keystream.
Concatenate the IV and WEP key, then run KSA and PRGA to get the keystream.
Create the Integrity Check Value (ICV) of the message, then concatenate it to the message.
XOR the plain text message plus the CRC32 and the keystream to obtain the encrypted text.
The packet then contains the following elements:
IV (Used Previously)
Key ID
Encrypted Text
ICV that is the CRC32 of the plain text
Concatenate the IV and the key corresponding to the key ID, then run KSA and PRGA to obtain the keystream.
XOR the encrypted message and the keystream, resulting in the message + ICV.
Compare the decrypted ICV with the one received with the packet. If they are the same, the frame is intact and accepted, otherwise, discard the frame, as the packet is fake or corrupted.
WEP can make use of two authentication systems:
Open Authentication: Client does not provide any credentials. Once associated, it must possess the correct key to encrypt/decrypt data frames.
Shared Authentication: A challenge text is sent to the client. The text must be encrypted with the WEP key by the client and sent back to the AP for verification. The AP then attempts to decrypt the text. If successful and matches the clear text version, the client is allowed to proceed to associate with the AP.
Two ciphers are available to WPA:
TKIP: Designed to be backward compatible with legacy hardware. Can only handle WEP, but addresses the flaws found in WEP:
Per packet key mixing
IV sequencing to avoid replay attacks
New Message Integrity Check (MIC), using the Michael algorithm and countermeasures on MIC failures
Key distribution and rekeying mechanism
CCMP: Based on AES. Also known as Robust Security Network (RSN). Designed from the ground up and is not compatible with older hardware.
The secure communication channel is set up in four steps:
Agreement on security protocols
Authentication
Key distribution and verification
Data encryption and integrity
The authentication step is only done in WPA Enterprise configurations and is based on the Extensible Authentication Protocol (EAP).
Simultaneous Authentication of Equals (SAE) replaces PSK in WPA personal. SAE is a variant of Dragonfly. AES is the only cipher allowed.
There are three components to WPS:
Enrollee: a device seeking to join a WLAN
Access point
Registrar: an entity with the authority to issue or revoke credentials for a WLAN
Two modes of operations are available: in-band configuration and out-of-band configuration. In-band is done via WLAN communication and out-of-band is done using any other communication channel or method, such as by using a NFC tag or USB thumbdrive.
The M1 to M8 EAP messages are specific to the WPS registration protocol.
The below table details the outcome of connection depending on the client and AP settings for PMF:
No
No
Yes
No
No
Capable
Yes
No
No
Required
No
Capable
No
Yes
No
Capable
Capable
Yes
Yes
Capable
Required
Yes
Yes
Required
No
No
Required
Capable
Yes
Yes
Required
Required
Yes
Yes
This mechanism prevents attacks using unprotected association, disassociation or deauthentication frames from tearing down a connection.
