2010

WIRELESS SECURITY PROTOCOL: Wi-Fi Protected Access Version 2

Rohit nandgerikar La trobe university 1/1/2010

Table of Contents
1. O jec ve................................ ................................ ................................ ........................... 3 3.

3.2 WPA ................................ ................................ ................................ ............................ 5 3.2.1 WPA mp veme s ................................ ................................ .............................. 6 3.3 WPA2 ................................ ................................ ................................ .......................... 6 4. Sec yP c l WPA2 802.11 (W -F P 3.3.1 A v 4.1 A c 4.3 A 4.4 C es f s

7. efe e ces ................................ ................................ ................................ ...................... 14

List of Figures
             
F F F F F F F F F e 1: Cl ss f c f w eless e w ................................ ................................ ........... 3 e 2: 802.11 I e e OSI M el ................................ ................................ ............. 4 e 3: Fl w f c ec e ................................ ................................ ............................... 7 e 4: Key H e c y 802.11 ................................ ................................ .......................... 8 e 5: 802.1X EAP M el ................................ ................................ ................................ 9 e 6: WAP S c e ................................ ................................ ................................ .. 10 e 7: EAP ve AN1 ................................ ................................ ................................ ..... 10 e 8: AES c e m e ................................ ................................ ................................ 11 e 9: AES CBC-MAC ................................ ................................ ................................ ....... 12

6. C

cl s

................................ ................................ ................................ ...................... 14

5.2.1 A v

es f

e e e p se ................................ ................................ ............ 13

 

5.2 Sec

e W AN w

WPA2-e e p se ................................ ................................ 13

5.1.1 A v

es f

H me Use ................................ ................................ ................. 13

 

5.1 Sec

5. D sc ss

4.5 I e

................................ ................................ ................................ ............ 9

f e

l y ................................ ................................ ................................ ........... 10

y ................................ ................................ ................................ .................... 12 e W AN w WPA2-pe s l ................................ ................................ ... 13

................................ ................................ ................................ ....................... 12

4.2 Key Es

 

ec

e ................................ ................................ ................................ ................ 7 ................................ ................................ ................................ ....... 7

l s me

 

3.1 WEP ................................ ................................ ................................ ............................ 5 3.1.1 We ess f WEP ................................ ................................ ................................ . 5

2. I

................................ ................................ ................................ ...................... 3

e ev ew ................................ ................................ ................................ .............. 5

WPA2 ................................ ................................ ................... 7 ec Access, VE SION 2) ............................ 7

1. Objective
 #  #
l e w sec e yp

2. Introduction
 ! &     &! # !  " & $!   #    ! $ !  
w eless e w mp ve ew e ew ec se p v es m l yw c s ec m e ec

IF

AH ED F FHFC

c ls

e OSI m

el. 3

HDCG

AH F HE

AH G

FA

F Q

@CP@DI A

EDBQF

Be s y, Olex , & D

, 2008) . T e

m el w s

ws s

e pl ceme

e sec

@CIE@A

C @ E

FHED I ID DI D IE@

F FHFC PEDBCF H E PED F

I CF

IFAH

me

s f

evel p

ew

c ls

v e

seve l ye s (C

AH F EF D A DA

BCF

@C

@I G D

IF

@ I H HFC D D

W -F p

ec e

ccess, 2009). T e OSI m

el s s e

s f mew

w c

e f

@ DC HE @ DG

I CD

A E@

DCFF E@

DC@BA @9

C @ BED @H@I IE@

l ye ) . ( s

,M

,&D

es , W e Eq v le

P v c(WEP) ve ses e ,

@ D A

C@ H@AH

IF

AH F C @ H

F F H AH ED I D D

C@ F FHFC

HDCG

sec

yp

c ls

e spec f e

e w l wes l ye s f

e OSI m

el

e p ys c l

A E@

DCFF E@

DC@BA @9

access), WPA2(wi-fa protected access, version ( s

03 806 2 4 6( 53

01

B E

06

w eless

c ew

e WEP (wired equivalent privacy) , WPA(wi-fa protected ,M s ,&D es , 2009). T ese

5 6

5 03 ( 1(

5035432 6 6260

210)

23 0(2

71 6 3

60 806 2 4 6(

c ew

f m

p ss l e

e . T e sec

c ls

sw c

e evel pe

53

01

01 (2 0)

62 461 1

5 2

41

3(

143

6 ( 1(

62 )

0 8 3(

f m

c e s. D e

w c c mp

es

ve

ves e m ll

sec e

e w eless

23 0(2

71 6

60 0 ) 54

(2 0)

62 24 1 1 ) 41 03 5 ) 5035432

2 10)

T e sec

y s

s se

s ff c e

"! $ !  

! ! 

 "'

$!  

ew

s.

e 1: Cl ss f c

f w eless e w

ce: (Vecca, 2009) s e f m p s s le e

e e

 "

# $!   ! #

!'  !  ! #

 $!  

ew

e cl ss f e

c e

es .e. W eless

ew

cell l

' " "!

 !   

 "

!  

$!   !

ew

s w c

c mm

c e w

e c

w es. T ese w eless

  # 

  ' & 

$!  

$!  

 ' "

60

!

sec

ese w eless e w

s. W eless e w

sc

e e e lly efe e

 !



! '   

# 

'! ! 



"!  !  !

f c

l fe. As

e w eless ec

y s

p ly

ce s

ce

s ypes



  !  

# "!#

 

 $!  

W eless

ew

ve see

eme

"

# &

 

!

f c s s

WPA2 802.11 , w c w ll e sc sse

l.

evel pme

ve

e ye s. Pe ple p efe

! 

$!   ! #

 !

! !!

 "

%  " ! 



" !   (



lyse

ev

s ypes f sec

yp

c ls f

e w eless

c ew

.T em j

Figure 2: 802.11i Integrated in OSI Model (Lashkari, Mansoori, & Danesh, 2009)

TYX X

S m

, 2009).

a RX

TWXca Xd

ec e Access), WPA2 802.11 (W -F P

ec

Access, VE SION 2) ( s

,D

es , &

X T

X TW SR X TU

Y WT

RV TS SVW X T T Y S SVW e XR cWV S R aS RV XS XY aS V RVTS W R

e c yp

e ew

mely WEP(W e Eq v l e

aS WV Y W YT RV R b

Xa a Ta

Y U V VSVW

STWU

WaS WX W aS

e F -1

ee

ee sec

yp

c ls s e w c

v e ee c

s ee f

P v cy), WPA(W -F

`RTYWV

cWV S R aS RV T XWS aS YX W aS RX

RV RX RVTS W R SUVaST

ST `RTS W R

e c yp

.W

e c yp

ec

e e

ff c

b SR SRV XSXY aS `RTS SVW

bY

Ta X T

X TW

V b W X aS V

se v ces f

e l ye s el w. I W ANs, p v cy s c eve

yp

ec

e ew

. Acc

aS

U a Ta

W X

VS aS SX WX c X

YRX d

`T

`T

aS RT

As

e F -1, TCP IP, IPX, Ne BEU ,

Apple T l

W X cRT XSXY aS RT T a Ta

dd VWSRV cRT X T`V WV

V VSVW

U SXaS V VSVW

c ls

se 802.2 p

c ls f

c ll

l ( C) w c s e

l ye . e y

p l ye w c

se

W a`Ta YRV

V VSVW ` YRX b X V W X

VWSRV

ccess c

l(MAC) l ye s f ,

c ls. Sec

e level ses 802.11 W AN

X TY

WX T T

Xa V X W X W a`Ta

aS WXa

aS V X SUb

YVaS

`RTYV R

e c

me

ll f

em s

e s me

e l ye

ls

ve s m l

me

SR W
e 4

TY `RT WS

T R U W

aS `RT`RXa

T W X X T a

aS R T

`RXa `RTcX T W

es

e p ys c l l ye , .e.

y c

e f eq e c es,

b V VSVW
ffe e

S TW U

aS Y SX W

`RTW RT`R

TRVWS

YRX X TWS

V SUSTS R

IEEE(I s

e f Elec c l

Elec

cs E

ee

)ce e

ese sec

yp

c ls y

aS VS

T e 802.11 sec

3.1 WEP

3. Literature Review

ec

c l s c lle w e eq v le

p v cy (WEP). I s

pq

r pi qs r ph

t ip t r

p u uqui tsr ihq q pg ir q pih

esp

s le f

p v

, c

f e

l y

sp

qpiw qsp rqrt tsr

qp r pqs tp su

supqr pqs gqhr wsptp ui

iu

vp s u

ew

s. T e m f WEP es

e sw s

p v e

e s me e ee f sec

vr pr r r qpih
y s v l

iw t

gq t p ui uq r

i s wp t

pr g

xiu q s i g

l w e (E e e ) e w

s. (C

, Be s y, Olex , & D

xiu q s q si gq

t ip

rsupqptr iq gq sp

s es

p v e sec

y y e c yp

y s

ffe e

me

s l e s

m, s

m c eys, l c c

m,

vel sc m l

, 2008) . WEP

802.11

m e c.

y y

WEP ses p e s

ey (

s mple 5

13 c

p ssw

c mm

c e e wee

e m

le

s (STA)

ccess p

s (AP). WEP

es

spec fy

es

l s me

ss mes

- f-

( s

,D

es , & S m

, 2009). T e ey

se

WEP s

seq e ce f

m y es w c

s c lle

lz

vec

(IV)

y y

s se

ve pl

ex

cp e

ex (c

e e e

em

c lf c

c lle

s c yp

y y
p c l

3.1.1 Weakness of WEP F eve y p c e se s IV(

m).

lz

vec

f f ed d de
) s cl e pl ex e w c p

e ey m

w ll e v s le

c e . T e IV s ve y s

ly 24

we

e ey

ve

d h

f f h

h f g

se s m l

IV

ffe e

p c e s. Ove

sy e w

ese IV w ll e ppe

eve y

ef

eh

s me f

c e

se

f mes f

e s me IV e c

e s ly

ve ccess

fge

g f f

f ged e f

e sec e

ey (C le, 2003).

T e WPA w s

3.2 WPA

evel pe

c ve

e l

les

e WEP c yp

p y me

r klim

i jnqlm n

im po

li ll

im n l lm k l

k j

eep

e s me

w e s

WEP. T e pe

Pe s

l WPA

WPA-PSK(p e-

nl

jpl n

nl plomjn l i

po j nj knji

im qpo

ey) w c s se f

sm ll ff ce

me p p se c

se

se ve

n n

plomj omp imtj

t mlppj

l nt

li nl

o l j

nl k t o i oi

s c yp

p y

sc

e sl

s 256

s. I c

s e lp

me c s

pj i oi qponm
w c c

on

tpji j

t pj m

mor

j qpl j r pj

m or i jnqlm n

mo kpj

s k nj i

se

sess

s w

AP( ccess p

),

so pt

mpol

imo

plo

qpoppoq r im mjomlq p lm k t r

p v es m

e wee

e cl e

AP s

em

l e WEP. WPA

ve

s ey,

mo

s oim

ji

im l imlr j

kpj mp o

im p

m r plomj omp imtj jtmt

k o ln

sm e

ew

. F

E e p se WPA

C mme c l

ses

im

t mo jo n

nl

on n m p

nl

snl m p

im pl k mmo

pjnm mlp o

se ve 802.1x f

w c

p v es

sec

kpj
e

mont

kllq

ko l n

i oi

plomj omp imtj mo nl

n n

plomj omp imtj

excelle

e se

f f c ve

e w eless e w

.F

WPA ses

plomj omp imtj nl snl m p

no

im n l o jnm n t im po lnmpl mp

802.1X+EAP. WPA

s mp ve TKIP ( emp

y ey

y p

c l ) e c yp

C4

le

pjim plom n p

l lmln

mon q mpo

s n jn l

k ln

o ji

3.3 WPA2
T ey e e f e f w eless e c s well s w eless ccess. WPA2 w s

standard for security protocols. In October 2000, the National Institute of Standards AND technology (NIST) chosen the advanced Encryption Standard (AES) as a robust successor to aging Data Encryption Standard . ( ashkari, Danesh, & Samadi, 2009, p. 51). WPA2 supports both domestic user as well as corporate enterprise. But for domestic purpose it uses pre shared key, like WEP. Access points and client have to be manually configured to a common secret key which can be as long as 64 ASCII characters or a 256bit number which is randomly generated can also be used but this might be difficult process of putting it manually into the client configuration. For the corporate enterprise 802.1X along with EAP authentication framework which also includes RADIUS. From different types of EAP, it uses EAP -T S, which gives a better authentication system and also provides secure distribution of the key. It may have covered the problems for the corporate enterprise but has the same problems for 6

l is the m j

tributor who is working on the WPA2 which is the next generation

w c w s evel pe

s s f WEP

WPA . ( s

,D

es , & S m

, 2009).

evel pe

s lve

e m j

lem

WPA. WPA2 s

ce sec

y p

c l

T e 802.11 s

e WPA2

s vey

W eless Sec

yP

c ls, 2009) .

ev

lly s m l

ey l s

ve s m l

mec

sm

c sc

f m ey e se. ( s

,D

es , & S m

mx

. w ew e y e c yp eys s e ey

ee

evel pe

es , 2009). e e p l c IVs f m s we eys s mpleme e pe -p c e

sep

e epl y

c s

ew IV seq e c

sc pl e ( s

, M

T p eve

e es c y p

p c mess

3.2.1 WPA improvements T e mp veme s w c we e m

&S m

, 2009, p. 50) .

e f e WEP we e e yc e (MIC) c lle s M c e l. s , &

login process and support for EAP -TLS and PEAP authentication methods . ( s

~ v  zv {v z v v y

z} u

}{v v

S m

, 2009). By s

802.1X+EAP WPA

e f integration with windows ,D es ,

y zv

}xv|y v { u ~z }

| { xvy x

z y x x

wv

WEP. WPA ses

ADIUS se ve ; e ce p es

ey s

se . ( s

, D

es , &

,A

e ms.

domestic user as in WEP and WPA-PSK. ( ashkari, Danesh, & Samadi, 2009). WPA2 is so secure that hackers now use dictionary attacks on this key-i.e. try thousands of common words. Most APs a small algorithm for creating a long random key and you should always use this. With long random key WPA2 is considered untraceable (Wisely, 2009, p. 92) .
3.3.1 Advantages of using WPA2 WPA and WPA2 are almost similar to each others. But in WPA2 the same key which is used

for the encryption can be used for protecting the integrity of the data. Due to which one key is less needed. When WPA2 is used both the network and data are secured because it uses AES-CCMP (Advanced Encryption Standard-Counter Mode Cipher-Block-Chaining MessageAuthentication-Code Protocol) encryption (Miller, 2008).

4. Security Protocol WPA2/802.11i (Wi-Fa Protection Access, VERSION 2)

Wireless ad hoc network includes security protocols: wired equivalent privacy(WEP), Wi-Fi protected access(WPA), Wi-Fi protected access version2(WPA2). WPA was introduces to cover the loopholes left by the WEP. WPA2 is the latest development which offers advanced security protocol.

4.1 Architecture

Figure 3: Flow of architecture

4.2 Key Establishment

As WPA and WPA2 are developed from similar background they have some identical blocks. The key establishment is one of them. As we have read in the literature survey that specified that WEP did not use any key establishment protocol which was considered as a security loop hole. To avoid this problem they used support from multiple components in the design. IEEE 802.11i task group developed 802.11 networks for two different environme nts i.e. the home network and the commercial enterprise network. Both of the environments have different security requirements and infrastructure. Therefore, 802.11i specifies two 7

different security architectures such that for enterprise network uses IEEE802.1X for key establishment and authentication and whereas home network does not use IEEE802.1X. The diagram shows the structure flow of the key establishment of the two environments i.e. home network/WPA2-PSK (pre shared key) personal and enterprise network. The WPA-PSK master secret does not use 802.1x. It uses the password which can be specified by the user whereas WPA enterprise uses 802.1x along with its master key which is used for authentication process or certificate etc. 802.1x is an IEEE standard for port based Network Control. 802.1x uses EAPO to communicate between the user (STA) and access point. EAP (extension authentication protocol) is a authentication protocol and EAPO stands for EAP encapsulations over LAN. (Welcher, 2004). For every session the authentication process is carried out depending on the by product authentication process and which is specified by the network administrator for WPA-PSK. This process is then passed through the PMK block where the key for EPoL messages and integration key for EPoL messages are generated. It is a pair-wise master key which generates keys of 256 bits. Session means association between STA and AP. (Chandra, Bensky, Olexa, & Dobkin, 2008)

Figure 4: Key Hierarchy in 802.11

When the STA associates with AP it is considered as the beginning of a new session for which a new set of PTK (set of keys) from PMK is generated. The session keys are only valid for a certain amount of period, so it is also called as temporal keys and Pair -wise transient keys (PTK) are referred to a set of four session keys. The PTK are generated from PMK by the use of pseudorandom function (PRF). The PRF s concatenate the IV with master key to generate or obtain per packet key. This is known as per packet mixing. Generating a perpacket key is a very computational intensive process for the MAC processors used in WEP because of their hashing operation. Hence, here the process have been split into two different phases which can be classified as more process intensive and less process intensive. The high order 32bits of the IV are present in phase one which change in every 65336 packets whenever any one of these bits change. It is very difficult for an intruder to compare the IV and the per packet key which is used in the encryption of the packets because of the key mixing function. (Chandra, Bensky, Olexa, & Dobkin, 2008, p. 382) .

4.3 Authentication
As been said in the preceding section, 802.11i gives different security architectures. It uses
manual configuration for the home network whereas it uses IEEE 802.1X for authentication. As shown in the below figure 802.1X is constructed along the lines of EAPoL. It shows general architecture of EAPoL.

Figure 5: 802.1X/EAP Model Source : (Maxim & Pollino, 2002)

The controlled port is only turned ON or connected if the connected device has been authorized by 802.1X. The uncontrolled path is only c onnected to the EAPoL traffic. By using MAC filtering we can limit the uncontrolled path. This can be used to avoid DoS attacks.

Figure 6: WAPoL Structure (Maxim & Pollino, 2002)

Figure 7: EAP over LAN1 (Maxim & Pollino, 2002)

EAPoL can be easily used in the 802.11i environment. As shown in the figure supplicant is STA and AP is authenticator who controls the access to the network. (Chandra, Bensky, Olexa, & Dobkin, 2008)

4.4 Confidentiality
Here we look at the confidentiality mechanism of WPA2. Due to the weakness of WEP which used steam cipher which provided a loss transmission 802.11i group implemented a block encryption algorithm while redesigning 802.11 securities. AE S was (and still is) considered the most secure block cipher. This was a major security enhancement since the encryption

10

algorithm lies at the heart of providing confidentiality. (Chandra, Bensky, Olexa, & Dobkin, 2008, p. 391).

Figure 8: AES counter mode (Fette, Bensky, Chandra, & Dobkin, 2008, p. 392)

To specify an encryption algorithm which provides security we also need to specify its mode of operation. Therefore to provide confidentiality 802.11i uses AES in counter mode as shown in the figure which uses the block cipher as a stream cipher. The figure shows the working how AES works when block cipher is used as stream cipher. By using the counter mode the messages become independent from the generated key stream thus allowing the messages to arrive before the key stream is generated. As the various encryption blocks in a message are not correlated with each other and if the hardware has a stock of AES encryption engines, the message can be encrypted in parallel. Since the process is similar to encryption each device requires to implement the AES encryption block. While the protocol uses counter mode the length of the plain text can be similar to the encrypted text, also there is no need to break the message into same no of blocks. (Fette, Bensky, Chandra, & Dobkin, 2008, p. 392)

11

4.5 Integrity

Figure 9: AES CBC-MAC

Only confidentiality is given by the AES counter mode. To provide integrity the IEEE 802.11i group used Cipher Block Chaining (CBC) -MAC operation. This why the protocol is named as AES-CCMP where CCMP stands for Counter-mode CBC-MAC protocol. The CBC -MAC protocol is shown in the figure below. The black boxes represent the encryption protocol i.e AES in case of the figure shown .CBC-MAC XORs a plaintext block before encrypting it. This ensures that any change made to any cipher text (e.g.: by hacker) block changes the decrypted output of the last block and hence changes the residue. CBC -MAC is an established technique for message integrity. The IEEE 802.11i group combined the counter mode operation with the CBC-MAC integrity protocol to create the CCMP. (Chandra, Bensky, Olexa, & Dobkin, 2008, p. 392)

5. Discussion
As we have seen the architecture and working of a WPA2 security protocol. This is considered as the third generation of security protocols. WPA2 has covered al most all the loop holes which were there in the previous generation like WEP and WPA. The IEEE 802.11i have made most reliable security protocol for the wireless network and which can be used by home networks user as well as enterprises. Let us discus how to use the WPA2 security protocol for home user as well as the enterprise and their advantages

12

5.1 Securing the WLAN with WPA2-personal

As we know home network user most of the time are non-technical people who know less about the wireless network and its security. Therefore IEEE802.11igroup suggests to use WPA 2 personal security method. WPA2 personal uses PSK (pre shared key) for its authentication and AES-CCMP will keep the data secure on the wireless network. The home user has to configure a passphrase of 8 to 63 characters for PSK authentication on the devices which he intends to use like Laptops, phone, PDA etc and the router or access point (AP).
5.1.1 Advantages for Home User y Has to manage only PSK authentication key, AES-CCMP encryption included .

As the security authentication is configured on the wireless devices management of servers is not necessary.

y y

Can use single passphrase for all the wireless devices. It is very difficult for intruders to hack into the network.

5.2 Securing the WLAN with WPA2-enterprise

The security requirement for a enterprise is much higher than that of home network. The infrastructure on an enterprise is on as larger scale too. Like the WPA2 -PSK we cannot use a single passphrase for every device on the network. It is very unsecure the passphrase might get leaked out which can be dangerous or if a device or access point gets stolen gets stolen these things can pose a threat to the network. So IEEE 802.11i have developed WPA2enterprise. The authentication is server based but it uses the same encryption technique AES-CCMP to keep the data secure on the network. Authentication here is called 802.1X/EAP.
5.2.1 Advantages for the enterprise y RADIUS server is used to manage all the devices.

y y

Authentication is centralized. In case of breach only single change to radius server is made which can change individual configurations at each AP AND station.

13

6. Conclusion
WPA2 is one of the reliable security protocols and asWPA2 is based on WPA it is becoming compatible with the devices which we are using now. WPA2-AES-CCMP is the advanced encryption method which gives a secure connection.

7. References
1. Chandra, P., Bensky, A., Olexa, R., & Dobkin, D. M. (2008). Wireless Networking. Elsevier. 2. Cole, L. (2003). Wired Equivalent Privacy. 3. Fette, B. A., Bensky, A., Chandra, P., & Dobkin, D. M. (2008). RF and Wireless Technology. Elsevier. 4. Lashkari, A. H., Danesh, M. M., & Samadi, B. (2009). A survey on Wireless Security Protocols. IEEE Explore . 5. Lashkari, A. H., Mansoori, M., & Danesh, A. S. (2009). Wired Equivalent Privac(WEP) verses Wi-Fi protected access. IEEE Explore . 6. Miller, B. (2008). WPA2 Security : Choosing the right WLAN authentication method for homes and enterprises. Global knowledge expert reference series of white papers 7. Vecca, J. R. (2009). Computer and information handbook. 8. Welcher, P. J. (2004). Examinig 802.1X and EAP. Chesapeake netcraftsman . 9. Wisely, D. (2009). IP for 4G. John Wiley and sons LTD.

14