Wireless networks are inexpensive and easy to maintain when compared to wired networks. An attacker can easily compromise a wireless network if proper security measures are not used or if there is no appropriate network configuration. Using a high security mechanism for a wireless network may be expensive. Hence, it is advisable to determine critical sources, risks, or vulnerabilities associated with it and then check whether the current security mechanism is able to protect the wireless network against all possible attacks. If not, then upgrade the security mechanisms.
This module describes the types of wireless networks, their security mechanisms, threats, and measures to combat the threats to keep the network secure. It examines various wireless encryption algorithms, their strengths, and weakness. The module also analyzes wireless network attack techniques and provides countermeasures to defend the information systems.
At the end of this module, you will be able to:
■ Describe wireless con cepts
■ Explain different wireless encryption algorithms
■ Describe wireless threats
■ Describe wireless hacking methodology
■ Use different wireless hacking tools
■ Describe Bluetooth hacking techniques
■ Apply wireless hacking countermeasures
■ Use different wireless security tools
■ Perform wireless penetration testing
Wireless Concepts
The computer world is heading towards a new era of technological evolution, using wireless technologies. Wireless networking is revolutionizing the way people work and play. By removing the physical connection or cable, individuals are able to use networks in newer ways to make data portable, mobile, and accessible. A wireless network is an unbounded data communication system that uses radio frequency technology to communicate with devices and obtain data. This network frees the user from complicated and multiple wired connections. It uses electromagnetic waves to interconnect two individual points without establishing any physical connection between them. This section will describe basic wireless concepts.
Wireless Terminologies
In a wireless network, data is transmitted by means of electromagnetic waves to carry signals over the communication path. Terminologies associated with wireless networks include:
■ GSM: Universal system used for mobile transportation for wireless network worldwide.
■ Bandwidth: It describes the amount of information that may be broadcasted over a connection. Usually, bandwidth refers to the data transfer rate. The unit of measuring the bandwidth is bits (amount of data) per second (bps).
■ BSSID: The MAC address of an access point (AP) or base station that has set up a Basic Service Set (BSS) is a Basic Service Set Identifier (BSSID). Usually users are unaware of the BSS to which they belong. When a user moves a device from one place to another, the BSS used by the device could change because there is a variation in the range covered by the AP, but which may not affect the connectivity of the wireless device.
■ ISM Band: A set of frequencies for the international industrial, scientific, and medical communities.
■ Access Point: Access point is used to connect wireless devices to a wireless/wired network. It allows wireless communication devices to connect to a wireless network through wireless standards such as Bluetooth and Wi-Fi. It serves as a switch or hub between the wired LAN and wireless network.
■ Hotspot: Places where wireless networks are available for public use. Hotspots refer to areas with Wi-Fi availability, where users can enable Wi-Fi on their devices and connect to the Internet through a hotspot.
■ Association: The process of connecting a wireless device to an access point.
■ Service Set Identifier (SSID): SSID is a 32 alphanumeric character unique identifier given to wireless local area network (WLAN) that acts as a wireless identifier on the network. The SSID permits connections to the required network among an available independent network. Devices connecting to the same WLAN should use the same SSID to establish the connection.
■ Orthogonal Frequency-division Multiplexing (OFDM): OFDM is a method of digital modulation of data in which a signal, at a chosen frequency, is split into multiple carrier frequencies that are orthogonal (occurring at right angles) to each other. OFDM maps information on the changes in the carrier phase, frequency, or amplitude, or a combination of these, and shares bandwidth with other independent channels. It produces a transmission scheme that supports higher bit rates than a parallel channel operation. It is also a method of encoding digital data on multiple carrier frequencies.
■ Multiple input, multiple output-orthogonal frequency-division multiplexing (MIMO- OFDM): MIMO-OFDM influences the spectral efficiency of 4G and 5G wireless communication services. Adopting the MIMO-OFDM technique reduces the interference and increases how robust the channel is.
■ Direct-sequence Spread Spectrum (DSSS): DSSS is a spread spectrum technique that multiplies the original data signal with a pseudo random noise spreading code. Also referred to as a data transmission scheme or modulation scheme, the technique protects signals against interference or jamming.
■ Frequency-hopping Spread Spectrum (FHSS): FHSS, also known as Frequency-Hopping Code Division Multiple Access (FH-CDMA), is a method of transmitting radio signals by rapidly switching a carrier among many frequency channels. It decreases the efficiency of unauthorized interception or jamming of telecommunications. In FHSS, a transmitter hops between available frequencies using a specified algorithm in a pseudorandom sequence known to both the sender and receiver.
Wireless Networks
In wireless networks, transmission takes place through radio wave transmission. This usually takes place at the physical layer of the network structure. Fundamental changes to data networking and telecommunication are taking place with the wireless communication revolution. Wireless Network (Wi-Fi) refers to wireless local area networks (WLAN) based on the IEEE 802.11 standard where it allows the device to access the network from anywhere within range of an access point. Wi-Fi is a widely used technology in wireless communication across a radio channel. Wi-Fi sets up numerous ways to build a connection between the transmitter and the receiver such as DSSS, FHSS, Infrared (IR), and OFDM. Devices such as a personal computer, video-game console, and smartphone use Wi-Fi to connect to a network resource such as the Internet via a wireless network access point.
Following are some of the advantages and disadvantages of wireless networks:
■ Advantages
o Installation is fast and easy and eliminates wiring through walls and ceilings
o It is easier to provide connectivity in areas where it is difficult to lay cable
o Access to the network can be from anywhere within range of an access point
o Public places like airports, libraries, schools or even coffee shops offer you constant Internet connections using Wireless LAN
■ Disadvantages
o Security is a big issue and may not meet expectations
o As the number of computers on the network increases, the bandwidth suffers
o Wi-Fi enhancements can require new wireless cards and/or access points o Some electronic equipment can interfere with the Wi-Fi networks
Wi-Fi Networks at Home and Public Places
■ Wi-Fi at home: Wi-Fi networks at home allow you to be wherever you want with your laptop, or handheld devices, and not have to make holes for or hide Ethernet cables.
■ Wi-Fi at Public Places: You can find free/paid Wi-Fi access available in coffee shops, shopping malls, bookstores, airport terminals, schools, hotels, and other public places.
Types of Wireless Networks
The following describes the types of wireless networks:
■ Extension to a Wired Network
A user can create an extension of a wired network by placing APs between the wired network and the wireless devices. A wireless network can also be created using an AP.
Types of APs include:
o Software APs (SAPs): It can be connected to a wired network, and run on a computer equipped with a wireless NIC.
o Hardware APs (HAPs): It supports most wireless features.
In this type of network, the AP acts like a switch, providing connectivity for computers that use a wireless network interface card (NIC). The AP can connect wireless clients to a wired LAN, which allows wireless computer access to LAN resources, such as file servers or internet connections.
■ Multiple Access Points
This type of network connects computers wirelessly by using multiple APs. If a single AP cannot cover an area, multiple APs or extension points can be established.
Each AP's wireless area needs to overlap its neighbor's area. This provides users the ability to move around seamlessly using a feature called roaming. Some manufacturers develop extension points that act as wireless relays, extending the range of a single AP. Multiple extension points can be strung together to provide wireless access to locations far from the central AP.
■ LAN-to-LAN Wireless Network
APs provide wireless connectivity to local computers, and local computers on different networks can be interconnected. All hardware APs have the capability to interconnect with other hardware APs. However, interconnecting LANs over wireless connections is a complex task.
■ 3G/4G Hotspot
A 3G hotspot is a type of wireless network that provides Wi-Fi access to Wi-Fi-enabled devices including MP3 players, notebooks, tablets, cameras, PDAs, netbooks, and more.
Wireless Standards
IEEE Standard 802.11 has evolved from a basic wireless extension to the wired LAN into a mature protocol that supports enterprise authentication, strong encryption, and quality of service.
When it first came out in 1997, the wireless local area network (WLAN) standard specified operation at 1 and 2 Mb/s in the infrared, as well as in the license-exempt 2.4-GHz Industrial, Scientific, and Medical (ISM) frequency band. An 802.11 network in the early days used to have a few PCs with wireless capability connected to an Ethernet (IEEE 802.3) LAN through a single network AP. Now, 802.11 networks operate at higher speeds and in additional bands. New issues have arisen such as security, roaming among multiple APs, and quality of service. Letters of the alphabet derived from the 802.11 task groups that created them represent the amendments to the standards as shown in the following figure:
■ 802.11: The 802.11 (Wi-Fi) applies to wireless LANs and uses FHSS or DSSS as the frequency-hopping spectrum. It allows the electronic device to connect to using a wireless connection that is established in any network.
■ 802.11a: It is the second extension to the original 802.11 and it operates in the 5 GHz frequency band and supports bandwidths up to 54 Mbps by using Orthogonal Frequency Division Multiplexing (OFDM). It has a fast maximum speed, but is more sensitive to walls and other obstacles.
■ 802.11b: IEEE expanded the 802.11 by creating 802.11b specifications in 1999. This standard operates in the 2.4 GHz ISM band and it supports bandwidth up to 11 Mbps by using direct-sequence spread spectrum modulation.
■ 802.lid: The 802.lid is an enhanced version of 802.11a and 802.11b. The standard supports regulatory domains. The particulars of this standard can be set at the media access control (MAC) layer.
■ IEEE 802.lie: It is used for real-time applications such as voice, VoIP, and video. To ensure that these time-sensitive applications have the network resources they need,
802.lie defines mechanisms to ensure Quality of Service (QoS) to Layer 2 of the reference model, the medium-access layer, or MAC.
■ 802.llg: It is an extension of 802.11 and supports a maximum bandwidth of 54 Mbps using the OFDM technology and uses the same 2.4 GHz band as 802.11b. The IEEE
802.llg defines high-speed extensions to 802.11b. It is compatible with the 802.11b standard, which means 802.11b devices can work directly with an 802.llg access point.
■ 802.Hi: The IEEE 802.11i standard improves WLAN security by implementing new encryption protocols such as TKIP and AES.
■ 802.lln: The IEEE 802.lln is a revision that enhances the earlier 802.11g standards with multiple-input multiple-output (MIMO) antennas. It works in both the 2.4 GHz and 5 GHz bands. This is an IEEE industry standard for Wi-Fi wireless local network transportations. Digital Audio Broadcasting (DAB) and Wireless LAN use OFDM.
■ 802.llac: It provides a high throughput network at the frequency of 5 GHz. It is faster and more reliable than the 802.11n version. The standard involves Gigabit networking that provides an instantaneous data transfer experience.
■ 802.llad: 802.Had involves the inclusion of a new physical layer for 802.11 networks. The standard works on the 60 GHz spectrum. The data propagation speed in this standard is a lot different from bands operating on 2.4 GHz and 5 GHz. With a very high frequency spectrum, the transfer speed is much higher than that of 802.11n.
■ 802.12: This standard dominates media utilization by working on the demand priority protocol. Based on this standard, the Ethernet speed increases to 100 Mbps. It is compatible with 802.3 and 802.5 standards. Users currently on those standards can directly upgrade to the 802.12 standard.
■ 802.15: It defines the standards for a wireless personal area network (WPAN). It describes the specification for wireless connectivity with fixed or portable devices.
■ 802.15.1 (Bluetooth): Bluetooth is mainly used for exchanging data over short distances on fixed and mobile devices. This standard works on a 2.4 GHz band.
■ 802.15.4 (ZigBee): The 802.15.4 has a low data rate and complexity. ZigBee is the specification used in the 802.15.4 standard. ZigBee transmits long distance data through a mesh network. The specification handles applications with a low data rate, but longer battery life. Its data rate is 250 kbits/s.
■ 802.15.5: The standard deploys itself on a full mesh or a half mesh topology. It includes network initialization, addressing, and unicasting.
■ 802.16: The IEEE 802.16 standard is a wireless communications standard designed to provide multiple physical layer (PHY) and Media Access Control (MAC) options. It is also known as WiMax. This standard is a specification for fixed broadband wireless metropolitan access networks (MANs) that use a point-to-multipoint architecture.
Service Set Identifier (SSID)
A service set identifier (SSID) is a case-sensitive human readable, 32 alphanumeric character- long unique name of a wireless local area network (WLAN). SSID is a token used to identify and locate 802.11 (Wi-Fi). By default, it is the part of the frame header of packets sent over a wireless local area network (WLAN). It acts as a single shared identifier between the access points and client. This helps the users to locate an AP to which they can attempt a subsequent AUTH and ASSOC. Security concerns arise when the user does not change default values, since these units can be easily compromised.
SSID APs respond to probe requests with probe responses that also include the SSID itself, if it is not hidden. Because SSID is the unique name given to a WLAN, all devices and APs present in WLAN must use the same SSID. Any device that wants to join the WLAN must give the unique SSID. As every user in the network needs to configure the SSID into their system's network settings, if the SSID of the network is changed, the network administrator needs to reconfigure the SSID on every client. A non-secure access mode allows clients to connect to the access point using the configured SSID, a blank SSID, or an SSID configured as "any." Unfortunately, SSID does not provide security to a WLAN, so it is easy to sniff the SSID in plain text from packets. For many commercial products, the default SSID is its vendor's name. The SSID remains secret only on the closed networks with no activity that is inconvenient to the legitimate users.
Wi-Fi Authentication Modes
Modes that perform Wi-Fi authentication include; open system authentication and shared key authentication.
■ Open System Authentication Process: In the open system authentication process, any wireless client that wants to access a Wi-Fi network sends a request to the wireless AP for authentication. In this process, the station sends an authentication management frame containing the identity of the sending station, for authentication and connection with the other wireless station. The AP then returns an authentication frame to confirm access to the requested station, and thus complete the authentication process.
■ Shared Key Authentication Process: In this process, each wireless station receives a shared secret key over a secure channel that is distinct from the 802.11 wireless network communication channels. The following steps illustrate the establishment of connection in the shared key authentication process:
o The station sends an authentication frame to the AP o The AP sends a challenge text to the station
o The station encrypts the challenge text by making use of its configured 64-bit or 128- bit key, and it sends the encrypted text to the AP.
o The AP uses its configured WEP key to decrypt the encrypted text. The AP compares the decrypted text with the original challenge text. If the decrypted text matches the original challenge text, the AP authenticates the station.
o The station connects to the network The AP can reject the station if the decrypted text does not match the original challenge text, and then the station will be unable to communicate with either the Ethernet network or the 802.11 networks.
Wi-Fi Authentication Process Using a Centralized Authentication Server
The 802.IX standard provides centralized authentication. For 802.1X authentication to work on a wireless network, the AP must be able to securely identify the traffic from a specific wireless client. In this Wi-Fi authentication process, a centralized authentication server known as Remote Authentication Dial in User Service (RADIUS) sends authentication keys to both the AP and to clients that want to authenticate with the AP. This key enables the AP to identify a particular wireless client.
Types of Wireless Antennas
Antennas are an integral part of Wi-Fi networks. They send and receive radio signals. They convert electrical impulses into radio signals and vice versa. The types of wireless antennas include:
■ Directional Antenna
A directional antenna can broadcast and receive radio waves from a single direction. In order to improve the transmission and reception, the directional antenna's design allows it to work effectively in only a few directions. This also helps in reducing interference.
■ Omnidirectional Antenna
Omnidirectional antennas radiate electromagnetic energy in all directions. It provides a 360-degree horizontal radiation pattern. They usually radiate strong waves uniformly in two dimensions, but not as strongly in the third. These antennas are efficient in areas where wireless stations use time division multiple access technology. A good example of an omnidirectional antenna is one used by radio stations. These antennas are effective for radio signal transmission because the receiver may not be stationary. Therefore, a radio can receive a signal regardless of where it is.
■ Parabolic Grid Antenna
A parabolic grid antenna uses the same principle as a satellite dish but it does not have a solid backing. It consists of a semi-dish that is in the form of a grid made of aluminum wire. These parabolic grid antennas can achieve very long-distance Wi-Fi transmissions by making use of a highly focused radio beam. This type of antenna is useful for transmitting weak radio signals over very long distances—on the order of 10 miles.
This enables attackers to get better signal quality, resulting in more data on which to eavesdrop, more bandwidth to abuse, and higher power output that is essential in Layer 1 Denial of Service (DoS) and man-in-the-middle (MITM) attacks. The design of this antenna saves weight and space, and it can pick up Wi-Fi signals that are either horizontally or vertically polarized.
■ Yagi Antenna
A Yagi, also called as Yagi Uda antenna, is a unidirectional antenna commonly used in communications for a frequency band of 10 MHz to VHF and UHF. Improving the gain of the antenna and reducing the signal-to-noise (SNR) level of a radio signal are the focus of this antenna. It not only has a unidirectional radiation and response pattern, but it also concentrates the radiation and response. It consists of a reflector, dipole, and many directors. This antenna develops an end fire radiation pattern.
■ Dipole Antenna
A dipole is a straight electrical conductor measuring half of a wavelength from end to end and connected at the RF feed line's center. Also called as a doublet, the antenna is bilaterally symmetrical, so it is inherently a balanced antenna. This kind of antenna feeds on a balanced parallel-wire RF transmission line.
■ Reflector Antennas
Reflector antennas are used to concentrate EM energy that is radiated or received at a focal point. These reflectors are generally parabolic. If the surface of the parabolic antenna is within the tolerance limit, it can be used as a primary mirror for all the frequencies. This can prevent interference while communicating with other satellites. The larger the antenna reflector in terms of wavelengths, the higher the gain. Reflector antennas reflect radio signals and the manufacturing cost of the antenna is high.
Wireless Encryption
Wireless Encryption is a process of protecting the wireless network from attackers who try to collect sensitive information by breaching the RF (Radio Frequency) traffic. This section provides insight into various wireless encryption standards such as WEP, WPA and WPA2, and WEP issues.
Types of Wireless Encryption
Attacks on wireless networks are increasing daily with the increasing use of wireless networks. Encrypting the information before it is transmitted on a wireless network is the most popular way of protecting wireless networks against attackers. There are several types of wireless encryption algorithms that can secure the wireless network. Each wireless encryption algorithm has advantages and disadvantages.
■ 802.Hi: It is an IEEE amendment that specifies security mechanisms for 802.11 wireless networks.
■ WEP: WEP is an encryption algorithm for IEEE 802.11 wireless networks. It is an old and original wireless security standard, which can be cracked easily.
■ LEAP: It is a proprietary version of EAP developed by Cisco.
■ WPA: It is an advanced wireless encryption protocol using TKIP and MIC to provide stronger encryption and authentication. It uses a 48 bit IV, 32 bit CRC and TKIP encryption for wireless security.
■ TKIP: A security protocol used in WPA as a replacement for WEP.
■ WPA2: It is an upgrade to WPA using AES and CCMP for wireless data encryption. ■ AES: It is a symmetric-key encryption, used in WPA2 as a replacement of TKIP.
■ CCMP: It is an encryption protocol used in WPA2 for stronger encryption and authentication.
■ WPA2 Enterprise: It integrates EAP standards with WPA2 encryption.
■ EAP: Supports multiple authentication methods, such as token cards, Kerberos, certificates, etc.
■ RADIUS: It is a centralized authentication and authorization management system.
■ PEAP: It is a protocol that encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel.
Main Goals of WEP
■ Confidentiality: It prevents link-layer eavesdropping
■ Access Control: It determines who may access data
■ Data Integrity: It protects the change of data by a third party ■ Efficiency
Key points
It was developed without:
■ Academic or public review ■ Review from cryptologists.
It has significant vulnerabilities and design flaws
■ WEP is a stream cipher that uses RC-4 to produce a stream of bytes that are XORed with plaintext
The length of the WEP and the secret key are: ■ 64-bit WEP uses a 40-bit key
■ 128-bit WEP uses a 104-bit key size ■ 256-bit WEP uses 232-bit key size
WEP Flaws
Some basic flaws undermine WEP's ability to protect against a serious attack:
■ No defined method for encryption key distribution:
o Pre-shared keys are set once at installation and are rarely (if ever) changed
o It is easy to recover the number of plaintext messages encrypted with the same key ■ RC4 was designed to be used in a more randomized environment than WEP utilized:
o As the pre-shared key is rarely changed, the same key is used over and over o An attacker monitors the traffic and finds different ways to work with the plaintext
message
o With knowledge of the ciphertext and plaintext, an attacker can compute the key ■ Attackers analyze the traffic from passive data captures and crack WEP keys with the
help of tools such as AirSnort, WEPCrack, and dweputils. ■ Key scheduling algorithms are also vulnerable to attack.
How WEP Works
■ CRC-32 checksum is used to calculate a 32-bit Integrity Check Value (ICV) for the data, which, in turn, is added to the data frame
■ A 24-bit arbitrary number known as Initialization Vector (IV) is added to the WEP key; WEP key and IV are together called as WEP seed
■ The WEP seed is used as the input to RC4 algorithm to generate a key stream (key stream is bit-wise XORed with a combination of data and ICV to produce the encrypted data)
■ The IV field (IV+PAD+KID) is added to the cipher text to generate a MAC frame
WPA (Wi-Fi Protected Access) Encryption
WPA stands for Wi-Fi Protected Access. It is a security protocol defined by 802.11i standards. In the past, the primary security mechanism used between wireless APs and wireless clients was WEP encryption. The major drawback for WEP encryption is that it still uses a static encryption key. The attacker can exploit this weakness by using tools that are freely available on the Internet. IEEE defines WPA as "an expansion to the 802.11 protocols that can allow for increased security." Nearly every Wi-Fi manufacturer provided WPA.
WPA has better data encryption security than WEP, as messages pass through a Message Integrity Check (MIC) using the Temporal Key Integrity Protocol (TKIP). It uses a Temporal Key Integrity Protocol (TKIP) that utilizes the RC4 stream cipher encryption with 128-bit keys and 64-bit MIC integrity check to provide stronger encryption, and authentication. It is a snapshot of 802.Hi providing stronger encryption, and enabling PSK or EAP authentication. WPA uses TKIP for data encryption, which eliminates the weaknesses of WEP by including per-packet mixing functions, message integrity checks, extended initialization vectors and re-keying mechanisms.
WEP normally uses a 40-bit or 104-bit encryption key, whereas TKIP uses 128-bit keys for each packet. The message integrity check for WPA avoids the chances of the attacker changing or resending the packets.
■ Temporal Key Integrity Protocol (TKIP): TKIP is used in a unicast encryption key, which changes the key for every packet, thereby enhancing the security. This change in the key for each packet is automatically coordinated between the wireless client and the AP. TKIP uses a Michael Integrity Check algorithm with a message integrity check key to generate the MIC value. It utilizes the RC4 stream cipher encryption with 128-bit keys and a 64-bit MIC integrity check. It mitigated vulnerability by increasing the size of the IV and using mixing functions. Under TKIP, the client starts with a 128-bit "temporal key"
(TK) that is then combined with the client's MAC address and with an IV to create a keystream that is used to encrypt data via the RC4. It implements a sequence counter to protect against replay attacks. TKIP enhances WEP by adding a rekeying mechanism to provide fresh encryption and integrity keys. Temporal keys are changed for every 10,000 packets. This makes TKIP-protected networks more resistant to cryptanalytic attacks involving key reuse.
Temporal Keys: Encryption is a necessary component of a Wireless LAN. WEP was once the fundamental encryption mechanism but as flaws are present in WEP encryption, Wi Fi networks now use a new enhanced encryption mechanism, the WPA protocol. All newly deployed equipment uses either TKIP (WPA) or AES (WPA2) encryption to ensure WLAN security. In case of the WEP encryption mechanism, the protocol derives encryption keys (Temporal Keys) from the Pairwise Master Key (PMK), which arises during the EAP authentication session, whereas the protocol obtains the encryption keys during the four-way handshake in the WPA and WPA2 encryption mechanisms. In the EAP success message, PMK is sent to the AP but is not directed to the Wi-Fi client as it has derived its own copy of the PMK.
Installation of Temporal keys follows the procedure shown in the below diagram:
Network
FIGURE 16.2: Working of temporal keys
o AP sends an ANonce to client, which uses it to construct the Pairwise Transient Key (PTK)
o Client responds with its own nonce-value (SNonce) to the AP together with a Message Integrity Code (MIC)
o AP sends the GTK and a sequence number together with another MIC, which is used in the next broadcast frames
o Client confirms that the temporal keys are installed
■ Temporal encryption key, transmit address, and TKIP sequence counter (TSC) are used as input to the RC4 algorithm to generate a Keystream
o The IV or Temporal key sequence, transmit address or the MAC destination address and temporal key are combined with a hash function or a mixing function to generate a 128- bit and a 104-bit key
o This key is then combined with RC4 to produce the keystream, which should be the same length as the original message
■ MAC Service Data Unit (MSDU) and message integrity check (MIC) are combined using the Michael algorithm
■ The combination of MSDU and MIC is fragmented to generate the MAC Protocol Data Unit(MPDU)
■ A 32-bit Integrity Check Value (ICV) is calculated for the MPDU
■ The combination of MPDU and ICV is bitwise XORed with Keystream to produce the encrypted data
■ The IV is added to the encrypted data to generate the MAC frame
WPA2 (Wi-Fi Protected Access 2) Encryption
WPA2 (Wi-Fi Protected Access 2) is a security protocol used to safeguard the wireless networks and has replaced WPA technology in 2006. It is compatible with the 802.11i standard and supports many security features that WPA does not support. WPA2 introduces the use of the National Institute of Standards and Technology (NIST) FIPS 140-2-compliant AES encryption algorithm, a strong wireless encryption, and Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP). It provides stronger data protection and network access control. It gives a high level of security to Wi-Fi connections, so that only authorized users can access it.
Modes of Operations
WPA2 offers two modes of operation that include:
■ WPA2-Personal: WPA2-Personal uses a set-up password (Pre-shared Key, PSK) to protect unauthorized network access. Each wireless device uses the same 256-bit key generated from a password to authenticate with the AP. In the PSK mode, each wireless network device encrypts the network traffic using a 128-bit key that is derived from a passphrase of 8 to 63 ASCII characters. The router uses the combination of passphrase, network SSID, and TKIP to generate a unique encryption key for each wireless client. These encryption keys keep changing constantly.
■ WPA2-Enterprise: WPA2-Enterprise uses EAP or RADIUS for centralized client authentication using multiple authentication methods, such as token cards, Kerberos, and certificates. WPA Enterprise assigns a unique ciphered key to every system and hides it from the user in order to provide additional security and to prevent sharing of keys. Users are allocated login credentials by a centralized server, which they must present when connecting to the network.
During CCMP implementation, additional authentication data (AAD) is generated using a MAC header, and is included in the encryption process that uses both AES and CCMP encryptions. Because of this, it protects the non-encrypted portion of the frame from any alteration or distortion. The protocol uses a sequenced packet number (PN) and a portion of the MAC header to generate a nonce that it uses in the encryption process. The protocol gives plaintext data, and temporal keys, AAD, and Nonce as an input are used for data encryption process that uses both AES and CCMP algorithms.
A PN is included in the CCMP header to protect against replay attacks. The resultant data from the AES and CCMP algorithms produces encrypted text and an encrypted MIC value. Finally, the assembled MAC header, CCMP header, encrypted data and encrypted MIC forms the WPA2 MAC frame. The following diagram depicts the workings of WPA2.
WEP vs. WPA vs. WPA2
WEP initially provided data confidentiality on wireless networks, but it was weak and failed to meet any of its security goals. WPA fixes most of WEP’s problems. WPA2 makes wireless networks almost as secure as wired networks. WPA2 supports authentication, so that only authorized users can access the network. WEP should be replaced with either WPA or WPA2 in order to secure a Wi-Fi network. Both WPA and WPA2 incorporate protections against forgery and replay attacks. The table in the slide provides a comparison between WEP, WPA, and WPA2 with respect to encryption algorithm used, size of Encryption Key and the initialization vector (IV) it produces.
WEP Issues
Why is WEP encryption not sufficient to secure wireless networks? The answers lie in the issues and anomalies of WEP, including:
■ CRC32 is not sufficient to ensure complete cryptographic integrity of a packet: By capturing two packets, an attacker can reliably flip a bit in the encrypted stream, and modify the checksum so that the packet is accepted.
■ IVs are 24 bits: An AP broadcasting 1500-byte packets at 11 Mb/s would exhaust the entire IV Space in five hours.
■ Known plaintext attacks: When there is an IV collision, it becomes possible to reconstruct the RC4 key stream based on the IV and the decrypted payload of the packet.
■ Dictionary attacks: WEP is based on a password, prone to password cracking attacks. The small space of the initialization vector allows the attacker to create a decryption table, which is a dictionary attack.
■ Denial of Service: Associate and disassociate messages are not authenticated.
■ Eventually, an attacker can construct a decryption table of reconstructed key streams: With about 24 GB of space, an attacker can use this table to decrypt WEP packets in real-time.
■ A lack of centralized key management makes it difficult to change WEP keys with any regularity
■ IV is a value that is used to randomize the key stream value and each packet has an IV value: The standard IV allows only a 24-bit field, is too small, and is sent in the cleartext.
portion of a message which is used within hours at a busy AP. IV is a part of the RC4 encryption key, leads to an analytical attack that recovers the key after intercepting and analyzing a relatively small amount of traffic. Identical key streams are produced with the reuse of the same IV for data protection, as the IV short key streams are repeated within a short time. Wireless adapters from the same vendor may all generate the same IV sequence. This enables attackers to determine the key stream and decrypt the ciphertext
■ The standard does not dictate that each packet must have a unique IV, so vendors use only a small part of the available 24-bit possibilities: A mechanism that depends on randomness is not random at all, and attackers can easily figure out the key stream and decrypt other messages.
■ Use of RC4 was designed to be a one-time cipher and not intended for multiple
message use
■ An attacker can construct a decryption table of the reconstructed key stream and can use it to decrypt the WEP Packets in real-time
Since most organizations have configured their network clients and APs to use the same shared key, or the four default keys, the randomness of the key stream relies on the uniqueness of the IV value. The use of IV and a key ensures that the key stream for each packet is different, but in most cases, the IV changes while the key remains constant. Since there are only two main components to this encryption process and only one stays constant, the randomization of the process decreases to an unacceptable level. A busy AP can use all 224 available IV values within hours, which requires the reuse of IV values. Repetition in a process that relies on randomness, leading to failure.
What makes the IV issue worse is that the 802.11 standard does not require each packet to have a different IV value, which is similar to having a "Beware of Dog" sign posted but only a Chihuahua to provide a barrier between intruders and the valued assets. In many implementations, the IV value changes only when the wireless NIC reinitializes, usually during a reboot. IV values with 24 bits provide enough possible IV combination values, but most implementations use a handful of bits; thus, not even utilizing all that are available to them.
Weak Initialization Vectors (IV)
One of the reasons an attacker can crack WEP encryption is that it produces weak initialization vectors. The reasons for generating weak initialization vectors in WEP include:
■ To generate different packets in WEP, the RC4 algorithm uses a Key Scheduling Algorithm (KSA) to create an IV and adds it to the base key, which makes the first few bytes of plaintext easily predictable.
■ The IV value is not explicit to the network, so the same IV can be used with the same secret key on multiple wireless devices.
■ The way the IV is appended to the beginning of the security key makes it vulnerable to Fluhrer-Mantin-Shamir (FMS) attacks, which allow attackers to execute script tools to crack the secret key by examining the link.
■ Most of the weak IVs depends on a WEP key and reveal accurate information about the key bytes from the first RC4 output byte, as well as smaller clues from other bytes.
■ Using additional processing on the recovered bytes, parts of Pseudo Random Generation Algorithm (PRGA) can be emulated to extract key information in the byte of an IV.
■ There is no effective detection of message tampering. Although methods such as checksum and ICV can check message integrity, they have some drawbacks. Some secure methods for computing MIC require high computational processing when introduced to TKIP.
■ It directly uses the master key and has no built-in provision to update the keys A security flaw in the WEP implementation of RC4 results in the generation of weak IVs, which attackers can easily exploit to deduce the base WEP key. An attacker can use WLAN sniffing tools to capture packets encrypted with the same key, and use tools like Aircrack-ng, WEPcrack, etc., to decrypt the weak IVs, thereby exposing the base WEP key.
Wireless Threats
Previous sections discussed basic wireless concepts and wireless security mechanisms such as encryption algorithms that secure wireless network communications. To secure wireless networks, a network administrator needs to understand the various possible inabilities (weaknesses) of encryption algorithms that lure attackers to crack wireless communications. The wireless network can be at risk to various types of attacks, including access control attacks, integrity attacks, confidentiality attacks, availability attacks, authentication attacks, etc. This section will discuss types of security risks, threats, and attacks associated with wireless networks.
Wireless Threats Access Control Attacks
Wireless access control attacks aim to penetrate a network by evading wireless LAN access control measures, such as AP MAC filters and Wi-Fi port access controls. There are several types of access control attacks, including:
■ War Driving: In a wardriving attack, wireless LANS are detected either by sending probe requests over a connection or by listening to web beacons. An attacker who discovers a penetration point can launch further attacks on the LAN. Some of the tools that the attacker may use to perform wardriving attacks are KisMAC, NetStumbler, etc.
■ Rogue Access Points: In order to create a backdoor into a trusted network, an attacker may install an unsecured AP or fake AP inside a firewall. The attacker may also use any software or hardware APs to perform this kind of attack. A wireless access point is termed as a rogue access point when it is installed on a trusted network without authorization. An inside or outside attacker can install rogue access points on your trusted network for malicious intention.
■ MAC Spoofing: Using the MAC spoofing technique, an attacker can reconfigure a MAC address to appear as an authorized AP to a host on a trusted network. The attacker may use tools such as SMAC to perform this kind of attack.
■ AP Misconfiguration: If the user improperly configures any of the critical security settings at any of the APs, the entire network could be open to vulnerabilities and attacks. The AP cannot trigger alerts in most intrusion-detection systems, as the system recognizes them as a legitimate device.
■ Ad Hoc Associations: An attacker may carry out this kind of attack by using any USB adapter or wireless card. The attacker connects the host is to an unsecured client to attack a specific client or to avoid AP security.
■ Promiscuous Client: Using a promiscuous client, an attacker exploits a behavior of 802.11 wireless cards: they always try to find a stronger signal with which to connect. An attacker places an AP near the target Wi-Fi network and gives it a common SSID name, and then offers an irresistibly stronger signal and higher speed than the target Wi-Fi network. The intent is to lure the client to connect to the attacker's AP rather than legitimate Wi-Fi network. Promiscuous clients allow an attacker to transmit target network traffic through a fake AP. It is very similar to the evil twin threat on wireless network, in which an attacker launches an AP that poses as an authorized AP by beaconing the WLAN's SSID
■ Client Mis-Association: The client may connect or associate with an AP outside the legitimate network, intentionally or accidentally. This is because the WLAN signals travel in the air, through walls and other obstructions. This kind of client mis-association thus can lead to access control attacks.
■ Unauthorized Association: Unauthorized association is the major threat to a wireless network. Prevention of this kind of attack depends on the method or technique that the attacker uses to get associated with the network.
Integrity Attacks
An integrity attack involves changing or altering data during transmission. In wireless integrity attacks, attackers send forged control, management, or data frames over a wireless network to misdirect wireless devices in order to perform another type of attack (e.g., DoS).
Confidentiality Attacks
These attacks attempt to intercept confidential information sent over a wireless network, regardless of whether the system transmits data in clear text or encrypted format. If the system transmits data in encrypted format, an attacker will try to break the encryption (such as WEP or WPA). Confidentiality attacks on wireless networks Include:
Availability Attacks
Availability attacks aim at obstructing the delivery of wireless services to legitimate users, either by crippling those resources or by denying them access to WLAN resources. This attack makes wireless network services unavailable to legitimate users. Attackers can perform these types of attacks in various ways that result in obstructing the availability of wireless networks. Availability attacks include:
Authentication Attacks
The objective of authentication attacks is to steal the identity of Wi-Fi clients, their personal information, login credentials, etc. to gain unauthorized access to network resources.
Rogue Access Point Attack
APs connect to client NICs by authenticating with the help of SSIDs. Unauthorized (or rogue) APs can allow anyone with an 802.11-equipped device to connect to the corporate network. An unauthorized AP can give an attacker access to the network. With the help of wireless sniffing tools, the following can be determined from APs: authorized MAC address, vendor name, and security configurations. An attacker can then create a list of MAC addresses of authorized APs on the target LAN, and crosscheck this list with the list of MAC addresses found by sniffing.
An attacker can then create a rogue AP and place it near the target corporate network. Attackers use the rogue AP placed into an 802.11 network to hijack the connections of legitimate network users. When a user turns on a computer, the rogue AP will offer to connect with the network user's NIC. The attacker lures the user to connect to the rogue AP by sending an SSID. If the user connects to the rogue AP as a legitimate AP, all the traffic the user enters will pass through the rogue AP, thus enabling a form of wireless packet sniffing. The sniffed packets may even contain username and passwords.
Client Mis-association
Mis-association is a security flaw that can occur when a network client connects with a neighboring AP. Client mis-associations can happen for a number of reasons such as misconfigured clients, insufficient coverage of corporate Wi-Fi, lack of Wi-Fi policy, restrictions on use of internet in the office, ad-hoc connections that administrators do not manage very often, attractive SSIDs, etc. This can happen with or without the knowledge of the wireless client and the rogue AP.
To perform client mis-association, an attacker sets up a rogue AP outside the corporate perimeter. The attacker first learns the SSID of the target wireless network. Using a spoofed SSID, the attacker may then send beacons advertising the rogue AP, in order to lure clients to connect. The attacker can use this as a channel to bypass enterprise security policies. Once a client connects to the rogue AP, an attacker can retrieve sensitive information such as user names and passwords by launching MITM, EAP dictionary, or Metasploit attacks to exploit client mis-association.
Misconfigured Access Point Attack
Most organizations spend significant amounts of time defining and implementing Wi-Fi security policies, but it may be possible for a client of a wireless network to change the security setting on AP unintentionally. This in turn may lead to misconfigurations in APs. A misconfigured AP can expose an otherwise well-secured network to attacks.
It is difficult to detect a misconfigured AP, as it is an authorized, legitimate device on the network. Attackers can easily connect to the secured network through misconfigured APs, and the device continues to function normally as it will not trigger any alerts even if the attacker uses it to compromise security. Many organizations fail to maintain Wi-Fi security policies and do not take proper measures to eliminate this flaw in security configurations.
As the Wi-Fi networks of organizations expand to more locations and more devices, misconfigured APs become increasingly dangerous. Some of the key elements that play an important role in this kind of attack include:
■ SSID Broadcast: An attacker configures APs to broadcast SSIDs to authorized users. All AP models come with their own default SSID; and APs with default configurations using default SSIDs are vulnerable to a brute force dictionary attack. Even if the users enable WEP, the unencrypted SSID broadcasts the password in plaintext.
■ Weak Password: Some network administrators incorrectly use the SSIDs as basic passwords to verify authorized users. SSIDs act as rudimentary passwords and help network administrators to recognize authorized wireless devices in the network.
■ Configuration Error: Some configuration errors include errors made during installation, configuration policies on an AP, human errors made while troubleshooting WLAN problems, security changes not implemented uniformly across an architecture, etc. SSID
broadcasting is a configuration error that assists attackers in stealing an SSID, which makes AP assume that the attacker is attempting a legitimate connection.
Unauthorized Association
Unauthorized association is a major threat to a wireless network. It may take two forms: accidental association or malicious association. An attacker performs malicious association with the help of soft APs instead of corporate APs. An attacker creates a soft AP, typically on a laptop, by running some tool that makes the laptop's NIC look like a legitimate AP. The attacker then uses the soft AP to gain access to the target wireless network. Software APs are available on client cards or embedded WLAN radios in some PDAs and laptops that an attacker can launch directly or through a virus program. The attacker infects the victim's machine and activates soft APs, allowing an unauthorized connection to the enterprise network. An attacker who gains access to the network using unauthorized association can may steal passwords, launch attacks on the wired network, or plant Trojans.
Another type of unauthorized association is accidental association, which involves connecting to the target network's AP from a neighboring organization's overlapping network without the victim's knowledge.
Ad Hoc Connection Attack
Wi-Fi clients communicate directly via an ad hoc mode that does not require an AP to relay packets. Networks in ad hoc mode can conveniently share information among clients. To share audio/video content among clients, most Wi-Fi users use ad hoc networks. Sometimes an attacker can force a network to enable ad hoc mode. Some network resources are accessible only in ad hoc mode, but this mode is inherently insecure and does not provide strong authentication and encryption. Thus, an attacker can easily connect to and compromise a client operating in ad hoc mode.
An attacker who penetrates a wireless network can also use an ad-hoc connection to compromise the security of the organization's wired LAN.
Honeypot Access Point Attack
If multiple WLANs co-exist in the same area, a user can connect to any available network. This kind of multiple WLAN is more vulnerable to attacks. Normally, when a wireless client switches on, it probes nearby wireless network for a specific SSID. An attacker takes advantage of this behavior of wireless clients by setting up an unauthorized wireless network using a rogue AP. This AP has high-power (high gain) antennas and uses the same SSID of the target network. Users who regularly connect to multiple WLANs may connect to the rogue AP. These APs mounted by the attacker are called "honeypot" APs. They transmit a stronger beacon signal than the legitimate APs. NICs searching for the strongest available signal may connect to the rogue AP. If an authorized user connects to a honeypot AP, it creates a security vulnerability and reveals sensitive user information such as identity, user name, and password to the attacker.
AP MAC Spoofing
In wireless networks, the APs transmit probes respond (beacons) to advertise their presence and availability. The probe responses contain information about the AP identity (MAC address), and the identity of the network it supports (SSID). The clients in the vicinity connect to the network through these beacons based on the MAC address and the SSID that it contains. Many software tools and APs allow setting user-defined values for the MAC addresses and SSIDs of AP devices. An attacker can spoof the MAC address of the AP by programming a rogue AP to advertise the same identity information as that of the legitimate AP. An attacker connected to the AP as the authorized client can have full access to the network.
This type of attack succeeds when the target wireless network uses MAC filtering to authenticate their clients (users).
Denial-of-Service Attack
Wireless networks are susceptible to DoS attacks. These networks operate in unlicensed bands and data transmission takes the form of radio signals. The designers of the MAC protocol aimed at keeping it simple, but the protocol has its own set of flaws that is vulnerable to DoS attacks. WLANs usually carry mission-critical applications such as VoIP, database access, project data files, and internet access. Disrupting these applications on WLANs by DoS attack is easy. This can cause loss of productivity or network downtime. Examples of MAC DoS attacks are de authentication flood attacks, virtual jamming, and association flood attacks.
Wireless DoS attacks disrupt network wireless connections by sending broadcast de authenticate commands. Transmitted de-authentication forces the clients to disconnect from the AP.
Key Reinstallation Attack (KRACK)
KRACK attack stands for Key Reinstallation Attack. This attack exploits the flaws present in the implementation of a 4-way handshake process in WPA2 authentication protocol that is used to establish a connection between a device and the Access Point (AP). All secure Wi-Fi networks use the 4-way handshake process to join the protected network and to generate a fresh encryption key that will be used to encrypt the network traffic.
The attacker exploits the 4-way handshake of the WPA2 protocol by forcing Nonce reuse where he captures the victim's ANonce key that is already in use, to manipulate and replay cryptographic handshake messages. This attack works against all the modern protected Wi-Fi networks (Both WPA1 and WPA2), personal and enterprise networks, Ciphers WPA-TKIP, AES- CCMP, and GCMP. It allows the attacker to steal sensitive information such as credit card numbers, passwords, chat messages, emails, and photos. Any device that runs Android, Linux, Windows, Apple, OpenBSD, or MediaTek are vulnerable to some variant of the KRACK attack.
Wi-Fi Jamming Devices
An attacker can jam a wireless network by using a Wi-Fi jammer. This device uses the same frequency band as that of a trusted network. This causes interference to the legitimate signal and temporarily disrupts the network service.
Wireless Hacking Methodology
To hack wireless networks, an attacker follows a hacking methodology. This process provides systematic steps to perform a successful attack on a target wireless network. This section will explain the steps of wireless hacking methodology.
A wireless hacking methodology helps an attacker to reach the goal of hacking a target wireless network. An attacker who does not follow a methodology may fail to hack a wireless network.
-Auther by:
Niraj
