Legacy Wireless Security
The original 802.11 standard defined very little in terms of security. The authentication methods first outlined in 1997 basically provided an open door into the network infrastructure. The encryption method defined in the original 802.11 standard has long been cracked and is considered inadequate for data privacy.
In the following, we will learn about the legacy authentication and encryption methods that were the only defined standards for 802.11 wireless security from 1997 until 2004.
Legacy Authentication
The original 802.11 standard specifies two different methods of authentication: Open System authentication and Shared Key authentication. Open System authentication provides authentication without performing any type of client verification.
It is essentially a two-way exchange between the client and the access point. The client sends an authentication request and the access point then sends an authentication response.
Because Open System authentication does not require the use of any credentials, every client gets authenticated and therefore authorized onto network resources once they have been associated.
Static WEP encryption is optional with Open System authentication but may be used to encrypt the data frames after Open System authentication and association occur.
Shared Key authentication uses Wired Equivalent Privacy (WEP) to authenticate client stations and requires that a static WEP key be configured on both the station and the access point.
In addition to WEP being mandatory, authentication will not work if the static WEP keys do not match. The authentication process is similar to Open System authentication but includes a challenge and response between the radio cards.
Shared Key authentication is a four-way authentication frame handshake. The client station sends an authentication request to the access point and then the access point sends a cleartext challenge to the client station in an authentication response.
The client station then encrypts the cleartext challenge and sends it back to the access point in the body of another authentication request frame. The access point decrypts the station’s response and compares it to the challenge text.
If they match, the access point will respond by sending a fourth and final authentication frame to the station confirming the success. If they do not match, the access point will respond negatively.
If the access point cannot decrypt the challenge, it will also respond negatively. If Shared Key authentication is successful, the same static WEP key that was used during the Shared Key authentication process will also be used to encrypt the 802.11 data frames.
Although it might seem that Shared Key authentication is a more secure solution than Open System authentication, in reality Shared Key could be the bigger security risk.
Anyone who captures the cleartext challenge phrase and then captures the encrypted challege phrase in the response frame could potentially derive the static WEP key.
If the static WEP key is compromised, then a whole new can of worms has been opened because now all the data frames can be decrypted. Neither of the legacy authentication methods is considered strong enough for enterprise security.
Static WEP Encryption
Wired Equivalent Privacy (WEP) is a layer 2 encryption method that uses the RC4 streaming cipher. The original 802.11 standard defined 64-bit WEP as the default encryption method. The three main intended goals of WEP encryption include confidentiality, access control, and data integrity.
The primary goal of confidentiality was to provide data privacy by encrypting the data before transmission. WEP also provides access control, which is basically a crude form of authorization. Client stations that do not have the same matching static key as an access point are refused access to network resources.
A data integrity checksum known as the Integrity Check Value (ICV) is computed on data before encryption and used to prevent data from being modified.
While 64-bit WEP is defined by the 802.11 standard, once the U.S. government loosened export restrictions on key size, radio card manufacturers began to produce equipment that used 128-bit WEP encryption.
Because 128-bit WEP encryption is not defined by the standard, there is a small chance that equipment from different vendors using 128-bit WEP will not be compatible. As pictured in Figure below, 64-bit WEP uses a secret 40-bit static key, which is combined with a 24-bit number that is selected by the card’s device drivers.
This 24-bit number, known as the Initialization Vector (IV) , is sent in cleartext and is different on every frame. Although the IV is said to be different on every frame, there are only 16,777,216 different IV combinations, therefore you are forced to reuse the IV values.
The effective key strength of combining the IV with the 40-bit static key is 64 bit encryption. 128-bit WEP encryption uses a 104-bit secret static key that is also combined with a 24-bit Initialization Vector.
A static WEP key can be entered as hexadecimal (hex) characters (0–9 and A–F) or ASCII characters. The static key must match on both the access point and the client device.
A 40-bit static key consists of 10 hex characters or 5 ASCII characters, while a 104-bit static key consists of 26 hex characters or 13 ASCII characters. Not all client stations or access points support both hex and ASCII.
Most clients and access points support the use of up to four separate static WEP keys from which a user can choose as the default transmission key. The transmission key is the static key that is used to encrypt data by the transmitting radio.
A client or access point may use one key to encrypt outbound traffic and a different key to decrypt received traffic. However, all keys much match exactly on both sides of a link for encryption/decryption to work properly.
How does WEP work? WEP runs a cyclic redundancy check (CRC) on the plaintext data that is to be encrypted and then appends the Integrity Check Value (ICV) to the end of the plaintext data.
A 24-bit cleartext Initialization Vector (IV) is then generated and combined with the static secret key. WEP then uses both the static key and the IV as seeding material through a pseudo-random algorithm that generates random bits of data known as a keystream.
These pseudo-random bits are equal in length to the plaintext data that is to be encrypted. The pseudo-random bits in the keystream are then combined with the plaintext data bits using a Boolean XOR process.
The end result is the WEP ciphertext, which is the encrypted data. The encrypted data is then prefixed with the cleartext IV. Figure below illustrates this process.
Unfortunately, WEP has quite a few weaknesses, including the following four main attacks: IV collisions attack Because the 24-bit Initialization Vector is in cleartext and is different in every frame, in a busy WEP encrypted network, all 16 million IVs will eventually repeat themselves.
Due to the limited size of the IV space, IV collisions occur, and an attacker can recover the secret key much easier when IV collisions occur in wireless networks. Weak key attack Due to the RC4 key-scheduling algorithm, weak IV keys are generated.
An attacker can recover the secret key much easier by recovering the known weak IV keys.
- Re-injection attack Hacker tools exist that implement a packet re-injection attack to accelerate the collection of weak IVs on a network with little traffic.
- Bit-flipping attack The ICV data integrity check is considered weak. WEP encrypted packets can be tampered with.
Current WEP cracking tools may use a combination of the first three mentioned attacks and can crack WEP in less than 5 minutes time. Once an attacker has compromised the static WEP key, any data frame can be decrypted with the newly discovered key.
CCMP encryption uses the AES algorithm and is an even stronger encryption method. As defined by the original 802.11 standard, WEP encryption is considered optional and is not required.
Although WEP encryption has indeed been cracked and is viewed as unacceptable in the enterprise, it is still better than using no encryption at all.
MAC Filters
Every network card has a physical address known as a MAC address. This address is a 12-digit hexadecimal number. 802.11 client stations each have unique MAC addresses, and as you have already learned, 802.11 access points use MAC addresses to direct frame traffic.
Most vendors provide MAC filtering capabilities on their access points. MAC filters can be configured to either allow or deny traffic from specific MAC addresses. Most MAC filters apply restrictions that will allow traffic only from specific client stations to pass through based on their unique MAC addresses.
Any other client stations whose MAC addresses are not on the allowed list will not be able to pass traffic through the virtual port of the access point and onto the distribution system medium.
It should be noted that MAC addresses can be “spoofed,” or impersonated, and any amateur hacker can easily bypass any MAC filter by spoofing an allowed client station’s address.
Because of spoofing and because of all the administrative work that is involved with setting up MAC filters, MAC filtering is not considered a reliable means of security for wireless enterprise networks. The 802.11 standard does not define MAC filtering and any implementation of MAC filtering is vendor specific.
SSID Cloaking
Remember in Star Trek when the Klingons “cloaked” their spaceship but somehow Captain Kirk always found the ship anyway? Well there is a way to “cloak” your service set identifier (SSID).
Access points typically have a setting called Closed Network or Broadcast SSID. By either enabling a closed network or disabling the broadcast SSID feature, you can hide, or cloak, your wireless network name.
When you implement a closed network, the SSID field in the beacon frame is null (empty), and therefore passive scanning will not reveal the SSID to client stations that are listening to beacons.
Many wireless client software utilities transmit probe requests with null SSID fields when actively scanning for access points. Additionally, there is a very popular and freely available software program called NetStumbler that is used by individuals to discover wireless networks.
NetStumbler also sends out null probe requests actively scanning for access points. When you implement a closed network, the access point responds to null probe requests with null probe responses, and therefore the SSID is hidden to client stations that are using active scanning.
Effectively, your wireless network is temporarily invisible, or cloaked. An access point in a closed network will respond to any configured client station that transmits probe requests with the properly configured SSID.
This ensures that legitimate end users will be able to authenticate and associate to the AP. However, any stations that are not configured with the correct SSID will not be able to authenticate or associate.
Although implementing a closed network will indeed hide your SSID from NetStumbler and other WLAN discovery tools, anyone with a layer 2 wireless protocol analyzer can capture the frames transmitted by any legitimate end user and discover the SSID, which is transmitted in cleartext.
In other words, a hidden SSID can be found usually in seconds with the proper tools. Many wireless professionals will argue that hiding the SSID is a waste of time, while others view a closed network as just another layer of security.
While you can hide your SSID to cloak the identity of your wireless network from novice hackers (often referred to as script kiddies) and non-hackers, it should be clearly understood that SSID cloaking is by no means an end-all wireless security solution.
The 802.11 standard does not define SSID cloaking, and therefore all implementations of a closed network are vendor specific. As a result, incompatibility can potentially cause connectivity problems with older legacy cards or when using cards from mixed vendors on your own network.
Be sure to know the capabilities of your devices before implementing a closed network.