Introduction
Wireless networking is revolutionizing the way people work and play. By removing physical constraints commonly associated with high-speed networking, individuals are able to use networks in ways never possible in the past. Students can be connected to the Internet from anywhere on campus. Family members can check email from anywhere in a house. Neighbours can pool resources and share one high-speed Internet connection. Over the past several years, the price of wireless networking equipment has dropped significantly. Wireless NICs are just about the same price as the wired NICs.
At the same time, performance has increased dramatically. In 1998, Wireless Local Area Networks (WLAN) topped out at 2Mb/s. In 2002, WLANs have reached speeds of 54Mb/s and recently the release of 802.11n technology had bought us into a better connectivity through WLAN which provide us the speeds of 5 times greater than the 802.11g and double the effective radio range.
Unfortunately, wireless users have many more opportunities in front of them, but those opportunities open up the user to greater risk. The risk model of network security has been firmly entrenched in the concept that the physical layer is at least somewhat secure. With wireless networking, there is no physical security. The radio waves that make wireless networking possible are also what make wireless networking so dangerous. An attacker can be anywhere nearby listening to all the traffic from your network at your yard, in the parking lot across the street, or maybe in your neighbourhood.
When your wireless networking is being compromised, you are in danger! Hackers could steal all your user names and passwords by sniffing all the data transmitting to the access point in the air. Besides, hackers could also use your internet connection to commit crimes, leaving no trace to the hackers but putting all the blames on you.
Therefore, wireless local area network must be secure with some security solution. Initially, 802.11 uses Wired Equivalent Privacy (WEP) security mechanism defined in the original standard, but in 2001 a group from the University of California, Berkeley presented a paper describing weaknesses in the 802.11 WEP. After that, the IEEE set a dedicated task group to create a replacement security solution and they called it Wi-Fi Protected Access (WPA).
History of WPA
WPA has been developed since 2003 as a wireless security option. It was designed to outrage WEP (Wired Equivalent Privacy), the original standard in wireless network security. As the name suggests, WEP-protected networks were supposed to be just as safe as (Local Area Network), yet users would have the freedom offered by wireless devices. The safety is provided through its encryption key. However, there were serious flaws found in the WEP algorithms (formulas that generated security codes and the short security IVs (initialization vectors) buckled when hackers attempted to crack WEP-secured systems. Although WEP is not the safest solution available, it can still serve a purpose on your wireless networks.
WPA (Wifi Protected Access) was designed as a temporary solution to WEP while the WPA2 was under development stage. The vulnerabilities that were uncovered in WEP needed to be overcome immediately. This was what led to the born of WPA. It uses the same RC 4 stream cipher encryption that was employed by WEP, but there are some changes that make it a better security option. The major change is that while WEP employed a static or unchanging key, which allowed hackers more than enough time to study IVs and crack the WEP code, WPA uses TKIP (Temporal Key Integrity Output) which mixes the IV with the security key instead of just adding it on the end of the security key as was the case with WEP. TKIP also features a rekeying mechanism, which lets the user set a time interval at which the key changes.
After that, the successor to WPA, WPA2 was ratified in June 2004. It is much alike the WPA which uses dynamic key generation to keep hackers from locking on to your security settings, but there one major difference. WPA uses the old RC4 cipher to generate security keys while WPA2 uses AES (Advance Encryption Standard), a much safer block cipher for encryption.
WPA-2
Wi-Fi protected Access is a certification program developed by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. This protocol is mainly designed in accordance to the serious weaknesses found by researchers in the previous system, WEP.
The WPA protocol implements the majority of the IEEE 802.11i standard. The Wi-Fi Alliance intended WPA as an intermediate protocol to replace the WEP pending the preparation of 802.11i. Specifically, the Temporal Key Integrity Protocol (TKIP), was brought into WPA. TKIP could be implemented on pre-WPA wireless network interface cards that began use since 1999 through firmware upgrades. Because more changes are needed to be done on wireless access points (APs) rather than on client side, most pre-2003 APs could be not upgraded to support WPA with TKIP.
Figure : This figure shows the wireless modem page by BelkinThe later WPA2 certification mark indicates compliance with the full IEEE 802.11i standard. This advanced protocol will not work with some older network cards.D:\Lance Hue\Documents\SKR4200\WPA2 Belkin.jpg
Cryptographic Features in WPA-2
Below is a table to show the enhancement done by WPA-2 to overcome weakness in WEP protocol.
WEP weakness
How weakness is addressed by WPA2
Initialization vector (IV) is too short
In AES Counter Mode Cipher Block Chaining-Message Authentication Code (CBC-MAC) protocol (CCMP), the IV has been replaced with a Packet Number field and has doubled in size to 48 bits.
Weak data integrity
The WEP-encrypted checksum calculation has been replaced with the AES Counter Mode Cipher Block Chaining-Message Authentication Code (CBC-MAC) algorithm, which is designed to provide strong data integrity. The CBC-MAC algorithm calculates a 128-bit value, and WPA2 uses the high-order 64-bits as a message integrity code (MIC). WPA2 encrypts the MIC with AES counter mode encryption.
Uses the master key rather than a derived key
Like WPA and the Temporal Key Integrity Protocol (TKIP), AES CCMP uses a set of temporal keys that are derived from a master key and other values. The master key is derived from the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or Protected EAP (PEAP) 802.1X authentication process.
No rekeying
AES CCMP rekeys automatically to derive new sets of temporal keys.
No replay protection
AES CCMP uses a Packet Number field as a counter to provide replay protection.
WPA2 Temporal Keys
Unlike WEP, which uses a single key for unicast data encryption and typically a separate key for multicast and broadcast data encryption, WPA2 uses a set of four different keys for each wireless client-wireless AP pair (known as the pairwise temporal keys) and a set of two different keys for multicast and broadcast traffic.
The set of pairwise keys used for unicast data and EAP over LAN (EAPOL)-Key messages consist of the following:
Data encryption key: a 128- bit key used for encrypting unicast frames.
Data integrity key: a 128-bit key used for calculating the MIC for unicast frames.
EAPOL-key encryption key: a 128-bit key used for encrypting EAPOL-Key messages.
EAPOL-key integrity key: a 128-bit key used for calculating for the MIC for EAPOL-Key messages.
WPA2 derives the pairwise temporal keys using a 4-way handshake process that is the same as WPA.
The Four-Way Handshake
The authentication process leaves two considerations: the access point (AP) still needs to authenticate itself to the client station (STA), and keys to encrypt the traffic need to be derived. The earlier EAP exchange has provided the shared secret key PMK (Pairwise Master Key). This key is, however, designed to last the entire session and should be exposed as little as possible. Therefore the four-way handshake is used to establish another key called the PTK (Pairwise Transient Key). The PTK is generated by concatenating the following attributes: PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address, and STA MAC address. The product is then put through a cryptographic hash function.
The handshake also yields the GTK (Group Temporal Key), used to decrypt multicast and broadcast traffic. The actual messages exchanged during the handshake are depicted in the figure and explained below:
Figure : Figure of how Four-way handshake worksThe Four-Way Handshake in 802.11i
The AP sends a nonce-value to the STA (ANonce). The client now has all the attributes to construct the PTK.
The STA sends its own nonce-value (SNonce) to the AP together with a MIC, including authentication, which is really a Message Authentication and Integrity Code: (MAIC).
The AP sends the GTK and a sequence number together with another MIC. This sequence number will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic replay detection.
The STA sends a confirmation to the AP.
All the above messages are sent as EAPOL-Key frames.
As soon as the PTK is obtained it is divided into five separate keys:
PTK (Pairwise Transient Key - 64 bytes)
16 bytes of EAPOL-Key Confirmation Key (KCK)- Used to compute MIC on WPA EAPOL Key message
16 bytes of EAPOL-Key Encryption Key (KEK) - AP uses this key to encrypt additional data sent (in the 'Key Data' field) to the client (for example, the RSN IE or the GTK)
16 bytes of Temporal Key (TK) - Used to encrypt/decrypt Unicast data packets
8 bytes of Michael MIC Authenticator Tx Key - Used to compute MIC on unicast data packets transmitted by the AP
8 bytes of Michael MIC Authenticator Rx Key - Used to compute MIC on unicast data packets transmitted by the station
The Michael MIC Authenticator Tx/Rx Keys provided in the handshake are only used if the network is using TKIP to encrypt the data.
WPA2 Encryption and Decryption Process
AES CCMP uses CBC-MAC to calculate the MIC and AES counter mode to encrypt the 802.11 payload and the MIC. To calculate a MIC value, AES CBC-MAC uses the following process:
Encrypt a starting 128-bit block with AES and the data integrity key. This produces a 128-bit result (Result1).
Perform an exclusive OR (XOR) operation between Result1 and the next 128 bits of the data over which the MIC is being calculated. This produces a 128-bit result (XResult1).
Encrypt XResult1 with AES and the data integrity key. This produces Result2.
Perform a XOR between Result2 and the next 128 bits of the data. This produces XResult2.
Steps 3-4 repeat for the additional 128-bit blocks in the data. The high-order 64 bits of the final result is the WPA2 MIC.
http://technet.microsoft.com/en-us/library/Bb878096.cg080501(en-us,TechNet.10).gif
Figure : MIC calculation process
To calculate the MIC for an IEEE 802.11 frame, WPA2 constructs the following:
http://technet.microsoft.com/en-us/library/Bb878096.cg080502(en-us,TechNet.10).gif
The starting block is a 128-bit block that is described later in this article.
The MAC header is the 802.11 MAC header with the values of the fields that can change in transit set to 0.
The CCMP header is 8 bytes and contains the 48-bit Packet Number field and additional fields.
Padding bytes (set to 0) are added to ensure that the portion of the entire data block up to the plaintext data is an integral number of 128-bit blocks.
The data is the plaintext (unencrypted) portion of the 802.11 payload.
Padding bytes (set to 0) are added to ensure that the portion of the MIC data block that includes the plaintext data is an integral number of 128-bit blocks.
Unlike data integrity for both WEP and WPA, WPA2 provides data integrity for both the 802.11 header (except changeable fields) and the 802.11 payload.
The starting block for the MIC calculation consists of the following:
http://technet.microsoft.com/en-us/library/Bb878096.cg080503(en-us,TechNet.10).gif
The Flag field (8 bits) is set to 01011001 and contains various flags, such as a flag that indicates that the MIC used in the 802.11 frame is 64 bits long.
The Priority field (8 bits) is reserved for future purposes and is set to 0.
The Source Address (48 bits) is from the 802.11 MAC header.
The Packet Number (48 bits) is from the CCMP header.
The length of the plaintext data in bytes (16 bits).
The AES counter mode encryption algorithm uses the following process:
Encrypt a starting 128-bit counter with AES and the data encryption key. This produces a 128-bit result (Result1).
Perform an exclusive OR (XOR) operation between Result1 and the first 128-bit block of the data that is being encrypted. This produces the first 128-bit encrypted block.
Increment the counter and encrypt it with AES and the data encryption key. This produces Result2.
Perform XOR between Result2 and the next 128 bits of the data. This produces the second 128-bit encrypted block.
AES counter mode repeats steps 3-4 for the additional 128-bit blocks in the data until the final block. For the final block, AES counter mode XORs the encrypted counter with the remaining bits, producing encrypted data of the same length as the last block of data.
Figure 4
Figure : AES counter mode process
The starting counter value for AES counter mode consists of the following:
http://technet.microsoft.com/en-us/library/Bb878096.cg080505(en-us,TechNet.10).gif
The Flag field (8 bits) is set to 01011001, which is the same Flag value that is used for the MIC calculation.
The Priority field (8 bits) is reserved for future purposes and is set to 0.
The Source Address (48 bits) is from the 802.11 MAC header.
The Packet Number (48 bits) is from the CCMP header.
The Counter field (16 bits) is set to 1 and is only incremented if an 802.11 payload is fragmented into smaller payloads. Note that this Counter field is not the same as the 128-bit counter value used in the AES counter mode encryption algorithm.
To encrypt a unicast data frame, WPA2 uses the following process:
Input the starting block, 802.11 MAC header, CCMP header, data length, and padding fields into the CBC-MAC algorithm with the data integrity key to produce the MIC.
Input the starting counter value and the combination of the data with the calculated MIC into the AES Counter mode encryption algorithm with the data encryption key to produce the encrypted data and MIC.
Add the CCMP header containing the Packet Number to the encrypted portion of the 802.11 payload, and encapsulate the result with the 802.11 header and trailer.
http://technet.microsoft.com/en-us/library/Bb878096.cg080506(en-us,TechNet.10).gif
Figure : WPA2 encryption process for a unicast data frame
To decrypt a unicast data frame and verify data integrity, WPA2 uses the following process:
Determine the starting counter value from values in the 802.11 and CCMP headers.
Input the starting counter value and the encrypted portion of the 802.11 payload into the AES counter mode decryption algorithm with the data encryption key to produce the decrypted data and MIC. For decryption, AES counter mode XORs the encrypted counter value with the encrypted data block, producing the decrypted data block.
Input the starting block, 802.11 MAC header, CCMP header, data length, and padding fields into the AES CBC-MAC algorithm with the data integrity key to calculate a MIC.
Compare the calculated value of the MIC to the value of the unencrypted MIC. If the MIC values do not match, WPA2 silently discards the data. If the MIC values match, WPA2 passes the data to the upper networking layers for processing.
http://technet.microsoft.com/en-us/library/Bb878096.cg080507(en-us,TechNet.10).gif
Figure : WPA2 decryption process for a unicast data frame
Problems of WEP and Improvement by WPA
WPA2 is the advancement of WPA protocol. The objective of developing WPA and WPA2 are to overcome the weakness in the WEP protocol. They are plenty of security problems that existed in WEP protocols.
First of it is WEP does not prevent forgery of packets. Then, it does not prevent replay attacks also. An attacker can easily record and replay packets as desired and they will be accepted as legitimate records.
Other than that, RC4 was used improperly by WEP. They keys used are very weak and can be brute-forced on standard computers in hours to minutes, using freely available software. Moreover, it reuses initialization vectors. A variety of available cryptanalytic methods can decrypt the data without knowing the encryption key. Other problems include undetectabley modify a message without knowing the encryption key, lack of key management, problem with the RC-4 algorithm, and also easy forging of authentication messages.
There are two types of authentication type provided by WPA2. One of it is pre-shared key method and another one is 802.1x authentication. The main reason of having WPA is to have a more complex data encryption on the TKIP protocol (Temporal Key Integrity Protocol) and assisted by MIC (Message Integrity Check), which function is to avoid attacks of bit-flipping type easily applied to WEP by using a hashing technique.
Figure : WPA Encryption Algorithm (TKIP)
As the above mentioned, WPA has made several improvements based on the weaknesses of WEP and this has become the advantages of WPA. The problem of forgeries has been overcome by using message integrity code (MIC) or Michael. The new implementation of IV sequencing discipline is used to remove replay attacks from the attacker's arsenal. A per-packet key mixing function is used to de-correlate the public IVs from weak keys. All these have overcome the security issues which persist
Despite of the encryption benefits, WPA2 also add two enhancements to support fast roaming of wireless clients moving between wireless Access Points. One of it is PMK caching support which allows reconnections to access points that the client has recently connected without the need to re-authenticate. This would definitely save a lot of time and trouble for the users. Next is the pre-authentication support which allows a client to pre-authenticate with an access points towards which it is moving while still maintaining a connection to the access points it is moving away from. This feature is good for connection support for users without having to suffer drop off and users can have continuous connection while moving from one access points to another point. This has definitely improved the mobility of connections.
Having PMK caching support and pre-authentication support enable WPA2 to reduce the roaming time from a second to less than 1/10 of a second. The ultimate benefit of the fast roaming is that WPA can now support timing-sensitive applications like video or VoiP(Voice over IP) which would break without it.
Moreover, according to the research [1] , WPA2 has the least overhead compare to WPA and also WEP. This has been tested against UDP and TCP connection and the test result analysis can be found in the particular research. This protocol is the most secured protocol and with the least overhead. Less overhead definitely is good to the transmission of data between users.
Disadvantages/Vulnerabilities of WPA2
WPA2 there is still the usage of pre-shared key authentication. There has been researched done on this method and it can be easily break through by brute force attack especially codes which have length shorter than 24 characters. It can be done by using a freely available password breaker.
Other than that, WPA2 still can't handle DoS (Denial of Services) attacks like RF jamming, data flooding, and Layer 2 session hijacking, are all attacks against availability. None of the Wi-Fi security standards can prevent attacks on the physical layer simply because they operate on Layer 2 and above. Similarly none of the standards can deal with access points' failure.
Then, there is the management frames which report network topology and modify client behaviour are not protected. So they provide an attacker the means to discover the layout of the network, pinpoint the location of devices therefore allowing for more successful DoS attacks against a network. Control frames which are not protected also leaving them open to DoS attacks.
Furthermore, there is problem of deauthentication. The aim is to force the client to reauthenticate, which coupled with the lack of authentication for control frames which are used for authentication and association make it possible for the attacker to spoof MC addresses. Mass deauthentication is also possible.
Moreover, disassociation where the aim is to force an authenticated client with multiple access points to disassociate from them therefore affecting the forwarding of packets to and from the client.
Future Enhancements
WPA2 is still not widely use in the market. Most people still prefer the usage of WEP because it is easier to use and it is easier to configure. The usage of 802.1x authentication is kind of complicated for a person which is not computer literate. So the first step for the future enhancements of WPA2 protocol should be make it to be user friendly.
Other than that, a lot of older devices do not support the use of WPA2. It is using advance encryption standard which is quite complex and can't be supported by many devices. Therefore, this WPA2 has to be made embedded with the devices so that users can choose their security protocol of their connections.
WPA2 is the advanced version of WPA and also fully implemented the standard of 802.11i which is highly secured protocol. Moreover, it is sufficient to thwart hackers from infiltrating networks using WPA2 protocols. Research done on this has proved that operations needed to break through this type of protocols will need a lot of computational time and operations. So, the security provided by current protocol is sufficient and there is not much need of enhancements.
Conclusion
After evaluating the encryption techniques and improvements that have been done, it can be seen that there has been a serious issues of security in wireless matters. Since the connection is done through air which has no medium, means that there is no boundary and no guarantee of the confidentiality of the data sent. It is through the encryption techniques embedded in the protocol like WEP, WPA or WPA2 to provide confidentiality and authentication to the network and also transmission of data.
WPA2 is using very complex encryption techniques which consist of several keys. The usage of TKIP, AES and CCMP also helps to secure the network. It would definitely takes up a lot of time for 3rd party to break through the network and gain access to it. As a conclusion, WPA2 is the most secured wireless protocol until today.
