WPA-TKIP and You; Why WEP is, rightfully, Dead
Thrax
🐌Austin, TX Icrontian
Why WPA, and TKIP r0xx0rz yu0r boxx0rz
For several years now, the primary security algorithm used between wireless access points and wireless clients has been WEP encryption. The problem is that although WEP encryption strength has increased a few times since Wi-Fi was introduced, the WEP protocol is still intrinsically inadequate because it uses a static value. As a result, motivated (And patient) attackers can easily crack WEP encryption by using freely available hacking tools and packet sniffers.
Fortunately, some easily-obtainable alternatives to WEP are emerging. IEEE has defined an expansion to the 802.11 protocol that will allow for increased security, but as of yet it is unratified. In the meantime, though, most of the Wi-Fi manufacturers have agreed to use a temporary standard for enhanced security called Wi-Fi Protected Access (WPA). Although WPA is a temporary protocol and isn't recognized by IEEE, it is quite similar to the revised IEEE standard expected by the end of the year. Therefore, administrators that manage wireless LANs should become familiar with WPA.
Control of WPA Keys; Autonomous Rekeying
One of the biggest negative factors attached to WEP, is the fact that the cycling of WEP keys means you have to hit every client machine and also change it. Even if you do switch encryption keys from time to time, there is no option for globally rekeying all access points and all wireless NICs. The instant after you change the key in use by the WAP, all clients from which the WAP was receiving connections can no longer establish those connections. This means you get to hear people whine at you...Annoying.
With WPA, on the other hand, TKIP automatically provides for rekeying. At the beginning of each frame being transmitted, the WAP cycles to a new key and broadcasts. The client machine receives said frame and changes its key accordingly. The WAP keeps a constant log of which clients are communicating on which keys, so there's never an outage, and router overhead is minimal. The keys change for you, at intervals too fast to hack.
The TKIP is really the meat and potatoes of WPA security. TKIP is the successor to WEP, and although WEP is optional in standard Wi-Fi, TKIP is required in WPA (Which means, to make your WPA network function, it's inherently secure). The TKIP encryption algorithm is stronger than the one used by WEP but works by using the same hardware-based calculation mechanisms WEP uses.
The TKIP protocol actually has several functions. First, it determines which encryption keys will be used and then verifies the client's security configuration. Second, it is responsible for changing the unicast encryption key for each frame. Finally, TKIP sets a unique starting key for each authenticated client that is using a preshared key.
Highly secure checksums; anti frame-replay functions
When WEP was initially designed, IEEE took steps to make sure an encrypted packet could not be tampered with. WEP-encrypted packets include a checksum value at the end of the packet. This value is a 32-bit code that is derived from the rest of the packet. The idea is that if something in the packet's payload changes, the checksum value generated will not match the packet any longer and the packet can be assumed to be corrupt, and thusly discarded. This 32-bit code is called the Integrity Check Value (ICV).
Although ICV is a good idea, it just isn't secure. There are hacker tools available that allow individuals to either modify an existing payload (More likely), or create one from scratch (Less likely), and generate the appropriate checksum to reinsert it seamlessly into the data stream, undetected. To counteract this type of hacking, WPA supports a security measure called Michael. Michael works similarly to ICV but calculates a Message Integrity Code (MIC) in addition to the ICV. The wireless devices calculate the MIC using the same mechanisms they would normally use to calculate the ICV.
The first major difference is that the MIC is only eight bits, as opposed to the ICV's 32 bits. WPA still uses an ICV in the same manner that WEP does, but the MIC is inserted between the data portion of the frame and the ICV. The MIC has two primary functions. First, it is encrypted along with the rest of the frame, thus the frame's contents are that much harder to tamper with. Second, the MIC contains a frame counter. This prevents someone from launching a wireless replay attack.
Implementing WPA
To make use of WPA, you must have the appropriate hardware and software. From a hardware standpoint, this means only that your wireless access points and your wireless NICs must recognize the WPA standard (New revisions of cards and WAPs do). Unfortunately, most hardware manufacturers won't support WPA through a firmware upgrade, so you may find yourself forced to buy new wireless hardware (Mostly cards) if you want to use WPA.
From a software standpoint, none of the Windows operating systems will support WPA without an additional client available from Microsoft. Windows machines with WPA-compliant hardware can use WPA, but only after you have installed the WPA client. The WPA client will work only for machines running Windows Server 2003 and Windows XP. You can download the necessary client from Microsoft Here. As you know, I despise Windows XP, but being a wireless security freak, and having WPA-compliant hardware, this might force me to make the switch.
WEP and WPA; Working together for gradual transitions
Obviously, switching wireless hardware and implementing WPA can be a big undertaking. Fortunately for you, this upgrade can occur incrementally. Wireless access points can support WPA and WEP at the same time. This provides a gradual transition path.
The only thing you need to know about mixing WEP and WPA is that in the process of this, WPA no longer allows automatic global rekeying. Remember that WEP clients do not support automatic rekeying. To prevent key recognition problems, automatic rekeying is initiated by the access point only when no clients are running WEP. However, all of the other WPA security measures will work during the transition period.
As you look ahead to future WLAN deployments, keep in mind that you will probably want to change your security methods to encompass WPA and/or the similar set of security standards that is forthcoming from the IEEE.
As the future approaches, and the time comes to establish increasingly higher amounts of WLANs, keep in mind that you will probably want to transition away from WEP/Channel/SSID/MAC Filtering security measures to TKIP/Channel/SSID/MAC Filtering measures. You'll find that the security, and the peace of mind you will have as an administrator, will greatly increase.
In summation
-WEP is easily hacked (Duh)
-WPA, the successor to existing wireless security measures, is virtually hackproof. TKIP's cycling of keys at more than 1000 times a minute makes your network safer.
-Expect to buy new network cards. If you have Linksys equipment, Cisco was nice enough to include TKIP on the 9/9/03 firmware for the WRT54G.
-If you have Belkin network cards, their newest drivers and wireless client supports TKIP.
-Expect IEEE to succumb to WPA/TKIP and produce a compliant standard
-If you need security, this is your place to find it.
For several years now, the primary security algorithm used between wireless access points and wireless clients has been WEP encryption. The problem is that although WEP encryption strength has increased a few times since Wi-Fi was introduced, the WEP protocol is still intrinsically inadequate because it uses a static value. As a result, motivated (And patient) attackers can easily crack WEP encryption by using freely available hacking tools and packet sniffers.
Fortunately, some easily-obtainable alternatives to WEP are emerging. IEEE has defined an expansion to the 802.11 protocol that will allow for increased security, but as of yet it is unratified. In the meantime, though, most of the Wi-Fi manufacturers have agreed to use a temporary standard for enhanced security called Wi-Fi Protected Access (WPA). Although WPA is a temporary protocol and isn't recognized by IEEE, it is quite similar to the revised IEEE standard expected by the end of the year. Therefore, administrators that manage wireless LANs should become familiar with WPA.
Control of WPA Keys; Autonomous Rekeying
One of the biggest negative factors attached to WEP, is the fact that the cycling of WEP keys means you have to hit every client machine and also change it. Even if you do switch encryption keys from time to time, there is no option for globally rekeying all access points and all wireless NICs. The instant after you change the key in use by the WAP, all clients from which the WAP was receiving connections can no longer establish those connections. This means you get to hear people whine at you...Annoying.
With WPA, on the other hand, TKIP automatically provides for rekeying. At the beginning of each frame being transmitted, the WAP cycles to a new key and broadcasts. The client machine receives said frame and changes its key accordingly. The WAP keeps a constant log of which clients are communicating on which keys, so there's never an outage, and router overhead is minimal. The keys change for you, at intervals too fast to hack.
The TKIP is really the meat and potatoes of WPA security. TKIP is the successor to WEP, and although WEP is optional in standard Wi-Fi, TKIP is required in WPA (Which means, to make your WPA network function, it's inherently secure). The TKIP encryption algorithm is stronger than the one used by WEP but works by using the same hardware-based calculation mechanisms WEP uses.
The TKIP protocol actually has several functions. First, it determines which encryption keys will be used and then verifies the client's security configuration. Second, it is responsible for changing the unicast encryption key for each frame. Finally, TKIP sets a unique starting key for each authenticated client that is using a preshared key.
Highly secure checksums; anti frame-replay functions
When WEP was initially designed, IEEE took steps to make sure an encrypted packet could not be tampered with. WEP-encrypted packets include a checksum value at the end of the packet. This value is a 32-bit code that is derived from the rest of the packet. The idea is that if something in the packet's payload changes, the checksum value generated will not match the packet any longer and the packet can be assumed to be corrupt, and thusly discarded. This 32-bit code is called the Integrity Check Value (ICV).
Although ICV is a good idea, it just isn't secure. There are hacker tools available that allow individuals to either modify an existing payload (More likely), or create one from scratch (Less likely), and generate the appropriate checksum to reinsert it seamlessly into the data stream, undetected. To counteract this type of hacking, WPA supports a security measure called Michael. Michael works similarly to ICV but calculates a Message Integrity Code (MIC) in addition to the ICV. The wireless devices calculate the MIC using the same mechanisms they would normally use to calculate the ICV.
The first major difference is that the MIC is only eight bits, as opposed to the ICV's 32 bits. WPA still uses an ICV in the same manner that WEP does, but the MIC is inserted between the data portion of the frame and the ICV. The MIC has two primary functions. First, it is encrypted along with the rest of the frame, thus the frame's contents are that much harder to tamper with. Second, the MIC contains a frame counter. This prevents someone from launching a wireless replay attack.
Implementing WPA
To make use of WPA, you must have the appropriate hardware and software. From a hardware standpoint, this means only that your wireless access points and your wireless NICs must recognize the WPA standard (New revisions of cards and WAPs do). Unfortunately, most hardware manufacturers won't support WPA through a firmware upgrade, so you may find yourself forced to buy new wireless hardware (Mostly cards) if you want to use WPA.
From a software standpoint, none of the Windows operating systems will support WPA without an additional client available from Microsoft. Windows machines with WPA-compliant hardware can use WPA, but only after you have installed the WPA client. The WPA client will work only for machines running Windows Server 2003 and Windows XP. You can download the necessary client from Microsoft Here. As you know, I despise Windows XP, but being a wireless security freak, and having WPA-compliant hardware, this might force me to make the switch.
WEP and WPA; Working together for gradual transitions
Obviously, switching wireless hardware and implementing WPA can be a big undertaking. Fortunately for you, this upgrade can occur incrementally. Wireless access points can support WPA and WEP at the same time. This provides a gradual transition path.
The only thing you need to know about mixing WEP and WPA is that in the process of this, WPA no longer allows automatic global rekeying. Remember that WEP clients do not support automatic rekeying. To prevent key recognition problems, automatic rekeying is initiated by the access point only when no clients are running WEP. However, all of the other WPA security measures will work during the transition period.
As you look ahead to future WLAN deployments, keep in mind that you will probably want to change your security methods to encompass WPA and/or the similar set of security standards that is forthcoming from the IEEE.
As the future approaches, and the time comes to establish increasingly higher amounts of WLANs, keep in mind that you will probably want to transition away from WEP/Channel/SSID/MAC Filtering security measures to TKIP/Channel/SSID/MAC Filtering measures. You'll find that the security, and the peace of mind you will have as an administrator, will greatly increase.
In summation
-WEP is easily hacked (Duh)
-WPA, the successor to existing wireless security measures, is virtually hackproof. TKIP's cycling of keys at more than 1000 times a minute makes your network safer.
-Expect to buy new network cards. If you have Linksys equipment, Cisco was nice enough to include TKIP on the 9/9/03 firmware for the WRT54G.
-If you have Belkin network cards, their newest drivers and wireless client supports TKIP.
-Expect IEEE to succumb to WPA/TKIP and produce a compliant standard
-If you need security, this is your place to find it.
0
Comments
It depends on how the manufacturer wants to get it done. Linksys uses subnet-wide TKIP cycling, and Cisco's implementation of TKIP (Leap encryption) on their Aironet line is logical segmentation.
Nice article, Thrax. Very informative.
*gets out laptop* wheeeee!