CTS 056: Legacy Wi-Fi Security

Pre-RSNA (Robust Security Network Association) is the main topic for this episode. Francois and I talk about why you shouldn’t be using these legacy security methods and in future episodes we talk about the Wi-Fi security mechanisms you should be using. This is part one of a multi-part series. In the 802.11 Standard there are two ways to join a BSS: * Open System Authentication (WEP can then be used to encrypt the communications) OR * Shared Key Authentication (WEP is used for both the authentication and to encrypt the communications) Legacy Security Methods WEP A couple of weaknesses have been found on WEP and it makes it very easy to crack. The characteristics of WEP include: * Using static keys * Uses RC4 as a Cipher for encryption * Attacks against WEP: * Collision attack against the IV (Initialization Vector) – only 24 bits (repeat itself every 16 millions frames) * Attack against the weak encryption keys (40 or 104 bit) * Packet injection is a technic used to speed up the attacks against WEP * The ICV (Integrity Check Value) mechanism is also considered weak (Bit-flipping attack can be used to alter WEP packets) MAC Filtering This is not really a security method but a common one people use. MAC filtering is a way to create a whitelist of MAC addresses allowed to join the Wi-Fi network. It’s easy to capture packets to find an authorized MAC address and then spoof it. L2 information are not encrypted in 802.11 frames. L3 to L7 is encrypted. Hidden SSID Another method which is not really security but commonly used. The SSID is not broadcasted in the beacon frames. The SSID still visible is management frames when a STA connects to it. You can spot the hidden SSID in a directed Probe Request frame. TKIP It has been cracked. Not as easily as WEP but it has been cracked (using the same Cipher: RC4). Has been replaced by CCMP/AES. Also, TKIP only allows speeds up to 54Mbps. Like WEP, TKIP will be going away. Links and Resources * 802.11 Authentication and Association * mrn-cciew