WiFi Security Protocols

-
In today’s world Wi-Fi has become the essential thing in our daily routine. The wireless networks are also not secure in this digital age. New flaws and exploits are found on daily basis and Wi-Fi is no exception in that. Let’s understand the functioning and the flaws present in it.

Before diving deep into the protocols and standards, here is an overview of Wi-Fi.

Wi-Fi (802.11) - an IEEE wireless communication standard has 14 channels. These channels ranges from 2.412GHz (Channel 1), 2.417GHz (Channel 2) to 2.484 GHz (Channel 14) and 6 modes- Master, Managed, Ad-Hoc, Mesh, Repeater and Monitor. As we all are familiar with the terminologies- Packets and Frames, let’s jump onto the main topic- Wi-Fi security Protocols and flaws in it.

WEP, WPA, WPA2-AES

WEP: 
                                            
Wired Equivalent Privacy is the security protocol which uses 64, 128 and 256 bit keys. 256 bit key is rarely used. Initialization Vector is used along with RC4 for the encryption. The interesting fact about WEP is it uses the CRC (Cyclic Redundancy Check) instead of MAC (Message Authentication Code).

Where’s the Flaw?

The length of initialization vector is 24 bit and RC4 is the stream cipher and the same key cannot be used twice. WEP uses a 64/128 bit key which is concatenated with a 24bit initialization vector (IV) to form the RC4 traffic key.

- 64 Bit key is made of 24bit IV + 48bit key (12 hex characters)
- 128 Bit key is made of 24bit IV + 104bit key (26 hex characters)

The content in IV is in plain text and the sole purpose of IV is to avoid the repetition but the length of 24 bit is too much to ask for on the busy network. The probability increases to 50% for the repetition of IV after 5000 packets having 24 bit length.

Here is the WEP schema diagram to illustrate more:

There are 2 ways for the authentication: Open and Shared Key
-        
         In Open system any person, regardless of its WEP keys, can authenticate itself with the Access Point and then attempt to associate. Right keys are required for the authentication and that’s the only catch.
-       
   While in Shared Key, four way handshake happens:
1.       Authentication Request 2. AP acknowledges back with clear text challenge 3. Challenge Encrypted 4. AP Decrypts and authenticates client by checking the key
The Share key is less secure because it allows the attacker to get Initialization Vectors using the challenge through response mechanism.

The attacking methods:

Passive also known as Silence mode:
Sniffing the air for packets without sending any data to the AP or clients

Active:
Breaking the key while sending data to the AP or client.

WPA:

WPA TKIP (Temporal Key Integrity Protocol) was created after WEP. The purpose was to close all the vulnerabilities and use the same hardware. The encryption algorithm remained the same- RC4 but the major change was TKIP. TKIP basically works by generating a sequence of WEP keys based on a master key and re-keying periodically before enough volume of data.


Where’s the Flaw?

3 steps are required to crack WPA:
-          Send a De-Auth to AP
-          AP Re-Auth the Client
-          Capture the handshake and brute force it
Beck-Tew attack of WPA:  It allows to decrypt a packet without knowing the key. The Beck-tew attack is based on the Chop-Chop attack.

So, WPA2 is the best solution than WEP and WPA1 with more confidentiality.

WPA2 with AES:

WPA2 was built using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) which is AES based encryption. However, WPA2 is also vulnerable. It is vulnerable to brute force attack with 4 way handshake. The length and complexity of password is a key factor in the hack.

How to ensure the Wi-Fi security?
-          
       Do not connect to Wi-Fi of public places
-          Make sure the password strength is up to the mark
-          Use WPA2 (AES) as it’s the strongest protocol currently
-          Make your Wi-Fi network hidden if possible




Comments

Post a Comment

Popular posts from this blog

Dresscode-Android malware that can infiltrate corporate networks is spreading

-
Image
According to Trendmicro, DressCode-a family of Android malware, has been found circulating in at least 3,000 Trojanized apps. An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks. DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app. On Google Play, Trend Micro found more than 400 apps that are part of the DressCode family, it said. That's 10 times more than what security researchers at Check Point observed a month ago. Trend Micro added that one these apps on Google Play had been installed 100,000 to 500,000 times. Once installed, Dress Code's malicious coding will contact its command and control servers and receive orders from its developers. The malware is particularly dangerous because it can infiltrate whatever internet
Read more

Clickjacking leads Android ransomware to gain the administrative rights!

-
Image
What is Ransomware? Ransomware   is one type of malware which prevents or limits users from accessing their system.   File-encrypting ransomware which is also called as Cryptolocker applications that target Android devices are becoming increasingly sophisticated. One new such program is using clickjacking techniques to trick users into granting it administrator rights. What’s this Clickjacking? Clickjacking is a method that involves manipulating the UI in a way that allows attackers to hijack users' clicks and trigger unauthorized actions. It is mostly used in Web-based attacks, where various technologies allow creating invisible buttons and positioning them on top of seemingly harmless page elements. Due to the restrictive application permissions system in Android, ransomware apps targeting the OS have historically been less effective than on Windows. For example, many of the early Android ransomware threats only displayed a persistent window on the screen with an
Read more

Importance of secure SDLC

-
Image
Time does require the change. Isn’t it? We’ll talk about the importance of securely software development life cycle in this story. We all know what exactly SDLC is? SDLC stands for Software Development Life Cycle. The developers builds the applications for certain purpose. The SDLC process has got certain pre-defined phases.  Requirement Gathering: What is the purpose and what’s it going to take for building the application. Plan and Design: Plan the phases of development. Prioritize the modules and finalize the design suitable. Implementation: Start implementing the modules. Coding takes place. Testing: Test the modules which are built Deploy: Deploy the application once the application is tested properly. Maintain: Check whether the application behaves exactly in the same way it was meant to. Eliminate the vulnerabilities identified if any. This is how the traditional SDLC process works. There are certain models to accomplish the pr
Read more