wireless LAN vulnerabilities

Solves the weak initialization vector (IV) problem
– By rotating the keys frequently
Uses different keys for unicast traffic and broadcast
traffic
Advantage
– Can be implemented without upgrading device drivers
or AP firmware
– Deploying dynamic WEP is a no-cost solution with
minimal effort
Dynamic WEP is still only a partial solution

Attempted to overcome the limitations of WEP by
adding two new security enhancements
– Shared secret key was increased to 128 bits
• To address the weakness of encryption
– Kerberos authentication system was used

Kerberos
– Developed by Massachusetts Institute of Technology
– Used to verify the identity of network users
– Based on tickets
WEP2 was no more secure than WEP itself

• Managing a larger number of MAC addresses can
pose significant challenges
– Does not provide a means to temporarily allow a
guest user to access the network
– MAC addresses are initially exchanged in plaintext
• Attacker can easily see the MAC address of an
approved device and use it
– MAC address can be “spoofed” or substituted

• Devices connected to a wired network are assumed
to be authentic
• Wireless authentication requires the wireless device
to be authenticated
– Prior to being connected to the network
• Types of authentication supported by 802.11
– Open system authentication
– Shared key authentication

• Open system authentication vulnerabilities
– Authentication is based on a match of SSIDs
– Several ways that SSIDs can be discovered
– Beaconing
• At regular intervals the AP sends a beacon frame
– Scanning
• Wireless device is set to look for those beacon frames
– Beacon frames contain the SSID of the WLAN
– Wireless security sources encourage users to disable
SSID broadcast
• Open system authentication vulnerabilities
– Authentication is based on a match of SSIDs
– Several ways that SSIDs can be discovered
– Beaconing
• At regular intervals the AP sends a beacon frame
– Scanning
• Wireless device is set to look for those beacon frames
– Beacon frames contain the SSID of the WLAN
– Wireless security sources encourage users to disable
SSID broadcast

Open system authentication vulnerabilities
(continued)
– Not always possible or convenient to turn off
beaconing the SSID
• Prevents wireless devices from freely roaming
– Roaming facilitates movement between cells
• When using Microsoft Windows XP
– Device will always connect to the AP broadcasting its
SSID
• SSID can be easily discovered even when it is not
contained in beacon frames
– It is transmitted in other management frames sent by the
AP
• Shared key authentication vulnerabilities
– Key management can be very difficult when it must
support a large number of wireless devices
• Attacker can “shoulder surf” the key from an approved
device
– Types of attacks
• Brute force attack
• Dictionary attack
– Attacker can capture the challenge text along with the
device’s response (encrypted text and IV)
• Can then mathematically derive the keystream

- Method of restricting access to resources
- Intended to guard the availability of information
(By making it accessible only to authorized users )
– Accomplished by limiting a device’s access to the
access point (AP)

Example:
00-50-F2-7C-62-E1
blue: organizationally unique identifier(OUI)
white: individual address block(IAB)

• MAC address filtering
– Considered a basic means of controlling access
– Requires pre-approved authentication
– Makes it difficult to provide temporary access for
“guest” devices

– Contains an antenna and a radio transmitter/receiver
• And an RJ-45 port
– Acts as central base station for the wireless network
• Almost all wireless APs implement access control
– Through Media Access Control (MAC) address
filtering
• Implementing restrictions
– A device can be permitted into the network
– A device can be prevented from the network
• MAC address filtering should not be confused with
access restrictions
– Access restrictions can limit user access to Internet

Wired Equivalent Privacy (WEP)
• Intended to guard confidentiality
– Ensures that only authorized parties can view the
information
• WEP accomplishes confidentiality by “scrambling”
the wireless data as it is transmitted
– Used in IEEE 802.11 to encrypt wireless
transmissions
• Cryptography
– Science of transforming information so that it is secure
while it is being transmitted or stored

• WEP implementation
– WEP was designed to meet the following criteria:
• Efficient
• Exportable
• Optional
• Reasonably strong
• Self-synchronizing
– WEP relies on a secret key shared between a wireless
client device and the access point
• Private key cryptography or symmetric encryption
• WEP implementation (continued)
– Options for creating keys
• 64-bit key
• 128-bit key
• Passphrase
– APs and devices can hold up to four shared secret
keys
• One of which must be designated as the default key