CWSP-Legacy 802.11 Security

Tags

Here is my study notes from CWSP-Official Study Guide – Chapter 2.

There two legacy (Pre-RSNA) authentication methods.

1. Open System Authentication
2. Shared Key Authentication.

In Open System Authentication there are 4 frames exchanged between client & AP.Here is a wireless packet capture showing these frame exchange (I have configured an Open SSID called “ABC” & then join the client to that while capturing on the AP channel)

As you can see above, client starts the process by sending “Authentication Request” frame to Access Point (frame 1246 in the above). Note that it is a management frame with subtype 11 [You can filter these in wireshark with (wlan.fc.type == 0)&&(wlan.fc.type_subtype == 0x0b) ] going from client to AP. Authentication Algorithm is “Open System” & Sequence Number is “1” indicating it is the “Authentication Request” frame.

Then AP respond with Authentication Response (frame 1248). As you can see below it has sequence number “2” indicating it is a response frame.

Then Client Station sends “Association Request-Management frame subtype 0″ frame specifying its client capability. You can filter those in wireshark using (wlan.fc.type == 0)&&(wlan.fc.type_subtype == 0x00) filter.

Then AP responds with “Association Response– Managemet frame with subtype 1″. You can see status code “successful” & association ID has been given. Association response frame can be filtered using (wlan.fc.type == 0)&&(wlan.fc.type_subtype == 0x01) in wireshark.

Now lets see how “Shared Key Authentication” works. Shared Key Authentication uses WEP(Wireless Equivlanet Privacy) to authenticate client stations & that require a static WEP key configured on both AP & Client. Here is the frame exchange in this “Shared Key Authentication” mechanism.

Below shows a sample wireless capture during “shared key authentication”

As you can see this time we will have 4 authentication frames. First client send the “Authentication Request” to the AP. You can see the “SEQ No is 1” for this frame & Authentication algorithm is “Shared Key“.

Then AP sends a cleartext challenge to the client station in an authentication response. You will notice the SEQ number is “2” & challenge Text is included.The client station then encrypt the cleartext challenge and sends it back to the AP in the body of another authentication request frame. You will see the WEP header information with encrypted data.

By using the WEP key in wireshark you should be able to decrypt this message. Then you will see something like this. As you can see, it is the Sequence number 3 where AP send cleartext was encrypted using WEP.

Once AP get the WEP encrypted authentication message 3, AP decrypt station response & compare it with the cleartext challenge.If they match AP will respond by sending forth & final authentication frame to the station.

From this point onwards, all the data frame will be encrypted using same WEP key used for authentication.

WEP encryption process steps as below.

* 24 bit cleartext IV(Initialization Vector) is randomly generated & combined with static secret key.
* key length is 40bits in 64bit WEP & key length would be 104bits in 128bit WEP.
* IV & Key with RC4 pseudo-random algorithm generate a keystream.
* Resulted key stream are then combined with plaintext data bits using XOR process.
* End result is the WEP ciphertext.
* WEP also run CRC on plaintext data & append as 32 bit ICV(Integrity Check Value) to the end of plain text data.
* WEP add 8 byte (4-IV, 4-ICV) encryption overhead resulting max MSDU from 2304 to 2312 bytes.

As you can see below WEP initialization vector (IV) include the WEP KEY ID details where receiving device can identify which key has been used for encryption.(so it can properly decrypt traffic). Also note that MSDU & ICV information will be go as encrypted text.

Since WEP has following drawbacks it has been deprecated from using. (TKIP developed to address these issues)
1. IV Collision Attack – 24bit IV it is possible IV collisions occur & an attacker can recover WEP key easily.
2. Weak Key attack –
3. Reinjection Attack – Tools exist that implement a packet injection attack to accelearate the collection of weak IV on a network with little traffic.
4. Bit-Flipping Attack – ICV data integrity check is considered weak.