WiFi Protected Access 2 (WPA 2)

On 24th June 2004, the IEEE ratified WPA 2, officially now known as the IEEE 802.11i

standard. With the use of the Advanced Encryption Standard (AES), which was adopted as the official encryption algorithm by the United States Government in October 2000, and a host of other changes, there seemed to finally be a secure protocol for wireless transmissions that would remain secure for many years. However, with a more complex protocol came some drawbacks.

Firstly, AES needs a fairly powerful processor to encrypt or decrypt the packets as they are sent or arrive. As wireless networks may be implemented on older computers, this

WEP Encapsulation Phase 1: Key Mixing Phase 2: Key Mixing Fragments MIC Temporal Key TA TTAK Key MIC Key SA + DA + Plaintext MSDU Data TKIP Ciphertext TKIP Sequence Counters

Plaintext MSDU +

MIC Plaintext _MSDU

WEP Seed (WEP IV + RC4 key)

known as 802.11x. This standard, known as Extensible Authentication Protocol (EAP) requires the use of separate server to provide authentication. The infrastructure needed is a wireless access point wired to an Authentication, Authorisation and Accounting (AAA) server such as a Remote Access Dial In User Service (RADIUS) using one of several protocols such as token cards, Kerberos, one-time passwords, certificates, and public key authentication. The following is the steps taken to provide authentication and authorisation with EAP.

• The client sends an EAP-start message.

• The access point replies with an EAP-request identity message.

• The client sends an EAP-response packet containing the identity to the

authentication server.

• The authentication server uses a specific authentication algorithm to verify the

client's identity.

• The authentication server will either send an accept or reject message to the access

point.

The access point sends an EAP-success or reject packet to the client. If the authentication server accepts the request, then the access point will change the client's port to an authorised state and the client is now authorised on the network. The basic 802.1X protocol enforces effective authentication f whether or not encryption is implemented. If dynamic key exchange is utilised, then the 802.1X authentication server is permitted to return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is then returned to the client immediately after sending the success

message. The client uses the key message to define applicable encryption keys. (Modified from an article by Jim Geier (2002))

The IEEE 802.1X port-based network access control standard is one method of increasing security in IEEE 802 networks. A framework is used for centralised authentication, access control and key exchange. However, it fails to specify any security mechanism that should be implemented to achieve this goal. If the connection between two devices is a point-to-point architecture, then the 802.1X protocol is suitable. This is the case in a wireless LAN environment. If this is the case, the access point takes responsibility for enforcing authentication and access control and will allow or refuse access to the network to other devices. An authentication server, separate to the access point, is used perform the task of authenticating devices. The access point and server will form a security association and often use the Authentication, Authorisation and Accounting (AAA) protocol. This protocol encapsulates messages from the access point and relay them to a Remote Authentication Dial-In User Service RADIUS server. Figure 2.13 shows the IEEE802.1X architecture utilising a AAA server.

Figure 2.12: IEEE 802.1X architecture.

The IEEE does not mandate any authentication mechanism, but rather it defines an encapsulation technique known as Extensible Authentication Protocol over Local Area

AAA Server Access Point

Client

AAA Protocol IEEE 802.1X

(PPP) with additional security. EAPOL defines a way to carry EAP packets in the frames of a LAN, which means that every authentication mechanism defined for EAP is available for LANs deploying IEEE 802.1X for authentication and authorisation. Briefly, when a client station (STA) wishes to associate with an access point (AP) and therefore join the WLAN, the AP asks the STA to authenticate itself. The message from the STA is forward by AAA protocol to the AAA server, and messages flow through the AP between the STA and the AAA server. By using this method, much of the authentication process is removed from the wireless side of the LAN to the wired side, where it is much more secure from attack.

Whilst the 802.1X framework is an elegant solution to authentication and authorisation for organisations with the infrastructure in place, it can be expensive and difficult to implement in less formal environments such as the home or small office. Additionally, it requires the use of an access point connected to a server to provide the authentication. Whilst this can be done for a wireless network operating in infrastructure mode, it cannot be done for wireless networks operating in ad hoc mode. This has meant that 802.11i has been adopted in many larger organisations, but WPA and even WEP are still widely used in smaller environments, and in ad hoc mobile networks. Table 2.5 compares the properties of WEP, WPA and WPA2.

Table 2.5: Standards based encryption methods.

WEP WPA WPA2

Cipher RC4 RC4 AES

Key Size 40 bits 128 bits encryption 64 bits authentication

128 bits

Key Life 24 bit IV 48 bit IV 48 bit IV

Packet Key Concatenated Mixing Function Not Needed

Data Integrity CRC-32 Michael CCM

Header Integrity None Michael CCM