NetRef

Search

SearchSearch

Wireless Security

11 min read

Note

This page builds on the concepts in Wireless Networks and Security. Consider studying or reviewing them if you’re unfamiliar.

While security is a concern in all networks, there are particular concerns with wireless networks. Chiefly, the fact that wireless signals are not contained to a wire means that any device within range of an Access Point (AP) can receive and send (or attempt to send) traffic.

In wired networks, traffic is usually only encrypted at times when it is particularly vulnerable e.g. when it’s being transferred over an untrusted or public network like the Internet.

In wireless networks, however, it is important to encrypt all traffic sent between wireless clients and the AP, because any device within range can receive it. We can’t always stop bad actors from intercepting traffic, but with encryption we can prevent them from being able to use it.

There are three major concepts to consider when discussing wireless security. None of these are unique to wireless network security, but they are of particular importance in wireless networks.

Authentication

All clients must be authenticated before they can associate with an AP.

Further, only trusted users and devices should be given access to internal networks. In many corporate settings a separate SSID, one which doesn’t have access to the corporate intranet, is often provided for guests.

Ideally, clients will also authenticate the AP to avoid associating with a malicious AP, helping to avoid Man-in-the-middle Attacks (among others).

There are multiple common ways to authenticate, including passwords, username/password pairs, & certificates. See Wireless Authentication Methods for information on specific methods.

Encryption

Traffic sent between clients and APs should be encrypted so that it can’t be read by anyone except the AP and the client. As previously stated, anyone within range of an AP can receive all traffic between the AP and its clients. Encryption is the primary countermeasure against this; it doesn’t stop them from getting the traffic, but they won’t be able to use it without the encryption keys.

There are many encryption protocols available for wireless traffic. Importantly, the AP and its client(s) must be using the same encryption protocol or they won’t be able to decrypt each other’s messages.

As a result all devices on the WLAN will be using the same encryption protocol (the AP’s protocol), but each client will have a unique en/decryption keys so that other devices can’t read its traffic. Only the AP will have the appropriate key to decrypt a client’s traffic.

Food for Thought

If the AP needs the client’s encryption keys to read its traffic, and they can’t send any unencrypted data without risking interception, how does the AP get the client’s keys?

A ‘group key’ is used by the AP to encrypt traffic that it wants to send to all of its clients. All clients keep a copy of the group key to decrypt this traffic.

See Encryption and Integrity Methods for descriptions of particular encryption protocols

Integrity

In this context, ‘Integrity’ means the same thing as it does in the CIA Triad: Data should not be modified by a third-party. It should be complete and correct.

In other words, the message sent by the source host should be the same as the message received by the destination host.

Unfortunately, there’s a lot that can go wrong as a message is sent across the air waves: interference (deliberate or circumstantial) can change or block part of a message, for instance. To help counteract this, a MIC (Message Integrity Check) is added to wireless messages to help protect their integrity.

There are many protocols that can be used to calculate the MIC, and it is important that the sender and receiver use the same protocol.

The sender encrypts the message and MIC into a single frame. The recipient then decrypts the whole thing and independently calculates a MIC for the message. It then compares the received MIC to the one it just calculated. If they match, then the recipient will assume the message wasn’t altered in transit. If they don’t match then the message is discarded.

Info

MICs work pretty much the same as checksums. You may recall that the IPv4 Header includes a ‘checksum’ field, but that is only used to verify the integrity of the packet’s header, not the encapsulated information. MICs verify the entire message including headers/trailers and payload.

It’s worth stating clearly: The MIC does not actually protect the integrity of a message. Rather it helps identify whether or not a message’s integrity has been compromised. If it has, the message will be discarded, and, depending on the involved protocols, may be re-sent from the source.

Wireless Authentication Methods

There are many available methods for authenticating wireless connections. Only some will be listed here, and none in great detail.

CCNA Exam Note

We won’t go into detail on these as it’s unnecessary for the CCNA exam; just a basic understanding of each should be fine. That said, there are plenty of online resources to learn about each, if you’re curious.

The original 802.11 standard included two authentication options:

  • Open Authentication ^openAuth
    • The client sends an authentication request and the AP accepts it. No clients are ever denied, hence it is ‘open’.
    • Not at all secure, obviously.
    • It may be used in conjunction with other authentication methods which activate after the client is associated with the AP but before network access is granted, e.g. public wifi in a restaurant or hotel.
  • WEP (Wired-Equivalent Privacy) ^wep
    • WEP provides both authentication and encryption.
    • WEP Encryption:
      • Encrypts with the RC4 algorithm.
      • A ‘shared key’ protocol — sender and receiver need to have the same key.
      • WEP keys can be 40 bits or 104 bits in length (nothing in-between).
        • The above keys are combined with a 24-bit ‘IV’ (Initialization Vector) to bring the total length to 64 bits or 128 bits.
      • WEP encryption is not secure, regardless of key length. It should not be used on modern networks.
    • WEP Authentication:
      • First the AP sends a ‘challenge phrase’.
      • The client encrypts the challenge phrase and sends the result back to the AP.
      • Finally, the AP takes the encrypted challenge phrase and compares it to the AP’s own encrypted challenge phrase (not to the unencrypted original). If they match, then both devices must have used the same encryption key to encrypt it, meaning that the client has the correct key, and can be authenticated.
    • You can use WEP for both or either authentication and/or encryption. You shouldn’t use either in any real network.

Open Authentication doesn’t even try to be secure, and WEP isn’t secure for either authentication or encryption, so obviously better authentication methods were needed. The result was EAP (Extensible Authentication Protocol). EAP, itself, isn’t actually an authentication protocol, but rather serves as a framework on which authentication protocols, called ‘EAP methods’, can be based.

  • EAP (Extensible Authentication Protocol) ^eap
    • An authentication framework.
    • Defines a set of standardized authentication functions that can be used by various EAP Methods.
    • Four such methods (LEAP, EAP-FAST, PEAP, & EAP-TLS) are briefly described below.
    • EAP is integrated with 802.1X, which provides port-based network access control.
  • LEAP (Lightweight EAP) ^leap
    • LEAP was developed by Cisco as an improvement over WEP.
    • Clients provide username + password to authenticate
    • Additionally, mutual authentication is provided by both the client and server sending a challenge phrase to each other.
      • Like WEP challenge phrase, except the AP and client each send each other phrases. This allows the client to authenticate the AP and vice versa.
    • Dynamic WEP keys are used — the WEP keys are changed frequently.
    • Like WEP, LEAP is vulnerable and should not be used.
  • EAP-FAST (EAP Flexible Authentication via Secure Tunneling) ^eap-fast
    • Also developed by Cisco
    • Three Phases:
      1. A PAC (Protected Access Credential) is generated and passed from the server to the client.
      2. A secure TLS tunnel is established between the client and authentication server.
      3. Inside the encrypted tunnel, the client and server communicate further to authenticate/authorize the client.
  • PEAP (Protected EAP) ^peap
    • Like EAP-FAST; establishes a secure TLS tunnel between client and server.
    • Instead of a PAC, the server has a digital certificate.
    • The certificate is used to authenticate the server and establish a TLS tunnel.
    • As only the server provides a certificate the client must be authenticated within the secure tunnel.
      • For example, using MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol)
  • EAP-TLS (EAP Transport Layer Security) ^eap-tls
    • Requires a certificate on the AS and on every client.
    • Generally considered the most secure authentication method, but it’s more difficult to implement because every device needs a certificate.
    • As client and server authenticate each other with certificates, there is no need to authenticate within the TLS tunnel.
    • The TLS tunnel is still used to exchange encryption keys.

Encryption and Integrity Methods

  • TKIP (Temporal Key Integrity Protocol)

  • CCMP (Counter/CBC-MAC Protocol)

  • GCMP (Galois/Counter Mode Protocol)

  • You can include WEP in this list as well, but it was mentioned in the previous section. TL;DR: It came first, but it’s insecure. Don’t use it.

  • TKIP (Temporal Key Integrity Protocol)

    • WEP was found to be vulnerable, but wireless hardware at the time was built to use WEP.
    • A temporary solution was needed until a new standard could be established, and new hardware phased in.
    • TKIP is based on WEP but adds a number of security features:
      • Uses a MIC to protect message integrity
      • A Key Mixing Algorithm is used to create a unique WEP key for every frame.
      • The Initialization Vector is doubled in length from 24 to 48 bits, making brute-force attacks much more difficult.
      • The MIC includes the sender MAC address to identify the frame’s sender.
      • A Timestamp is added to the MIC to prevent replay attacks. 1
      • A TKIP sequence number is used to keep track of frames sent from each source MAC address. This also protects against replay attacks.

  • CCMP (Counter/CBC-MAC Protocol)

    • Developed after TKIP and is more secure.
    • It is used in WPA2
    • To use CCMP, it must be supported by the device’s hardware. Old hardware built only to use WEP/TKIP cannot use CCMP.
    • Uses two algorithms to provide encryption and MIC
      • AES (Advanced Encryption Standard) counter mode encryption
        • Probably the most secure encryption protocol currently available (at least that’s commonly used).
        • There are multiple modes of operation for AES; CCMP uses ‘counter mode’.
      • CBC-MAC (Cipher Block Chaining Message Authentication Code) is used as a MIC to ensure the integrity of messages.

  • GCMP (Galois/Counter Mode Protocol)

    • More secure & efficient than CCMP.
    • The increase in efficiency means a higher data throughput than CCMP.
    • Used in WPA3.
    • Like CCMP, GCMP uses two algorithms:
      • AES counter mode encryption
      • GMAC (Galois Message Authentication Code) is used as a MIC to ensure message integrity.

Wi-Fi Protected Access (WPA)

The Wi-Fi alliance has developed three WPA certifications for wireless devices:

  1. WPA
  2. WPA2
  3. WPA3

For a device to be WPA (or WPA2/3) certified, it must be tested in an authorized lab. All WPA certified devices support two authentication modes:

  • Personal Mode: A pre-shared key (PSK) is used for authentication. For example, when you connect to a home WiFi network via a password. This is typical for small networks.

    • Note that the PSK is never actually sent over-the-air. A four-way handshake is used for authentication, and the PSK is used to generate encryption keys.

  • Enterprise Mode: 802.1x is used with an authentication server (e.g. a RADIUS server). No specific EAP method is specified, so all are supported.

  • The first WPA certification was developed after WEP was found to be vulnerable and includes:

    • TKIP for encryption/MIC
    • 802.1x authentication (Enterprise mode) or PSK (Personal mode)

  • WPA2 was released in 2004 and includes the following protocols:

    • CCMP provides encryption/MIC.
    • 802.1x authentication (Enterprise mode) or PSK (Personal mode)

  • WPA3 was released in 2018 and includes the following protocols:

    • GCMP provides encryption/MIC
    • 802.1x authentication (Enterprise mode) or PSK (Personal mode)
    • WPA3 also provides several additional security features, for example:
      • PMF (Protected Management Frames) - protects 802.11 frames from eavesdropping/forging
      • SAE (Simultaneous Authentication of Equals) - protects the four-way handshake when using personal mode authentication.
      • Forward Secrecy - prevents data from being decrypted after it has been transmitted over-the-air. An attacker can’t capture wireless frames and try to decrypt them later.

Port-Based Network Access Control

802.11x is used to limit network access to clients until they authenticate.

There are three main entities in 802.11x:

  • Supplicant: The device that wants to connect to the network.
    • E.g. a laptop or phone
  • Authenticator: The device that provides access to the network.
    • E.g. An access point or WLC
  • Authentication Server (AS): The device that receives client credentials and permits/denies access.

Footnotes

  1. An attacker captures authentic (and therefore correctly encrypted) traffic and resends it, possible multiple times. E.g. an attacker has someone transfer money to their bank account, captures the traffic, then resends it triggering multiple identical transfers.

Graph View

Backlinks