35. Wi-Fi Weaknesses - WPA, WPA2, TKIP and CCMP

Software
Church of Wifi WPA-PSK Lookup Tables
https://www.renderlab.net/projects/WPA-tables/
Report
Report - Breaking wep and wpa
http://dl.aircrack-ng.org/breakingwepandwpa.pdf

35. Wi-Fi Weaknesses - WPA, WPA2, TKIP and CCMP

The WPA draft, IEEE 802.11 I standard came out in 2003. 

This was the initial WPA version to supply and hand security over the older WEP protocol. 

Typically it uses the TKIP encryption protocol. 

TKIP and TKIP stands for temporal key integrity protocol, and you can see it here, it's been selected with WPA as the WPA algorithm within DD-WRT and you have the same equivalent in other routes.

The RC4 stream cipher is used with an 128 bit per packet key, meaning that it dynamically generates a new key for each packet. 

The resulting encryption key will be different for each and every frame that's WEP key plus IV value plus Mac address equals new encryption key, which is good. 

The IV length was increased over WEP, which again is good.

TKIP is backwards compatible with the 802.11 standard, which may not be a good idea. 

It works with WEP by feeding it more keying material, which is data to be used for generating new dynamic key. 

TKIP provides a key mixing function, which allows the RC4 algorithm to provide a high degree of protection than WEP.

It also provides a sequence counter to protect against relay attacks and implements a message, integrity check mechanism. 

But TKIP is susceptible to packet injection attacks, which could decrypt arbitrary packet sent to the client. 

And this was the first research that pointed that out the report details how the attack can be used to hijack TCP connections, allow an attacker to inject malicious JavaScript.

When the victim visits our website. 

So avoid using TKIP if you can, you would only use it for backwards compatibility, or if you had an old access point, which if you do get rid of it, replace it and get a new one. 

So that was a draft standard, we've just been talking about the full WPA 2 standard IEEE 802.11.

I came out officially in 2004 and this added support for CCMP, which is counter cipher, modem blockchaining message authentication code protocol, which is intended to replace the TKIP encryption protocol mandatory for Wi-Fi certified devices since 2006. 

So when you are selecting a WPA algorithm, instead of using TKIP always use CCMP instead or often you'll see it as AES.

As you see it in this option here, and sometimes you even get the option of using both which can be for backward compatibility, but the best option is CCMP or as they put it ASE, AES they're calling it AES because CCMP is an AES based encryption counter mode mechanism, CTR. 

And it is stronger than TKIP.

802.11X technology in the new 802.11 standard provides access control by restricting network access until full authentication and authorization has been completed, which is good. 

CCMP uses CCM that combined CTR for data confidentiality. 

And CBC Mac for authentication and integrity again, which is all improvements on the downside.

AES is actually slower than TKIP, so it does need a more powerful access point. 

And that might be one reason why some legacy access points are using TKIP. 

So the recommendation here, WPA2 with AES or CCMP as you might see it, which is essentially the same thing. 

CCMP, AES it's the same option. 

So that was the encryption algorithm.

Now we have to consider the access control method. 

So let's talk about WPA2 personal, also known as WPA PSK, pre shared key and if we look here, we have WPA personal. 

We don't want that because we want to be using WPA2. 

So we've got WPA2 personal there and there's also WPA2 personal mixed. 

Now the mixed mode allows for the coexistence of WPA and WPA2 clients on a common said we don't want to be using WPA.

So we don't want to be using the mixed mode. 

So we want to be using this as our optimal option, if we're not using an enterprise mode and we'll discuss the enterprise mode in a second. 

So WPA2 personal with pre shared key, which is this is designed for home and small business networks and it doesn't require an authentication server, each wireless network device authenticates with the access point using the same 256 bit key generated from a password.

Or passphrase, this is the mode you will probably be most familiar with you set a password on their router, the wireless access point, and everyone just uses the same password on every device that is WPA2 pre shared key. 

The pre shared password, but it's poor, it's poor because everyone shares the same password.

And if you want to change it, you have to change it on all devices, which is a pain, but it does do the job on a small network, a home network of business network. 

And you can with modern firmware, like this one, you can have separate wifi networks as discoursed that you can have separate passwords for. 

So this helps to mitigate the password sharing problem.

In most cases, You want to use for a home network, a small business network. 

You want to be using WPA2 personal with a appreciate key and AES, CCMP, which is what it is set out here. 

The other option for access control method is what we have selected here WPA2 enterprise WPA 802.X mode.

This is designed for enterprise or company networks and requires a radius authentication server. 

And if look here, you can see, we have on with DD-WRT and with custom router firmware and dedicated firewalls, you will be able to get a radius server, which is an authentication server. 

This requires a more complicated setup, but provides additional security through multiple passwords.

And you can use an extensible authentication protocol EAP, which means you can use stronger authentication mechanisms like Dual certificate authentication. 

So you authenticate both the client and the server with a certificate as an example of what you can use. 

If you use EAP, this will be too complex of a setup for most home networks and probably overkill, but as viable for a technical user with high security needs creating separate wifi network.

Of different trust levels with different passwords is actually easier and is probably enough in most cases, if, of course your wifi supports that functionality. 

So you probably won't use the enterprise mode, but if you want the best security, then you are looking for Dual certificate authentication or Dual factor authentication with EAP through this WPA2 enterprise.

That's what you'd be wanting to, both WPA and WPA2 handshakes are susceptible to dictionary and brute force password guessing of the pre shared key for this reason pre shared key, or the wifi password needs to be complex. 

It needs to be very complex. 

They are only entered once per device, so should be both complex and long using special characters letters, upper and lower case and numbers.

See the recommendations in the section on password. 

Password complexity, this password complexity is the main mitigation against password guessing dictionary, brute force attacks against WPA and WPA2. 

So even if you're selecting WPA2, With all the right settings, like AES it is still susceptible to this dictionary and brute force attack.

So the mitigation is a strong password. 

So you must have a strong password and what you see here in front of you is the web page for a tool called Cowpatty, which is available in Kali, which is used for that very same attack. 

There is a salt issue or a weakness with the salt in both WPA and WPA2 both use the SSID as a soul value.

The SSID, if you're not familiar is a synonym for the network name. 

So you can see here in this example, it stationX2_4 the, as a network name that is the SSID. 

Salt and thus this SSID should be random values that are added to the encryption process to add more complexity and randomness to it.

The use of a salt means that the same password can be encrypted into several thousand different formats. 

This makes it much more difficult for an attacker to uncover the right format for your system if the salt is random. 

And as I said, WPA and WPA2 users, the SSID of the network as the salt value, I the network name, your network name or SSID might be one that is commonly used a name that is commonly used, and this would not be good.

Access points with common SSIDs are more vulnerable to password guessing and dictionary attacks. 

If they have a common name, common names include things like in your potentially seeing these yourself link says default, netgear, wireless, WLAN. 

These are all common SSIDs or network names that you can see.

And the reason they are more vulnerable, if they have a common SSID, is that hackers can precompute common passwords against, or with common SSIDs. 

To make password cracking faster, and these are referred to as rainbow tables, but in reality, hackers don't even really need to pre-compute them themselves.

They can download ones that have already been made here is the church of wifi and they have a whole bunch of rainbow tables, 1 million common passwords or pass phrases for 1000 common SSIDs. 

And that's a 33 gb file download, which will help speed up the cracking of a WPA or WPA2 password.

If the SSIDs is in this rainbow table. 

So default or common SSIDs should not be used because of this attack so change your SSIDs. 

If it is a common one, especially if it's on this list.

Complete and Continue  

Become a Member and Get Unlimited Access to 340+ Top Cyber Security Courses.