Since the time that wireless Wi-Fi networks began to emerge,
such networks have been scrutinized as being security risks. As a result of
such scrutiny, there are dozens of techniques that can be used to secure
wireless networks, and I personally believe that when security is applied
correctly, it is possible to make a wireless network even more secure than most
wired networks.

Before you can even hope to reach this level of security
though, you need to understand the threats to wireless security, and the countermeasures
against such threats. It’s impossible for me to discuss all of the various
wireless security threats in the amount of space that I have to work with. I do
however want to use this opportunity to discuss some of the newer wireless
exploits and what you can do to counter them.

Encryption, Encryption, Encryption

Wireless networks are inherently insecure. Anyone with a
laptop and a wireless NIC can easily spy on anything being sent across a
wireless network. This one point has received so much mainstream media
attention that I was shocked to learn that as of December 2004, an estimated
sixty to seventy percent of all wireless networks still do not use encryption.

Granted, a lot of these unprotected networks are home and
small business networks. For most home and small business users, WEP is the
only available type of encryption. Most people who choose not to enable WEP do
so because they either don’t know that it exists, they don’t know how to enable
it, or they know that WEP can be cracked, so they figure that there is no point
in installing it.

That being the case, I should probably write a paragraph
explaining why you should ditch your existing wireless equipment in favor of
something more secure. However, I know that budgets can be tight, especially
around the home or for small businesses. Although newer Wi-Fi equipment will
give you better security, I know that upgrading equipment might not be an
option.

If you find yourself in a situation in which WEP is the only
type of encryption supported by your wireless equipment, and you can’t upgrade
to something better, then my recommendation is to go ahead and implement WEP
encryption, even though it is flawed. There are a couple of reasons for this.
First, there is no reason to just hand a hacker an unsecured network. If
someone wants to hack your network, make them work for it. Besides, WEP
encryption is not as easy to hack as the media makes it out to be. The hacker
must capture a very large number of packets before they can break the
encryption. It would take the average home user about two to four weeks to do
enough Internet surfing to produce enough data to compromise a WEP key. Few
hackers are patient enough to spend a month waiting on enough data to get a WEP
key for a home network, especially if your neighbors have a wireless network
that isn’t encrypted.

For small businesses, the amount of time that it would take
to produce enough data to compromise a WEP key really varies depending on the
number of employees and the nature of the employee’s jobs.

In either case, you can dramatically increase the security
of WEP by changing your WEP keys frequently. As long as WEP keys are changed
prior to enough data being transmitted to allow a hacker to decipher the keys,
then WEP can be an effective form of encryption.

It is still advisable to use newer encryption techniques
rather than WEP though, because there are techniques that hackers can use to
acquire enough data to decipher your WEP key more quickly. One such technique
involves using a laptop or a jamming device to perform a limited denial of
service attack against the network. The idea is to produce interference so that
about half to a third of the packets being wirelessly transmitted do not reach
their destination. This causes the machine that’s sending the packets to
retransmit the packets that have not been received. Forcing excessive
retransmissions greatly expedites the amount of time that it takes to capture
the required amount of data.

One way to protect yourself against this type of attack is
to configure your wireless equipment to use the smallest possible frame size.
Smaller frames are less efficient than larger ones, but are much less
susceptible to interference. Here’s an example that’s over simplified, but it
gets the point across. Imagine that you had a 10 KB message to transmit and you
were using a 10 KB frame size. If any portion of the frame were not received
correctly, then the entire 10 KB would have to be retransmitted. However, if a
1 KB frame size were used, then the 10 KB message would be transmitted across
ten different frames. If a small amount of interference was encountered, then
one of the frames might be disrupted. However, only that one, 1 KB frame would
have to be retransmitted rather than the entire 10 KB.

As I said, this example was grossly over simplified because
it doesn’t take into account the overhead associated with each frame, but I
wanted to make a point. Smaller frame sizes are less efficient than larger
frame sizes because there is a certain amount of overhead associated with each
frame. Smaller frame sizes mean that more frames will be required, and more
frames mean more overhead. Therefore, in a sense, you are placing more traffic
on your network by using smaller frame sizes, but at the same time, doing so
greatly limits an attacker’s ability to effectively force a lot of
retransmissions.

Temporal Key Integrity Protocol

When I set out to write this article, I had originally
intended to talk about some of the vulnerabilities associated with TKIP
(Temporal Key Integrity Protocol), which many security experts consider to be
uncrackable. However, there are still so many people using WEP or no encryption
at all, I felt obligated to spend some time discussing it,

Let me say up front that TKIP is substantially more
difficult to crack than WEP, and in some instances may very well be impossible
to crack. However, there are multiple ways in which TKIP can be implemented,
and a weak implementation can lead to TKIP being cracked. Before you can
understand why this is possible, you need to understand how TKIP works.

One of the things that made WEP so vulnerable was the use of
a shared key. Any time WEP encrypts data, the encryption is based on the shared
key, plus three semi-random digits. The shared key is static and is never
changed unless an Administrator does so manually. It’s the static and long term
nature of the shared key that makes WEP vulnerable to cracking.

Like WEP, TKIP relies on shared keys, but the shared keys
are usually dynamic in nature. TKIP is designed to use 802.1x and a RADIUS
server to generate, rotate, and distribute shared keys. This approach
guarantees that shared keys are changed very frequently. To the best of my
knowledge, a wireless network encrypted with TKIP that is also using 802.1x and
RADIUS has yet to be cracked.

The problem with TKIP is that 802.1x and RADIUS are not
requirements. TKIP is designed so that if hardware constraints prevent the use
of 802.1x, then a preshared key can be used as the basis for key establishment.
Although the TKIP specification permits each client to use a different
preshared key, the only existing real world implementations use a single
preshared key for the entire network. Is this starting to sound familiar?

Before you come to the conclusion that TKIP is no better
than WEP because of the way that it uses preshared keys, there is a big
difference that you need to understand. In a WEP environment, the preshared WEP
key is combined with three other digits and is used to encrypt the data being
transmitted. In TKIP, the preshared keys are used to generate Pairwise
Transient Keys (PTK). It’s the way that the PTKs are generated and distributed
that produces the vulnerability.

The keys are distributed via a four way handshake process
and are created by using a repetition of the first two packets of the
handshake, the two MAC addresses involved in the handshake, and the preshared
key. A network sniffer can easily expose the handshake process (and the bits
included in it) and the MAC addresses of the hosts involved in the process.
Since this information is so easy to get, all you need is the preshared key,
and you can start spoofing PTKs (or you could even create legitimate PTKs).

So the million dollar question is how do you get the
preshared key? It isn’t quite as easy as getting a WEP key, but it can be done.
In WEP, an administrator enters a short pass phrase and the pass phrase
combined with three extra digits is used to encrypt traffic. In a TKIP
environment, the preshared key is always going to be 256 bits long. Few
administrators are going to create and remember a 256 bit (32 character) pass
phrase. Therefore, what ever pass phrase the administrator enters is combined
with other data and then hashed to produce the preshared key.

The process works like this: The pass phrase is concatenated
with the ESSID and the ESSID’s length. The resulting string is then hashed
4,096 times to create a 256 bit key. Right now, you are probably thinking that
it would take an eternity to crack a 256 bit shared key that has been hashed
over 4,000 times. It might not be as difficult or as time consuming as you
think though.ï¿? According to the 802.11i standard, a typical pass phrase has
about two and a half security bits per character. When you take into account
the ESSID, a pass phrase of X characters would have approximately 2.5X+12
security bits.

This means that a 20 character pass phrase would have an
average of just 62 security bits. A high end PC could break the encryption
through brute force in less than a day. As you can see, a word to the wise
would be that if you are planning on using TKIP with shared keys, then you
should really consider making your pass phrase over 20 characters long to
prevent it from being cracked too easily.

The only piece of the puzzle left is the tool that you would
use to perform the brute force crack with. At the moment, I am not aware of a
brute force password cracker for the preshared key, but then again, I am not a
professional hacker either. What I can tell you is that the preshared key is
created based on applying the PBKDF2 cryptographic method to a combination of
the pass phrase, the ESSID, and the ESSID’s length. If you are not familiar
with PBKDF2, it is based on the PKCS #5 version 2.0 cryptography standard that
is commonly used to encrypt passwords. Therefore, if someone wanted to either
download or create a brute force password cracker that could decipher the
preshared key, they would simply need to look for (or write) a cracker based on
PBKDF2.

OK, so it is possible to derive the preshared keys by
dissecting the PTKs, but doesn’t TKIP still use PTKs even if 802.1x and RADIUS
are in use? Yes it does, but you have to remember that in an 802.1x environment
the keys change as often as the administrator wants them to. This can be every
week, every hour, or even every couple of minutes. Since the PTKs are based on
keys, if the keys change, the PTKs will change as well. By the time someone
deciphers the key by analyzing the PTKs, the key will either have already been
changed or will be about to expire.

Not perfect, but better than WEP

As you can see, TKIP combined with 802.1x and RADIUS is by
far the safest choice for encrypting data flowing across a wireless network.
You can further protect the security of your data by implementing additional
encryption at the TCP/IP level. For example, you could encrypt data with IPSec
prior to transmitting it. The reason why you might want to do this is because
although TKIP has yet to be cracked when used in conjunction with 802.1x and
RADIUS, there have been reports of hackers combining man in the middle attacks
with denial of service attacks in an effort to intercept and manipulate
strongly encrypted data flowing across wireless networks.

The actual technique is very complicated. The technique
involves setting up a laptop with two different wireless NICs. One NIC is used
as a jammer to block access to a legitimate access point. The other NIC is used
as a rogue, software based access point. The laptop is also running a RADIUS
server in the background. The idea is that clients latch on to the hacker’s
machine rather than the legitimate access point, and data is exposed as a
result. This is why additional levels of encryption are advisable.