Another attack has been proven possible on unbreakable wireless networks. I have heard WEP called "unbreakable" and I have heard the word "unbreakable" used for WPA after WEP was broken. But now both WEP and WPA have been broken. WPA2 seems to be the next best thing. However, the situation is not as dire as some make it sound. There are four items that must be secured to be able to resist the latest wireless exploits. Break these rules and you are you are vulnerable to the attack:

1. WPA1 and not WPA2 must be in use.
2. WMM (Wireless MultiMedia) Quality of Service must be turned on in one attack, but not in the other. See the section on “recent attacks” below for more details.
3. Personal mode with PSK (Pre-Shared Key) must be used instead of enterprise, 802.1x, or certificate based security.
4. TKIP (Temporary Key Integrity Protocol) must be used instead of CCMP (Cipher block Chaining Message authentication Protocol).

This write-up focuses on an enterprise network, but a quick overview for the home network is included in the conclusion. If all you are worried about is a home situation then you may want to skip directly to the conclusion.

WPA vs WPA2

WPA2 debut in March of 2006 so any administered network has no excuses if the first criteria is not met.

When it comes to encryption and authentication the main difference between WPA and WPA2 is two-fold. First, authentication is made much more flexible and more likely to be properly used because there are several different authentication modes or EAPs (Extensible Authentication Protocol) to meet a enterprises needs. There were only two in WPA enterprise. Next, WPA2 mandates strong encryption (either TKIP or AES) whereas WPA left their use optional.

The five authentication methods currently available are:

1. EAP-TLS
2. EAP-TTLS/MSCHAPv2
3. PEAPv0/EAP-MSCHAPv2
4. PEAPv1/EAP-GTC
5. EAP-SIM; a protocol for the mobile environment that put the certificate on a SIM card for use with SMS messages.

Both WPA and WPA2 personal mode calls for a PSK (Pre-Shared Key) and the enterprise mode in WPA used EAP-TLS. The PSK option could be made more secure by using a long and complex shared secret. The WPA or WPA2 enterprise option is more secure because even if a key is broken it would be useless unless the intruder already had the certificate.

EAP-TLS/MSCHAP

The EAP-TLS method that was used in WPA is secure but very difficult because of the need to have an x.509 certificate on the Radius server, a certificate on every client that connected to the AP, and a PKI must already be in place for key distribution- a major headache for cryptography for years. So while EAP-TLS is considered very secure, it was rarely used properly because of the implementation problems.

EAP-TTLS/MSCHAPv2

This is an improvement in terms of ease-of-use over EAP-TLS in that the client does not need to be authenticated via a CA-signed PKI certificate to the server. It only needs the server to authenticate the client. So a certificate does not need to be installed on every client which just makes implementation much easier.

The problem is that it is not natively supported in XP, 2000, or mobile 2003. There are, however, options to patch Windows XPsp2.

PEAPv0/EAP-MSCHAPv2

This method has rather fragmented by vendors. For example; Microsoft has an implementation they call PEAP-EAP-TLS which no other vendor supports. That version is very secure and very similar to the EAP-TLS method because it requires the PKI infrastructure except that it does a more thorough job at encrypting all parts of the packet. In the standard PEAPv0, the user name is left unencrypted which leaves the network open to privacy concerns and possible Denial-of-Service attacks.

PEAPv1/EAP-GTC

This was created by Cisco as a replacement for PEAPv0 and used Generic Tokens (GTC) instead of Microsoft's MSCHAP as an internal authentication protocol. However, between Microsoft's disinterest in a protocol beyond their own, and Cisco's interest in other authentication protocols (LEAP, FAST-EAP), this has no native OS support and is rarely used.

TKIP

Tkip (Temporary Key Integrity Protocol) was a temporary stop-gap to replace WEP and allow for more secure certificate based authentication with legacy hardware. It has outlived it's use and will soon be deprecated.

While it is much more secure by making encrypted data much less predictable by mixing the IV (Initialization Vector) with the secret key and using a different encryption key for every packet. In WEP, the IV and the key were concatenated which creates predictable text giving someone breaking in a clue they could use to figure the rest out. The fact that the key was consistent though out the document only made it even easier.

recent attacks

In November 2008, researchers Martin Beck and Erik Tews found a way to break into TKIP secured networks in about 12 minutes. The only reason it took so long is that if a TKIP protected access point gets a couple of wrongly keyed packets within a certain time frame, it will create a completely new encryption key. So they slow the attack down to not trigger the re-keying methods.

Later, Japanese researchers Toshihiro Ohigashi and Masakatu Morii found a way to perform the same attacks without the need for WMM.

Both attacks only works on TKIP and is immune if the AES standard is used.

conclusion

Of course an access point that is either unsecured or secured with only WEP is vulnerable for other reasons. According to George Ou at ZD-Net, unsecured wireless networks are still common. Even in the mobile home park I live in most people know enough to secure their wireless networks.

This paper only worries about the authentication and encryption benefits of WPA2, but there are others such as a faster connection time.

If you are maintaining a home network then your best bet is to use the WPA2 personal mode with a strong shared secret (password). WPA2 personal has two ease-of-use benefits. First of all, encryption is automatically turned on once you use it, and both encryption and authentication use the same key. Not a secure option on the enterprise, but a good compromise in the home where keeping track of several keys would be difficult and probably result in fewer people using it. Just be suree to use a long and complex password/passphrase which will make bruteforce attacks difficult if not impossible.

In an enterprise network, you would want to use WPA2 enterprise (surprise!) using For encryption, always use AES instead of TKIP encryption. Which authentication option you choose depends on your situation.

• If you are working with a diverse client-base, and a PKI is already in place then use EAP-TLS.
• If a password based solution is adequate and you only have Microsoft clients and servers then use PEAPv0.
• If a password based solution is adequate and you don't have any XP or Vista clients then use EAP-TTLS.
• If a password based solution is adequate and you have a mix of XP, Vista, and Apple clients then use both PEAPv0 and EAP-TTLS.
• If you have a strictly Cisco network and will never change, then LEAP is adequate.

References

• ZDNET; George Ou; June 2, 2005
  http://blogs.zdnet.com/Ou/?p=67
• Global Knowledge white paper; WPA2 Security: Choosing the Right WLAN Authentication Method for Homes and Enterprises; Benjamin Miller, Global Knowledge Instructor
  http://images.globalknowledge.com/wwwimages/whitepaperpdf/WP_Miller_WPA2Security_P.pdf
• Temporal Key Integrity Protocol
  http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol
• Extensible Authentication Protocol
  http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol