Improving WPA and WPA2

Improving WPA and WPA2 Introduction: WPA is an acronym for â€Å"Wi-Fi Protected Access†. It was designed and developed by Wi-Fi alliance as a reponse to the weaknesses and vulnerabilities in the previous wireless security protocol i.e. WEP (Wired Equivalent Privacy). It is a certification program developed by WiFi alliance to indicate compliance with the previous security protocol and secure wireless networks. WPA2: WPA2 is vulnerable to insider attack(If attacker is in the network or somehow gets into the network) under certain conditions. Following are the attacks on WPA/WPA2: PSK (Pre-Shared Key) vulnerability. PSK cracking tool, Eavesdropping. (Attack on PSK Authentication) PEAP mis-configuring Vulnerability. (Attack on Authetication Server) TKIP Vulnerability. (Attack on Encryption) Encyption in WPA2: There are two types of keys used in WPA2 for encryption: Pairwise key(PTK): It is used to protect unicast data frames. Group key (GTK): It is used to protect group addressed data frames like Broadcast APR data request frames. It is used as an encryption key in Access Point(AP) while as a decryption key in Client. Analysis and Improvement of 802.11i (WPA2): The security requirement for WLAN(Wireless Local Area network) industry are data confidentiality. Intergrit, mutual authentication and availability. Primary recommendations: CCMP should be used for data confidentiality. Mutual Authentication must be implemented for security concerns. Addresses DoS(Denial of Service ) in MAC (Medium Access Control)layer. Wireless Threats: Passive Eavesdropping/ Traffic Analysis: An attacker can easilty sniff and store all the traffic in the WLAN. Message Injection / Active Eavesdropping: An attacker is capable of inserting a message into the wireless network with the help of NIC cards(Network Interface cards). Attacker can generate any choosen packet, modify contents of the packet and completely control the transmission of the packet. Message Deletion and Interception: It is done by interfering with the packet reception processon the receivers antenna. eg. Causing CRC errors so that the receiver drops the packet. Message interception means that an adversary is able to control a connection completely i.e an attacker can capture a packet before the receiver actually receives it and decide whether to delete the packet or forward it to the receiver. Masquerading and Malicious AP (Access Point): An attacker can learn MAC addresses by eavesdropping and it can also spoof MAC address. Session hijacking: An adversary may be able to hijack alegitimate session after the wireless devics have finished authenticatin themselves successfully. It can be overcome using data confidentiality and strong integrity meachanism Man in the Middle Attack (MitM): ARP cache posioning is a type of Man in the Middle Attack in case of wired connection. Denial of Service(DoS): An adversary is capable of making the whole Basic Service Set (BSS) unavailable, or disrupting the connection between legitimate peers . Ex. forging the unprotected management frames, protocol weaknesses or jamming of frequency bands with denial of service to the legitimate users. Data Confidentiality and integrity: It defines threee confidentiality security protocols: WEP (Wired Equivalent Privacy). TKIP (Temporal Key Integrity Protocol) CCMP (Counter Mode Cipher Blocking chaining MAC (Message Authetication Code) Protocol). A temporal key (TK) is assumed tobe shared between peers before executing any data confidentiality protocols. Authentication and Key Management: There are two types of Authetication systems: Open System Authetication. Shared Key Authentication. These are not secured so IEEE802.11i definesa new standard viz. RSNA (Robust Security Network Association) RSNA establishment procedure: Network and Security Caability Discovery. 802.11 Authentication and Association. EAP / 802.1X / RADIUS Authentication. 4-way handshake Group key handshake. Secure data communication. Availability: Main cause is due to DoS attack: First, an adversary can launch an 802.11i attack much more easily than a physical layer attack, with only moderate equipment. Second, it is much more difficult for a network administrator to detect and locate these attacks. Layer abstraction is a very important concept in networks, requiring each layer to provide independent functionality separately. Michael Algorithm is used to solve above problems. It woks as follows: When a incorrect packet is detected by Access point, it waits for 60 secs,within this time span of 60 secsif another incorrect packet is received by access point from the same source then it shut down that link. Application: 1. Security for Mobile ATE: The data collected from hardware systems using mobile phones, PDAs application needs to be protected as currently many internet like things are done on mobiles only. We are also aware that the security in mobile phones while accessing internet is not secured.To overcome this, many ATE (Automatic test Equipment) are isolated from networks and run in stand-alone environments. An ATE system describes a single hardware device performing test measurements or a group of devices testing another hardware system. Mobile app developers need to focus on securing data using apps: Configuration of the mobile device. Apps running on the device. Equipment communicating with the device. Wireless connection between the device and ATE. When ATE is sending data out from the device, it can use an https connection, data encryption and user authenticationto ensure that the non-trusted sources will not have access to the data.The wireless connection between the device and the server should be secured using wireless security protocols like WPA,WPA2, HTTPS and AES encryption. Below fig. shows the security concerns for the mobile devices. Fig. Major Mobile Application Server Areas Securing the Wireless Connection: The mobile device should never connect to the ATE system through an unsecure WiFi network. Users must connect to the networks that implements strongest security protocol with encryption included. In strict scenarios, the application must use a secure VPN(Virtual Private Network) to connect to the server. Securing the mobile Device: No amount of coding, server configuration or wireless setup will be useful if the hardware containing the mobile application has already been compromised. Before installing any application on the mobile device, user must check that they have ot already compromised their systems security features by jailbreaking or rooting the device. A jailbroken device is that device where user removes â€Å"Operating system limitations imposed by the manufacturer†. By both of the process i.e. jailbreaking or rooting, all of the security features that the system designers built-in to protect users are put into jeopardy. Securing the Application: Application must not gain too much controlof the mobile device. Each application must be independent of each other i.e one application must not call other application or use resources of the other. Securing the ATE system: The administrator and the developer on the ATE server need to work together to assure that the server providing the mobile apllication data is secure. Most of the data processing must be done on the ATE server side as it is difficult for the attacker to access data and also computing power is ore on server side. (A)Data Acquisition Methodology: Obtaining black -listed IP addresses: It was obtained from a german website, which was not up-to-date. This blacklisted IP addresses were the primary source for quantifying illegal activities. Associating blacklisted IP addresses with geographic locations: IP addresses were never assigned to a specific geographical area or region. IP addresses were assigned to organisations in blocks or assigned to residences through fixed commercials ISPs. Maxmind provided one such tool named GeoIP. The GeoIP tool contains a database of IP addresses and their corresponding global location information viz. City, State, Country, longitude and latitude. Obtaining security statistics of WiFi deployments: The statistics of WiFi deployments such as percentage of secure access points and the number of blacklisted IP address occuring within the specific deployments for cities. (B) Data Manipulation Methodology: It involves processing the data. Depending on the number of IP addresses balcklisted, city were choosen i.e the city having highest number of blacklisted IP addresses were considered. Data Analysis Methodology: We generated derived statistics of fileds such as IP address availability, WiFi network security and the number of blacklisted IP addresses. Results of Data realated Methodology: Suggestion: After 2006, every wireless enabled device is WPA/WPA2 certified and Trademarked by WiFi alliance. The biggest hurdle is that users are unaware of the wireless security protocols and in the security dialogue box also first one is â€Å"None† and after that there is a list from WEP to WPA2. It has been seen that the user choose â€Å"None† or WEP as a security protocol without knowing exactly what that security protocol does as it comes earlier in the list. So, the first and the foremost thing is do make user aware of the protocols and advice them to use better protocol as per the requirements. For Ex.,Corporate world must use the toughest to decipher protocol whereas normal user can use somewhat lighter version of the protocol with good password, but it must never have the Wireless access without any security protocol i.e. none. References: Security for Mobile ATE Applications by Susan Moran. Malicious WiFI Network: A First Look by Andrew Zafft and Emmaneal Agu. Security Analysis and Improvements for IEEE 802.11i by Changhua He and John C Mitchell .