Digital Podcast

CTS 056: Legacy Wi-Fi Security


Join Now to Share


Clear To Send: Wireless Network Engineering show

Summary: Pre-RSNA (Robust Security Network Association) is the main topic for this episode. Francois and I talk about why you shouldn’t be using these legacy security methods and in future episodes we talk about the Wi-Fi security mechanisms you should be using. This is part one of a multi-part series.<br> In the 802.11 Standard there are two ways to join a BSS:<br> <br> * <a href="http://www.cleartosend.net/cts-015-authentication-and-association/" target="_blank">Open System Authentication</a> (WEP can then be used to encrypt the communications) OR<br> * Shared Key Authentication (WEP is used for both the authentication and to encrypt the communications)<br> <br> Legacy Security Methods<br> WEP<br> A couple of weaknesses have been found on WEP and it makes it very easy to crack.<br> The characteristics of WEP include:<br> <br> * Using static keys<br> * Uses RC4 as a Cipher for encryption<br> * Attacks against WEP:<br> <br> * Collision attack against the IV (Initialization Vector) – only 24 bits (repeat itself every 16 millions frames)<br> * Attack against the weak encryption keys (40 or 104 bit)<br> * Packet injection is a technic used to speed up the attacks against WEP<br> * The ICV (Integrity Check Value) mechanism is also considered weak (Bit-flipping attack can be used to alter WEP packets)<br> <br> <br> <br> <br> MAC Filtering<br> This is not really a security method but a common one people use. MAC filtering is a way to create a whitelist of MAC addresses allowed to join the Wi-Fi network. It’s easy to capture packets to find an authorized MAC address and then spoof it. L2 information are not encrypted in 802.11 frames. L3 to L7 is encrypted.<br> Hidden SSID<br> Another method which is not really security but commonly used. The SSID is not broadcasted in the beacon frames. The SSID still visible is management frames when a STA connects to it. You can spot the hidden SSID in a directed Probe Request frame.<br> TKIP<br> It has been cracked. Not as easily as WEP but it has been cracked (using the same Cipher: RC4). Has been replaced by CCMP/AES. Also, TKIP only allows speeds up to 54Mbps. Like WEP, TKIP will be going away.<br> Links and Resources<br> <br> * <a href="http://www.cleartosend.net/cts-015-authentication-and-association/" target="_blank">802.11 Authentication and Association</a><br> * <a href="https://mrncciew.com/2014/10/10/802-11-mgmt-authentication-frame/" target="_blank">mrn-cciew</a><br> <br>