Chapter 11 - 02 - Understand Wireless Network Encryption Mechanisms - 03_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Wireless Network Security Exam 212-82 Comparison ofW'EP PR, Encryption Attributes Encryption Algorithm IV Size Encryption Key Length Key Management Integrity Check Mechanism 24-bits 40/104-bits None CRC-32 WPA RC4, TKIP 48-bits 128-bits 4-way LT WPA2 AES-CCMP 48-bits 128-bits handshake CBC-MAC WPA3 AES-GCMP 256 Arbitrary length 1- 264 192-bits ECDH and ECDSA BIP-GMAC-256 P WPA2 @ WPA3 Michael algorithm and CRC-32 4-way Incorporates protection against forgery and replay attacks Provides enhanced password protection and secured IoT connections; encompasses stronger encryption techniques Copyright © by EC- cil All Rights Reserved. Reproduction is Strictly Prohibited. Comparison of WEP, WPA, WPA2, and WPA3 WEP provides data confidentiality on wireless networks, but it is weak and fails to meet any of its security goals. While WPA fixes most of WEP’s problems, WPA2 makes wireless networks almost as secure as wired networks. Because WPA2 supports authentication, only authorized users can access the network. WEP should be replaced with either WPA or WPA2 to secure a Wi-Fi network. Though WPA and WPA2 incorporate protections against forgery and replay attacks, WPA3 can provide a more enhanced password-protection mechanism and secure loT connections; further, it utilizes stronger encryption techniques. The below table compares WEP, WPA, WPA2, and WPA3 in terms of the encryption algorithm used, the encryption-key size, the initialization vector (IV) it produces, key management, and data integrity. Encryption Attributes Encryption Algorithm IV Size Encryption Key Length Key Management Integrity Check Mechanism WEP RC4 24-bits 40/104-bits None CRC-32 WPA RC4, TKIP. 48-bits. 128-bits 4-way handshake Michael algorithm and CRC-32 WPA2 AES-CCMP 48-bits 128-bits 4-way handshake CBC-MAC Ieggf{a_ryzm 192-bits | ECDH and ECDSA | BIP-GMAC-256 WPA3 | AES-GCMP 256 Table 11.2: Comparison of WEP, WPA, WPA2, and WPA3 Module 11 Page 1439 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Wireless Network Security © Issues Exam 212-82 Issues in WEP, WPA, and WPA2 4 in WEP Issues in WPA Issues @ in WPA2 CRC-32 does not ensure complete cryptographic integrity Pre-shared key is vulnerable to eavesdropping and dictionary attacks Pre-shared key is vulnerable to eavesdropping and dictionary attacks IVs are 24 bits and sent in cleartext Lack of forward secrecy Lack of forward secrecy WPA-TKIP is vulnerable to packet spoofing and decryption attacks Hole96 vulnerability makes WPA2 vulnerable to MITM and DoS attacks Vulnerable to known plaintext attacks Insecure random number generator (RNG) in WPA allows the discover of GTK generated by AP Prone to password cracking attacks Insecure random number generator (RNG) in WPA2 allow attackers to discover GTK generated by AP KRACK vulnerabilities make WPA2 vulnerable to packet sniffing, Vulnerabilities in TKIP allow attackers to guess the IP address of the subnet Lack of centralized key management connection hijacking, malware injection, and decryption attacks Copyright © by EC- Issues in WEP, WPA, iL All Rights Reserved. Reproductionis Strictly Prohibited. and WPA2 Issues in WEP WEP encryption is insufficient to secure wireless networks because of certain issues and anomalies, which include the following. CRC32 is insufficient to ensure the complete cryptographic integrity of a packet: By capturing two packets, an attacker can reliably flip a bit in the encrypted stream and modify the checksum so that the packet is accepted. IVs are of 24 bits: The IV is a 24-bit field, which is too small to be secure, and is sent in the cleartext portion of a message. An AP broadcasting 1500-byte packets at 11 Mbps would exhaust the entire IV space in five hours. WEP is vulnerable to known plaintext attacks: When an IV collision occurs, it becomes possible to reconstruct the RC4 keystream based on the IV and the decrypted payload of the packet. WEP is vulnerable to dictionary attacks: Because WEP is based on a password, it is prone to password-cracking attacks. The small IV space allows the attacker to create a decryption table, which is a dictionary attack. WEP is vulnerable to DoS attacks: This is because associate and disassociate messages are not authenticated. An attacker can eventually construct a decryption table of reconstructed keystreams: With approximately 24 GB of space, an attacker can use this table to decrypt WEP packets in real time. A lack of centralized key management makes it difficult to change WEP keys regularly. Module 11 Page 1440 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Wireless Network Security = Exam 212-82 |Vis a value used to randomize the keystream value, and each packet has an IV value: The standard IV allows only a 24-bit field, which is too small to be secure, and is sent in the cleartext portion of a message. All available IV values can be used up within hours at a busy AP. IV is a part of the RC4 encryption key and is vulnerable to an analytical attack that recovers the key after intercepting and analyzing a relatively small amount of traffic. Identical keystreams are produced with the reuse of the IV for data protection because the short IV keystreams are repeated within a short time. Furthermore, wireless adapters from the same vendor may all generate the same IV sequence. This enables attackers to determine the keystream and decrypt the ciphertext. = The standard does not require each packet to have a unique small part of the available 24-bit possibilities. Consequently, on randomness is not random and decrypt other messages. = IV: Vendors use only a a mechanism that depends at all, and attackers can easily determine the keystream The use of RC4 was designed to be a one-time cipher and not intended for use with multiple messages. Issues in WPA WPA is an improvement over WEP in many ways because it uses TKIP for data encryption and helps in secured data transfer. However, WPA has many security issues as well. Some of the security issues of WPA are as described follows. = Weak passwords: If users depend on weak passwords, the WPA various password-cracking attacks. PSK is vulnerable to = Lack of forward secrecy: If an attacker captures a PSK, they can decrypt all the packets encrypted with that key (i.e., all the packets transmitted or being transmitted can be decrypted). = Vulnerability to packet spoofing and decryption: Clients using WPA-TKIP are vulnerable to packet-injection attacks and decryption attacks, which further allows attackers to hijack Transmission Control Protocol (TCP) connections. = Predictability of the group temporal key (GTK): An insecure random number generator (RNG) in WPA allows attackers to discover the GTK generated by the AP. This further allows attackers to inject malicious traffic in the network and decrypt all the transmissions in progress over the Internet. = Guessing of IP addresses: TKIP vulnerabilities allow attackers to guess the IP address of the subnet and inject small packets into the network to downgrade the network performance. Issues in WPA2 Although WPA2 is more secure than WPA, it also has some security issues, which are discussed below. = Weak passwords: If users depend on weak passwords, the WPA2 PSK is vulnerable to various attacks such as eavesdropping, dictionary, and password-cracking attacks. Module 11 Page 1441 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Wireless Network Security Exam 212-82 = Lack of forward secrecy: If an attacker captures a PSK, they can decrypt all the packets encrypted with that key (i.e., all the packets transmitted or being transmitted can be decrypted). = Vulnerability to man-in-the-middle (MITM) and denial-of-service (DoS) attacks: The Hole96 vulnerability in WPA2 allows attackers to exploit a shared group temporal key (GTK) to perform MITM and DoS attacks. = Predictability of GTK: An insecure random number generator (RNG) in WPA2 allows attackers to discover the GTK generated by the AP. This further allows attackers to inject malicious traffic in the network and decrypt all the transmissions in progress over the Internet. = KRACK vulnerabilities: WPA2 has a significant vulnerability to an exploit known as key reinstallation attack (KRACK). This exploit may allow attackers to sniff packets, hijack connections, inject malware, and decrypt packets. = Vulnerability to wireless DoS attacks: detection feature to send forged perform a DoS attack. = Insecure WPS PIN recovery: Attackers can group-addressed In some exploit the WPA2 data frames cases, disabling WPA2 replay attack with a large PN to and WPS can be a time- consuming process, in which the attacker needs to control the WPA2 PSK used by the clients. When WPA2 and WPS are enabled, the attacker can disclose the WPA2 determining the WPS personal identification number (PIN) through simple steps. Module 11 Page 1442 key by Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.