Encryption/Privacy/Authentication Project ReportWireless Networks

Chris H, Chris R, Mindy C04/27/07

Table of Contents

1 Overview......................................................................................................................42 Procedure.....................................................................................................................4

2.1 Packet Capture.....................................................................................................42.1.1 Overview......................................................................................................42.1.2 Procedure.....................................................................................................4

2.2 Encryption Cracking............................................................................................62.2.1 Overview......................................................................................................62.2.2 Procedure.....................................................................................................6

3 Results..........................................................................................................................83.1 Packet Capture.....................................................................................................8

3.1.1 Overview......................................................................................................83.1.2 Data..............................................................................................................8

3.2 Encryption Cracking..........................................................................................143.2.1 Overview....................................................................................................143.2.2 Data............................................................................................................15

4 Summary and Conclusions........................................................................................19

2

Table of Figures

Figure 1 - WEP64 Authentication.......................................................................................9Figure 2 - WEP128 Authentication.....................................................................................9Figure 3 – WPA Personal TKIP Authentication..................................................................9Figure 4 - WPA Personal AES Authentication....................................................................9Figure 5 - WPA2 Personal TKIP/AES Authentication......................................................10Figure 6: Kismet Capturing Traffic...................................................................................15Figure 7: Encrypted Traffic...............................................................................................15Figure 8: Network Selection..............................................................................................16Figure 9: Key Found..........................................................................................................16Figure 10: Failed crack attempt........................................................................................17Figure 11: Airodump-ng capturing WEP traffic................................................................17Figure 12: Airodump-ng capturing WPA traffic...............................................................17Figure 13: Aireplay-ng attempting to generate a handshake.............................................18Figure 14: WPA Handshake Confirmation........................................................................18Figure 15: WPA Key Found..............................................................................................18Figure 16: WPA2 Key Found...........................................................................................19

3

1 OverviewOur goal was to evaluate the relative security between WEP 64-bit, WEP 128-bit, WPA, and WPA2. The methods of evaluation were broken into two main efforts, cracking & evaluation/setup of each system. Our encryption attacking efforts consisted of using a range of tools to breach the security of each wireless protection scheme. The results of our attempts have been recorded in this report. The other piece of our evaluation consisted of setting up each security protocol, capturing traces, and comparing data/communication.

2 Procedure

2.1 Packet Capture

2.1.1 OverviewThe setup for these sets of experiments was accomplished in the ITL Wireless Evaluation Network (ITL-WEN). The setup consisted of a Linksys N Access Point connected to a server. The server acted as a host for two other machines with wireless network cards. One of the clients was setup to connect, download, and generate traffic for the other machine to capture traffic via Wireshark. Below we have listed the steps taken to setup each protocol, connect to the access point, generate traffic, and trace the traffic.

2.1.2 Procedure1) Wired Equivalent Privacy (WEP)

A) WEP – 64 bit encryption (wep64.pcap)1. Set the security on the Linksys to WEP, with 64 bit encryption. 2. Passphrase set to: goknights3. After clicking “generate” 4 keys were created.4. Save configuration.5. On tracing machine, start trace.6. On ITL-Wireless-1, connect to the test network by typing one of the keys.7. Connect to: 192.168.1.102/files.8. Begin downloading file FC-6-1386-disc1.iso9. After about a minute of downloading, cancel the download.10. Disconnect ITL-Wireless-1 from the test network.11. On tracing machine: stop trace, save file.

B) WEP-128 bit encryption (wep128.pcap)1. Set the security on the Linksys to WEP, with 128 bit encryption. 2. Passphrase set to: goknights3. After clicking “generate” 4 keys were created.

Example of 128 bit key:7A08BC60865F25EA684F4801FA (Yikes!)4. Save configuration.5. On tracing machine, start trace.6. On ITL-Wireless-1, connect to the test network by typing one of the keys.7. Connect to: 192.168.1.102/files.8. Begin downloading file FC-6-1386-disc1.iso9. After about a minute of downloading, cancel the download.10. Disconnect ITL-Wireless-1 from the test network.

4

11. On tracing machine: stop trace, save file. 2) WiFi Protected Access (WPA) Personal

A) WPA – TKIP encryption (wpa-Personal-TKIP.pcap)1. Set the security on the Linksys to WPA Personal, with TKIP encryption. 2. Pre-shared key: 7A85B6E23. Save configuration.4. On tracing machine, start trace.5. On ITL-Wireless-1, connect to the test network by typing in the pre-shared

key.6. Connect to: 192.168.1.102/files.7. Begin downloading file FC-6-1386-disc1.iso8. After about a minute of downloading, cancel the download.9. Disconnect ITL-Wireless-1 from the test network.10. On tracing machine: stop trace, save file.

B) WPA – AES encryption (wpa-Personal-AES.pcap)1. Set the security on the Linksys to WPA Personal, with AES encryption. 2. Pre-shared key: 7A85B6E23. Save configuration.4. On tracing machine, start trace.5. On ITL-Wireless-1, connect to the test network by typing in the pre-shared

key.6. Connect to: 192.168.1.102/files.7. Begin downloading file FC-6-1386-disc1.iso8. After about a minute of downloading, cancel the download.9. Disconnect ITL-Wireless-1 from the test network.10. On tracing machine: stop trace, save file.

3) WiFi Protected Access 2 (WPA2) PersonalA) WPA2 – AES encryption

1. Set the security on the Linksys to WPA2 Personal, with AES encryption. 2. Pre-shared key: 7A85B6E2, 7A85B6A7 (tried twice)3. Save configuration.4. On tracing machine, tried connecting with two different pre-shared keys.

Unable to connect.B) WPA2 – TKIP or AES encryption (wpa2-Personal-(TKIP-AES).pcap)

1. Set the security on the Linksys to WPA2 Personal, with TKIP or AES encryption. 2. Pre-shared key: 7A85B6A74. Save configuration.5. On tracing machine, start trace.6. On ITL-Wireless-1, connect to the test network by typing in the pre-shared

key.7. Connect to: 192.168.1.102/files.8. Begin downloading file FC-6-1386-disc1.iso9. After about a minute of downloading, cancel the download.10. Disconnect ITL-Wireless-1 from the test network.11. On tracing machine: stop trace, save file.

4) Security Disabled (noSecurity.pcap)1. Set the security on the Linksys to Security Disabled. 2. Save configuration.3. On tracing machine, connect to the test network. *The message when connecting says, connection established, however on the networks interface, it says not

connected to the network.

5

4. Connect to: 192.168.1.102/files.5. Begin downloading file FC-6-1386-disc1.iso6. After about a minute of downloading, cancel the download.7. Disconnect ITL-Wireless-1 from the test network.8. On tracing machine: stop trace, save file.

2.2 Encryption Cracking

2.2.1 OverviewThe setup for the encryption cracking portion of our project was accomplished in a private residence away from Clarkson University’s wireless network. A Linksys WRT-54G wireless router was configured as solely an access point. It served as the main connection to the Internet. This access point was running dd-wrt firmware, which allows access to advanced options for the router. Two laptops were used to generate traffic one running Windows 2000 and another running Mac OSX. The third laptop running Ubuntu was used to capture traffic as well as was used to crack the three encryptions WEP, WPA, WPA2. The program airodump-ng was used to capture the initialization vectors and handshakes from the different encryption. Aircrack-ng was used to break each encyption was enough packets were captured.

2.2.2 Procedure1) Wired Equivalent Privacy (WEP)

A) WEP – 64 bit encryption1. Set the security on the Linksys to WEP, with 64 bit encryption. 2. Renamed router to test.3. Save settings.4. Passphrase set to: test5. After clicking “generate” 4 keys were created.6. Save settings.7. On tracing machine, start trace to capture on channel 6.

Command: airodump-ng --ivs –c 6 eth18. Connect to: test network (10.0.0.2).9. Connect to: http://www.hp.com10. Begin downloading large driver files > 200 MB each11. Watch airodump-ng till about 500,000 initialization vectors.12. Stop trace on tracing machine, stop airodump-ng.13. Start aircrack-ng to begin cracking WEP

Command: aircrack –ng –a 1 –n 64 WEP-64-Capture.dump14. Wait for one of two outcomes from aircrack-ng

1. Key Found [network key contained here]2. Try capturing more packets and try again.

B) WEP – 128 bit encryption1. Set the security on the Linksys to WEP, with 128 bit encryption. 2. Renamed router to test.3. Save settings.4. Passphrase set to: test5. After clicking “generate” 4 keys were created.6. Save settings.7. On tracing machine, start trace to capture on channel 6.

Command: airodump-ng --ivs –c 6 eth1

6

8. Connect to: test network (10.0.0.2).9. Connect to: http://www.hp.com10. Begin downloading large driver files > 200 MB each11. Watch airodump-ng till about 1.5 million initialization vectors.12. Stop trace on tracing machine, stop airodump-ng.13. Start aircrack-ng to begin cracking WEP

Command: aircrack –ng –a 1 –n 128 wep128_cap-01.ivs14. Wait for one of two outcomes from aircrack-ng

1. Key Found [network key contained here]2. Try capturing more packets and try again.

2) Wi-Fi Protected Access (WPA, WPA2)A) WPA

1. Set the security on the Linksys to WPA with TKIP. 2. Renamed router to test.3. Save settings.4. Passphrase set to: engineering5. After clicking “generate” 4 keys were created.6. Save settings.7. On tracing machine, start trace to capture on channel 6.

Command: airodump-ng –c 6 eth18. Connect to: test network (10.0.0.2).9. Disconnect laptop running Mac OS X11. Reconnect laptop to generate a WPA handshake.12. Stop trace on tracing machine, stop airodump-ng.13. Start aircrack-ng to begin cracking WPA

Command: aircrack –ng –w length11.txt WPA-09.cap14. Choose network that needs to be cracked: 1, 2, … etc.14. Wait for one of two outcomes from aircrack-ng

1. Key Found [network key contained here]2. Key Not Found.

B) WPA21. Set the security on the Linksys to WPA2 with TKIP. 2. Renamed router to test.3. Save settings.4. Passphrase set to: construction5. After clicking “generate” 4 keys were created.6. Save settings.7. On tracing machine, start trace to capture on channel 6.

Command: airodump-ng –c 6 eth18. Connect to: test network (10.0.0.2).9. Disconnect laptop running Mac OS X11. Reconnect laptop to generate a WPA handshake.12. Stop trace on tracing machine, stop airodump-ng.13. Start aircrack-ng to begin cracking WPA

Command: aircrack –ng –w length12.txt WPA2-02.cap14. Choose network that needs to be cracked: 1, 2, … etc.14. Wait for one of two outcomes from aircrack-ng

1. Key Found [network key contained here]2. Key Not Found.

7

3 Results

3.1 Packet Capture

3.1.1 OverviewOur capturing efforts resulting in six different capture files:

noSecurity.pcap wep64.pcap wep128.pcap wpa-Personal-AES.pcap wpa-Personal-TKIP.pcap wpa2-Personal-(TKIP-AES).pcap

We made sure that we filtered out traffic from other network devices so that we were ONLY evaluating traffic on the ITL-WEN. Using a range of filters we evaluated the different capture files and did comparisons between each capture file.

3.1.2 DataTo make sure that we were only evaluating traffic between the ITL-WEN we applied a filter to the MAC addresses of every packet:

wlan.bssid == 00:18:f8:c5:5d:3e

After we applied this filter we also used a few other filters to look more closely at particular packets. To filter out beacon frames we applied the following filter:

(wlan.fc.type_subtype != 8)

Filtering of probe frames was accomplished via the below filter:

(wlan.fc.type_subtype != 5) && (wlan.fc.type_subtype != 4)

Finally to just look at the authentication frames we applied the following expression:

(llc.type == 0x888e) || (wlan.fc.type_subtype == 11) || (wlan.fc.type_subtype == 0) || (wlan.fc.type_subtype == 1) || (wlan.fc.type_subtype == 12)

3.1.2.1 AuthenticationThis filter also allowed us to observe the key being passed to the server. Figure 1 through 5 show the results of filtering out everything but the authentication process. There are some simple observations that can be made from just comparing each authentication process. The authentication process involves the station sending some authentication frames. Then the station must associate with the AP by sending an Association Request. The AP grants access by returning with an Association Response.

8

WEP64 and WEP128 appear very similar in their authentication process. The authentication time is hardly different between the two protocols. There is a much more noticeable difference between WEP and WPA. The biggest difference is the presence of KEY frames. The process of transferring a key appears to take about a second on a B/G Mixed network.

WEP64 Authentication

Figure 1 - WEP64 Authentication

WEP128 Authentication

Figure 2 - WEP128 Authentication

WPA Personal TKIP Authentication

Figure 3 – WPA Personal TKIP Authentication

WPA Personal AES Authentication

Figure 4 - WPA Personal AES Authentication

9

WPA2 Personal TKIP/AES Authentication

Figure 5 - WPA2 Personal TKIP/AES Authentication

Security Authentication Time (Seconds)WEP64 .0047WEP128 .0049 WPA Personal TKIP 1.013WPA Personal AES 1.012WPA2 TKIP/AES 1.013

The table above summarizes the length of time, in seconds, it takes to complete the authentication periods for each of the security schemes tested. Although the time difference seems minimal, less than a second, WPA’s authentication period is at least 200 times that of WEP.

3.1.2.2 WPA’s EncryptionThere are two types of encryption options for WPA Pre-Shared Key, both of which were tested in this exercise, TKIP and AES. Temporal Key Integrity Protocol (TKIP) uses a stronger encryption method and incorporates Message Integrity Code (MIC), shown in figure 6, providing protection against hackers. This MIC enables devices to authenticate that the packets are coming from the claimed source. This authentication is important since in wireless technology traffic can be easily injected.

Since WPA was created to correct deficiencies in the older WEP standard, it was important that TKIP work on the legacy hardware. For this reason, TKIP, like WEP, use a key scheme based on RC4. However, unlike WEP, TKIP ensures that every data packet is sent with its own unique encryption key with per-packet key mixing. TKIP’s encryption keys are also stronger, since they are 256 bits long.

While WEP generates the key using the shared secret key and the IV (Initialization Vector) as an input, TKIP adds the transmitter’s MAC address to the list of the input parameters which implies that all senders will have different encryption keys. Furthermore, TKIP increases the size of the IV from 24-bit (used by WEP) to 48-bit and mandates that it is used as a counter (also called TSC – TKIP Sequence Counter), which guarantees that it will only be reused once for every 281,474,976,710,656 (248) packets.

10

Although TKIP improved security especially for legacy hardware, a stronger alternative was needed for newer hardware. Advanced Encryption System (AES) utilizes a symmetric 128-bit block data encryption.

Both AES and TKIP, using 802.1X, offer much stronger encryption than that of WEP. The stronger encryption will effect both the authentication periods as well as the packet size. The 802.1X protocol offers an effective framework for authenticating and controlling user traffic to a protected network, as well as dynamically varying encryption keys. This public key authentication uses a protocol called EAP (Extensible Authentication Protocol).

WPA’s key exchange is established using the IEEE 802.11i EAPOL-key exchange. There are two main EAPOL-key exchanges defined in IEEE 802.11i. The first is the four way handshake and the second is the group key handshake. The four way handshake does several things: Confirms the pairwise master key (PMK) between supplicant and authenticator; establishes the temporal keys to be used by the data-confidentiality protocol; authenticates the security parameters that were negotiated; performs the first key handshake; and provides keying material to implement the group handshake. Not surprisingly, the reason it’s called the 4-way handshake is because four packets are exchanged between the supplicant and the authenticator. When comparing the third message of the 4-way handshakes we can see the differences in the security parameters. This can be shown in figures 6 through 8.

WPA Personal TKIP Authentication

11

Figure 6 – WPA Personal TKIP Authentication

WPA Personal AES Authentication

12

Figure 7 – WPA Personal AES Authentication

WPA2 Personal TKIP/AES Authentication

13

Figure 8 – WPA2 Personal TKIP/AES Authentication

3.1.2.3 Data Packet SizeWe had hoped to use Wireshark to look at different packet sizes and compare the relative differences between WEP and WPA. We learned that from a third party viewer, such as Wireshark it isn’t possible to tell the difference between the overheads for each security. This is because the data is encrypted in its entirety and then sent. According to some outside sources implementing WEP or AES with TKIP slows down the overall data rate. WPA2 is being built with extra hardware to handle encryption, so slowdown is reduced.

3.2 Encryption Cracking

3.2.1 Overview

Capturing packets to crack the three encryptions yielded three files: WEP-64-Capture.dump wep128_cap-01.ivs WPA-09.cap WPA2-02.cap

By keeping all of these traces on a private network, the risk of catching traffic that was not intended for this project was at a minimum. Also for this reason, there was no needed to implement filters to remove external traffic from the scans.

14

3.2.2 Data

WEP-64 Encryption

In order to crack WEP 64 bit approximately 500,000 packets needed to be captured in order to facilitate an efficient crack.

Figure 6: Kismet Capturing Traffic

As shown in Figure 6, it took approximately 43 minutes to capture the necessary encrypted traffic. Once the encrypted traffic was captured the initialization vectors could be used to crack the traffic in aircrack-ng. Shown below is a view of the encrypted traffic.

Figure 7: Encrypted Traffic

In figure 7, the symbols shown as DD and MB represent the type of data that Kismet is capturing such as Management Beacons (MB) or Data (DD). Since the traffic was encrypted with WEP, the actual type of data cannot be viewed, until after the key is cracked.

15

Since there were multiple networks present (though only one was being captured on) the correct network must be chosen for it to crack the key, as shown below. The BSSID and ESSID of the other network have been removed to be more secure.

Figure 8: Network Selection

Once the network has been selected, as show in Figure 8, it only takes a short time (one second for this key to be found. The more initialization vectors that are captured the faster the cracking process will go. The key that was found, shown in Figure 9, was 1B:9D:DA:48:3D. This corresponds to the passphrase “test” was the first of the four keys that were generated.

Figure 9: Key Found

WEP-128 Encryption

In order to crack 128 bit WEP encryption, Kismet was initially tried for capturing packets but could not do so in a reasonable amount of time. It took Kismet approximately two hours to capture only 700,000 thousand packets.

Figure 10: Failed crack attempt

16

As a result, Kismet was replaced with using the command line program airodump-ng. Using airodump-ng allowed us to only capture initialization vectors (--ivs) and also could specify to only capture traffic on channel six (-c 6)and therefore sped the process up quite a bit and made the overall capture file much smaller, 8MB compared to 356MB.

Figure 11: Airodump-ng capturing WEP traffic

Once approximately, 1.5 million initialization vectors had been captured, the cracking process took a bit longer than 64 bit but still was only 17 seconds.

WPA and WPA2 with TKIP Encryption

Since we had such great success with airodump-ng, we decided to abandon Kismet all together and continue using airodump-ng to capture packets. Airodump-ng was once again started, except told to look for WPA and WPA2 encryption (Figure 12).

Figure 12: Airodump-ng capturing WPA traffic

We found WPA and WPA2 encryption much easier to begin cracking since all that is needed is one handshake as compared to WEP which requires one million packets or more. To speed up the process of receiving handshakes, aireplay-ng (Figure 13) was used to try and force the other laptop in the room to de-authenticate and re-authenticate, thus generating a handshake. However, this method proved to be unsuccessful and we forced a laptop to disconnect and reconnect. In a busy network, multiple machines would be constantly connecting and disconnecting and finding a handshake would not be a problem.

Figure 13: Aireplay-ng attempting to generate a handshake

Once the handshake was received, confirmed by aircrack-ng (Figure 14) the cracking process was started by giving aircrack-ng a dictionary file that was downloaded from the

17

internet. This dictionary file contained all known eleven character words as well as some clever combinations of capitals, lowercase, and symbols. For example engineering became Engin33ring or something similar. There were multiple spellings for each word.

Figure 14: WPA Handshake Confirmation Once the network was selected (only one to choose), the cracking process began and lasted approximately six minutes before it found the key.

Figure 15: WPA Key Found

As shown below in Figure 16, the WPA2 key was also cracked but in a shorter run time, approximately three minutes.

18

Figure 16: WPA2 Key Found

4 Summary and ConclusionsIt seems that everyone agrees that there has got to be something better than Wired Equivalent Privacy (WEP) for wireless security. While WEP does reduce the risk of someone passively monitoring a transmission and gaining access to the information that the frames are carrying, a major underlying problem of the 802.11 standard is that the keys are very cumbersome to change. In our own tests it took us several times to connect because the keys are so long. If the WEP keys are not updated often enough, an unauthorized sniffing tool, such as AirSnort, can monitor the network and decode the encrypted messages. However, 802.11 currently offer no standard method to update these keys. As a result, companies don’t use WEP at all, and use one of the other methods we’ve researched in this project, or simply maintain the same keys for weeks, months, and even years.

As far as cracking different security measures the WEP encryption, both 64 bit and 128 bit, results are very accurate and can represented multiple times. However the WPA and WPA2 results are more for this project only. Because as the possibilities increase (number of bits possible in key) for a passphrase, the time it takes increases exponentially, it could possibly take multiple hours, if not days to complete. Also, smarter users will implement extra characters, such as punctuation, in their passphrases which makes a dictionary attack nearly impossible.

19