Breaking WPA

Miguel Bernadin and Qasim Ijaz

Abstract — In this paper, we will describe currently known methods of attacking Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). This paper will discuss the known vulnerabilities in the WEP protocol. We will provide our insight on WPA and its security mechanisms. Linux commands will be provided to help you perform a test against sssyour own wireless network.

*Introduction *

In today’s technological age IEEE 802.11 has been a standard in the implementation of WLAN and is readily available to anyone in close distance. It has been the standard in numerous public places such as airplanes, trains, universities, stores or coffee shops, and our homes. The main advantage to the 802.11 protocol is that we do not need to be physically connected to a switch to communicate to it unlike the 802.3 Ethernet protocol. We do not need to be inside of any one of these intuitions to be connected to the network that actually was meant to be contained inside them or used by any authorized personnel therein.
As you may know already, authentication processes face security problems in the technological world; particularly when it comes to wireless security. Therefore we will be exploring known attacks on our standard wireless data encryption methods; which are meant to keep the authorized user in and the unauthorized user out.

*Attacks on WEP *

There are two methods described in 802.11 protocols for authenticating clients. These methods are open system and shared key authentication. Open system is an authentication method that does not require a user to have any prior knowledge of the system to communicate to it or utilize its service. In other words, it simply has no security measure to it and is open to everyone.
Shared key authentication uses a hash of challenge text to authenticate users. In theory, upon receipt of client’s authentication request, the Access Point sends a challenge text to the client. The client encrypts the challenge text and sends it back. The Access Point (AP) decrypts this and authenticates host for correct result [1]. In the upcoming paragraphs, we will discuss the different wireless standards that exist and what are the type of encryption and authentication are used.
WEP was the first security standard that was used for wireless routers. However, due to the primitive security features it became a very vulnerable system. WEP uses a RC4 cipher with 64bit or 128bit encryption key to encrypt the data payload. This standard uses a 40bit or 104bit user defined key concatenated together with a 24bit initialization vector (IV) making the WEP key as long as 64-bit to 128 -bit. The vulnerability in this implementation is with small bit size for initialization vectors (4).
The very first successful attack on WEP was FMS attack [2]. It stands for the names of its creators: Fluhrer, Mantin, and Shamir. This attack begins with an attacker, Eve, in this example who listens to every encrypted packet data and collects the initialization vectors. Since the nature of the first bytes of plaintext, Eve will have an easier time trying to discover the key streams used to encrypt the packets [1]. The initialization vector is unprotected so Eve will be able to know the first three bytes for all the packets. All following bytes of the packets will be similar however Eve will not know this initially.
Eve then attempts to re-authenticate with the access point 6000 times per second until the initialization vector is correct by calculation. It will take Eve about 250,000 IVs for 64 bit and 1,500,000 IVs for 128 bit keys [2]. The tools used in my presentation will effectively crack the challenge text to gain access to the AP. These tools are Aircrack suite [3]. Another tool called WEPcrack will work as well. The steps begin as follows for Aircrack:
1. Start the wireless interface in monitor mode on the specific AP channel. airmon-ng
$ airmon-ng start wlan0
2. Test the injection capability of the wireless device to the AP.
$ aireplay-ng -9 -e Mywifi -a 00:14:6C:7E:40:80 ath0
3. Use aireplay-ng to do a fake authentication with the access point.
$ aireplay-ng -1 0 -e Mywifi -a 14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 ath0
4. Start airodump-ng on AP channel with a BSSID filter to collect the new unique IVs.
$ airodump-ng -c 9 –bssid 00:14:6C:7E:40:80 -w output ath0
5. Start aireplay-ng in ARP request replay mode to inject packets.
$ aireplay-ng -3 -b 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 ath0
6. Run aircrack-ng to crack key using the IVs collected.
$ aircrack-ng -b 00:14:6C:7E:40:80 output*.cap
We need to mention that Eve cannot simply perform step 1 without the proper network card drivers in place to will allow monitor mode. Proper hardware must be in place to be able to perform this so Eve will need to verify this first before attempting this exploit.
Eve may have issues on step 3 if the access point has a MAC address filter so she may not have the ability to successfully perform the fake authentication without spoofing her MAC address to an address that is an accepted member to this list. With the airodump-ng, Eve will be able to view any stations (or computers) which have been known to connect to the access point in the past. She can spoof her MAC address to the station’s MAC address and simply perform a de-authentication attack to the client to prohibit it from logging into to the access point so Eve could gain access. Known applications exist for spoofing MAC addresses e.g. macchanger. Simply perform $ sudo apt-get macchanger on a Linux platform to install this.
If Eve encounters “Got a deauth/disassoc packet. Is the source mac associated?” this means Eve currently has loss of connection with the access point and her fake authentication attack will need to be restarted.

*Attacks on WPA/WPA2 *

The next attack we will be talking about works on WPA and WPA2. These security certificates standardize how the payloads are protected. These methods are Temporal Key Integrity Protocol (TKIP) and the other is AES-CCMP for WPA and WPA2 respectively. During our presentation, we only covered TKIP which is a slightly modified version of WEP. TKIP is more sophisticated in that it uses a key mixing function for mixing session keys with 48-bit initialization vectors [2]. This prevents the key attacks that we used when brute forcing WEP in the last example.
The MIC (Message Integrity Check) is used in every packet to prevent attacks on the weak CRC32. The TKIP was only implemented for backwards compatibility of WEP by simply updating the drivers as the RC4 cipher is still used in WPA. Our attack goes as follows [3]:
1. Start the wireless interface in monitor mode on the specific AP channel.
$ airmon-ng start wifi0 9
2. Start airodump-ng on AP channel with filter for bssid to collect authentication handshake.
$ airodump-ng -c 9 –bssid 00:14:6C:7E:40:80 -w psk ath0
3. Use aireplay-ng to de-authenticate the wireless client.
$ aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 ath0
4. Run aircrack-ng to crack the pre-shared key used in the authentication handshake.
$ aircrack-ng -w password.lst –b 00:14:6C:7E:40:80 psk*.cap
The same restriction applies here; Eve will need to ensure she has the correct drivers in place to allow her hardware to go into monitor mode. If she does not have the proper driver, she will get an error and will not be able to get past step.
During step 2, Eve will need to keep a note of the location where all information will be dumped to as she will be referring to this file during step 4.
For step 3, Eve needs at least one client connected to the access point to authenticate herself for authentication handshake capture. Once the handshake is captured, Eve may simply disconnect. She no longer needs to be online to retrieve the challenge text as all the information captured is sufficient for the offline dictionary attack. She will then use aircrack-ng against WPA handshake. This will only work if the text itself is part of the dictionary. Eve may increase her success rate by using a known plaintext attack by having common or familiar words in the dictionary instead of sequential numbers or letters.
Protecting Against Wireless Attacks
As we discussed, WEP has a great number of vulnerabilities and is easily cracked. However security measures can be put in place to stop against the flooding fake authentication request. If the access point has more intelligence built in, it would simply know to ban the user/MAC attempting to send 6000 fake authentication request per second. Intrusion detection systems can be used to detect such attacks.
Due to low prices for WPA/WPA2 capable routers, one must take advantage of these strong mechanisms. Once upgraded, the user must use a complex challenge. This challenge text (pre-shared key) must contain combination of alphabets (lower and upper case), numbers, and symbols. A length of 16 has proven to be strong in our tests. To withstand against dictionary attacks, a dictionary word should be used solely or as part of a challenge text. This will make challenge text more difficult to be cracked; if not impossible.

*Conclusion
*

In this paper we explained different security mechanisms for wireless network security. After introducing WEP, WPA, and WPA2 security mechanisms, we described how an intruder can try to break these systems. While a security mechanism is only as strong as its weakest point, one needs to constantly stay up to date with today’s technologies.

*Refrences: *

Barken, L. (2004). How Secure is Your Wireless Network : Safeguarding your Wi-Fi LAN. Upper Saddle River: Pearson Education Inc.
Ferguson, N., Schneier, B., & Kohno, T. (2010). Cryptography Engineering. Hoboken: John Wiley & Sons.
Jain, R. (2007). Wireless LAN Security II: WEP Attacks, WPA, and WPA2. Washington University, MO, U.S.: Washington University in St. Louis.
name), D. A. (2010, 1 11). Simple WEP Crack. Retrieved 04 07, 2012, from AirCrack NG: http://www.aircrack-ng.org/doku.php?id=simplewepcrack
Vibhuti, S. (2005). IEEE 802.11 WEP (Wired Equivalent Privacy). San Jose State University, CA, 6.

The author would love to hear your comments. Let us discuss at Twitter @qasimchadhar.