Wi-Fi Protected Access
From Wikipedia, the free encyclopedia
Wi-Fi Protected Access (WPA and WPA2) is a certification program created by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. This protocol was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).
The protocol implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. Specifically, the Temporal Key Integrity Protocol (TKIP), was brought into WPA. TKIP could be implemented on pre-WPA wireless network interface cards that began shipping as far back as 1999 through firmware upgrades. Because the changes required fewer modifications on the client than on the wireless access point, most pre-2003 APs could not be upgraded to support WPA with TKIP. Researchers have since discovered a flaw in TKIP that relied on older weaknesses to retrieve the keystream from short packets to use for re-injection and spoofing.[1]
The later WPA2 certification mark indicates compliance with an advanced protocol that implements the full standard. This advanced protocol will not work with some older network cards.[2] Products that have successfully completed testing by the Wi-Fi Alliance for compliance with the protocol can bear the WPA certification mark.
Contents |
[edit] WPA2
WPA2 replaced WPA; like WPA, WPA2 requires testing and certification by the Wi-Fi Alliance. WPA2 implements the mandatory elements of 802.11i. In particular, it introduces a new AES-based algorithm, CCMP, which is considered fully secure. Certification began in September, 2004; from March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark.[3]
[edit] Security in pre-shared key mode
Pre-shared key mode (PSK, also known as Personal mode) is designed for home and small office networks that don't require the complexity of an 802.1X authentication server. Each wireless network device encrypts the network traffic using a 256 bit key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters.[4] If ASCII characters are used, the 256 bit key is calculated using the PBKDF2 hash function, using the passphrase as the key and the SSID as the salt.[5]
Shared-key WPA is vulnerable to password cracking attacks if a weak passphrase is used. To protect against a brute force attack, a truly random passphrase of 13 characters (selected from the set of 95 permitted characters) is probably sufficient.[6] Lookup tables have been computed by the Church of WiFi (a wireless security research group) for the top 1000 SSIDs[7] for a million different WPA/WPA2 passphrases[8]. To further protect against intrusion the network's SSID should not match any entry in the top 1000 SSIDs.
In August 2008 a post in the Nvidia-CUDA forums announced[9] the possibility to enhance the performance of brute force attacks against WPA-PSK by a factor of 30 and more against current CPU implementation. The time-consuming PBKDF2-computation is taken from the CPU to a GPU which can compute many passwords and their corresponding Pre-shared keys in parallel. The expected time to successfully guess a common password by at least 50% shrinks to about 2-3 days by that[10]. It should however be noted that a proper CPU implementation would be only 5 times slower[11]. Some consumer chip manufacturers have attempted to bypass weak passphrase choice by adding a method of automatically generating and distributing strong keys through a software or hardware interface that uses an external method of adding a new wireless adapter or appliance to a network. The Wi-Fi Alliance has standardized these methods and certifies compliance with these standards through a program called Wi-Fi Protected Setup (formerly Simple Config).
[edit] Weakness in TKIP
A weakness was uncovered in November 2008 by researchers at two German technical universities (TU Dresden and TU Darmstadt), Erik Tews and Martin Beck[12], which relied on a previously known flaw in WEP that could be exploited only for the TKIP algorithm in WPA. The flaw can only decrypt short packets with mostly known contents, such as ARP messages, and 802.11e, which allows Quality of Service packet prioritization for voice calls and streaming media. The flaw does not lead to key recovery, but only a keystream that encrypted a particular packet, and which can be reused as many as seven times to inject arbitrary data of the same packet length to a wireless client. For example, this allows to inject faked ARP packets which makes the victim send packets to the open Internet.
[edit] EAP extensions under WPA- and WPA2- Enterprise
The Wi-Fi alliance has announced the inclusion of additional EAP (Extensible Authentication Protocol) types to its certification programs for WPA- and WPA2- Enterprise certification programs. This was to ensure that WPA-Enterprise certified products can interoperate with one another. Previously, only EAP-TLS (Transport Layer Security) was certified by the Wi-Fi alliance.
The EAP types now included in the certification program are:
Other EAP types may be supported by 802.1X clients and servers developed by specific firms. This certification is an attempt for popular EAP types to interoperate; their failure to do so is currently one of the major issues preventing rollout of 802.1X on heterogeneous networks.
[edit] Hardware support
Most newer Wi-Fi CERTIFIED devices support the security protocols discussed above, out-of-the-box, as compliance with this protocol has been required for a Wi-Fi certification since September 2003.[13]
The protocol certified through Wi-Fi Alliance's WPA program (and to a lesser extent WPA2) was specifically designed to also work with wireless hardware that was produced prior to the introduction of the protocol [2] which usually had only supported inadequate security through WEP. Many of these devices support the security protocol after a firmware upgrade. Firmware upgrades are not available for all legacy devices.
[edit] References
- ^ "Battered, but not broken: understanding the WPA crack". Ars Technica. 2008-11-06. http://arstechnica.com/articles/paedia/wpa-cracked.ars. Retrieved on 2008-11-06.
- ^ a b "WPA is both forward and backward-compatible and is designed to run on existing Wi-Fi devices as a software download." "Wi-Fi Protected Access White Paper". Wi-Fi Alliance. http://www.wi-fi.org/white_papers/whitepaper-042903-wpa/.
- ^ "WPA2 Security Now Mandatory for Wi-Fi CERTIFIED Products" "WPA2 Security Now Mandatory for Wi-Fi CERTIFIED Products". Wi-Fi Alliance. http://www.wi-fi.org/pressroom_overview.php?newsid=16.
- ^ Each character in the pass-phrase must have an encoding in the range of 32 to 126 (decimal), inclusive. (IEEE Std. 802.11i-2004, Annex H.4.1)
The space character is included in this range. - ^ van Rantwijk, Joris (2006-12-06). "WPA key calculation - From passphrase to hexadecimal key". http://www.xs4all.nl/~rjoris/wpapsk.html. Retrieved on 2009-01-16.
- ^ "A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks." "... against current brute-strength attacks, 96 bits [of security] SHOULD be adequate." (Weakness in Passphrase Choice in WPA Interface, by Robert Moskowitz. Retrieved March 2, 2004.)
- ^ http://www.wigle.net/gps/gps/Stat
- ^ http://www.renderlab.net/projects/WPA-tables/
- ^ The original announcement of WPA-PSK being attacked by GPGPU-hardware
- ^ Analysis on the impact of GPGPU-technology on WPA-PSK
- ^ Packin' the PMK
- ^ Practical Attacks against WEP and WPA
- ^ "Wi-Fi Protected Access Security Sees Strong Adoption". Wi-Fi Alliance Press Room. http://www.wi-fi.org/pressroom_overview.php?newsid=37.
[edit] External links
- Wi-Fi Alliance's Interoperability Certificate page
- Wi-Fi Alliance. (2004). Wi-Fi Protected Access security sees strong adoption: Wi-Fi Alliance takes strong position by requiring WPA security for product certification. Retrieved January 5, 2004.
- Weakness in Passphrase Choice in WPA Interface, by Robert Moskowitz. Retrieved March 2, 2004.
- IEEE Std. 802.11i-2004
- The ABCs of securing your wireless network - Ars Technica