By Ramin Hedayatzadeh

“IEEE 802.11i or WPA2”

Introduction
Integrity of WEP to WPA (necessity)
WPA and its second generation
WPA2 concepts
Definition
Portions
WPA2 - Personal mode
Authentication method (PSK)
WPA2 - Enterprise mode
Authentication method (802.1x /EAP)
Ports (controlled n uncontrolled)
EAP types supported on new Wi-Fi Certified products
EAP-TLS
EAP-TTLS/MSCHAP v2
PEAPv0/EAP-MSCHAP v2
PEAPv1/EAP-GTC
EAP-SIM
Introduction con…

Encryption method (AES)

History
CCMP concepts
CTR (counter mode)
CBC-MAC (Data Authentication
and Integrity)
WPA2 Technical considerations
Specifications & Features
Upgrade problems
Resources
 Introduction
 Integrity of WEP to WPA (necessity)

By 2001, a series of independent studies from various

academic and commercial institutions had identified
weaknesses in Wired Equivalent Privacy (WEP), the
original native security mechanism for wireless local
area networks (WLANs) in the Institute of Electrical and
Electronics Engineers (IEEE) 802.11 specification.
 Introduction cont…

 WPA and its second generation

To address this situation, Wi-Fi® Alliance introduced 2
new interoperable Wi-Fi security specifications for both
enterprise and home networks:
In 2003, the Wi-Fi Alliance introduced Wi-Fi Protected
Access (WPA™) as a strong, standards-based
interoperable Wi-Fi security specification.
In 2004, the Wi-Fi Alliance introduced Wi-Fi Protected
Access 2 (WPA2™), the second generation of WPA
security.
 Concepts
 Definition

WPA2 (Wi-Fi Protected Access 2) provides network

administrators with a high level of assurance that only
authorized users can access the network. Based on the
ratified IEEE 802.11i standard, WPA2 provides
government grade security by implementing the National
Institute of Standards and Technology (NIST) FIPS 140-2
compliant AES encryption algorithm.
 Concepts cont..
WPA2 can be enabled in two
versions - Personal and Enterprise:
 WPA2 - Personal protects unauthorized
network access by utilizing a set-up
password.
 WPA2 - Enterprise verifies network users
through a server
 Scientific definition

WPA2 is a security method in which it

supports IEEE 802.1X/EAP authentication
or PSK technology and a new advanced
encryption mechanism using the Counter-
Mode/CBC-MAC Protocol (CCMP) called
the Advanced Encryption Standard (AES).
 Portions
WPA2 concludes 2 portions in each mode
(personal and enterprise)
 Authentication
 Encryption

In comparison both modes use the same

encryption which is AES. but they are
different in authentication completely:
 WPA2 - Personal mode
Authentication method (PSK)
Personal Mode is designed for home and
small office/home office (SOHO) users
who do not have authentication servers
available. It operates in an unmanaged
mode that uses a pre-shared key (PSK)
for authentication instead of IEEE 802.1X.
 WPA2 - Enterprise mode

Authentication method (802.1x /EAP)

Enterprise Mode is a term given to products

that are tested to be interoperable in both PSK
and IEEE 802.1X/EAP modes of operation for
authentication.
 Port Access Entity
 A PAE, also known as a LAN port, is a
logical entity that supports the IEEE
802.1X protocol that is associated with a
port. A LAN port can adopt the role of
authenticator, supplicant, or both.
 Supplicant
 For wireless connections, the supplicant is the
logical LAN port on a wireless LAN network
adapter, operating in infrastructure mode that
requests access to the wired network by proving
its credentials with authentication.
 Supplicants may be included in the client
operating system, integrated into drivers, or
installed as third-party standalone software.
 Authenticator:
 For wireless connections, the
authenticator is the logical LAN port
through which wireless clients, operating
in infrastructure mode, gain access to the
wired network.
 Authentication Server
 . The authentication server checks the
credentials of the supplicant on behalf of
the authenticator, and then responds to
the authenticator, indicating whether or not
the supplicant is authorized to access the
authenticator's services.
 Authentication Server
 A component of the AP
This is typically not implemented for
wireless APs.
 A separate entity

Typically, a wireless AP uses the Remote

Authentication Dial-In User Service
(RADIUS) protocol to send the connection
attempt parameters to a RADIUS server.
 EAP traffic is exchanged between the client
(supplicant) and AP (authenticator) over the
layer 2 EAPol protocol. The supplicant doesn’t
have layer 3 connectivity to the RADIUS server.
When the AP received EAP traffic from the
Client it converts it to the appropriate RADIUS
request and then passes it to the RADIUS server
for processing.
 If the supplicant encrypts the data, the
authenticator can't inspect the content of the
request, but can extract from the response
attributes such as the client’s VLAN assignment.
 After 802.1x authentication, the client
receives the master key (MK) from the
authentication server. The master key is
tied to that authentication session. From
the MK, the same primary master key
(PMK) is generated on both the client and
the authentication server.
 Once the user has been authenticated, the
authentication server and the client
simultaneously generate a Master Key (PMK).
 All wireless devices associated with an access
point must be able to decrypt the broadcast and
multicast traffic. They do so with the same group
key, or GTK.if the AP changes the GTK because
it was compromised, the AP issues a
replacement key using a simpler two-way
handshake with the KEK encrypting the GTK.
 The 4-Way Handshake
 Once a shared PMK is agreed upon
between the authenticator and the
supplicant, the authenticator may begin a
4-Way Handshake By itself or upon
request from the supplicant.
 The authentication process
 1) You can initiate the authentication process either by
the supplicant or the access point.
 2) The supplicant provides its identity by responding to
the access point with an EAP-Response/Identity packet.
 3) The authentication server sends an EAP-
Request/Authentication packet to the access point over
RADIUS and forwards this to the supplicant over
EAPOL.
 If the supplicant supports the authentication type, it
responds with the EAP-Response/Authentication packet
to the access point, which forwards this packet to the
authentication server.
 Ports (Controlled n Uncontrolled)
 To control access to a network, the access
point uses the concept of "controlled" and
"uncontrolled" ports. Both these ports are
logical and virtual, but they use a single
wireless association (link) between the
supplicant and the access point.
 Uncontrolled port:
The uncontrolled port allows an uncontrolled
exchange of data between the authenticator (the
wireless AP) and other networking devices on
the wired network, regardless of any wireless
client's authorization state. The uncontrolled port
allows only authentication traffic through it.
 Controlled port:
The controlled port allows data to be sent
between a wireless client and the wired network,
the controlled port is initially in an "unauthorized"
state that makes the supplicant unable to access
the network until it proves its credentials with the
authentication server.
EAP types supported on new Wi-
Fi Certified products
 Extensible Authentication Protocol
As the name suggests, EAP is designed in
such a way that the authentication
mechanisms that EAP uses are
extensible. The protocol is flexible enough
to allow any type of authentication
mechanism over it.
 EAP Types
 EAP-TLS
 PEAPv0/EAP-MSCHAPv2
 PEAPv1/EAP-GTC
 EAP-TTLS
 EAP-SIM
 EAP-TLS

 Is the original wireless LAN EAP

authentication protocol. Although it’s rarely
implemented due to a steep deployment
curve, it is still considered one of the most
secure EAP standards available and is
universally supported by all manufacturers
of wireless LAN hardware and software
including Microsoft.
 PEAPv0/EAP-MSCHAPv2
 Is the technical term for what people most
commonly refer to as "PEAP". Whenever
the word PEAP is used, it almost always
refers to this form of PEAP since most
people have no idea there are so many
flavors of PEAP. Behind EAP-TLS,
PEAPv0/EAP-MSCHAPv2 is the second
most widely supported EAP standard in
the world.
 PEAPv1/EAP-GTC
 Was created by Cisco as an alternative to
PEAPv0/EAP-MSCHAPv2. It allows the
use of an inner authentication protocol
other than Microsoft’s MSCHAPv2. Even
though Microsoft (along with RSA and
Cisco) co-invented the PEAP standard,
Microsoft never added support for PEAPv1
in general, which means PEAPv1/EAP-
GTC has no native Windows OS support.
 EAP-TTLS
 Was created by Funk software and
Certicom and is primarily backed by Funk
software and is supported by other third-
party server and client software.
 EAP-SIM
 Was created for the GSM (Group Special
Mobile, or Global System for Mobile
Communications. A 2G digital standard for
cellular phone communications adopted by
many countries around the world. Its
frequency bands range from
900-1800MHz) mobile telecom industry,
which favors the use of SIM cards for
authentication.
 Encryption method (AES)
 History
In 1997, the National Institute of Standards and
Technology (NIST) initiated a process to select a
symmetric-key encryption algorithm to be used
to protect sensitive (unclassified) Federal
information in furtherance of NIST’s statutory
responsibilities. In 1998, NIST announced the
acceptance of fifteen candidate algorithms and
requested the assistance of the cryptographic
research community in analyzing the candidates.
 Encryption method (AES)
 In cryptography, the Advanced Encryption
Standard (AES) is a block cipher adopted
as an encryption standard by the U.S.
government. It is expected to be used
worldwide and analyzed extensively, as
was the case with its predecessor, the
Data Encryption Standard (DES).
 CCMP concepts
 AES uses the Counter-Mode/CBC-Mac
Protocol (CCMP). CCM is a new mode of
operation for a block cipher that enables a
single key to be used for both encryption
and authentication.
 WPA2 Temporal Keys

 Data encryption key A 128-bit key

 Data integrity key A 128-bit key
 EAPOL-Key encryption key A 128-bit key
 EAPOL-Key integrity key A 128-bit key
 The 2 underlying modes employed in CCM
include Counter mode (CTR) that achieves
data encryption/privacy and Cipher Block
Chaining Message Authentication Code
(CBC-MAC) to provide authentication and
integrity.
 CBC-MAC (Data Authentication
and Integrity)
 The CBC-MAC algorithm produces a message
integrity code (MIC) that provides data origin
authentication and data integrity for the wireless
frame.
 A Packet Number field
 1) Included in WPA2-protected wireless frame
 2) Incorporated into the encryption (CTR)
 3) and MIC calculations
 provides replay protection.
 CBC-MAC is used to generate an authentication
component as a result of the encryption process.
This is different from prior MIC implementations,
in which a separate algorithm for integrity check
is required. To further enhance its advanced
encryption capabilities, AES uses a 48-bit
Initialization Vector (IV).
 AES has no known attacks and the current
analysis indicates that it takes 2^120 operations
to break an AES key—making .it an extremely
secure cryptographic algorithm.
 Strictly speaking, AES is not precisely
Rijndael (although in practice they are
used interchangeably) as Rijndael
supports a larger range of block and key
sizes; AES has a fixed block size of 128
bits and a key size of 128, 192 or 256 bits,
whereas Rijndael can be specified with
key and block sizes in any multiple of 32
bits, with a minimum of 128 bits and a
maximum of 256 bits.
 AES is fast in both software and hardware,
is relatively easy to implement, and
requires little memory. As a new
encryption standard, it is currently being
deployed on a large scale.
WPA2 Technical considerations

 Is WPA still secure?

 Why
is the Alliance introducing
WPA2?
 New features

 WPA2 Mixed Mode

 PMK Caching
 Preauthentication
 Resources
 WiFi planet 2004
 intel.com - mobile and wireless protection
 technet.microsoft.com - cable guy 2002
 technet.microsoft.com - cable guy may 2005
 Microsoft Encyclopedia of Networking 2004
 Microsoft Encyclopedia of security 2004
 Cisco Systems - FAQ on Aironets 2005
 WiFi alliance - knowledge center 2006
 WiFi alliance - WPA2 Q&A
 WiFi alliance - Deploying WPA™ and WPA2™ in the Enterprise
 Wikipedia.org
 TechTarget 2006
 IBM - developerWorks
 http://blogs.zdnet.com/Ou/?p=67