Wireless Security

[ShagDevil]

Ok, first let me indicate the reason I started this thread. I was reading an old article on wireless security and stumbled upon this quote:

MAC address filtering is easy to defeat for someone who has the right tools. Using a wireless sniffer an attacker can watch the wireless traffic of your network and easily pick MAC addresses of valid users out of the frames floating through the air, even if they are encrypted.

Full Article Here
My first thought - Old article? It must simply be a WEP issue. So I ventured a bit further into the issue at hand to verfiy that it is indeed only a WEP issue. Well, that doesn't seem to be the case at all. I'm going to concentrate on what I currently use for wireless encryption on the network I maintain - WPA-PSK. Now, I've heard that WPA-PSK is susceptable to brute-force dictionary attacks. I never really checked into the matter, that is, until now. So I figured, what's the best way to figure out how an attack is used against WPA-PSK, you got it, wardriving tools/whitepapers. Well, I found WPA Cracker

WPA Cracker is a dictionary/brute-force attacker against WiFi Protected Access (WPA). WPA takes two forms; WPA Enterprise Mode and WPA PSK (Pre-Shared Key) Mode. WPA Cracker takes advantage of an inherently vulnerable characteristics of the PSK implementation to provide users an insight that the security must be deployed properly.

Which led me to read WPA_Passive_Dictionary_Attack_Overview
Now, if I read this correctly, during this "4 Way Handshake", just about every element needed to crack into a wireless network is provided outside of the passphrase and all of these elements can easily be sniffed out using a wireless traffic analyzer.
Here's a sample used in the whitepaper mentioned above:

PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
PTK = PRF-512(PMK, “Pairwise key expansion”, Min(AP_Mac, Client_Mac) ||
Max(AP_Mac, Client_Mac) || Min(ANonce, SNonce) || Max(ANonce, SNonce))

With the discovery of the SSID, the PMK apparently only relies on one security mechanism. Yep, you guessed it...the passphrase.

The PMK is generated by inputting the string of the pass phrase, SSID, and the SSID
length into the PBKDF2 algorithm, which is set to hash 4096 times and generate a value of
256 bits. Since the SSID is easily recoverable, it should be noted that only the pass phrase would have to be guessed in order to determine the valid PMK.

Now, apparently this PTK key is also fairly easy to mimick -

The normal practice is to have a single PSK(Pre Shared Key) within an ESS (Extended Service Set). To generate any PTK, a device only needs to learn the two MAC addresses and nonces (and the selected ciphersuite). All of this is available in the initial exchange, from the ASSOCIATE through the 4-Way Handshake. Any device can passively listen for these frames and then generate the PTK. If the device missed these frames, it can send a DISASSOCIATE against the STA and force the STA to perform the ASSOCIATE through the 4-Way Handshake again.

Full Article Here. There is also a more techincal breakdown for PTK cracking from the whitepaper listed above.

So, once again, I am amazed as to the simplicity it takes for a tech savvy individual to crack this WPA-PSK. I've heard warnings about WPA-PSK relying heavily on the passphrase but little did I know just how much. Needless to say, come Monday, my network will have a new passphrase . In any event, it appears(from what I've read) that the better security measure is to use a RADIUS server based WPA. There is also something I've recently learned about called TinyPEAP. Apparently this is in its prototype/testing stages?? and is one of(if not the best) wireless security encryption features available. It was generally only an enterprise solution but is quickly becoming a home user solution to wireless security. The whitepaper on TinyPEAP can be found Here.

Oh well, I'm done rambling. Any thoughts?

[jdenny]

Regarding MAC filtering and disabling SSID broadcast, both are useless, both are practices of security through obscurity, and both can deny access to legitimate users. Those "features" are introduced (and encouraged) by wireless devices vendors (and clueless "analysts") who have nothing else to offer for wireless security.

I have yet to see some better methods of security built right into the wireless protocol.

Peace always,
<jdenny>

[XTC46]

Regarding MAC filtering and disabling SSID broadcast, both are useless, both are practices of security through obscurity, and both can deny access to legitimate users. Those "features" are introduced (and encouraged) by wireless devices vendors (and clueless "analysts") who have nothing else to offer for wireless security.

First of all security through obscurity is a widley used practice, and a very effective one, but it should not be used as your only line of defense. MAC filtering is not considered security through obscurity, becasue you are not making it harder to find, it filters out who can access the network, sort of like a guest list at club.

MAC filtering is VERY effective. allthough not broadcasting your SSID will only deter the ost simple minded of attackers so it is generally not encouraged becasue the cost out weighs the benefits.

You could say that ANY security practice can potentially filter out legit users. If a user forgets their password, then they are locked out, does that mean we shouldnt have passwords, after all we wouldnt want to filter out the legit users right?

MAC filtering is fine becasue when you give the person the WEP/WAP they can give you their mac becasue that wont change.

[ShagDevil]

MAC filtering is VERY effective

Is it though? Let's refer to the example again, concentrating on the PTK only -
(remember, this is in regards to WPA-PSK encryption)

PTK = PRF-512(PMK, “Pairwise key expansion”, Min(AP_Mac, Client_Mac) ||
Max(AP_Mac, Client_Mac) || Min(ANonce, SNonce) || Max(ANonce, SNonce))

and let's again look at part of a quote from my original post -

To generate any PTK, a device only needs to learn the two MAC addresses and nonces (and the selected ciphersuite). All of this is available in the initial exchange, from the ASSOCIATE through the 4-Way Handshake. Any device can passively listen for these frames and then generate the PTK

Now, if I'm understanding this correctly, even with encryption, someome with a wireless traffic analyzer can still determine the MAC addresess on a network. Now let's say I disable encryption, it would seem that MAC filtering would be utterly useless. With the proper wireless sniffer and MAC spoofing tool, anyone could log into my network even with MAC filtering enabled.
The only thing I'm not sure about is if there's already one MAC address connected to the LAN, and an outsider spoofs the same MAC address and tries to connect.

[XTC46]

with a proper wireless sniffer and a decent decryption tool someone could crack your encryption also and then all of your security was be deemed "utterly useless".

Wireless is very insecure, its in the nature of it. The only true way of stopping someone from accessing the wireless network would be to contain the radiowaves in a designated secure area. (where the attacker cannot get, but even then if the attacker isgood, they can attack a node on the network via the internet, or crack the router itself and then be on the network anyway) everything else is simply a deternt. Some deterents are stronger than others, but with todays technology, cracking the standard encryptions methods of the average (and alot of above average) wireless networks is somewhat easy (but at times very time consuming).

[ShagDevil]

with a proper wireless sniffer and a decent decryption tool someone could crack your encryption also and then all of your security was be deemed "utterly useless"

From what I understand about WPA-PSK, there is no simple way to just "decrypt" it.

the PBKDF2 algorithm, which is set to hash 4096 times and generate a value of 256 bits

Even the tools I located on wardriving websites were designed to use brute-force attacks against WPA-PSK passphrases, not decryption.
Example, WPA Cracker:

WPA Cracker is a dictionary/brute-force attacker against WiFi Protected Access

In addition to that, unlike WEP, WPA-PSK uses what's called "rekeying" -

WPA-PSK is far superior to WEP and provides stronger protection for the home/SOHO user for two reasons. The process used to generate the encryption key is very rigorous and the rekeying (or key changing) is done very quickly. This stops even the most determined hacker from gathering enough data to break the encryption.

Now, what I was indicating in my original post was that WPA-PSK can be easily cracked if the admin uses poorly chosen passphrases simply because of how easy it is to generate the PMK/PTK used in WPA-PSK encryption. If the admin uses a well chosen passphrase (the preshared key consists of a random sequence of keyboard characters (upper and lowercase letters, numbers, and punctuation and is at least 20+ characters) then WPA-PSK is very secure. I don't think WPA-PSK can be cracked by the casual skiddie or someone with too much time on their hands if the network admin is using a well chosen passphrase.

cracking the standard encryptions methods of the average (and alot of above average) wireless networks is somewhat easy (but at times very time consuming).

Interesting opinion, you have anything to back up that claim? (do exclude all WEP examples as we all know WEP is flawed)
Also, you think decrypting this PBKDF2 algorithm, which is set to hash 4096 times and generate a value of 256 bits with a rekey interval is easy?
I beg to differ from everything I've researched about any WPA related wireless security measures.
Now, no matter how you look at it , MAC filtering is useless because there's no "cracking" neccessary. Whether the wireless network is encypted or not, MAC addresess are sitting in plain site for anyone with the proper wireless sniffer to find. So, I'm still confused how this MAC filtering is very effective in any capacity.

[XTC46]

I apologize, I mis read the information on the encryption method. Cracking th encryptions you were using would not be "easy" but still possible. I was using the term "decrypt" very loosly, and was including brute force processes...but that is a form of decryption because it does run through a series of combinations of characters rather than a dictionary attack, but cracking would be more correctof a term.

I stand by the fact that MAC filtering is not useless. In my company we have found it VERY helpful. it is excellent for filtering out un wanted laptop connection, and gives us the oppertunity to check out the laptop or other wireless device for virii or other harmful software before allowing it to connect. an average user would not be able to get around a mac filter. It is one layer of security. Just like anything else wireless security should be in layers including encryption methods and filtering methods. That is just like saying use IP filtering is useless. Its a deternt, just like EVERY OTHER form of security. It is one more thin an attacker must get through before accessing the netwokr, and in my opiinon the harder it is to get through the security the better, even the most trivial layers take time to get through,, and the more time it takes an attackerr to crak this type of thing the easier it is to detect the attacker.

[ShagDevil]

Cracking th encryptions you were using would not be "easy" but still possible

Agreed.

Just like anything else wireless security should be in layers including encryption methods and filtering methods

Agreed.

Is MAC filtering better than nothing? Yes. However, for someone who is tech savvy and knows how to use wireless sniffers and other tools of the trade, I believe MAC Filtering is of no help to the Admin trying to stop him/her/it from accessing the network.
It's fairly amazing that out of this whole mess of an algorithm/encryption process, what I have in bold is the difference between a very secure wireless network and a vunerable wireless network that uses WPA-PSK.
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
PTK = PRF-512(PMK, “Pairwise key expansion”, Min(AP_Mac, Client_Mac) ||
Max(AP_Mac, Client_Mac) || Min(ANonce, SNonce) || Max(ANonce, SNonce))