|
Wi-Fi® is a registered certification mark of the Wi-Fi Alliance
|
 
|
 |
 Rethinking the Datacenter
Sponsored by HP
Today's datacenters need to increase utilization, get control over power and cooling costs, and align with business objectives. Download this eBook to learn about the challenges facing the data center in a world where digital information is growing at a torrid pace and costs are being held in check. Learn more. »
|
|
Putting the Green into IT
Sponsored by HP
Electricity use in data centers is skyrocketing, sending energy bills through the roof, creating environmental concerns and generating negative publicity. "Going Green" means looking to technologies like virtualization, energy-efficient chips and racks, and implementing policies that extend beyond the data center. Learn more. »
|
|
Managing the Modern Network
Sponsored by HP
In a global economy where information crosses the globe in an instant, and where Web-based applications power business, it's more important than ever to ensure your network is safe from threats and optimized to deliver the data your business needs. »
|
|
Evaluating Software as a Service for Your Business
Sponsored by Webroot
Is Software as a Service just hype, or is something really going on here? See if your company can benefit as SaaS tries to change the face of the enterprise.
»
|
|
Is Your Disaster Recovery Plan Good Enough?
Sponsored by HP
Preparing for a disaster is more often than not part of the storage planning process, and it is one of the most difficult tasks, since it includes local hardware and software, networking equipment, and a test plan. Learn how to get disaster recovery right. »
|
| >> Wi-Fi Planet Marketplace |
  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
WPA PSK Crackers: Loose Lips Sink Ships
By Lisa Phifer
March 23, 2007
Wi-Fi Protected Access (WPA) protects wireless data by applying encryption, integrity checks, and sequencing. The first version of WPA patched around mistakes in the old, broken Wired Equivalent Privacy (WEP), while WPA2 started from a clean slate to deliver more robust, efficient security.
Either version of WPA can stop wireless eavesdropping -- with one big caveat. The encryption keys upon which they depend must never be disclosed to outsiders. That's where PSK crackers come in.
Can You Keep a Secret?
WPA and WPA2 are best when used with 802.1X Port Access Control for per-user authentication and per-session key delivery. Known as WPA-Enterprise or WPA2-Enterprise, this approach was designed for business networks with the staff and resources required to support RADIUS-based authentication. Every new session gets its own fresh random key, used for a relatively short time. While that doesn't make key cracking completely impossible, it substantially reduces that risk.
Since home networks don't generally have RADIUS servers, a simpler option also exists: Pre-Shared Keys (PSKs). Known as WPA-PSK, WPA-Personal or WPA2 Personal, this approach authenticates everyone using the WLAN with the same secret passphrase, configured into the Access Point (AP). But, unlike those old WEP keys, PSKs are not encryption keys -- they are the starting point for deriving per-station (client) encryption keys. (For how to set up WPA at home, see WPA-PSK: Step-by-Step.)
Unfortunately, the way in which WPA/WPA2 encryption keys are generated and delivered makes it easy for an attacker to try to guess your WLAN's PSK. Once an outsider has the PSK, he can steal service or decrypt data sent by legitimate users on your network.
Let's Shake on It
A PSK is a 256-bit value, known to every device in the WLAN. That PSK is usually generated by combining the WLAN's name (Service Set Identifier, SSID) (define) with a passphrase (an ASCII (define) string, 8-63 characters.) If you have ever used Windows XP to connect to a WPA-Personal WLAN, you have been prompted to enter a WPA passphrase.
When using WPA or WPA2, every station is permitted to associate with the AP. The AP or station has the option to start 802.1X authentication, exchanging Extensible Authentication Protocol (EAP) (define) messages to verify user/server identities. After authentication (if any), the AP kicks off a four-way handshake (see figure below) to derive the keys for this session. The handshake must be completed before any encrypted data can actually be exchanged between this station and AP.
Four-way key handshake
What is actually happening during this handshake?
- The AP and each station need an individual Pairwise Transient Key (PTK) to protect unicast communication between them. To derive a different PTK for each AP/station combo, a Pairwise Master Key (PMK) is fed into an algorithm, along with MAC address (define) and two values, ANonce and SNonce. Messages #1 and #2 in the figure above show how the AP and station manage to derive the same PTK without ever sending it over the air.
- The AP also generates a Group Transient Key (GTK) to protect all broadcast and multicast communication. Because every station on the WLAN needs that same GTK to decrypt broadcast/multicast frames, the AP sends the current GTK in message #3 of the handshake. To prevent eavesdropping, the GTK is encrypted with the PTK.
- To stop these handshake messages from being forged, messages #2 through #4 carry a Message Integrity Code (MIC). Each MIC is generated by hashing a specified part of the message, then encrypting that hash with the PTK.
This four-way handshake occurs whenever you connect to a WLAN using WPA or WPA2. It also occurs periodically thereafter, whenever the AP decides to refresh transient keys. End users may not be aware of this handshake -- and administrators may not really care about all of these gory details.
But WPA PSK crackers do.
What if Someone Hears You?
In WLANs that use WPA-Enterprise or WPA2-Enterprise, every session starts from a different PMK, delivered during 802.1X authentication. However, in WLANs using WPA-Personal or WPA2-Personal, there's no 802.1X, so the station and AP must use a value they both already know. What value do they both know? The PSK, of course.
WPA-PSK crackers like aircrack, KisMAC, and coWPAtty try to guess the PSK by capturing and analyzing the four-way handshake messages spelled out above. For example, the following output was generated by coWPAtty: $ cowpatty -r capturefile -s soho-psk -f dictionaryfile
cowpatty 2.0 - WPA-PSK dictionary attack.
Collected all necessary data to mount crack against passphrase.
Starting dictionary attack. Please be patient.
key no. 1000: apportion
key no. 2000: cantabile
key no. 3000: contract
key no. 4000: divisive
The PSK is "secretsecret".
4089 passphrases tested in 112.55 seconds: 36.33 passphrases/second
Here, coWPAtty uses a supplied dictionary file to analyze a packet capture file containing (at least) the four-way handshake exchanged during someone else's successful connection to the "soho-psk" WLAN. Recording handshake messages from an active WLAN is easily accomplished with a wireless capture program like Wireshark or Kismet. Those who get impatient can use a frame injector like Airjack to force legitimate users to reconnect.
CoWPAtty searches the capture file and extracts a four-way handshake for the named WLAN. It then extracts all of the values of interest from that handshake: AP and station MAC addresses, those SNonce and ANonce values, and message #4's payload and MIC.
|
Rethinking the Datacenter
Putting the Green into IT
Managing the Modern Network
Evaluating Software as a Service for Your Business
Is Your Disaster Recovery Plan Good Enough? 
IE 7
Firefox 2.0
