Information Technology Reference
In-Depth Information
utilities which help an attacker perform this attack against EAP-LEAP authentica-
tion
[19]
.
2 . 9 E A P - M D 5 A t t a c k
EAP requires that EAP-MD5 be implemented to serve as a fallback authentication
mechanism. It has a number of vulnerabilities including susceptibility to man-in-
the-middle attacks, lack of dynamic key distribution, and the plaintext/ciphertext
combination. The EAP-MD5 process is somewhat similar to EAP-LEAP. The au-
thentication server sends a challenge to the supplicant that is then hashed using MD5
and the password. That hashed value is sent back to the authentication server. This
hashed value is then compared to the server's hash of the challenge text and if they
are equivalent, access is granted.
Since the authentication process happens in only one direction, a man-in-the-
middle attack can be performed against the authenticator. All that is required is a
fake access point with authentication server software installed. When a supplicant
requires access, it contacts the rogue AP instead of the authentic AP.
3.
WPA Background and Introduction
Since there have been so many vulnerabilities discovered in WEP, an 802.11i
standard committee was formed to find a new method of securing wireless commu-
nication. As the development of the standard progressed, some parts were ready to
be deployed and other parts were not. In 2002, the Wi-Fi Alliance decided to deploy
the parts that were deemed ready to help alleviate some of the security problems
that existed. The parts that were released were named Wireless Protected Access
(WPA). WPA still uses the WEP algorithm, but it adds a stronger integrity check-
ing algorithm and better key management as in 802.1x. It can be implemented with a
centralized authentication server or using pre-shared keys (PSK), like WEP. WPA of-
fers two things of value: Temporal Key Integrity Protocol (TKIP) and 802.1x. TKIP
is the encryption algorithm that was created to provide more security than WEP.
It is essentially a shell that was placed around the WEP RC4 algorithm to address
the following weaknesses: replay attacks, forgery attacks, key collision attacks, and
weak key attacks. It does this by improving the integrity checking function, adding
initialization vector sequencing rules, and creating a per-packet key.
TKIP uses a master key (MK) which is either distributed using 802.1x or as the
PSK to derive a pairwise master key (PMK). In turn, the PMK is used to derive four
more keys. These four keys are used during various parts of the encryption. One of
the keys is called the temporal key (TK), which is primarily used for the encryption
of data that is sent over the wireless link. The TK is XORed with the sender's MAC
