CEH.V6.-.Module.20.Hacking.Wireless.Networks

With its wep key and sends it back to the ap if the

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: pen system authentication (OSA) is configured, the station will send an authentication request to the AP and the AP will make an access decision decision based on its policy • When shared key authentication (SKA) is configured, the AP will send a challenge to the station and the station encrypts it with its WEP key and sends it back to the AP • If the AP obtains the challenge value, the station is authorized the EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WEP - Shared Key Authentication The The Requesting Station sends the challenge text The Receiving Station: • • • • Decrypts the challenge using the same shared key Compares it to the challenge text sent earlier If they match, an acknowledgement is sent If they do not match, a negative authentication notice is sent Once acknowledged, the transmission is sent Requesting Station EC-Council Receiving Station Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WEP - Association Phase After the authentication phase, the station will send an association request packet to the AP If the AP has a policy to allow this station to access the network, it will associate the station to itself by placing the station in its association table A wireless device has to be associated with an AP to access network resources, and not just authenticated Th The authentication and association phases authorize the device, and not the user There There is no way to know if an unauthorized user has stolen and is using an authorized device EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WEP Flaws Two basic flaws undermine its ability to protect against a serious attack: No defined method for encryption key distribution • Pre-shared keys were set once at installation and are rarely (if ever) changed Use of RC4 which was designed to be a one-time cipher and not intended for multiple message use • As the pre-shared key is rarely changed, the same key is used over and over • An attacker monitors traffic and finds enough examples to work out the the plaintext from message context and with knowledge of the ciphertext and plaintext, he/she can compute the key EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What is WPA WPA is not an official IEEE standard, but will be compatible with the upcoming 802.11i security standard It (Wi-Fi Protected Access) is a data encryption method for 802.11 WLANs WLANs It resolves the issue of weak WEP headers, which are called initialization vectors (IVs) It is designed to be a software upgrade With WPA, the rekeying of global encryption keys is required EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WPA (cont’d) Wi-Fi Protected Access: • Stop-gap solution that solves issues related to the WEP encryption itself: • IVs are larger (48 bits instead of 24) • Shared key is used more...
View Full Document

This note was uploaded on 02/12/2013 for the course CEH v6 taught by Professor John during the Summer '13 term at West Point.

Ask a homework question - tutors are online