Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Advanced Network Security - RWTH > Chapter 6 - WLAN > Flashcards

Chapter 6 - WLAN Flashcards

1
Q

What are some basic facts of IEEE 802.11?

A
  • Developed in 1997
  • Speed up to 1,3 Gbit/s
  • 2.4 and 5 GHz
  • 3 modes: infrastructure, ad-hoc and mesh
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some basic facts on WEP?

A
  • Wired Equivalent Privacy (WEP)
  • Optional Access Control
  • Confidentiality: Encryption on MAC layer
  • Integrity protection between mobile device and access point
  • All security mechanisms totally broken and serious design flaws
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the design flaws of WEP?

A
  • Same key for all mobile devices in the network
  • Same key for integrity protection, encryption and authentication
  • No protection against replay attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How is user authentication done in WEP?

A

Optional:
Shared Key Authentication:
- AP generates 128 bit RAND
- Mobile device chooses initialization vector IV
- Computes stream cipher RC4( IV k) and performs xor with RAND
- Sends IV, Encrypted RAND back

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How can the user authentication be attacked in WEP?

A
  • Capture one handshake:
  • Attacker knows RAND and response and can extract the keystream for the given IV
  • Attacker uses the same IV for authentication and XORs with the new RAND
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How is encryption and integrity protection done in WEP?

A

Shared secret k: 40-104 bit
IV: 24 bit
Key K = RC4( IV || k)

Integrity protection:
- Calculate CRC on Message and append

Encryption:
- XOR Message and CRC with K
- IV attached

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why is the integrity protection broken in WEP?

A
  • Uses CRC-32, which is linear in respect to xor:
  • Attacker can XOR message M:
    M xor D || ICV(M) xor ICV(D)
  • CRC-32 is correct and receiver cannot detect modification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a known plaintext attack against WEP encryption?

A
  • Retrieve Keystream from Message: M xor RC4(IV,k) xor M = RC4(K)
  • Wait for IV to repeat and decrypt message
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the problem with RC4 usage in WEP?

A
  • IV are to small
  • Reuse happens very often
  • Shared secret k can be recovered using Fluhrer at. al. attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is specified in 802.11i?

A

WLAN security

pre-RSNA:
- WEP

RSNA:
- New AKA
- TKIP (WPA)
- CCMP (WPA2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is RSNA in the context of WLAN?

A
  • Robust Security Network Association
  • Standard included in 802.11i
  • Include WPA and WPA2
  • Defines common authentication and access control
  • Pre-shared key or EAP authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is difference between WPA and WPA2?

A

WPA = Wifi-Protected Access

WPA:
- TKIP: Still uses RC4 with wrapper
- Network cards could get patched from WEP

WPA2:
- CCMP: AES based encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is access control realized in 802.11i?

A
  • Port based access control
  • Supplicant requests access to services
  • If supplicant is not yet authenticated, authenticator blocks all traffic not directed to authentication server

Small networks:
- PSK: pre-shared key
- Authentication using 4-way handshake
- MD and AP agree on PMK (Pairwise Master Key)

Enterprise networks:
- MD and authentication server share credentials
- Authenticate each other and generate PMK
- Auth. server sends PMK to AP
- AP and MD do 4-way handshake

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How is the PMK generated in small networks vs. in enterprise networks in 802.11i?

A

Pairwise Master Key (PMK)
Small networks: PMK = PSK
Enterprise: Generated by authentication server with the help of EAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the result of the 4-way handshake in 802.11i?

A

The Pairwise Transient Key (PTK) is generated and exchanged

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What keys are generated from PTK in 802.11i?

A
  • Key Confirmation Key (KCK)
  • Key Encryption Key (KEK)
  • Transient Key (TK)
17
Q

What is the 4-way handshake in 802.11i?

A
  • AP and MD have PMK (Ether PSK or via EAP)
    1. AP sends ANonce
  • MD calculates PTK = HMAC_PMK( ANonce, SNonce, Sup. MAC, AP MAC)
    2. MD sends SNonce, MDs IE and Message Integrity Code (MIC) based on KCK
  • AP calculates PTK
    3. AP sends ANonce, APs IE and MIC
    4. MD acknowledges with MIC
18
Q

What is EAP?

A

Extensible Authentication Protocol (EAP):
- Framework for authentication
- Can run directly on data link layer
- 4 message types: Request, Response, Success, Failure
- After initial identification, MD and auth. server exchange messages
- Different authentication methods possible

19
Q

What are some EAP methods?

A

EAP-AKA: Based on USIM
EAP-TLS: Based on private/public key
EAP-TTLS: Based on username/ password
EAP-GPSK: Based on pre-shared key

20
Q

What is TKIP in WLAN?

A
  • Wrapper around WEP (Firmware update)
  • RC4 based
  • IV 48 bit
  • Upper 32 bit used for per-packet key
  • Lower 16 bit + dummy byte used for RC4
  • 20 bit MIC using Michael algorithm
  • Still keystream recovery possible
21
Q

What is CCMP in WLAN?

A

Counter Mode CBC MAC Protocol (CCMP):
- Integrity: CBC MAC
- Encryption: Counter Mode 128-bit AES

22
Q

How is the security algorithm negotiated in 802.11i?

A
  • Negotiation over:
    Pre-RSNA/ RNSA, TKIP/ CCMP, EAP/ PSK, which EAP method?
  • AP and MD exchange capabilities in RSNA IE’s
  • AP send capabilities on Probe response
  • MD sends IE in association request
  • Repeated on 4-way handshake
23
Q

How is mobility handled in 802.11i?

A
  • New authentication with each AP
  • Pre-authentication: MD initiates pre-authentication with new AP via old AP
  • Use cached PMK: Check if key-id already exists
24
Q

What are known attacks against WPA/WPA2?

A
  • Bidding down to WEP: Pretend network only supports pre-RSNA in IE
  • Reflection attack: If MD is supplicant and authenticator, replay messages
  • RSN IE poisoning: Modify one AP IE, so later in the handshake it is rejected
  • PSK Cracking: Capture handshake, use dictionary attack to crack PSK, by calculating KCK from PSK and verify with MIC on messages
  • Key re-installation attack: Repeat second handshake message to reset CTR counter to 0
  • User tracking with MAC address
  • Evil twin attack
25
Q

What is done against MAC tracking in WLAN?

A
  • MAC randomization
  • Set first bit to 0 to indicate locally administrated MAC
26
Q

What is an evil twin attack in WLAN?

A
  • Attacker sets up AP with same SSID as free WLAN
  • Set up DHCP to use own DNS server
  • Use phising sites and spread malware
27
Q

What is the difference between WPA2 and WPA3?

A
  • In open networks: Use DH-key exchange to generate PMK. Protects against passive eavesdropping
  • In small networks: Simultaneous Authentication of Equals (SAE) aka Dragonfly Handshake. Use password authenticated DH-key exchange
28
Q

What attacks are known against WPA3?

A

Dragonblood attack:
- Multiple ways to crack password
- E.g. downgrading to WPA2 (IE poising), time side-channel attack, memory side-channel attack
- DoS against AP by initiating fake SAE

29
Q

What attacks are known against all WLAN architectures?

A

Fragattack:
- Exploit that fragmented packets are saved on AP
- Able to insert malicious packets
SSID Confusion Attack:
- Use same SSID as trusted network
- Requires two networks with same credentials

Advanced Network Security - RWTH (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions