Improving WPA and WPA2

Improving WPA and WPA2IntroductionWPA is an acronym for Wi-Fi Protected Access. It was designed and actual by Wi-Fi alliance as a reponse to the weaknesses and vulnerabilities in the previous receiving set aegis system system protocol i.e. WEP (Wired Equivalent Privacy). It is a certification program developed by WiFi alliance to indicate compliance with the previous auspices protocol and just wireless networks.WPA2WPA2 is vulnerable to insider attack(If attacker is in the network or in some manner gets into the network) under certain conditions.Following atomic number 18 the attacks on WPA/WPA2PSK (Pre-Shared recognise) vulnerability.PSK cracking brute, Eavesdropping. (Attack on PSK Authentication)PEAP mis-configuring Vulnerability. (Attack on Authetication Server)TKIP Vulnerability. (Attack on Encryption)Encyption in WPA2There are two types of keys used in WPA2 for encryptionPairwise key(PTK) It is used to hold dear unicast data frames.Group key (GTK) It is used to prot ect group addressed data frames like Broadcast APR data pick up frames. It is used as an encryption key in Access Point(AP) while as a decryption key in Client.Analysis and Improvement of 802.11i (WPA2)The security requirement for WLAN(Wireless Local Area network) industry are data confidentiality. Intergrit, mutual authentication and availability.Primary recommendationsCCMP should be used for data confidentiality.Mutual Authentication mustiness be implemented for security concerns.Addresses DoS(Denial of serving ) in macintosh (Medium Access Control)layer.Wireless ThreatsPassive Eavesdropping/ Traffic AnalysisAn attacker can easilty sniff and line all the traffic in the WLAN.Message Injection / Active EavesdroppingAn attacker is capable of inserting a message into the wireless network with the help of NIC cards(Network Interface cards). assaulter can generate whatever choosen parcel, modify contents of the packet and completely control the transmission of the packet.Message Deletion and InterceptionIt is through with(p) by interfering with the packet reception processon the receivers antenna. eg. Causing CRC errors so that the receiver drops the packet. Message interception means that an adversary is able to control a connection completely i.e an attacker can stupefy a packet before the receiver actually receives it and decide whether to delete the packet or forward it to the receiver.Masquerading and Malicious AP (Access Point)An attacker can learn MAC addresses by eavesdropping and it can also spoof MAC address.Session hijackingAn adversary may be able to hijack a original session after the wireless devics have finished authenticatin themselves successfully. It can be overcome using data confidentiality and strong integrity meachanismMan in the Middle Attack (MitM)ARP cache posioning is a type of Man in the Middle Attack in case of wired connection.Denial of Service(DoS)An adversary is capable of making the whole Basic Service Set (BSS) unavailabl e, or disrupting the connection amongst legitimate peers .Ex. forging the unprotected management frames, protocol weaknesses or jamming of frequency bands with denial of service to the legitimate users. info Confidentiality and integrityIt defines threee confidentiality security protocolsWEP (Wired Equivalent Privacy).TKIP (Temporal Key Integrity Protocol)CCMP (Counter Mode Cipher Blocking chaining MAC (Message Authetication Code) Protocol).A temporal key (TK) is assumed tobe shared out between peers before executing any data confidentiality protocols.Authentication and Key ManagementThere are two types of Authetication systemsOpen System Authetication.Shared Key Authentication.These are not secured so IEEE802.11i definesa new standard viz. RSNA (Robust Security Network Association)RSNA establishment procedureNetwork and Security Caability Discovery.802.11 Authentication and Association.EAP / 802.1X / RADIUS Authentication.4-way shakeGroup key handshake.Secure data communication .AvailabilityMain cause is due to DoS attackFirst, an adversary can launch an 802.11i attack ofttimes more easily than a physical layer attack, with only moderate equipment.Second, it is much more difficult for a network administrator to detect and steady down these attacks.Layer abstraction is a very important concept in networks, requiring each layer to provide mugwump functionality separately.Michael Algorithm is used to solve to a higher place problems. It woks as followsWhen a incorrect packet is detected by Access point, it waits for 60 secs,within this time span of 60 secsif another(prenominal) incorrect packet is certain by rile point from the same source then it shut down that link.Application1. Security for planetary ATEThe data collected from hardware systems using mobile phones, PDAs application needs to be protected as currently many internet like occasions are done on mobiles only. We are also aware that the security in mobile phones while accessing internet is not secured.To overcome this, many ATE (Automatic test Equipment) are isolated from networks and be active in stand-alone environments.An ATE system describes a single hardware whatchamacallit performing test measurements or a group of devices testing another hardware system.Mobile app developers need to focus on securing data using appsConfiguration of the mobile device.Apps running on the device.Equipment communicating with the device.Wireless connection between the device and ATE.When ATE is sending data out from the device, it can use an https connection, data encryption and user authenticationto ensure that the non-trusted sources will not have access to the data.The wireless connection between the device and the server should be secured using wireless security protocols like WPA,WPA2, HTTPS and AES encryption.Below fig. shows the security concerns for the mobile devices.Fig. Major Mobile Application Server AreasSecuring the Wireless ConnectionThe mobile device should never connect to the ATE system through an unsecure WiFi network. Users must connect to the networks that implements strongest security protocol with encryption included. In strict scenarios, the application must use a secure VPN(Virtual Private Network) to connect to the server.Securing the mobile DeviceNo total of coding, server configuration or wireless setup will be useful if the hardware containing the mobile application has already been compromised. Before installing any application on the mobile device, user must check that they have ot already compromised their systems security features by jailbreaking or rooting the device. A jailbroken device is that device where user removes Operating system limitations imposed by the manufacturer. By both of the process i.e. jailbreaking or rooting, all of the security features that the system designers built-in to protect users are put into jeopardy.Securing the ApplicationApplication must not gain too much controlof the mobile device. Each application must be independent of each other i.e one application must not call other application or use resources of the other.Securing the ATE systemThe administrator and the developer on the ATE server need to work together to assure that the server providing the mobile apllication data is secure. Most of the data processing must be done on the ATE server side as it is difficult for the attacker to access data and also computing power is ore on server side.(A)Data achievement MethodologyObtaining black -listed IP addresses It was obtained from a german website, which was not up-to-date. This blacklisted IP addresses were the primary source for quantifying illegal activities.Associating blacklisted IP addresses with geographic locations IP addresses were never charge to a specific geographical area or region. IP addresses were assigned to organisations in blocks or assigned to residences through fixed commercials ISPs. Maxmind provided one such tool named GeoIP. The GeoIP tool c ontains a database of IP addresses and their corresponding global location information viz. City, State, Country, longitude and latitude.Obtaining security statistics of WiFi deployments The statistics of WiFi deployments such as percentage of secure access points and the number of blacklisted IP address occuring within the specific deployments for cities.(B) Data Manipulation MethodologyIt involves processing the data. Depending on the number of IP addresses balcklisted, urban center were choosen i.e the city having highest number of blacklisted IP addresses were considered.Data Analysis MethodologyWe generated derived statistics of fileds such as IP address availability, WiFi network security and the number of blacklisted IP addresses.Results of Data realated MethodologySuggestionAfter 2006, every wireless enabled device is WPA/WPA2 certified and Trademarked by WiFi alliance. The biggest hurdle is that users are unaware of the wireless security protocols and in the security dialo gue box also first one is none and after that there is a list from WEP to WPA2. It has been seen that the user choose None or WEP as a security protocol without knowing exactly what that security protocol does as it comes earlier in the list.So, the first and the foremost thing is do make user aware of the protocols and advice them to use better protocol as per the requirements. For Ex.,Corporate world must use the toughest to decipher protocol whereas normal user can use somewhat lighter version of the protocol with good password, but it must never have the Wireless access without any security protocol i.e. none.ReferencesSecurity for Mobile ATE Applications by Susan Moran.Malicious WiFI Network A First Look by Andrew Zafft and Emmaneal Agu.Security Analysis and Improvements for IEEE 802.11i by Changhua He and John C Mitchell .