Real 802.11 security : Wi-Fi protected access and 802.11i

Real 802.11 Security describes an entirely new approach to wireless LAN security based on the latest developments in Wi-Fi technology. The author team addresses the theory, implementations, and reality of Wi-Fi security. It provides an overview of security issues, explains how security works in Wi-Fi networks, and explores various security and authentication protocols. The book concludes with an in-depth discussion of real-world security issues and attack tools.

Preface. Acknowledgments. I. WHAT EVERYONE SHOULD KNOW. 1. Introduction. Setting the Scene. Roadmap to the Book. Notes on the Book. 2. Security Principles. What Is Security? Good Security Thinking. 1. Don't Talk to Anyone You Don't Know. 2. Accept Nothing Without a Guarantee. 3. Treat Everyone as an Enemy until Proved Otherwise. 4. Don't Trust Your Friends for Long. 5. Use Well-Tried Solutions. 6. Watch the Ground You Are Standing on for Cracks. Security Terms. Summary. 3. Why Is Wi-Fi Vulnerable to Attack? Changing the Security Model. What Are the Enemies Like? Gaming Attackers. Profit or Revenge Attackers. Ego Attackers. Traditional Security Architecture. Option 1: Put Wireless LAN in the Untrusted Zone. Option 2: Make Wi-Fi LAN Trusted. Danger of Passive Monitoring. Summary. 4. Different Types of Attack. Classification of Attacks. Attacks Without Keys. Snooping. Man-in-the-Middle Attack (Modification). Attacks on the Keys. One-Time Passwords. Burying the Keys. Wireless Attacks. Attacking the Keys Through Brute Force. Dictionary Attacks. Algorithmic Attacks. Summary. II. THE DESIGN OF WI-FI SECURITY. 5. IEEE 802.11 Protocol Primer. Layers. Wireless LAN Organization. Basics of Operation in Infrastructure Mode. Beacons. Probing. Connecting to an AP. Roaming. Sending Data. Protocol Details. General Frame Formats. AC header. Management Frames. Radio Bits. Summary. 6. How IEEE 802.11 WEP Works and Why It Doesn't. Introduction. Authentication. Privacy. Use of RC4 Algorithm. Initialization Vector (IV). WEP Keys. Mechanics of WEP. Fragmentation. Integrity Check Value (ICV). Preparing the Frame for Transmission. RC4 Encryption Algorithm. Why WEP Is Not Secure. Authentication. Access Control. Replay Prevention. Message Modification Detection. Message Privacy. RC4 Weak Keys. Direct Key Attacks. Summary. 7. WPA, RSN, and IEEE 802.11i. Relationship Between Wi-Fi and IEEE 802.11. What Is IEEE 802.11i? What Is WPA? Differences Between RSN and WPA. Security Context. Keys. Security Layers. How the Layers Are Implemented. Relationship of the Standards. List of Standards. Pictorial Map. Summary. 8. Access Control: IEEE 802.1X, EAP, and RADIUS. Importance of Access Control. Authentication for Dial-in Users. IEEE 802.1X. IEEE 802.1X in a Simple Switched Hub Environment. IEEE 802.1X in Wi-Fi LANs. EAP Principles. EAP Message Formats. EAPOL. EAPOL-Start. BHEADS = EAPOL-Key. EAPOL-Packet. EAPOL-Logoff. Messages Used in IEEE 802.1X. Authentication Sequence. Implementation Considerations. RADIUS--Remote Access Dial-In User Service. RADIUS Mechanics. EAP over RADIUS. Use of RADIUS in WPA and RSN. Summary. 9. Upper-Layer Authentication. Introduction. Who Decides Which Authentication Method to Use? Use of Keys in Upper-Layer Authentication. Symmetric Keys. Asymmetric Keys. Certificates and Certification Authorities. A Detailed Look at Upper-Level Authentication Methods. Transport Layer Security (TLS). Functions of TLS. Handshake Exchange. Relationship of TLS Handshake and WPA/RSN. TLS over EAP. Summary of TLS. Kerberos V5V5. Using Tickets. Kerberos Tickets. Obtaining the Ticket-Granting Ticket. Service Tickets. Cross-Domain Access. How Tickets Work. Use of Kerberos in RSN. Cisco Light EAP (LEAP). Protected EAP Protocol (PEAP). Phase 1. Phase 2. Status of PEAP. Authentication in the Cellular Phone World: EAP-SIM. Overview of Authentication in a GSM Network. Linking GSM Security to Wi-Fi LAN Security. EAP-SIM. Status of GSM-SIM Authentication. Summary. 10. WPA and RSN Key Hierarchy. Pairwise and Group Keys. Pairwise Key Hierarchy. Creating and Delivering the PMK. Computing the Temporal Keys. Exchanging and Verifying Key Information. Completing the Handshake. Group Key Hierarchy. Summary of the Key Establishment Process. Key Hierarchy Using AES-CCMP. Mixed Environments. Summary of Key Hierarchies. Details of Key Derivation for WPA. Four-Way Handshake. Group Key Handshake. Nonce Selection. Computing the Temporal Keys. Summary. 11. TKIP. What Is TKIP and Why Was It Created? TKIP Overview. Message Integrity. IV Selection and Use. Per-Packet Key Mixing. TKIP Implementation Details. Message Integrity--Michael. Countermeasures. Computation of the MIC. Per-Packet Key Mixing. Substitution Table or S-Box. Phase 1 Computation. Phase 2 Computation. Summary. 12. AES-CCMP. Introduction. Why AES? AES Overview. Modes of Operation. Offset Codebook Mode (OCB). How CCMP Is Used in RSN. Steps in Encrypting a Transmission. CCMP Header. Overview of Implementation. Steps in Encrypting an MPDU. Decrypting MPDUs. Summary. 13. Wi-Fi LAN Coordination: ESS and IBSS. Network Coordination. ESS Versus IBSS. Joining an ESS Network. WPA/RSN Information Element. Validating the Information Elements. Preauthentication Using IEEE 802.1X. IBSS Ad-Hoc Networks. Summary. III. WI-FI SECURITY IN THE REAL WORLD. 14. Public Wireless Hotspots. Development of Hotspots. Public Wireless Access Defined. Barriers to Growth. Security Issues in Public Hotspots. How Hotspots Are Organized. Subscribers. Access Points. Hotspot Controllers. Authentication Server. Different Types of Hotspots. Airports. Hotels. Coffee Shops. Homes. How to Protect Yourself When Using a Hotspot. Personal Firewall Software. Virtual Private Network (VPN). Summary. 15. Known Attacks: Technical Review. Review of Basic Security Mechanisms. Confidentiality. Integrity. Review of Previous IEEE 802.11 Security Mechanisms. Confidentiality. RC4 and WEP. Integrity and Authentication. Attacks Against the Previous IEEE 802.11 Security Mechanisms. Confidentiality. Access Control. Authentication. Man-in-the-Middle Attacks. Management Frames. ARP Spoofing. Problems Created by Man-in-the-Middle Attacks. 802.1x and EAP. PEAP. Denial-of-Service Attacks. Layer 2 Denial-of-Service Attacks Against All Wi-Fi-Based Standards. WPA Cryptographic Denial-of-Service Attack. Summary. 16. Actual Attack Tools. Attacker Goals. Process. Reconnaissance. Example Scenarios. Planning. Collection. Analysis. Execution. Other Tools of Interest. Airsnort. Airjack. Summary. 17. Open Source Implementation Example. General Architecture Design Guidelines. Protecting a Deployed Network. Isolate and Canalize. Upgrade Equipment's Firmware to WPA. What to Do If You Can't Do Anything. Planning to Deploy a WPA Network. Deploying the Infrastructure. Add a RADIUS Server for IEEE 802.1X Support. Use a Public Key Infrastructure for Client Certificates. Install Client IEEE 802.1X Supplicant Software. Practical Example Based on Open Source Projects. Server Infrastucture. Building an Open Source Access Point. Making It All Work. Summary. Acknowledgments. References and More Information. APPENDIXES. Appendix A. Overview of the AES Block Cipher. Finite Field Arithmetic. Addition. Subtraction. Multiplication. Division. Galois Field GF(). Conclusion. Steps in the AES Encryption Process. Round Keys. Computing the Rounds. Decryption. Summary of AES. Appendix B. Example Message Modification. Appendix C. Verifying the Integrity of Downloaded Files. Checking the MD5 Digest. Checking the GPG Signature. Acronyms. References. Index.