N. Justin Bernard
Management 6740
Executive Summary
“Wireless Networking and How to Keep Yourself Protected”
Technology is consistently evolving and changing and wireless networking is no exception. There are constant updates as well as vulnerabilities in wireless networking, and my goal is to inform you of those vulnerabilities to help you stay protected from them. Wired Equivalent Protocol (WEP) was the original wireless security protocol. WEP was flawed in numerous ways and hackers were able to get information in minutes. WPAv1 was then introduced as an interim replacement because WEP was that flawed. WPAv1 was made to improve on the secure wireless networks and also used a newer and more improved algorithm. When WPAv2 was finally released, many devices began to be created to be compatible with the AES algorithm WPAv2 uses. There still have not been any major hacks or attacks on a WPAv2-AES network that would cause the Wi-Fi alliance look into using another algorithm a replacement. WPAv1 is too easy to hack so it is not recommended and WPAv1 is now susceptible to multiple types of attacks. There are several different ways you can help to protect yourself and your information. Verify your spam in your e-mail to make sure a file accidentally was not forwarded to spam. There are also others to improve your security. The length of your passkey is very important in security, as well as keeping an up-to-date anti-virus and staying up-to-date on all the latest hacks, cracks, and technology are critical for your protection.

N. Justin Bernard
Network Security Term Paper
November 13, 2012
The difference between cracking a WEP and a WPA network passkey and how to protect yourself from it In today’s always evolving and improving technology world, there are always loopholes, weaknesses, and gaps. I will discuss one of the primary weaknesses in network security, which is wireless hacking or cracking. I will discuss what a WEP, WPAv1, and WPA2 network is and the advantages and disadvantages of each, I will explain the differences and how to crack each, and I will explain the importance of security and how to improve your security. A wired equivalent privacy, or WEP, is protocol for security for wireless networks. WEP was introduced in 1997 as a part of the original 802.11 standard. WEP was originally designed to be as secure as a wired connection and to protect user’s information and data when they were using a wireless network. There were multiple issues with WEP’s security. “A high percentage of wireless networks have WEP disabled because of the administrative overhead of maintaining a shared WEP key. WEP has the same problem as all systems based upon shared keys: any secret held by more than one person soon becomes public knowledge. Take for example an employee who leaves a company – they still know the shared WEP key. The ex-employee could sit outside the company with an 802.11 NIC and sniff network traffic or even attack the internal network. The initialization vector that seeds the WEP algorithm is sent in the clear. The WEP checksum is linear and predictable” (http://www.tech-faq.com/wep-wired-equivalent-privacy.html). With so many issues and WEP becoming so easy to decrypt a new security standard was necessary. When people use WEP one of the main concerns are when people do not change their keys periodically so when someone captures enough packets to crack it and will always have access to your network. The Wi-Fi Protected Access, or WPA, protocol was developed by the Wi-Fi Alliance to better secure wireless networks after all the security flaws were found in WEP. WPAv1 officially became available in 2003. WPA provided stronger encryption and better authentication and integrity checking. There are two different WPA protocols, WPAv1 and WPAv2. In WPAv1 they used a newer and more improved algorithm. “WPAv1 uses a shared key that is between 8-63 characters long and features many improvements over the WEP system, including TKIP, the Temporary Key Integrity Protocol, that prevents the major downfall of the WEP protocol by preventing the unencrypted transmission of important passkey data in the packets sent by a wireless network” (http://encyclopedia.jrank.org/articles/pages/cog1c7rm85/Security-Wireless-Network-Improve-Security-Wireless-Network.html#ixzz2AoDs8hCp). There was also a firmware and software update and improvement for users looking to upgrade from the WEP security to the WPAv1. “TKIP uses the same underlying mechanism as WEP, and consequently is vulnerable to a number of similar attacks. The message integrity check, per-packet key hashing, broadcast key rotation, and a sequence counter discourage many attacks. The key mixing function also eliminates the WEP key recovery attacks” (http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol). TKIP stands for Temporal Key Integrity Protocol. It is basically a patch for the weakness found in WEP. The problem with the original WEP is that an attacker could recover your key after observing a relatively small amount of your traffic. TKIP addresses the problem of being able to steal a key just by packet watching or observing your traffic by automatically rotating the key or negotiating a new key every few minutes. No hacker using the same exact packet watching method as cracking a WEP key will have enough time or information to steal the key. WPAv1 was more like an interim replacement than something permanent. In September 2003, WPAv2 certification began and was completed in 2006. The issue with WPAv1 was that it still used a shared key similar to WEP, which made it very vulnerable to hacking attempts. WPAv2 introduced a newer and more improved algorithm: CCMP, an AES-based encryption with much better security. CCMP, or Counter Cipher Mode with Block Chain Message Authentication Code Protocol, was the actual permanent replacement for WEP. “AES stands for Advanced Encryption Standard and is a totally separate cipher system. It is a 128-bit, 192-bit, or 256-bit block cipher and is considered the gold standard of encryption systems today. AES takes more computing power to run so small devices like Nintendo DS don’t have it, but is the most secure option you can pick for your wireless network” (http://askville.amazon.com/difference-AES-TKIP/AnswerViewer.do?requestId=7123665). With WPAv2 hacking a network becomes over less likely and your network is more secure. There are many key differences between WEP, WPAv1, and WPAv2 which include a longer bit key, cracking difficulty, and the different algorithms. A key in network security is a long sequence of bits used by encryption and decryption algorithms. The bit keys strength and effectiveness is measured by the length of its key. The WEP key length depends on encryption used. The IEEE 802.11 standard will support two types of WEP encryption, 40-bit and 128-bit. One of the weaknesses of WEP is key management because it is not specified and they tend to be long-lived and poor quality as well. “Cracking WEP is fast and easy with commonly available Windows- or Linux-based tools. The length of the WEP key, 40- or 104-bit, is practically irrelevant, and with the software tools currently available, any novice can crack WEP in minutes given enough captured data” (http://www.cwnp.com/cwnp_wifi_blog/hacking-solutions-cracking-wep-and-wpa2-psk/). WPA/WPA2 is a lot more difficult to crack than cracking WEP, but is far from impossible. “Given the right dictionary files and the latest versions of WPA cracking tools, cracking WPA/WPA2-Personal can happen in a short time if a very strong passphrase isn't used by the network administrator. The Wi-Fi Alliance suggests at least 20 characters with lower case, upper case, numbers, and special characters and use of WPA2 over WPA whenever possible” (http://www.cwnp.com/cwnp_wifi_blog/hacking-solutions-cracking-wep-and-wpa2-psk/). WPAv1 was designed to be used with the TKIP algorithm and WPAv2 was designed to use the stronger AES algorithm. Some devices allow WPAv1 with AES and WPAv2 with TKIP. TKIP is not directly comparable to AES; the TKIP algorithm is an integrity check and the AES is an encryption algorithm. TKIP is a lower end encryption protocol and AES is a higher end encryption protocol but AES is the preferred encryption protocol for the best security.
Cracking a WEP network only requires three things, software that scans for packets, being able to capture packets, and finally decrypting the packets and finding a key. There are multiple different kinds of software that can be used to scan for packets. I used to the CommView for WiFi software in this project. To analyze the packets I logged I used the software Aircrack. “Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools” (http://www.aircrack-ng.org). With CommView for Wifi you can scan the air for WiFi stations and access points, capture WLAN traffic, specify WEP or WPA keys to decrypt, monitor bandwidth utilization, browse captured and decoded packets, log packets to files, and import and export packets. To capture packets, a special driver was downloaded so I would be able to scan and analyze networks. Once you are able to scan the networks, and if you want to crack a specific network you must know the SSID. An SSID, or Service Set Identifier, is just the name of a wireless local area network. Within the CommView for WiFi program you run a scan and it will show all the channels where at least one packet has been captured. When you see the SSID you want to crack you select to monitor only specifically the channel that the SSID is under. Once the correct channel network is selected, you can then begin capturing packets. As previously stated, there are multiple networks within a channel, so even though you are capturing the channel where the SSID is located, you don’t need packets from all the other SSID’s on the channel. Under the SSID’s information there is the MAC address for the network, which you can copy and under the recording tab paste the MAC address so it is set to record and capture packets only from that specific SSID. Once the data packets have begun to be captured you are on your way to cracking the WEP network key. WEP network keys do not require many packets to crack the key so if there is significant traffic on the network it sometimes will only take a few minutes to obtain enough packets. The packets that are logged must be saved to a log file so that they can be analyzed and decrypted to crack the network key. Most programs that decrypt packets and crack the network key will crack the key in hash, and you can then simply enter the key into the network. With the process being so simple to crack the code, WEP was deprecated by the Wi-Fi Alliance. When WPAv1 came out as, it was just a temporary replacement for WEP, which had already been broken. Until a few years ago, WPAv1 was believed to be secure and only being able to be broken into if your key was short. That is not so anymore, there are now three methods in cracking a WPAv1 passkey. WPAv1 is vulnerable during client association and is very susceptible to dictionary attacks against weak passphrases. Cracking a password with a dictionary attack is only successful if the password or passphrase is weak or relatively short. If you are using Aircrack, the Linux must be installed on the pc you are trying to hack from. You will need to make sure you have the ESSID of your network and the BSSID and channel. “The idea is that when a client connects to a WPA secured network, the wireless access point and client computer will "handshake" and mutually exchange a PSK (Pre Shared Key) in a 4-way exchange. If you happen to be capturing data, you can save a packet of the encrypted handshake taking place. Once you have captured this handshake, you can run an offline dictionary attack and break the key” (https://sites.google.com/site/clickdeathsquad/Home/cds-wpacrack). To run the Aircrack you will need to make sure your program has monitor mode enabled to begin to crack the WPAv1 passkey. Capturing the traffic is similar to what you would do if you are hacking a WEP network; make sure you have the correct channel to monitor and then start dumping packets. The time it takes to complete the last step will vary, but just leave the computer on and running for a while and let it just continually dump packets. Once you have a destination host or target you need to make sure you can get a “handshake” from the target. There is specific coding you must type to deauthenticate the target, but most of the coding is easy to find on Google or in books on the internet. Once you deauthenticate the target, the target will automatically re-exchange the WPA key. When the target re-exchanges the WPA key and we are monitoring the “handshake” we will have the packet we need to crack the WPA key. There are many dictionary libraries of words, dates, names, and numbers which are popular passwords which are needed to finish cracking a WPAv1 key with this method. The software I used to crack the WEP key was the same software I will use to crack the WPAv1 key. When you run the aircrack program you just need to select the packet captured and upload the dictionary file, depending on the speed of the computer will depend on how fast it is able to crack the passkey. Dictionary attack vulnerability has nothing to do with encryption type. It can also be launched against AES encryption if the passphrase is weak.
The second method of cracking a WPAv1 key does not involve using a dictionary. The attack is called the “Beck-Tews” attack. The /Beck-Tews attack’s method involves making minor changes to packets encrypted with TKIP and then sending the packets back to the access point. The vulnerability was in the way that the checksum was used. While I was never able to use the Beck-Tews attack it is said to take about 12-15 minutes to hack. “The Beck-Tews attack [3] presented in 2008 only targets the access point to client communication, retrieves the MIC Key for that direction, allowing validation of packets and injection of a very few and short new packets. Injection and decryption of packets towards the client is now possible without the previous limitation, arbitrary packets can be sent and decrypted” (http://download.aircrack-ng.org/wiki-files/doc/enhanced_tkip_michael.pdf). “The Beck-Tews attack, had several weaknesses: it only worked on WPA implementations that supported 802.11 quality of service (QOS) features, it only worked on short packets, and it took about 15 minutes” (http://arstechnica.com/tech-policy/2009/08/one-minute-wifi-crack-puts-further-pressure-on-wpa/).
The last and newest WPAv1 attack has led the Wi-Fi alliance to make plans to deprecate WPAv1 along with WEP. The newest attack combines the Beck-Tews attack method with the man-in-the-middle attack method, and has allowed users to hack a WPAv1 key in about a minute. A man-in-the-middle attack, or MITM, “is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker” (http://en.wikipedia.org/wiki/Man-in-the-middle_attack). “A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other — it is an attack on mutual authentication (or lack thereof)” (http://en.wikipedia.org/wiki/Man-in-the-middle_attack). The newest attack does not work against systems using WPA2 but it does give hackers a much stronger method to crack WiFi networks. Also, business that rely on WPA to protect their information will definitely need to upgrade. The Wi-Fi Alliance has required since 2006 that Wi-Fi-certified products support WPA 2, a much more powerful encryption system that is not vulnerable to these attacks, but users have been slow to upgrade. Hacking a WPAv2 network is still very difficult and there is not any practical and very few ways to actually attack any AES encryption. “As our attacks are of high computational complexity, they do not threaten the practical use of AES in any way” (http://www.kotfu.net/2011/08/what-does-it-take-to-hack-aes/). It is very important to make sure your network and information is secure. Not just for your safety, but the safety of anyone using your network. “80 percent of spam e-mail messages originate from home computers! They have been secretly taken over by spammers and are known as zombie PCs. Spammers and cybercriminals can control thousands of these zombies, which together form a ‘bot network’… 95 percent of viruses are sent through email” (http://www.guard-privacy-and-online-security.com/how-do-you-stay-safe-on-the-internet.html). When information isn’t secure, data is more susceptible to being breached. There are multiple ways you can be protect from your data being breached, and a Business News Daily article had tips: “Locking and securing sensitive customer, patient or employee data, restricting employee access to sensitive data, shredding and securely disposing of customer, patient or employee data, using password protection and data encryption, having a privacy policy, updating systems and software on a regular basis, and using firewalls to control access and lock out hackers” (http://www.businessnewsdaily.com/2654-prevent-data-breach.html).
There are many ways to improve your security, types of passkeys, changing passwords, anti-viruses, and staying informed. It is important to use WPAv2 using the AES encryption, because the other encryptions have all been broken and cracked. Also, make sure your passkey is long and is a bunch of random characters and symbols which will protect you against dictionary attacks. Making sure your passkey is changed on the regular basis is also important so that in the case that someone is successful, they will not be have long-term success because your key will be changed. Having an anti-virus is important because it keeps unwanted files from being downloaded to your pc and helps deter users from breaking in. Keeping an active subscription of an anti-virus program is also extremely important because viruses are designed to disrupt, and sometimes even destroy, files and programs on your computer. Having an active anti-virus keeps you protected and will help detect malicious types of network activity and will suspend it until you decide whether or not to allow it. Most anti-viruses will have firewalls, which is software that monitors, detects, and warns you of unusual traffic that passes to and from your computer via a network or the internet. You also want to make sure your anti-virus has incoming and outgoing protection, this is important because there are many ways you can contract a virus and when there is no protection for outgoing activity you can forward that virus to other users. Lastly, read current events about new technologies that are available to help keep your system up-to date. There are always new and improved security patches and updates which helps further protect your computer and network against new attacks and viruses.

Works Cited
"8 Ways to Prevent a Data Breach." BusinessNewsDaily.com. N.p., n.d. Web. 14 Nov. 2012. <http://www.businessnewsdaily.com/2654-prevent-data-breach.html>.
"Aircrack-ng against WPA - Clickdeathsquad." Aircrack-ng against WPA - Clickdeathsquad. N.p., n.d. Web. 14 Nov. 2012. <https://sites.google.com/site/clickdeathsquad/Home/cds-wpacrack>.
"ArsTechnica." Ars Technica. N.p., n.d. Web. 14 Nov. 2012. <http://arstechnica.com/tech-policy/2009/08/one-minute-wifi-crack-puts-further-pressure-on-wpa>.
"Hacking & Solutions: Cracking WEP and WPA2-PSK." CWNP. N.p., n.d. Web. 14 Nov. 2012. <http://www.cwnp.com/cwnp_wifi_blog/hacking-solutions-cracking-wep-and-wpa2-psk>.
"How Do You Stay Safe On The Internet?" First, Be Aware Of The Risks. N.p., n.d. Web. 14 Nov. 2012. <http://www.guard-privacy-and-online-security.com/how-do-you-stay-safe-on-the-internet.html>.
"Security Wireless Network - Improve the Security of a Wireless Network." - Passkey, Wep, Wpav1, and Key. N.p., n.d. Web. 14 Nov. 2012. <http://encyclopedia.jrank.org/articles/pages/cog1c7rm85/Security-Wireless-Network-Improve-Security-Wireless-Network.html>.
"Temporal Key Integrity Protocol." Wikipedia. Wikimedia Foundation, 11 Dec. 2012. Web. 14 Nov. 2012. <http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol>.
"WEP (Wired Equivalent Privacy)." TechFAQ WEP Wired Equivalent Privacy Comments. N.p., n.d. Web. 14 Nov. 2012. <http://www.tech-faq.com/wep-wired-equivalent-privacy.html>.
"What Does It Take to Hack AES?" Kotfunet. N.p., n.d. Web. 14 Nov. 2012. <http://www.kotfu.net/2011/08/what-does-it-take-to-hack-aes>.