Wireless networks have two distinct security challenges in comparison with wired networks.
- Data is transmitted over-the-air, meaning no physical barriers exist. Cybercriminals can capture or inject traffic into the network without being on-premise.
- Mobile devices are often used on home and public WiFi hotspots in addition to enterprise networks. Hackers can access mobile devices in these less secure environments and install malicious code that can be exploited when the device subsequently connects to the enterprise network.
Like wired networks, essential parts of protecting wireless networks are firewalls, intrusion protection systems, and VPNs. However, this blog focuses on the security mechanisms defined to protect WiFi networks from attack.
Applying security policies to WiFi traffic
When a user turns on their WiFi radio, it scans the frequency bands and listens for beacons. Access Points (APs) typically broadcast beacons every 100ms. The beacon contains the network name, which is the SSID (Service Set ID). The user then selects the SSID they want to connect to.
A single WiFi network can have multiple SSIDs. This allows different security policies to be applied to different SSIDs:
- Map traffic on different SSIDs to different VLANs; for example, map traffic on the guest network to VLAN 10 and the employee traffic to VLAN 20.
- Apply different authentication methods to different SSIDs, such as open authentication on the guest network and 802.1X port-based authentication on the employee network.
- Apply different security types to different SSIDs; for example, older barcode readers connect using WPA, and newer laptops connect using WPA3.
The SSID can be carried in the beacon, making it easy for users to find the WiFi network, or it can be hidden, in which case the user must know the SSID before they can connect. Hidden SSIDs are often used in networks used by the public. For example, a hotel may broadcast the guest network SSID and hide the employee SSID.
A hidden SSID does not provide security protection, as other messages contain the SSID in clear text. It is easy for a hacker to capture these messages and obtain the SSID.
Choosing the best WiFi authentication type for your requirements
After the user selects the SSID of the network they want to connect to, they must be authenticated. There are five WiFi authentication methods:
- Open authentication. Open authentication is no authentication; anyone can connect to the WiFi network. Open authentication allows anyone to connect to the WiFi network, which is common in public places such as airports and cafes. These open WiFi networks may still require the user to authenticate, but they use web-based authentication, not WiFi authentication.
- WEP (Wired Equivalent Privacy) authentication. WEPuses a password-based authentication where all users share the same password. WEP has been deprecated and should not be used as it is cryptographically weak. However, there are some instances where WEP is still in use, for example, in hospitals and academia, where the cost to migrate equipment to the latest technology is prohibitive.
- PSK (PreShared Key) authentication. PSK uses password-based authentication, where all users have different passwords. This is commonly used in home networks and businesses with limited IT support.
- SAE (Simultaneous authentication of Equals). SAE uses password-based authentication with a key exchange protocol to generate a strong passphrase. It protects against dictionary attacks, which can easily crack weak user-created passwords. SAE authentication is a preferred alternative to PSK authentication.
- 802.1X port-based authentication.
802.1X authenticates the user using a AAA server like RADIUS. It is the authentication method used in organizations. AAA servers are often deployed along with AD (Active Directory) and PKI (Public Key Infrastructure) services. 802.1X implementation is more complex but offers higher protection.
An important distinction between these authentication methods is that WEP only authenticates the user, whereas PSK, SAE, and 802.1X authenticate both the user and the network.
Uncovering the security measures in your WiFi network
Two messages sent by the Access Point (AP) contain information about how the WiFi is protected. These two messages are beacons and authentication responses, and both are sent in clear text. Capturing this traffic reveals the security mechanisms being used for specific SSIDs.
In networks protected with WPA, WPA2, or WPA31, the beacons contain a RSNE (Robust Security Network Element). Information carried in the RSNE includes:
- The encryption cipher used to protect the confidentiality of messages.
- The hash cipher used to check if messages have been tampered with.
- The authentication method used to check that the user is allowed to connect to the network.
The WiFi network uses open or WEP authentication if the beacon does not contain the RSN information.
Evaluating different WiFi authentication alternatives
The message flow between the user’s client device and the network varies depending on the authentication method. Figure 1 provides a high-level comparison of the different authentication processes.
- If using WEP authentication, the AP responds with a challenge text. The device encrypts the challenge text using a shared secret and sends it back. The network uses this to verify that the user has the shared secret.
- If using PSK authentication, the device and the network have the PMK (Pairwise Master Key). The 4-way EAPOL handshake uses the PMK to authenticate the client and the network. It also derives the encryption and message integrity keys used to protect subsequent data traffic.
- If using SAE authentication, the device and AP perform a variant of the Dragonfly handshake. During the handshake, the STA and AP both derive the PMK. As in PSK authentication, the 4-way EAPOL handshake uses the PMK to authenticate the client and the network and derive the encryption and message integrity keys.
- If using 802.1X authentication, the client communicates with an AAA server to generate the PMK. As in PSK and SAE authentication, the 4-way EAPOL handshake uses the PMK to authenticate the client and the network and derive the encryption and message integrity keys.
The crucial difference between PSK, SAE, and 802.1X authentication is how the PMK is generated:
- In PSK authentication, the PMK2 is preconfigured in the client and network.
- In SAE authentication, the PMK is derived using a variant of the Dragonfly handshake, making SAE authentication more robust than PSK.
- In 802.1X authentication, the PMK is derived following an exchange with the AAA server, making 802.1X potentially more robust than SAE.
In 802,11X, communications between the client and the AAA server can use different EAP authentication methods, for example, EAP-TLS, EAP-TTLS, EAP-PEAP-TLS, or EAP-FAST. The robustness of 802.1X varies depending on the chosen EAP authentication method. For instance, EAP-MD5 is vulnerable to dictionary attacks, whereas EAP-TLS is considered highly secure.
Assessing the impact of recent WiFi attacks
In recent years, the 4-way EAPOL handshake has been subject to several successful attacks, including downgrade attacks and KRACK (Key Reinstallation Attack). Figure 1 shows that PSK, SAE, or 802.1X authentication all encompass the 4-way EAPOL handshake.
Figure 2 illustrates the 4-way EAPOL handshake exchange between the client and the AP. During this exchange:
- The client and the network generate the PTK (Pairwise Temporal Keys) to protect subsequent user messages.
- The device determines that the AP must have the PTK, and hence considers the network authenticated.
- The AP determines that the client must have the PTK, and hence considers the client authenticated.
- The AP securely sends the client to GTK (Groupwise Temporal Key), which is used to protect subsequent broadcast messages.
Recent attacks include forcing the cryptographic nonce to zero or the use of less secure ciphers. Vendors have addressed these vulnerabilities by changing their implementation of the 4-way EAPOL handshake, and the WiFi Alliance has updated its WiFi certification tests.
Proceeding from here
It’s time for you to investigate the configuration of the WiFi networks that you connect to. Recommended next steps are:
- List the SSIDs broadcasted on your home and office WiFi networks.
- Identify what security policies are being applied to the different SSIDs.
- Determine which authentication methods have been implemented.
- Check that your Wi-Fi products have been WiFi Alliance certified.
1WPA (WiFi Protected Access is the WiFi Alliance certification program that tests the security features of WiFi products. https://www.wi-fi.org/certification/programs
2In PSK authentication, the PreShared Key (PSK) and the Pairwise Master Key (PMK) are the same.