Authentication for wpa personal is accomplished by using what type of key?

Authentication

Authentication can occur using either “Open System” or “Shared Key” authentication (see Figure 1.4). Null authentication, as its name implies, is a simple two-step process that does not require any credentials to be supplied. The process begins when the client sends an Authentication Request frame to the AP. The AP responds with an Authentication Response frame, indicating either success or failure.

Shared Key authentication (see Figure 1.5) is a four-step process that involves the client's knowledge of the WEP key in order to be authenticated by the access point. The first step is that the client sends an Authentication Request frame to the AP. The AP responds with 128 bytes of challenge text. The client uses the WEP engine to encrypt the 128 bytes of random challenge text and then sends back a Challenge Response frame, containing 128 bytes of (encrypted) cipher text. In order to authenticate the client, the AP decrypts the cipher text and sees if it matches the original challenge text. This process is used to validate whether or not the client actually knows the shared secret of the WEP key. The final step is for the AP to send an Authentication Result frame, indicating success or failure.

Authentication for Wireless Networks

There are two authentication methods in the 802.11 standard: open authentication and shared-key authentication. Open authentication is more precisely described as device-oriented authentication and can be considered as a null authentication—all requests are granted. Without WEP, open authentication leaves the WLAN wide open to any client who knows the SSID. With WEP enabled, the WEP secret key becomes the indirect authenticator.

Note

Open authentication can also require the use of a WEP key. Do not assume that just open authentication is used and that a WEP key does not need to be set.

Shared-key authentication is a four-step process that begins when the AP receives the validated request for association. After the AP receives the request, a series of management frames are transmitted between the stations to produce the authentication. This includes the use of the cryptographic mechanisms employed by WEP as a validation. The four steps in the process are as follows:

The requester (the client) sends a request for association.

The authenticator (the AP) receives the request and responds by producing a random challenge text and transmitting it back to the requester.

The requester receives the transmission, encrypts the challenge with the secret key, and transmits the encrypted challenge back to the authenticator.

The authenticator decrypts the challenge text and compares the values against the original. If they match, the requester is authenticated. On the other hand, if the requester does not have the shared key, the cipher stream cannot be reproduced. At this point, the plaintext cannot be discovered, and theoretically, the transmission is secured.

One of the greatest weaknesses in shared-key authentication is that it provides an attacker with enough information to try to crack the WEP secret key. The challenge, which is sent from authenticator to requester, is sent in the clear. The requesting client then transmits the same challenge, encrypted using the WEP secret key, back to the authenticator. An attacker who captures both of these packets now has two pieces to a three-piece puzzle: the cleartext challenge and the encrypted ciphertext of that challenge. The algorithm is also known—it’s RC4. All that is missing is the secret key.

To determine the key, the attacker simply tries a brute-force search of the potential key space using a dictionary attack. At each step, the attacker tries to decrypt the encrypted challenge with a dictionary word as the secret key. The result is then compared against the authenticator’s challenge. If the two match, the secret key has been determined. In cryptography, this attack is termed a known-plaintext attack and is the primary reason why shared-key authentication is actually considered slightly weaker than open authentication.

You can use the Wireless Monitor console to determine if the wireless network to which you are connecting has multiple APs. To access the Wireless Monitor console, add the Wireless Monitor snap-in to a custom Microsoft Management Console (MMC).

Note

When using 802.1x for enhanced security, authentication is available only to Windows XP Service Pack 1 clients and Windows Server 2003 systems.

Exercise 11.01

Setting Up A Windows Xp Client for Wireless Networking

Installing and configuring wireless networking on a Windows XP client is simple. Make sure you have an 802.11b wireless network interface card (NIC) installed. After the wireless NIC has been installed, the Automatic Wireless Wizard Configuration window appears. Windows XP will automatically search the network for a WAP. If a WAP is found, it will attempt to make a connection.

To manually configure the wireless network connection on the Windows XP machine, use these instructions:

Select Start | Control Panel | Network Connections.

Right-click the Wireless Connection and click Properties.

Select the Wireless Networks tab.

Look in the Available Networks box and choose a WAP to add under the Preferred networks option.

In the Wireless Network Properties dialog box, enter the name of the WAP under the Network Name (SSID) box and place check marks in the appropriate boxes that apply to your network settings.

Click the OK button. Wireless network access should now be available to you from your Windows XP machine.

Test Day Tip

Understand how open system and shared key work as authentication subtypes. Know the weaknesses and strengths of each, as well as how they are configured on a domain controller and client machine.

Install Certificates for VPN Connections

A public key infrastructure and certification authority are not required if you deploy a PPTP VPN, but this is not a recommended practice because of the security issues. Certificates are also not required if you select to use preshared key authentication for L2TP VPN connections, but again, this is a less secure method because the VPN server uses the same preshared key for all the connections. In addition to the security implications, preshared keys can cause problems when the key must be changed; in that instance, the key must be changed on all the clients, as well—either manually or by reissuing new Connection Manager profiles that have to be installed on all the client computers.

Utilizing a PKI to issue certificates for VPN connections is a much more secure option. The steps involved in creating the certificate infrastructure for L2TP/IPsec or SSTP connections require that you install a certificate in the Local Computer certificate store on the VPN server and install a user certificate in the Current User certificate store on each of the client computers. Certificates can be installed either via the Certificates MMC snap-in or via auto-enrollment, or by connecting the client to the certification authority's Web-based enrollment agent.

Installing and configuring certification authorities and creating a PKI are beyond the scope of this chapter, but you can find information and instructions in the TechNet Library.

Passwords and Keys

If WEP or WPA personal were selected as the security method from the drop down, type the security key in the password/key field. Check the Show password/key checkbox to verify the key being used has been typed correctly. In cases when the password should not be displayed, leave the checkbox unchecked. Some systems use a method of rotating passwords or keys. If this is the case, enter the password or key for each index by selecting the correct index and then entering the correct key or password for that index.

The network may have either open system or shared key authentication. In shared key authentication, the access point sends a challenge text message to the computer attempting to connect. The connecting computer then encrypts the text with the WEP key and returns the encrypted text to the access point. The access point then allows the connection if the encryption key used by the connecting computer produces the correct encryption string. Open system authentication on the other hand allows computers to connect without this challenge and response sequence, relying on the computer using the correct SSID. In both cases, the communication channel is completed when the WEP key is used to secure the channel. While shared key authentication may seem more secure, it is in fact less secure as the challenge text and encrypted text response are sent in clear text allowing anyone monitoring the wireless channel to capture the challenge and response. As the WEP key is used to encrypt the challenge, capturing the challenge and response can allow the WEP key to be determined.

LEAP security uses user name and password. These should be typed into the appropriate fields when LEAP is selected.

Dynamic WEP and WPA enterprise require a number of settings, certificates, and configurations to manage. These settings will not be covered in this text; however, if you are joining a network that uses these methods for security, simply enter the correct details and provide the correct certificates.

Recovering Data

BitLocker will lock the computer when an encryption key is not available. Likely causes for this can be:

Inserting the BitLocker-protected drive into a new computer

Replacing the computer motherboard

Performing maintenance operation on the TPM (such as clearing or disabling)

Updating the BIOS

Upgrading critical early boot components that cause system integrity validation to fail

Forgetting the PIN when PIN authentication has been enabled

Losing the USB flash drive containing the startup key when startup key authentication has been enabled

When TPM fails to check the integrity of startup components, it will lock the computer at a very early stage before the operating system starts. When locked, the system enters recovery mode. You can use a USB flash drive with the recovery password stored on it or use the keyboard to enter the recovery password manually. In recovery mode, the keyboard assignment is somewhat different: you use functions keys to enter digits. F1 through F9 represents digits 1 trough 9, F10 represents 0.

Ability to Prove a Private Keypair: “Can I Recognize Your Voice?”

Challenging the ability to prove a private keypair invokes a cryptographic entity known as an asymmetric cipher. Symmetric ciphers, such as Triple-DES, Blowfish, and Twofish, use a single key to both encrypt a message and decrypt it. See Chapter 6 for more details. If just two hosts share those keys, authentication is guaranteed—if you didn't send a message, the host with the other copy of your key did.

The problem is, even in an ideal world, such systems do not scale. Not only must every two machines that require a shared key have a single key for each host they intend to speak to—an exponential growth problem—but those keys must be transferred from one host to another in some trusted fashion over a network, floppy drive, or some data transference method. Plaintext is hard enough to transfer securely; critical key material is almost impossible. Simply by spoofing oneself as the destination for a key transaction, you get a key and can impersonate two people to each other.

Yes, more and more layers of symmetric keys can be (and in the military, are) used to insulate key transfers, but in the end, secret material has to move.

Asymmetric ciphers, such as RSA, Diffie-Helman/El Gamel, offer a better way. Asymmetric ciphers mix into the same key the ability to encrypt data, decrypt data, sign the data with your identity, and prove that you signed it. That's a lot of capabilities embedded into one key—the asymmetric ciphers split the key into two: one of which is kept secret, and can decrypt data or sign your independent identity—this is known as the private key. The other is publicized freely, and can encrypt data for your decrypting purposes or be used to verify your signature without imparting the ability to forge it. This is known as the public key.

More than anything else, the biggest advantage of private key cryptosystems is that key material never needs to move from one host to another. Two hosts can prove their identities to one another without having ever exchanged anything that can decrypt data or forge an identity. Such is the system used by PGP.

Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the "Ask the Author" form.

Q: In Windows XP and Windows 2000, in order to connect to a network that supports only WPA2-PSK authentication/encryption settings, I have to install a vendor-specific application to configure my wireless card. Will I still have to do this in Vista?

A: No. Microsoft Vista supports WPA2 modes such as WPA2-Personal and WPA2- Enterprise. These are prebuilt inside the operation system so that you do not have to install external third-party client applications.

Q: What is one of the benefits of having command-line support when configuring wireless connectivity and security?

A: Having commands available for configuring wireless settings allows you to support automated scripts for wireless settings without using Group Policy.

Q: What security measures changed in the way Wireless Auto Configuration is configured in Vista?

A: In Microsoft Vista, when preferred networks are out of reach and the wireless settings are configured to not connect to any other wireless networks, Wireless Auto Configuration will create a random name that it adds to the wireless adapter and will include a security configuration consisting of a 128-bit random encryption key and the strongest encryption method supported by the wireless adapter.

Q: I’m using WEP security in my wireless network. Is this enough?

A: An attacker can crack WEP in less than an hour, so you should consider using WPA or WPA2 instead. If your older access point doesn’t support these options, check with your vendor because many times simple application upgrades are available for you to apply.

Q: I’ve heard that WPA is vulnerable to attacks as well. Is this true?

A: Yes.WPA is vulnerable to brute force dictionary attacks. Therefore, when choosing your master key, make sure you choose a key that is at least 21 characters long and is not a dictionary word or anything easily guessed.

Q: What is a rogue access point?

A: A rogue access point is an unauthorized wireless device that an employee or attacker attaches to a wired network. It is highly insecure and provides serious risk to corporations because it extends networks outside of the corporate control perimeter.

Q: What are some of the Group Policy enhancements in Vista for wireless networks?

A: Per-user wireless policy and security settings, as well as the ability to permit access to specific wireless networks in the environment, are two major security enhancements in Group Policy for Vista.

Q: How can I get help on syntax as well as examples of how to use the new command-line commands to configure my wireless network?

A: When inside the command prompt, add a ? after each command. For example, netsh wlan show ? will list all available options under the show option.

13.4.1 Possible handshake protocol candidates

Handshake protocol candidates considered in this section support a two-way authentication of two independent entities without prior information exchange, which make them highly appropriate for TinyTO. From this stage on, the traditional naming pattern of cryptography is applied to protocol descriptions, assuming two communication parties—Alice and Bob—which are instantiated as sensor nodes.

At first glance the Station-to-Station protocol (STS) seems to be an ideal candidate for TinyTO because STS is based on a Diffie–Hellman’s key exchange, followed by an exchange of authentication signatures [41]. Both parties, Alice (A) and Bob (B), compute their private key x and a public key X in the beginning. Next, Alice sends her public key XA to Bob. Once Bob receives XA, he can compute a shared secret KAB with XA and xB, according to the Diffie–Hellman’s key-exchange algorithm [38]. Bob can now encrypt any message to Alice using KAB. For decryption purposes Bob sends XB back to Alice, so that she can compute the same shared secret KAB. Additionally, Bob sends a token consisting of both public keys, signed with his own private key to authenticate himself. Alice can use XB to verify that Bob was indeed the same person who had signed the message and computed the shared secret. Bob is now authenticated to Alice. As the last step of the two-way authentication, Alice constructs an authentication message and sends it to Bob to authenticate herself to Bob. To avoid unnecessary communication overhead, the second key-exchange message is combined with the first authentication message. As a result, STS entails the establishment of a shared-secret key between two parties, with mutual entity-authentication and mutual implicit key-authentication [38]. The forward secrecy can be provided by deriving a new ephemeral key from the shared secret for the encryption of every message in that exchange [46]. The signatures are used to obtain protection against impersonation during the exchange.

However, there are two main shortcomings: (1) Although the STS is relatively simple to execute, it does not include any explicit key-confirmation. Neither Bob nor Alice inherently can be sure that the other party has actually computed a shared secret without additional messages. (2) Furthermore, STS is vulnerable to UKSAs and the MITM attack [41]. To prevent UKSAs and to provide explicit key-authentication, the signatures used can be encrypted additionally with the successfully computed KAB [39]. Thus, Bob is assured that he shares KAB only with one single party, namely Alice. Because he has created XB specifically for this handshake and Alice has signed XB and XA, her signature is now tied to this particular handshake. By encrypting the message with the resulting KAB, Alice assures Bob that she was indeed the entity who had created XA. Similar assumptions can be made from the position of Alice [39]. This modification requires more computational capacity, due to parallel execution of signature and symmetric encryption algorithms. Hence, for WSN devices below Class 2, it is desirable to avoid this sort of overhead. The need for encryption can be resolved by including the identity of both parties in the exchanged signatures, resulting in the adapted STS protocol [46]. When combining the adapted STS with identities in signatures it becomes almost functionally identical to the Bellare–Canetti–Krawczyk protocol (BCK) [42,43,46]. The only difference in BCK is the absence of the sending parties’ identities. According to Basin et al., it is generally desirable to include identities of both parties, to avoid the spoofing of identities [47]. But in a bidirectional exchange, as is the case for BCK, it is only required to include the receiver’s identity [47]: at least in one direction, the receiving party is presented with an invalid signature that does not contain its own identity, and as a result it immediately aborts the handshake.

At this point, BCK is computationally relatively inexpensive, but still vulnerable to MITM attacks [46]. This weakness boils down to the fact that it is impossible to reliably map a public key to a specific entity, that is, to derive their public key from their identity. Any party can claim any public key as its own. To counteract, it is essential to strongly couple a public key with the respective identity. The prevalent solution for this is to introduce a PKI with certificates and trusted CAs, as proposed for TLS [48]. A certificate contains the identity and the corresponding public key. Entities can be assured of the correct coupling between key and identity, because trusted CAs had constructed the certificate. However, BCK itself does not suit the given requirement of Class 1 devices, but can be used as a baseline, as justified in the upcoming section.

Frequently Asked Questions

Q

What do I need to install to use SSH on my Mac?

Nothing. Mac OS X includes its own distribution of OpenSSH.

How do I access an SFTP server?

The sftp utility can be used to access SFTP servers. The free Fugu and the commercial Transmit tools offer graphical SFTP clients.

How do I enable SSH access to my Mac?

Enable Remote Login within the Sharing section of System Preferences.

How can I use X Windows on a remote computer from the Mac?

Connect to the remote computer using SSH with either the –X or –Y arguments to enable X11 forwarding. SSH will automatically launch the X11 server, if installed, and set up your environment so that any X Windows application that you launch afterward will display on your Mac's display.

How can I set up SSH key authentication with a remote host?

Use the ssh-keygen utility to generate a new key, and then copy ~/.ssh/id_dsa.pub to the remote system at ~/.ssh/authorized_keys2 with scp. Always protect your SSH keys with a strong pass-phrase.

Is it possible not to have to keep re-entering the pass-phrase for my SSH key every time I SSH to a server?

In Leopard just check Remember password in my keychain when the Password dialog pops up.

How can I cache a key in the SSH agent from the command-line?

ssh-add stores the key in the agent; ssh-add –K also stores the pass-phrase in your keychain.

How can I get the benefits of the SSH agent if I am not running Leopard?

You can use the SSHKeychain utility, available for download from http://sshkeychain.org.

How can I search the file system using Spotlight when connected to a remote Mac via SSH?

The mdfind utility lets you interface with Spotlight via the command line.

How can I mount image files in the DMG format from the command line?

You can mount DMG images from the command line using the hdiutil tool with the attach argument.

Is there a way to run AppleScripts from the command line?

Yes. The osascript utility allows you to execute AppleScripts from the command line and in remote SSH sessions.

Where can I find documentation about which commands are available to script a given application?

The Script Editor utility lets you browse scripting dictionaries for all your scriptable applications.

What encryption protocol is used for WPA2 quizlet?

How does the WPA Temporal Key Integrity Protocol Encryption Technology operate quizlet?

Which encryption protocol below is used in the WPA2 standard?

What key technology uses a Bluetooth connection?