Chapter 3 - Protocol

wifi bands

  • a, only 5 GHz -> seems like scanning with airodump on band a can pick up 2.4 GHz APs too
  • b, g, only 2.4 GHz
  • n, both 5 and 2.4 GHz
  • ac, freqs lower than 6 GHz

WEP (wireless equivalent privacy)

SKA = shared key authentication (ver si sale en PA al intentar auth wep) [[4 - WEP#WEP SKA]] ICV = integrity value check (CRC) WEP cloaking = the AP injects fake wep packets to difficult cracking Keystream (created by RC4 from IV + key)

WPA/WPA2

PSK = pre shared key (what the client enters to connect) PTK = pairwise transient key PMK = pairwise master key (dynamic key generated in handshake using PBKDF2 (password based key derivation function 2)) - If there is a PSK, the PMK is the PSK - A PSK is either a 256-bit key or derived from a passphrase - If a passphrase is used, it generates the PSK using the AP SSID as the salt: PSK = PBKDF2(HMAC−SHA1, Passphrase, SSID, 4096, 256) - If there is no PSK, the PMK is derived using 802.1x EAP exchange, usually RADIUS GTK = group transient key (used when messages like ARP are sent to many people, everyone needs to decrypt it equally) WPS = wifi protected setup (Tools: wash, reaver, bully) PBC = push button configuration Encryption mechanisms TKIP (based on WEP, which uses RC4, xor, etc) CCMP (based on AES)

  • The 4-way handshake does the following:

    • Confirm the client’s knowledge of the PMK
    • Confirm the AP's knowledge of the PMK
    • Derive a new and unique PTK
    • Install encryption and integrity keys
    • Encrypt transport of the AP generated GTK to the client
    • Confirm cipher suite selection

  • The PMK, nonces, and handshake MAC addresses are run through a PRF based on HMAC-SHA1 to derive the 512-bit PTK. During the handshake the AP also transmits the 256-bit GTK, or Group Temporal Key, to the client. The PTK and GTK are split into several components, some of which are used as AES keys for different types of network traffic, and some of which are integrity keys.

    • KCK = PTK bits 0-127, the key confirmation key
    • KEK = PTK bits 128-255, the key encryption key
    • TEK = PTK bits 256-383, the temporal encryption key for unicast traffic
    • TMK = PTK bits 384-511, the temporal MIC keys for TKIP
    • GEK = GTK bits 0-127, the group encryption key for multicast traffic
    • GIK = GTK bits 128-255, the group integrity key for TKIP

WPA enterprise

EAP = extended authentication protocol -> authenticate with RADIUS server (in airodump AUTH=MGT). Requires certificates on the server at least (deprecated EAP methods didn't require them)

EAP Transport Layer Security (EAP-TLS) is one of the most secure authentication methods, as it uses certificates on the server side and client side, instead of login and passwords, so the client and server mutually authenticate each other. EAPoL=extended authentication protocol over lan Identity = username Authentication methods: - EAP-MD5 (vulnerable to brute force, tool: eapmd5pass) - EAP-PAP - EAP-GTC - EAP-CHAP - EAP-MSCHAPv2 Encapsulations - PEAP - Protected Extensible Authentication Protocol(tunnel between client and RADIUS server, the AP sees nothing). creates a TLS tunnel before credentials are exchanged. Although different methods can be used within PEAP, MS-CHAPv2 is a commonly used inner method. PEAP and EAP-TLS mostly differ on how the data is exchanged inside the TLS tunnel. - EAP-TTLS - EAP Tunneled Transport Layer Security. also uses TLS. As opposed to EAP-TLS, it does not necessarily need client certificates. It creates a tunnel and then exchanges the credentials using one of the few possible different inner methods (also called phase 2), such as Challenge-Handshake Authentication Protocol (CHAP), Authentication Protocol (PAP), Microsoft CHAP (MS-CHAP), or MS-CHAPv2.

OWE (opportunistic wireless encryption)

encrypt traffic during a connection, to prevent eavesdropping of credential exchange

SAE (simultaneous authentication of equals)

enhanced version of diffie helmann where no pre shared key is necessary