Re: Question about 802.11i WPA

["Tomas Wolf" <tomas () skip cz>]

I'm not really sure if I understood the question but I'll try to go over some things that can be related to it.
 An user can't access any of the computers "directly" if they work in *infrastructure mode*. It is always the central 
station (access point) through which is the connection completed. So to connect directly to a user's comuter, one would 
have to have a legitimate access to the network, or a machine spoofing the AP.

 To gain an access to the network was, in 802.11a,b,g, job of WEP, along with encryption. Now in WPA and WPA v.2 we 
have more elements that control network access. First in enterprise mode, it employs 802.1X / several EAP protocols for 
authentication, which are also encrypted. In SOHO I don't know exactly how it the pre-shared key is solved, if the 
pre-shared key is the same at all times and after ~10.000 packets TKIP will exchange keys. Still, if we turn the 
machine off, will the last key be stored (and AP will remember the key/MAC bindings) or if the machine will start back 
on the pre-shared key. There I see a little problem, where patience will bring enough colissions to break the 
pre-shared key. But if the key/MAC bindings will be recognised and the machine after boot start to communicate with AP 
using the last used key offered by TKIP... I see no huge problems..

 To spoof AP we need - key that is distributed first by RADIUS (if I understood the enterprise version well enough), 
this key doesn't seem to change with AES, but changes while using RC4 in WPA version 1 (using TKIP). So I as an AP 
would have to obtain the same encryption key, spoof its MAC & IP. In this case I, as an attacker, can fool the user 
machine to communicate with me and then be a transparent proxy for the user + inject my own traffic.

As I said, to make the connection believable I have to establish connection to the real AP so the user doesn't seem to 
have a problem (MitM attack). To do that I would have to authenticate to the network using whatever credentials are 
required by that nework (if it is ID&PSSWD, smart card, digital signature...). So to make it happend I would have to 
first know what authentication is in use and to get the credentials (by having another application that looks like 
RADIUS, storing the UID&PSSWD from the fooled user) not to talk about using the corect EAP, otherwise the client 
wouldn't "talk to me".

So it doesn't look like I could come with a laptop setup as a blank AP and pretend to be the real one, I would have to 
gather a lot of information to actually make just the client talk to me. And that theory is unlike, because it counts 
with "catching" somebody actually signing onto a newtork, getting their credentials, and start working as a transparent 
proxy using stolen credentials to authenticate to the oritinal network. The only problem could be misconfigured client, 
where "connect to any available network" would be enabled... There one has a fair chance to get some more information & 
data out of it.

And forging or modifying packets is addressed by MIC (alias Michael) Message Integrity Control mechanism, that is 
implemented on top of CRC. MIC should address the problem when an rouge IP sends a management packet (which isn't 
sequenced or check for authenticity in RSN version) to disconnect/disassociate from the AP/Network, and then fool the 
user to re-authenticate on a rouge AP/Network. Session hijacking shouldn't happen for the same reason (Michael).

So I think it is addressed by Michael and kind of a "consequence" of the protocols used to authenticate to the network, 
and protect the traffic.

Does that help? I hope it does :-)
Thanks and good luck in 802.11 world...
Tomas


> I'm trying to determine if 802.11i has sufficiently addresses the
> deficiencies in WEP to make it a viable alternative to wired networks.  I
> still have one concern that I haven't seen an answer to.  Could someone
> point me to some documentation that might address my concerns.
>
> It seems that a lot of though has been put in to protecting the AP's from
> unauthorized access, but what about the clients?  Is there something in the
> 802.11i that prevents me from targeting the other clients and then using
> their authorized connection to the AP?  I know you can use EAP-TLS for
> mutual authentication, but that doesn't necessarily mean that the client
> will only talk to authorized AP's.  It just prevents me from spoofing an AP.
> Can't I still make a peer-to-peer connection to a workstation, own that box,
> and then have my way with their authorized connection?  Do I have to run a
> firewall on all my clients or does the standard provide a way to make
> clients communicate exclusively with authorized AP's?
>
> Thanks
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------