AirPort 3.3 Extends WPA Security

tackaberry writes "Apple has released an update for AirPort. Version 3.3 (AEBS firmware version 5.3) includes support for Wi-Fi Protected Access (WPA) specification for non-Extreme AirPort cards (WPA was added for Extreme cards last fall in version 3.2), an alternative to the oft-maligned Wired Equivalent Privacy (WEP). Those who wish to use WPA will have to have Mac OS X Panther 10.3."

Kernel Panic!

[NetJunkie]

I put this on my 15" PB last night and got my first kernel panic. :)

The WPA is very easy to use. I've been running it for a couple of weeks now using the Apple base. Windows XP and OSX clients aer working happily.

What's wrong with WEP?

[Van+Halen]

I'm curious, and I figure somebody here probably knows a good deal about this. The Wi-Fi Protected Access Q&A (pdf) says:

Many cryptographers are confident that Wi-Fi Protected Access addresses all the known attacks on WEP. It also adds strong user authentication, which as absent in WEP.

Ok, user authentication is good, but what are the "known attacks on WEP"? I'm using a Linksys access point which obviously can't be upgraded to WPA with this update, so should I be concerned that my 128-bit WEP key isn't good enough?

Re:What's wrong with WEP?

You should be quite concerned. WEP is poorly implemented cryptography, you should see what LinkSys supports to limit access to your Router by MAC address, this won't solve the problem of your data not being 100% unreadable and such when sent over your connection, but at least no one else could hop on your network easily and steal bandwidth.

Re:What's wrong with WEP?

[NetJunkie]

Some implementations of WEP are weaker than others. The main problem is that given enough data from your network I can break your key rather quickly. Usually you are looking at several GBs of data (3 to 5GB usually). While someone wardriving wouldn't bother a neighbor with nothing but time might.

If you have a Mac...and I'm assuming you do...go check out the Kismac tool.

WPA also has some weaknesses...mainly in the WPA-PSK (pre-shared key) implementation that most home users use. You can do a dictionary attack against the key.

Re:What's wrong with WEP?

[amnesiacdotorg]

the keys used in WEP are static, not dynamic . sure, 128-bit RC4 is generally secure, but it would be really secure if the key was rotated by the access point . this is done by WPA . WPA is only a placeholder until WPA2 is released, featuring wireless robust authentication protocol and cipher block chaining message authentication code protocol or CCMP.

Re:What's wrong with WEP?

[kinnell]

You can find a good analysis here.

Re:What's wrong with WEP?

[The+Bum]

Have you checked to see if Linksys has a firmware update available that adds WPA support for your access point? My Netgear WGR614 didn't support WPA until a week or so ago, although the firmware that's available is still in beta. BTW, so far it works pretty well with my 12" PowerBook G4 and iBook SE/466.

Re:What's wrong with WEP?

[clarkcox3]

In a word, YES. WEP is a horribly insecure protocol. All it takes is time, and you can sniff WEP keys out of the air. My basic strategy for securing WiFi is to place the access point outside of my firewall, and use some VPN (or a simple ssh tunnel) to access my "real" network.

The moral: never rely on WEP to secure your network, always use some higher-level encryption to secure sensitive information.

Re:What's wrong with WEP?

[QueenOfSwords]

Unless you have AirPort Extreme, then no KisMac for you :(

Re:What's wrong with WEP?

[Ann+Elk]

Here's a short excerpt from Niels Ferguson and Bruce Schneier's excellent book Practical Crypography:

The standard (WEP) was designed by a committee which didn't include any cryptographers. The results where horrible. ...RC4 is a stream cipher and needs a unique nonce. WEP didn't allocate enough bits for the nonce, with the result that the same nonce value had to be reused, which in turn resulted in many packets being encrypted with the same key stream. That defeated the encryption properties of the RC4 stream cipher and allowed a smart attacker to break the encryption. A more subtle flaw was not hashing the secret key and the nonce together before using it as the RC4 key, which eventually led to key-recovery attacks. A CRC checksum was used for authentication, but since CRC computations are linear, it was trivial (using some linear algebra) to modify any packet without any chance of detection. A single shared key was also used for all users in a network, making key updates much more difficult to do. The network password was used directly as the encryption key for all communications, without using any kind of key negotiation protocol. And finally, encryption was turned off by default, which meant that most implementations never bothered turning encryption on in the first place.

WEP wasn't just broken, it was robustly broken.

I strongly recommend Practical Cryptography for any geek with more than a passing interest in cryptography.

Big Deal

MacRumors.com says:

Airport Extreme "II" will be coming soon, with support for 802.11b, 802.11g and the newly developped 802.11m which can span an entire city block with speeds of up to 108MBPS. According to VERY reliable sources we should see this product in the next six months.

AC

WPA -- well finally!

[Paul+d'Aoust]

It's about time they put support for Windows product activation on their Airport. Just think of all those poor Windows users whose machines suddenly refuse to work because they were never allowed to activate through their wireless Net connections...

Still left out in the cold for Cisco

[metric152]

It's nice that apple is updating their WPA security for the airport, but it's still hard to get on Cisco secure access points. The place i work at has a Cisco Aironet 1100 and they have it set up to use WPA. I've tried many times to figure out how to get on it but I haven't found anything that works. The system admin couldn't help me either. I wish apple would step up and support enterprise level wireless hardware.

Re:Still left out in the cold for Cisco

[NetJunkie]

What's the issue? It should work fine. The AirPort Does WPA and WPA-PSK. Are you sure you are using WPA and not LEAP? I do LEAP on our 1100s..and the AirPort works with that too.

*&^%$#@ it! I want WPA for non-Extreme hardwa

[alispguru]

... and it ought to be possble. WPA was designed to be implementable with a firmware upgrade to existing 802.11b hardware. See here for more on that - scroll down about halfway on the page.

I have a perfectly useable 500 MHz G3 iBook that's going to be cut off from my company's wireless when they move to WPA, because it's not AirPort Extreme capable. Is Apple's response going to be "go buy a new laptop - your less-than-two-years-old machine is obsolete"? Even though it's supported by Panther (which improved performance on it quite a bit, thankyouverymuch)?

I'm willing to pay something reasonable for the upgrade - I realize code like that doesn't write itself. But just abandoning the non-Extreme hardware sucks.

D'oh! Does this really upgrade CLIENT cards?

[alispguru]

If so, scratch everything I said above, or redirect my ire at netgear (I have them for my router/wireless point at home, and would love to move that up to WPA).

WPA PSK Dictionary attack

[nsayer]

Not only is there a WPA PSK dictionary attack, it is actually an OFFline dictionary attack - meaning that the attacker can sniff a valid authentication, then take the sniffed data back home and run the dictionary attack on his own without involving the real gatekeeper (who otherwise would see n invalid attempts in a row and have a chance to raise an alarm).

In general, any scheme where you send a random number to the client, he takes that and adds the secret sauce and sends it back for your comparison is vulnerable to offline dictionary attack.

The good news is that you can pretty easily trash an offline dictionary attempt by making up a really long and obscure passphrase.

Re:WPA PSK Dictionary attack

[Beryllium+Sphere(tm)]

I recommend Diceware (http://world.std.com/~reinhold/diceware.html) for generating sorta-memorable passphrases with quantifiable security. A ten-word Diceware passphrase has about 129 bits of entropy.

Re:WPA PSK Dictionary attack

[uvsc_wolverine]

Mine is just a string of hexadecimal numbers

Are you sure it's WPA?

Not to impugn your skillz (or your network admin's), but are you certain that the Cisco access point is speaking WPA and not LEAP? I think LEAP was Cisco's baby, so I'd suspect their access point to have a preference for it.

You can also do LEAP with osx, but of course you need to explicitly try it.

WPA and WEP on same network?

Is it possible to have both WPA and WEP on the same wirless network? I have a windows 2000 machine which doesn't support WPA, so I'd like to use WEP for it while still using WPA for my Mac. My SMC base station allows to setup the network like this, but my Mac just quits working ("Error connecting to Network" alert).

Re:WPA and WEP on same network?

[tackaberry]

One solution to this is to connect your win2K machine to your network via wired ethernet. That takes your rate limiting machine off your wireless network. Since it's wired you don't have to bother with either WEP or WPA for that machine.

That's the same thing I did with my iMac w/ AirPort (not Extreme) card. I wanted to go pure-g, rather than mixed-b/g. Added a switch to my AEBS, and used the built-in ethernet rather than the 802.11b for the iMac.
Either move your router near the machine, or get a long cable.

WPA goodness

[nsayer]

I'm quite happy with WPA-PSK (with the caveat that you need to pick a very strong passphrase to avoid offline dictionary attacks). My wife has an iBook G4 and I have a TiBook with a Linksys WPC54G in it and they all talk to a Linksys WAP54G. It was all miraculously easy.

Then I had to get a couple of Windows laptops to work. That was misery!

First, you must be running XP. I guess that's fair, since Apple says you must be running Panther.

Next, you have to have a wireless card that has drivers updated with WPA support. Irritatingly enough, a WPC54G with the latest drivers will work, but a WPC55G (A+G card) won't because the drivers aren't updated. Grr!

I did finally get it to go, but it was a whole lot easier on the Mac.

I also wanted to set up WPA "Enterprise" with an eye towards deploying that at the office. I still haven't figured out how to get that to work, unfortunately. But the PSK variety was surprisingly easy.

Re:WPA goodness

[The+Iconoclast]

Enterprise means you use a RADIUS server for authentication and WPA key distribution. PSK is Permanent? Shared Key.

Re:WPA goodness

[nsayer]

Yes, I know. But it's not just any RADIUS server, it has to be able to participate in the WPA stuff. I believe FreeRadius is the only open-source one that will do it, but configuring it all seems very, very painful.

Can't use WPA with WDS

[tackaberry]

If you've set up multiple AirPort Extreme Base Stations as a wireless distribution system (WDS) to extend your network, you have to use WEP for security. WPA cannot be used with WDS.

If you want to use WPA, you'll have to string your base stations together on the lan

Re:Can't use WPA with WDS

Do you know if this is an inherent limitation of WPA and/or WDS, or is it just a case of the proper firmware updates not being out yet?

Anyone? Anyone? Bueller? Bueller?

TIA

Re:*&^%$#@ it! I want WPA for non-Extreme hard

[General+Sherman]

They're talking about base stations here, not the wireless cards. The regular AirPort cards are upgraded, as I can confirm on my 466Mhz iBook SE. It just doesn't upgrade non-Extreme base stations. The Graphite one especially cannot handle this with it's sad little 486. =\

Works great with DLink DI624.

[Trillan]

Just installed the 1.2.8 firmware for my DLink DI624 (b) and turned it on. It works great! Bit weirded out by one thing, though: Apple's system profiler lists the AirPort card's firmware as 3.3b1. Bad Apple!

Re:D'oh! Does this really upgrade CLIENT cards?

[FredFnord]

Yes. Yes, it does.

Hee.

-fred

The security of any protocol

[poemofatic]

is bounded by the entropy of the key. If you use a weak key, it will be vulnerable. This is not a legitimate criticism of the protocol.

If you are worried about someone accessing your network, then you have to assume the attacker is active (can insert messages and attempt to authenticate), so eliminating offline attacks doesn't buy you much. AFAIK, this is the case with all authentication protocols.

Just pick a good key (e.g. flip some coins.)

Re:The security of any protocol

[nsayer]

I'm not sure I agree. If the only attack available is an online dictionary attack, then the bar is significantly lowered if the service does the right things. It can rate limit to raise the cost, it can lock an account after small-n bad passwords are given, it can raise an alarm that can identify (at least to some extent) the intruder... All of these mitigations are useless if an offline attack is possible.

Re:The security of any protocol

[poemofatic]

Sure, but you are making the protocol too dependent on the rest of the system, and the behavior of the rest of the system will change.

Have you ever tried to design a server with account lockouts for incorrect password entries? Think DOS.

Can you give me an example of a single authentication protocol which is secure against weak passwords? I will let you use whatever mitigation metric of your choice, provided that you let me stipulate that it be production code, which must support a massive number of simultaneous connections, a fixed percentage of which always fails to authenticate. Also, the protocol you select must truly be resistant to offline dictionary attacks when the attacker actively spoofs either party (e.g. client or server.)

Re:The security of any protocol

[nsayer]

Security is a holistic thing. The weakest link and all that. It's not that I'm making the protocol 'dependent on the rest of the system,' it's that I'm having each piece of the system do its job.

I'm not suggesting that 'a' and 'b' will be a strong pair in the circumstances, merely that '9d42f3054f4bed06e0f9a982ccaaf383' won't be necessary to the extent that it is in the face of offline attacks. That is, that the amount of entropy you need to be secure goes down substantially when you are resistant to offline attacks and have taken some steps against online attacks.

As for DOS, there are tons of financial sites that have the exact controls I described and so far as I am aware, they don't suffer the way you describe. I suppose if everybody and their uncle started trying online dictionary attacks things might change, but though in theory there's no difference between theory and practice, in practice, there is.

And when you talk of spoofing and resistance to offline attack, I think you may be mixing metaphors. If I can put up a dummy server and collect the credentials that way, why would I bother with an offline attack?

Re:The security of any protocol

[poemofatic]

No my point is that because it's a system. the weakest link will be the password. Attempts to strengthen the system so that a weak password is not exploitable are bound to fail and end up covering only a few avenues of attack.

In a mutual authentication system, the client is protected from a dummy server as well. If you do not think this is important, then you don't care about all of the attacks to spoof websites (paypal). I do care about these attacks and don't consider a protocol in which I pass a password to an anonymous DH partner as somehow better than a real challenge-response requiring mutual authentication.

As for financial institutions, the protocols that I am aware of (VISA/ANSI X9/AKEP family) use keys generated from decent entropy sources, are ALL "vulnerable" to attacks on the key, and do not rely on password obfuscation attempts, or assumptions that the attacker is passive.

And you haven't given me an example. :)

Linksys upgraded to support WPA

[theEd]

I don't know which Linksys product you are using, but I'm using a WRT54G. When I first bought the router it only supported WEP, but then a firmware upgrade came one day that had WPA support. Check Linksys support site.

My iBook G4 running Panther connects to my router just fine using WPA Personal (Pre-shared key in Linksys). Although I've been thinking of playing around with WPA Enterprise (RADIUS), but that takes time :)

Problems with 5.8GHz Uniden phone?

[Cranky+Mac+User]

I installed this about the same time I upgraded to DSL. Now my 5.8GHz Uniden phone is fuzzy. Filters aren't working. I know it's the phone's fault, but convincing the techs at Uniden that it's not Airport's fault is difficult. So, anybody else having this problem before or after installing this update? Also, anybody know how to fix it? Dang! I spent a lot of money on that phone system for it to not work with DSL. My cheap $10 phone works just fine... (0_0)

I take this back.

[Trillan]

The resulting network is... unstable. I don't know what's wrong specifically, and it took a few days to realize the problem was real.

WPA support incomplete?

[lohphat]

I've only been able to test WPA-TKIP, -AES doesn't seem to work.