Wednesday, May 19, 2010

Case Studies on Unsecured Wifi and Law of the Countries

Dear Friends,

I think now definitely a question may arise in you mind that what will happen with unsecured wifi and what are the lime lighted case studies on unsecured wifi. Now I will discuss you all these things.

Here are few case studies in a nutshell:-

1) In UK a copy righted film was downloaded by hacking an unsecured wifi connection of a hotel/restaurant and then the film distributor company filed a suit on the basis of IP address and UK Police traced that hotel and the hotel/restaurant owner was imposed a huge amount of fine by the honourable UK Court.

2) In USA a person was found outside of a building for unsecured wifi connection and he was arrested by USA Police.

3) In India in Ahmadabad blast case the miscreants used unsecured wifi connections of different institutes and hospitals four times for sending mail. The institutes had to face the consequences.

There are so many cases to discuss but I will not discuss all those cases here as those cases here but now I think at the same time you should know what Govt. of different countries are thinking about this. So lets start with India.

In India if anyone's unsecured wifi is used to commit crime initially burden of proof will lie on him and he will be legally liable for commiting crime or a criminal conspiracy of that crime.
TRAI had asked the government to direct all Internet Service Providers (ISPs) to instruct their customers to have ‘proper authentication measures’ so that this facility is not misused. “All ISPs may be instructed to ensure that their subscribers using wireless devices must use effective authentication mechanisms and permit access to internet to only authorised persons using wireless devices,” the regulator said in its earlier communication to the DoT. (Source:- The Economic Times)
Additional Commissioner of Mumbai Police K Venktesan told Business Standard: “If the Wi-Fi connection in a particular place is not password protected or secured then the policemen accompanying the squad will have the authority to issue a notice to the owner of the connection directing him to secure it.”The police could issue a notice under section 149 of the Criminal Procedure Code (CrPC) to anyone found not securing their Wi-Fi connection and user may face criminal investigations. (Source:- www.zdnet.com)

In UK I think you have understood from the case studies.

In German Internet users in Germany, whose wireless networks are left password unprotected, can be fined up to 100 euros, according to a recent ruling by Germany’s top criminal court. (zdnet.com)

In Australia The Queensland Police plans to conduct a ‘wardriving’ mission around select Queensland towns in an effort to educate its citizens to secure their wireless networks. When unsecured networks are found, the Queensland Police will pay a friendly visit to the household or small business, informing them of the risks they are exposing themselves to. (zdnet.com)

Now I think some of you thinking to cause casualty to others unsecured wifi but my friends don't think for that as the hackers are keeping the wifi connection unsecured for trapping the persons who uses unsecured wifi.

Now its upto you what you will do.

Thanking you

Urproblemmysolution team

Monday, May 17, 2010

Unsecured wifi and we--------Part-6

What is MIC

Dear friends,

This is the second part of one of our readers, valuable comment for making the series more easily understandable and as this is valuable command I am publishing it in front page for all of you.

Sitanshu said...

Dear All,

This is second part of the previous article I posted. Consider is the next page of the same article.

TKIP Message Integrity Check (MIC)

Similar to TKIP, the Message Integrity Check (MIC) had also many versions before 802.11i defined it as a single standard. Once this was done, MIC became known as Michael although the acronym MIC still remains. Today with 802.11i, ratified MIC is Michael and vice versa. The protocol itself was created to help fight against the many message modification attacks that were prevalent in the WEP protocol. The IEEE 802.11i standard describes the need for MIC in the following quote: “Flaws in the IEEE 802.11 WEP design cause it to fail to meet its goal of protecting data traffic content from casual eavesdroppers. Among the most significant WEP flaws is the lack of a mechanism to defeat message forgeries and other active attacks. To defend against active attacks, TKIP includes a MIC, named Michael.” The MIC was created as a more secure method of handling integrity checking compared to the IVC in WEP.

The MIC is a hash that is calculated on a per-packet basis. This means a single MIC hash could span multiple frames and handle fragmentation. The MIC is also on a per-sender, per-receiver basis. This means that any given conversation has a MIC flowing from sender A to receiver B and a separate MIC flowing from sender B to receiver A.

The MIC is based on seed value, destination MAC, source MAC, priority, and payload. Unlike IC, MIC uses a hashing algorithm to stamp the packet, giving an attacker a much smaller chance to modify a packet and have it still pass the MIC. The seed value is similar to the WEP protocol’s IV. TKIP and MIC use the same IV space, although they have added an additional four octets to it. This was done to make the threat of using the same IV twice in a short time period less likely.

The MIC is also encrypted inside the data portion, which means it is not obtainable through a hacker’s wireless sniffer. To add to this, the TKIP also left the WEP IVC process, which then adds a second, less secure method of integrity checking on the entire frame. To combat message modification attacks, the TKIP and MIC went a step further and introduced the TKIP countermeasures procedures. This is a mechanism designed to protect against modification attacks. It works by having an access point shut down its communications if two MIC failures occur in 60 seconds. In this event, the access point would shut down for 60 seconds. When it comes back up, it would require that all clients trying to reconnect change their keys and undergo a re-keying. Some vendors allow one to define these thresholds, although the MIC standard calls out these values.

To prevent noise from triggering a TKIP countermeasure procedure, the MIC validation process is performed after a number of other validations. The validations performed before the MIC countermeasure validation are the frame check sum (FCS), integrity check sum (ICV), and TKIP sequence counter (TSC). If noise was to interfere with the packet and modify it, one of these other checks would be able to find it first, thus preventing the frame from incrementing the MIC countermeasure counter.

Pl keep in touch for more interesting articles on this topic.

Thanking you

Urproblemmysolution Team

Sunday, May 16, 2010

Unsecured Wifi and we---------Part-5

What is TKIP

Dear Friends,

The topic has become interesting here as one of my valuable reader has shared his valuable knowledge with us for explaining more easily about some codes which are used in Wi-fi. TKIP is one of them and for that I have decided to post that technical term in front page for all of us and making this topic more attractive. So lets have a look on that comment

Sitanshu said...

Dear Sujit/Sudipto,

Thank you for a fantastic article on WLAN Security.

I thought that our readers deserve a bit more. There are many advanced users who would like to know more about TKIP, MIC, WPA, WPA2.

I'm therefore posting this article to explain to our valuable advanced readers the inner details of TKIP and MIC.

TEMPORAL KEY INTEGRITY PROTOCOL (For upgrading a WEP based Wi-Fi Network)

The (TKIP) Temporal key Integrity Protocol was an interim solution developed to fix the key reuse problem of WEP. By key reuse we mean that a single key was used to encrypt all packets in the transmission. Once you examined enough packets as mentioned in an earlier posting you could build the key using XOR operations (WEP Key Builder uses that concept)
TKIP later became part of the 802.11i and subsequently part of WPA and WPA2 standards. I have mentioned in a previous posting that both WPA and WPA2 are interim steps towards moving to 802.11i.

TKIP was included in the 802.11i standards for backwards compatibility. The 802.11i standard did not want to use a cipher based RC4, so they chose AES (Advanced Encryption Standard). TKIP was put into 802.11i for the sole reason of helping older devices transition to 802.11i. To do this, 802.11i needed to support a protocol that could easily upgrade WEP to something safe enough to include in 802.11i.. WEP as we all know was weak and flawed. Using TKIP protected against attacks and reduced the overall risk of operating a wireless network.
Today, Cisco differentiates its versions of TKIP and the standard one by calling it the Cisco Key Integrity Protocol (CKIP).
The TKIP encryption portion works in a two-phase process. The first phase generates a session key from a temporal key, TKIP sequence counter (TSC), and the transmitter’s MAC address. The temporal key is made up of a 128-bit value similar to the base WEP key value. The TKIP sequence counter (TSC) is made up of the source address (SA), destination address (DA), priority, and the payload or data. Once this phase is completed, a value called the TKIP-mixed transmit address and key (TTAK) is created. This value is used as a session-based WEP key in the second phase.
In the second phase, the TTAK and the IV are used to produce a key that encrypts the data. This is similar to how WEP is processed. In WEP the first 24 bits of the IV are added in front of the WEP key and then used to create an encryption key that is applied to the data. Then the IV is inserted into the packet header.
The basis of TKIP came from the WEP protocol. In the 802.11i standard, TKIP is referred to as a cipher suite enhancing the WEP protocol on pre- RSNA hardware. This is espoused because RC4 is still used as a cipher, although the technique in which it is used has improved greatly.

The article continues.....

Thanking you

Urproblemmysolution Team

Unsecured Wifi and we---------Part-4

What is history behind 802.11 in wifi

Dear friends,

So far you have spent your time by reading the three parts of this topic and at this stage I should tell you an interesting history behind this wifi. You have seen some numbers in the articles of my friend Sudipta and some of my friends may have thought that why those numbers are used here. Now I will tell you that thing. So pl read it.

We often hear words, tongue twisting Acronyms for Terms and Terminologies in the world of Computers and other related Technologies. Often these words and numbers do not seem to have any meaning. But they ALWAYS DO…..

Since this series of postings are on the Topic of “Wi-Fi Networks” , you hear the read about the number and letter string 802.11x all the time. Here is the History behind it.

The first meeting that IEEE held for “Network Communication Standards” was in – February of 1980. Therefore, the Working Group Committee for Network Communication Standards was given the number 802. Thereafter, a Subgroup number 11 was assigned for “Wireless Network Communication Standards”. That is the history behind 802.11 naming standard.

After this there have been several Wi-Fi Network Communication Standards. These standards were assigned letters “a”, “b”, “c”, and so on all the way to “m”. That is how you get 802.11a, 802.11b, 802.11c …..802.11m

This is little trivia behind 802.11 xs.

Hope that was interesting reading for you.

Pl keep in touch with us for more interesting article on this topic.

Thanking you

Urproblemmysolution Team

Friday, May 14, 2010

Unsecured Wifi and we----------Part-3

What is Secure in Wifi.

Dear Friends,
As I promised you earlier that my wifi series posting will be interesting to all you so my friend Sudipta of Future Netwings (www.futurenetwings.com) again has come to stretch his hand to make you understand why WPA-2 is secure and how much secure. So lets have a look:

WPA2 compliments TKIP and the improved data integrity control algorithm with more secured encryption mechanism called Advanced Encryption Standard (AES) - Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). In other words, this means an improved encryption algorithm. Experts say that AES-CCMP is robust enough to be used for government data security purposes.

WPA2 also has two flavours - WPA2-PSK and WPA2-802.1x Just like WPa-802.1x WPA2-802.1x would require integration of the Access Points with a Directory server using RADIUS.

Release time: July 2004
Encryption: TKIP
Authentication: PSK or 802.1x
Suitable for Corporate: For Corporate WPA2-802.1x needs to be implemented where the authentication database would reside on the Active Directory or any other LDAP directory. WPA2-PSK may also be used alternatively.
Suitable for Home/Small Business: WPA2-PSK is sufficient for home/SMB.
Cracking: Though there are rumours, it is safe to consider WPA2 as not crackable.


Therefore, for Home/SMBs the order of choice needs to be WPA2-PSK>WPA-PSK>WEP. In addition to this one should also do MAC- binding in the APs for the clients.

However the Corporates should implement 802.1x versions of WPA or WPA2. We have found EAP-TLS implementations with WPA2 and an in-house certificate server very strong in terms of security.

Pl keep in touch with my forthcoming interesing articles on wifi.

Thanking you

Urproblemmusolution Team

Thursday, May 13, 2010

Unsecured Wifi and we------Part-2

Dear friends,

I promised you that some interesting topics on wifi would be forthcoming for you so I decided to explain it in part 2 about why the WEP and WPA are unsecured in a easy way and one of my team members Mr. Sudipta Pal of Future Netwings (www.futurenetwings.com) has tried to explain this before you in an easy and understandable manner. So please read it:-

WEP - Wired Equivalent Privacy.

This is the most primitive wireless encryption technology that uses static Pre Shared keys (single/multiple). WEP has three versions - 64 bit or 128 bit or 256 bit.
An WEP key is formed by concatenating a pre shared key with another quantity called IV (Initialization Vector).
Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 traffic key.
A 128-bit WEP key is almost always entered by users as a string of 26 hexadecimal (base 16) characters (0-9 and A-F). Each character represents four bits of the key. 26 digits of four bits each gives 104 bits; adding the 24-bit IV produces the final 128-bit WEP key.
A 256-bit WEP system is available from some vendors, and as with the 128-bit key system, 24 bits of that is for the IV, leaving 232 actual bits for protection. These 232 bits are typically entered as 58 hexadecimal characters. (58 × 4 = 232 bits) + 24 IV bits = 256-bit WEP key.

Release time: 1997
Encryption: WEP
Authentication: Open (none) or Shared using the pre-shared, static WEP key.
Suitable for Corporate: No, WEP can be cracked in few minutes. Please refer to http://www.youtube.com/watch?v=SRC1Z-ZSEr8 for a video on this.
Suitable for Home/Small Business: No A home should never use this because if a criminal activity happens, the homeowner may not have the political muscles to fight the charges.
Suitable for Corporate: Corporate should never use WEP. However, if at all WEP needs to be used in order to support legacy wireless applications; one should implement technologies like EAP-TLS in order to compensate for the weaknesses of WEP. WEP alone is worse than not having any security at all. Because it leads to false sense of being secured.
Cracking time: Few minutes

WPA (Wireless Protected Access)


WPA is built upon WEP, making it more secure by adding extra security algorithms and mechanisms to fight intrusion. Perhaps the most important improvement over WEP is a dynamic security key exchange mechanism and much more improved authentication and encryption mechanisms.
WPA is also better than WEP in its data encryption abilities. While WEP uses the same static security key for both encryption and decryption of all communication (the key never expires), WPA implements a mechanism involving a number of security keys. This is done through so-called Temporal Key Integrity Protocol (TKIP). This is a revolutionary improvement because even if the intruder obtains one security key, he will not be able to use it for long. This system changes the security key used for data transmission every specified amount of time to prevent cracking attempts.
When we talk about security keys, we implicitly talk about a working mechanism of security keys. The TKIP mechanism shares a starting key between devices, but each device then changes its encryption key for the ongoing communication.

WPA has two variants: WPA-PSK (Pre-Shared Key) and WPA-802.1x

WPA-PSK uses a user defined password to initialize the TKIP, temporal key integrity protocol. There is a password and the user is involved, for the most part that means it is flawed. The TKIP is not really crackable as it is a per-packet key but upon the initialization of the TKIP, like during an authentication, we get the password (well the PMK anyways). A robust dictionary attack will take care of a lot of consumer passwords.

WPA-802.1x involves physical transferring of the key and encrypted channels, it requires one to implement the authentication of the users based on Active Directory or other LDAP based directories.

Release time: April 2003
Encryption: TKIP
Authentication: PSK or 802.1x
Suitable for Corporate: May be, WPA can be cracked though it takes much longer time compared to WEP. For Corporate WPA-802.1x needs to be implemented where the authentication database would reside on the Active Directory or any other LDAP directory. WPA-PSK is not recommended for corporate.
Suitable for Home/Small Business: Since most of the homes/SMBs cannot afford a Directory server, the only choice they will have is WPA-PSK. A home may opt for this since most of the security best practice guidelines consider this as sufficient. The users in this case need to do MAC binding along with WPA-PSK.
Cracking time: 30 minutes to one hour if the PSK is based on dictionary words. It would take few days if non-dictionary words are used. A brief guide may be accessed at: http://docs.alkaloid.net/index.php/Cracking_WEP_and_WPA_Wireless_Networks

I think you have enjoyed it.

Thanking you

Urpromlemmysolution Team

Sunday, May 9, 2010

Unsecured Wifi and We-------- Part -1

My dear friends,

After long long and long interval I am again in front of you with an interesting topic, which I feel important to tell you. That is un-secured wifi. I think most of you know what wifi connection is. Wifi connection is a method of connecting your computer with the internet. You can connect your computer or any network device in two ways i.e.:- wired and wireless (wifi). So now it’s clear to all what is wifi connection. In your wired connection none can use your connection unless you are connected with internet or you have allowed someone to use your computer systems and in the same way in wifi connection you are not allowed to use anyone’s network connection if it is secured i.e.:- when you are going to use someone’s wifi network it seeks authentication with key or password, though there are some conditions i.e.:- level of encryption.

So now let me tell you some important issues about un-secured wifi networks. First of all you should know what is unsecured network. Unsecured networks are those which do not seek any password or key or authentication to connect to the network. So you are thinking that when a wifi connection seeks all the above requirements they are secured. But not my friend and that’s why I mentioned earlier about some conditions. The conditions are level of encryption. Wifi networks have generally three types of level of encryption i.e.:- WEP, WPA1 and WPA2. WEP and WPA1 can be cracked easily. So the wifi networks with WEP and WPA1 are not secured. WPA2 is secured.

So now definitely a question has arose in your mind where un-secured networks are found. These are found outsite the hotels, restaurants, corporate areas and in the IT sectors, cafes, airports, outside someone’s residence nursing homes, hospitals, colleges etc, and study says that 30% wifi networks are secured in the world and rests are unsecured. So it’s a huge drawback for wifi networks.

To be continued and be in touch for some interesting forth coming topics on the same subject.

With thanks
Urproblemmysolution Team