Re: Security of Cisco TKIP implementation on older products

Hello, thank you for your response.
My comments are below.


"Uli Link" <VonRechts.NachLinks@xxxxxxxxxxxxxxxxxxx> ha scritto nel messaggio news:4b6ef901$0$6591$9b4e6d93@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Elia S. schrieb:

This is the extract from cisco's documentations about the two options.


# Message Integrity Check (MIC) -- MIC is an additional WEP security
feature that prevents attacks on encrypted packets called bit-flip
attacks. The MIC, implemented on both the access point and all
associated client devices, adds a few bytes to each packet to make the
packets tamperproof.

# Temporal Key Integrity Protocol (TKIP) -- TKIP, also known as WEP key
hashing, is an additional WEP security feature that defends against an
attack on WEP in which the intruder uses an unencrypted segment called
the initialization vector (IV) in encrypted packets to calculate the WEP
key.

In the end, these bridges are in WEP128, but are they vulnerable to the
common wep flaws (IV vector, and vulnerable to airsnort's scans) ?

No.
This encryption is called CKIP/MIC in the IOS APs.

This is technically what TKIP is, minus the enlarged IV.
It's Cisco propietary.

I haven't understood if this solution is as secure as "standard TKIP" is...
I would like to know If I could be secure with this solution or not.
To implement EAP I think I need a radius server and I dont have these on my network.


But no known vulnerability to the WEP attacks.
You'll need your bridges authenticate with LEAP and a reauthentication period no longer than one or two hours or rotate the broadcast key to mitigate the effects of a possible IV overflow. WPA enlarged the IV from 24bit to 48bit so no overflow should occur within a reasonable time.

One end of the link (root bridge) supports a maximum of 1 association and accepts association only from the other bridge, and has MAC address filter enabled.
The other end of the link (non-root bridge doesnt accept wi-fi client associations.


To be secure, I use a GRE+IPSEC (at the moment using DES encryption,
later I will use AES128) tunnel between the two sites connected via the
wifi bridge, to be more secure.

I would consider the RC4 algo secure as implemented in TKIP or CKIP (with a per packet keying). If you want higher security using 56bit DES makes no sense as this cipher can be brute forced within minutes today.

The wifi link negotiate a stable 11.0 mbit, that is about 5 megabit real througput. (ftp download from one end to the other at 500 kbyte/sec)

At the moment I use DES because it is the less cpu intensive (I have one C877 and one C831 in the sites, and both have DES/3DES hardware offload); in less than a week I am going to install an 851W to replace the 831, and I will use AES on both ends of the link (hardware offload supported both on 851 and 877). They have to handle the 5.5mbit throughput of the wireless link - negotiated at 11mbit but about 5mbit real throughput).

At the moment the C877 and the 831 (later 851) does a GRE+IPSEC tunnel (later will be esp-aes128+md5) on separate phisical interfaces and all traffic from the remote site passess in the gre tunnel, encrypted and secured by ipsec.

After I will upgrade the vpn, to AES128, should I disable the wep128+mic+tkip and run the bridge link in clear, to minimize the wep overhead, or it will be trascurable?
Thank you


.

Relevant Pages

  • Re: NEWS: Breaking WEP in minutes, or even seconds
    ... Cracking the Wi-Fi security protocol WEP is a probability game. ... When WEP was compromised in 2001, the attack needed more than five ... million packets to succeed. ...
    (alt.internet.wireless)
  • Re: VPN
    ... interfaces in a bridge group with the tunnel endpoints. ... This one tends to suggest that the low end cisco modems I had in mind ... You could then change to some other file sharing protocol that can use ... packets Peter is requesting. ...
    (comp.sys.acorn.networking)
  • Re: Dumb question abt. Wireless WEP security
    ... that under their tests cracking WEP using a weak scheduling attack averages ... I have cracked WEP and it is not a picnic, ... > the amount of time required to obtain enough weak IV's on the network ... > every set amount of packets. ...
    (Security-Basics)
  • Re: PF, bridge, states and window scaling problem
    ... My problem comes with the filter rules. ... the bridge use TCP window scaling. ... but not matched by the rest of the packets ... statefull firewall has an unpredictable behaviour on bridges. ...
    (freebsd-questions)
  • Re: bridging and promiscuous mode... works but can"t get packets back
    ... Juan Rodriguez Hervella wrote: ... |>There's a bridge that does one logical net for two nics on the ... |>The module in use is bridge.ko and ipfw is in use by the bridge. ... but fails to receive back tcp packets from the ...
    (freebsd-net)