Security of Cisco TKIP implementation on older products
in [Cisco]
|
Prev: I BUY used, new and refurbed Cisco, Lucent, Brocade, Nortel, Foundry, Extreme, Juniper, Microsoft, Adobe, Alcatel, 3com, IBM, HP, Compaq, Sun, Dell, Madge, Cabletron, Bintec, Siemens, Fore/Marconi, Tellabs, Lucent/Avaya/Ascend, Qlogic, Xylogics, B
Next: insomnia News and Reviews
From: Elia S. on 7 Feb 2010 10:57 Hello I am still using Cisco AIR-352 with 12.3(8) IOS as access point, to provide connectivity on my wlan ad 802.11b speeds, with WPA-PSK TKIP security. I have on a site, two AIR-BR352 point to point links at about 4km. The bridges BR350 uses Wep128 security, and I know that it is unsecure. On the config pages, I have enable MIC and TKIP settings. So in the end I have these options enabled: WEP 128 CISCO MIC TKIP This is the extract from cisco's documentations about the two options. # Message Integrity Check (MIC) -- MIC is an additional WEP security feature that prevents attacks on encrypted packets called bit-flip attacks. The MIC, implemented on both the access point and all associated client devices, adds a few bytes to each packet to make the packets tamperproof. # Temporal Key Integrity Protocol (TKIP) -- TKIP, also known as WEP key hashing, is an additional WEP security feature that defends against an attack on WEP in which the intruder uses an unencrypted segment called the initialization vector (IV) in encrypted packets to calculate the WEP key. In the end, these bridges are in WEP128, but are they vulnerable to the common wep flaws (IV vector, and vulnerable to airsnort's scans) ? To be secure, I use a GRE+IPSEC (at the moment using DES encryption, later I will use AES128) tunnel between the two sites connected via the wifi bridge, to be more secure.
From: Uli Link on 7 Feb 2010 12:31 Elia S. schrieb: > I am still using Cisco AIR-352 with 12.3(8) IOS as access point, to > provide connectivity on my wlan ad 802.11b speeds, with WPA-PSK TKIP > security. > > I have on a site, two AIR-BR352 point to point links at about 4km. > The bridges BR350 uses Wep128 security, and I know that it is unsecure. > On the config pages, I have enable MIC and TKIP settings. > > So in the end I have these options enabled: > WEP 128 > CISCO MIC > TKIP The VxWorks firmware's TKIP is NOT TKIP in IOS nor WPA-TKIP. > This is the extract from cisco's documentations about the two options. > > > # Message Integrity Check (MIC) -- MIC is an additional WEP security > feature that prevents attacks on encrypted packets called bit-flip > attacks. The MIC, implemented on both the access point and all > associated client devices, adds a few bytes to each packet to make the > packets tamperproof. > > # Temporal Key Integrity Protocol (TKIP) -- TKIP, also known as WEP key > hashing, is an additional WEP security feature that defends against an > attack on WEP in which the intruder uses an unencrypted segment called > the initialization vector (IV) in encrypted packets to calculate the WEP > key. > > In the end, these bridges are in WEP128, but are they vulnerable to the > common wep flaws (IV vector, and vulnerable to airsnort's scans) ? No. This encryption is called CKIP/MIC in the IOS APs. This is technically what TKIP is, minus the enlarged IV. It's Cisco propietary. But no known vulnerability to the WEP attacks. You'll need your bridges authenticate with LEAP and a reauthentication period no longer than one or two hours or rotate the broadcast key to mitigate the effects of a possible IV overflow. WPA enlarged the IV from 24bit to 48bit so no overflow should occur within a reasonable time. > To be secure, I use a GRE+IPSEC (at the moment using DES encryption, > later I will use AES128) tunnel between the two sites connected via the > wifi bridge, to be more secure. I would consider the RC4 algo secure as implemented in TKIP or CKIP (with a per packet keying). If you want higher security using 56bit DES makes no sense as this cipher can be brute forced within minutes today. -- ULi
From: Elia S. on 7 Feb 2010 18:46 Hello, thank you for your response. My comments are below. "Uli Link" <VonRechts.NachLinks(a)usenet.arcornews.de> ha scritto nel messaggio news:4b6ef901$0$6591$9b4e6d93(a)newsspool3.arcor-online.net... > Elia S. schrieb: >> This is the extract from cisco's documentations about the two options. >> >> >> # Message Integrity Check (MIC) -- MIC is an additional WEP security >> feature that prevents attacks on encrypted packets called bit-flip >> attacks. The MIC, implemented on both the access point and all >> associated client devices, adds a few bytes to each packet to make the >> packets tamperproof. >> >> # Temporal Key Integrity Protocol (TKIP) -- TKIP, also known as WEP key >> hashing, is an additional WEP security feature that defends against an >> attack on WEP in which the intruder uses an unencrypted segment called >> the initialization vector (IV) in encrypted packets to calculate the WEP >> key. >> >> In the end, these bridges are in WEP128, but are they vulnerable to the >> common wep flaws (IV vector, and vulnerable to airsnort's scans) ? > > No. > This encryption is called CKIP/MIC in the IOS APs. > > This is technically what TKIP is, minus the enlarged IV. > It's Cisco propietary. I haven't understood if this solution is as secure as "standard TKIP" is... I would like to know If I could be secure with this solution or not. To implement EAP I think I need a radius server and I dont have these on my network. > But no known vulnerability to the WEP attacks. > You'll need your bridges authenticate with LEAP and a reauthentication > period no longer than one or two hours or rotate the broadcast key to > mitigate the effects of a possible IV overflow. WPA enlarged the IV from > 24bit to 48bit so no overflow should occur within a reasonable time. One end of the link (root bridge) supports a maximum of 1 association and accepts association only from the other bridge, and has MAC address filter enabled. The other end of the link (non-root bridge doesnt accept wi-fi client associations. >> To be secure, I use a GRE+IPSEC (at the moment using DES encryption, >> later I will use AES128) tunnel between the two sites connected via the >> wifi bridge, to be more secure. > > I would consider the RC4 algo secure as implemented in TKIP or CKIP (with > a per packet keying). If you want higher security using 56bit DES makes no > sense as this cipher can be brute forced within minutes today. The wifi link negotiate a stable 11.0 mbit, that is about 5 megabit real througput. (ftp download from one end to the other at 500 kbyte/sec) At the moment I use DES because it is the less cpu intensive (I have one C877 and one C831 in the sites, and both have DES/3DES hardware offload); in less than a week I am going to install an 851W to replace the 831, and I will use AES on both ends of the link (hardware offload supported both on 851 and 877). They have to handle the 5.5mbit throughput of the wireless link - negotiated at 11mbit but about 5mbit real throughput). At the moment the C877 and the 831 (later 851) does a GRE+IPSEC tunnel (later will be esp-aes128+md5) on separate phisical interfaces and all traffic from the remote site passess in the gre tunnel, encrypted and secured by ipsec. After I will upgrade the vpn, to AES128, should I disable the wep128+mic+tkip and run the bridge link in clear, to minimize the wep overhead, or it will be trascurable? Thank you
From: Uli Link on 8 Feb 2010 02:55 Elia S. schrieb: > After I will upgrade the vpn, to AES128, should I disable the > wep128+mic+tkip and run the bridge link in clear, to minimize the wep > overhead, or it will be trascurable? > Thank you There is a minimal overhead with mic, the RC4 encryption is done in hardware, so no additional overhead if using WEP or CKIP. -- ULi
From: Elia S. on 9 Feb 2010 07:37 I immediately bebug studying the internal radius on my cisco 877 with IOS 15.0 M1 ADVIPSERVICES I have a question!!! Does the integrater radius on C877 supports only EAP-FAST and LEAP ? I tried configuring a 3com secure router with WPA+RADIUS and on the 3com docs it says that the AP supports only EAP-TLS and EAP-PEAP On the router I see RADSRV: Unknown eap type "3" So I assume that the C877 works well with Aironet AP or devices wich supports leap or eap-fast, right? I also tried using network EAP on the BR352 but I wasnot able to do anything.
|
Next
|
Last
Pages: 1 2 Prev: I BUY used, new and refurbed Cisco, Lucent, Brocade, Nortel, Foundry, Extreme, Juniper, Microsoft, Adobe, Alcatel, 3com, IBM, HP, Compaq, Sun, Dell, Madge, Cabletron, Bintec, Siemens, Fore/Marconi, Tellabs, Lucent/Avaya/Ascend, Qlogic, Xylogics, B Next: insomnia News and Reviews |