Wi-Fi Protected Setup

src: setuprouter.com

WiFi Protected Settings ( WPS initially, Simple Wi-Fi Configuration ) is a network security standard for creating secure wireless home networks.

Created by the Wi-Fi Alliance and introduced in 2006, the purpose of this protocol is to enable home users who are slightly aware of wireless security and may be intimidated by the security options available to set up Wi-Fi Protected Access, as well as make it easy to add new devices to the network that exists without entering a long password. Before the standard, some competing solutions were developed by different vendors to meet the same needs.

The main security flaws revealed in December 2011 are affecting the wireless router with WPS PIN feature, which the latest models have enabled by default. This flaw allows remote attackers to recover a WPS PIN within hours with a brute-force attack and, with a WPS PIN, a pre-shared WPA/WPA2 network key. Users are urged to turn off the WPS PIN feature, although this may not be possible on some router models.

Video Wi-Fi Protected Setup

Mode

The standards emphasize usability and security, and allow four modes within the home network to add new devices to the network:

PIN Method: -

Where PIN must be read either from sticker or view on new wireless device. This PIN must be entered on a network "representative", usually a network access point. The Alt access point can be entered into the new device. This method is mandatory baseline mode and everything should support it. The Wi-Fi Direct specification replaces this requirement by stating that all devices with a keypad or display must support the PIN method.

Method pushbutton: -

Where the user has to press a button, either actual or virtual, on the access point and the new wireless client device. On most devices, this mode of discovery dies by itself as soon as the connection is made or after a delay (usually 2 minutes or less), whichever comes first, thus minimizing its vulnerability. Support of this mode is mandatory for access and optional paths to connect devices. The Wi-Fi Direct specification replaces this requirement by stating that all devices must support push-button methods.

Close field communications methods: -

Where users should bring new clients close to the access point to allow field communication close across devices. Forum-compliant NFC RFID tags can also be used. Support of this mode is optional.

USB method: -

Where users use a USB flash drive to transfer data between new client devices and network access points. This mode support is optional, but is no longer used.

The last two modes are usually referred to as out-of-band methods because there is transfer of information by channels other than the Wi-Fi channel itself. Only the first two modes are currently covered by the WPS certification. The USB method is no longer used and is not part of Alliance certification testing.

Some wireless access points have a dual function WPS button, and holding this button for a shorter or longer period may have other functions, such as factory reset or WiFi toggling.

Some manufacturers, such as Netgear, use different logos and/or names for Wi-Fi Protected Setup; The Wi-Fi alliance recommends the use of Wi-Fi Protected Setup IDs on the hardware buttons for this function.

Maps Wi-Fi Protected Setup

Technical architecture

The WPS protocol defines three types of devices in the network:

Registrar

Devices with authority to remove and revoke access to the network; it can be integrated into a wireless access point (AP), or provided as a separate device.

Enrollee

The client device that wants to join the wireless network.

AP

The access point serves as a proxy between the recorder and enrollee.

The WPS standard defines three basic scenarios involving the components listed above:

AP with integrated registration capability configure Enrollee Station (STA)

In this case, the session will run on the wireless medium as a series of EAP request/response messages, ending with an AP that disconnects from the STA and waits for the STA to reconnect with its new configuration (handed to it by the AP before).

The STA registrar configures AP as enrollee

The case is divided into two aspects: first, sessions can occur on wired or wireless media, and secondly, APs can be configured when the registries find them. In the case of cable connections between devices, the protocol runs over Universal Plug and Play (UPnP), and both devices must support UPnP for that purpose. When running over UPnP, a shortened version of the protocol is run (only two messages) because no authentication is required other than the combined wire media. In the case of wireless media, protocol sessions are very similar to internal registrar scenarios, but with opposite roles. Regarding the AP configuration status, the registrar is expected to ask the user whether to reconfigure the AP or maintain its current settings, and may decide to reconfigure it even if the AP describes itself as configured. Some registrars must have the ability to connect to the AP. UPnP is intended to apply only to wired media, when in fact it applies to any interface that an IP connection can make. So, after setting up a wireless connection manually, UPnP can be used on it in the same way as with cable connections.

The STA registrar configures the STA enrollee

In this case the AP stands in the middle and acts as an authenticator, which means it only proxies relevant messages from side to side.

src: i.ytimg.com

Protocol

The WPS protocol consists of a series of EAP message exchanges that are triggered by user actions, relying on the exchange of descriptive information that must precede the user's actions. The descriptive information is transferred via a new Information Element (IE) that is added to the beacon, probe response, and optionally to the probe request and the corresponding request/response message. In addition to long, informative type values, IEs will also retain the possibility of device configuration methods currently in use.

After this communication of the device capabilities from both ends, the user initiates the actual protocol session. This session consists of eight messages followed, in the case of a successful session, by a message to indicate that the protocol has been completed. The exact message flow may change when configuring different types of devices (AP or STA), or when using different physical media (wired or wireless).

src: www.edimax.com

Choice of band or radio

Some devices with dual-band wireless network connectivity do not allow users to select a 2.4 GHz or 5 GHz band (or even a specific radio or SSID) when using Wi-Fi Protected Setup unless the wireless access point has a separate WPS button for each band or radio; However, a number of wireless routers then with multiple frequency bands and/or radios allow the establishment of WPS sessions for certain bands and/or radios for connections with clients that can not have SSID or bands (eg, 2,4/5Ã, GHz) explicitly selected by user on client for connection with WPS (eg pushing 5 GHz, where supported, WPS button on wireless router will force client device to connect via WPS only at 5Ã, GHz band after WPS session has been assigned by client device which can not explicitly allow the selection of wireless networks and/or bands for WPS connection methods).

src: setuprouter.com

Vulnerability

Brute-force attack online

In December 2011, researcher Stefan ViehbÃÆ'¶ck reported design flaws and implementations that made brute-force attacks against PIN-based WPS feasible on WPS-enabled WiFi networks. A successful attack on WPS allows unauthorized parties to gain access to the network, and the only effective solution is to disable WPS. The vulnerability center around the acknowledgment message is sent between the registrar and enrollee while trying to validate the PIN, which is an eight digit number used to add a new WPA registrar to the network. Since the last digit is a checksum of the previous digits, there are seven unknown digits in each PIN, yielding 10 ⁷ = 10,000,000 possible combinations.

When an enrollee tries to gain access using a PIN, the registrar reports the validity of the first and second parts of the PIN separately. Since the first half of the pin consists of four digits (10,000 possibilities) and the second half has only three active digits (1000 possibilities), at most 11,000 guesses are required before the PIN is restored. This is a reduction by three orders of magnitude of the number of PINs that will be required to be tested. As a result, the attack can be completed in less than four hours. The ease or difficulty of exploiting this vulnerability depends on the implementation, as the manufacturer of the Wi-Fi router can defend itself from such attacks by slowing down or disabling the WPS feature after some failed PIN validation attempts.

Young developers based in a small town in eastern New Mexico make a tool that exploits this vulnerability to prove that the attack is worth it. This tool was later purchased by Tactical Network Solutions in Maryland for 1.5 million dollars. They claim that they have known about vulnerabilities since early 2011 and have used them.

On some devices, disabling WPS in the user interface does not result in the feature being completely disabled, and the device remains vulnerable to this attack. The firmware update has been released for some devices that allow WPS to be completely disabled. Vendors can also patch vulnerabilities by adding a lockout period if Wi-Fi access points detect an ongoing brute force attack, which disables the PIN method long enough to render an attack impractical.

Brute-force Offline Attack

In the summer of 2014, Dominique Bongard discovered what he called the Pixie Dust attack. This attack only works for standard WPS implementations of some wireless chip makers, including Ralink, MediaTek, Realtek, and Broadcom. This attack focuses on the lack of randomness while generating E-S1 and E-S2 "secret" non-rules. Knowing these two ngo, PINs can be recovered within minutes. A tool called pixiewps has been developed and a new version of Reaver has been developed to automate the process.

Since both access points and clients (enrollee and registrar, respectively) need to prove that they know the PIN to ensure the client is not connected to a rogue AP, the attacker already has two hashes containing every half of the PIN, and all they need is to -brute-force the actual PIN. The access point sends two hashes, E-Hash1 and E-Hash2, to the client, proving that he also knows the PIN. E-Hash1 and E-Hash2 are hash (E-S1 | PSK1 | PKe | PKr) and (E-S2 | PSK2 | PKe | PKr), respectively. The hashing function is HMAC-SHA-256 and uses "authkey" which is the key used for hash data.

Physical security issues

All WPS methods are vulnerable to unauthorized user use if the wireless access point is not stored in a secure area. Many wireless access points have security information (if it has been secured by the manufacturer) and the WPS PIN is printed on them; This PIN is also often found in the wireless access point configuration menu. If this PIN can not be changed or disabled, the only solution is to obtain firmware updates to enable the modified PIN, or to change the wireless access point.

It is possible to extract the wireless password with the following methods without using special tools:

• A wireless passphrase can be extracted using WPS in Windows Vista and later versions of Windows, under administrative privileges by connecting with this method and then bring up the properties for this wireless network and click on "show character".
• Simple exploits in the Intel PRO wireless utility can reveal wireless passphrases when WPS is used, after a simple step of the dialog box asking if you want to reconfigure this access point.

src: www.edimax.com

References

src: i.ytimg.com

External links

• Knowledge Prepared Wi-Fi Knowledge Center in Wi-Fi Alliance
• UPnP device architecture
• US-CERT VU # 723755
• Wait for WPS fixes
• WPS Pixie Attack (Offline WPS Attack)
• Hacklu2014 Offline Bruteforce Attack in WPS

Source of the article : Wikipedia