Re: Security of Cisco TKIP implementation on older products

Discussion in 'Cisco' started by Uli Link, Feb 7, 2010.

  1. Uli Link

    Uli Link Guest

    Elia S. schrieb:

    > I am still using Cisco AIR-352 with 12.3(8) IOS as access point, to
    > provide connectivity on my wlan ad 802.11b speeds, with WPA-PSK TKIP
    > security.
    > I have on a site, two AIR-BR352 point to point links at about 4km.
    > The bridges BR350 uses Wep128 security, and I know that it is unsecure.
    > On the config pages, I have enable MIC and TKIP settings.
    > So in the end I have these options enabled:
    > WEP 128
    > TKIP

    The VxWorks firmware's TKIP is NOT TKIP in IOS nor WPA-TKIP.

    > This is the extract from cisco's documentations about the two options.
    > # Message Integrity Check (MIC) -- MIC is an additional WEP security
    > feature that prevents attacks on encrypted packets called bit-flip
    > attacks. The MIC, implemented on both the access point and all
    > associated client devices, adds a few bytes to each packet to make the
    > packets tamperproof.
    > # Temporal Key Integrity Protocol (TKIP) -- TKIP, also known as WEP key
    > hashing, is an additional WEP security feature that defends against an
    > attack on WEP in which the intruder uses an unencrypted segment called
    > the initialization vector (IV) in encrypted packets to calculate the WEP
    > key.
    > In the end, these bridges are in WEP128, but are they vulnerable to the
    > common wep flaws (IV vector, and vulnerable to airsnort's scans) ?

    This encryption is called CKIP/MIC in the IOS APs.

    This is technically what TKIP is, minus the enlarged IV.
    It's Cisco propietary.

    But no known vulnerability to the WEP attacks.
    You'll need your bridges authenticate with LEAP and a reauthentication
    period no longer than one or two hours or rotate the broadcast key to
    mitigate the effects of a possible IV overflow. WPA enlarged the IV from
    24bit to 48bit so no overflow should occur within a reasonable time.

    > To be secure, I use a GRE+IPSEC (at the moment using DES encryption,
    > later I will use AES128) tunnel between the two sites connected via the
    > wifi bridge, to be more secure.

    I would consider the RC4 algo secure as implemented in TKIP or CKIP
    (with a per packet keying). If you want higher security using 56bit DES
    makes no sense as this cipher can be brute forced within minutes today.

    Uli Link, Feb 7, 2010
    1. Advertising

  2. Uli Link

    Uli Link Guest

    Elia S. schrieb:
    > After I will upgrade the vpn, to AES128, should I disable the
    > wep128+mic+tkip and run the bridge link in clear, to minimize the wep
    > overhead, or it will be trascurable?
    > Thank you

    There is a minimal overhead with mic, the RC4 encryption is done in
    hardware, so no additional overhead if using WEP or CKIP.

    Uli Link, Feb 8, 2010
    1. Advertising

  3. Uli Link

    Uli Link Guest

    Elia S. schrieb:
    > Thank you again.
    > In the end the security offered by the BR352 is wep128 plus CKIP, right?
    > The cisco's proprietary version of TKIP but the WEP is still vulnerable
    > if I use static keys, I just have more time because getting cracked?
    > I manually change the keys once a week but since a VPN is running
    > inside, I don't have to bother if I get cracked (wep) or not, right?

    If you check TKIP/CKIP the WEP key is changed for every packet
    transmitted, and if you authenticate the bridge client using 802.1x/LEAP
    a new session key is generated every reauthentication.
    The WEP cracking relies on having many packets encrypted with the very
    same static WEP key. So there is no attack vector left at all, except
    brute forcing/dictionary attack the LEAP password's hash.
    You can also configure broadcast key rotation, so even the WEP Key used
    for broadcasts is changed within a secure interval.
    But if you tunnel through GRE there are no broadcasts transmitted on the
    wireless link.

    You can configure a internal RADIUS on your 877 (which should be on the
    root-bridge side).
    No manual dealing with any WEP keys. The reauthentication interval can
    be set on the RADIUS.

    The weakest point in security is the unsecure telnet/http management of
    the BR35x bridges.

    Uli Link, Feb 8, 2010
  4. Uli Link

    Thrill5 Guest

    Your wireless connection is a 4km point-to-point, so you must be using some
    type of narrow-beam antennas or even a dish. Your probability of getting
    intercepted is very low because getting access to the signal is not going to
    be easy. Unless you have a reason to believe that someone would put in a
    lot of effort to hack you, I wouldn't worry about it. If you are concerned
    that someone would put in significant effort to access your data, you would
    be wise to spend a couple thousand dollars and purchase new wireless bridges
    that support 3DES encryption.

    "Elia S." <> wrote in message
    >I immediately bebug studying the internal radius on my cisco 877 with IOS
    > I have a question!!!
    > Does the integrater radius on C877 supports only EAP-FAST and LEAP ?
    > I tried configuring a 3com secure router with WPA+RADIUS and on the 3com
    > docs it says that the AP supports only
    > EAP-TLS and EAP-PEAP
    > On the router I see RADSRV: Unknown eap type "3"
    > So I assume that the C877 works well with Aironet AP or devices wich
    > supports leap or eap-fast, right?
    > I also tried using network EAP on the BR352 but I wasnot able to do
    > anything.
    Thrill5, Feb 9, 2010
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. J.H. Holliday

    Wireless security: AES vs. TKIP

    J.H. Holliday, May 31, 2005, in forum: Computer Support
  2. Guest
    Nov 14, 2003
  3. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Enterprise Directory and Security Implementation Guide", Charles Carrington et al

    Rob Slade, doting grandpa of Ryan and Trevor, Dec 1, 2003, in forum: Computer Security
    Rob Slade, doting grandpa of Ryan and Trevor
    Dec 1, 2003
  4. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Enterprise Directory and Security Implementation Guide", Charles Carrington et al

    Rob Slade, doting grandpa of Ryan and Trevor, Dec 8, 2003, in forum: Computer Security
    Rob Slade, doting grandpa of Ryan and Trevor
    Dec 8, 2003
  5. philbo30
    Gabriele Beltrame
    Dec 20, 2007

Share This Page