Security of Cisco TKIP implementation on older products

Hello I am still using Cisco AIR-352 with 12.3(8) IOS as access point, to provide connectivity on my wlan ad 802.11b speeds, with WPA-PSK TKIP security.

I have on a site, two AIR-BR352 point to point links at about 4km. The bridges BR350 uses Wep128 security, and I know that it is unsecure. On the config pages, I have enable MIC and TKIP settings.

So in the end I have these options enabled: WEP 128 CISCO MIC TKIP

This is the extract from cisco's documentations about the two options.

# Message Integrity Check (MIC) -- MIC is an additional WEP security feature that prevents attacks on encrypted packets called bit-flip attacks. The MIC, implemented on both the access point and all associated client devices, adds a few bytes to each packet to make the packets tamperproof.

# Temporal Key Integrity Protocol (TKIP) -- TKIP, also known as WEP key hashing, is an additional WEP security feature that defends against an attack on WEP in which the intruder uses an unencrypted segment called the initialization vector (IV) in encrypted packets to calculate the WEP key.

In the end, these bridges are in WEP128, but are they vulnerable to the common wep flaws (IV vector, and vulnerable to airsnort's scans) ?

To be secure, I use a GRE+IPSEC (at the moment using DES encryption, later I will use AES128) tunnel between the two sites connected via the wifi bridge, to be more secure.

Reply to
Elia S.
Loading thread data ...

Elia S. schrieb:

The VxWorks firmware's TKIP is NOT TKIP in IOS nor WPA-TKIP.

No. This encryption is called CKIP/MIC in the IOS APs.

This is technically what TKIP is, minus the enlarged IV. It's Cisco propietary.

But no known vulnerability to the WEP attacks. You'll need your bridges authenticate with LEAP and a reauthentication period no longer than one or two hours or rotate the broadcast key to mitigate the effects of a possible IV overflow. WPA enlarged the IV from

24bit to 48bit so no overflow should occur within a reasonable time.

I would consider the RC4 algo secure as implemented in TKIP or CKIP (with a per packet keying). If you want higher security using 56bit DES makes no sense as this cipher can be brute forced within minutes today.

Reply to
Uli Link

Hello, thank you for your response. My comments are below.

"Uli Link" ha scritto nel messaggio news:4b6ef901$0$6591$ snipped-for-privacy@newsspool3.arcor-online.net...

I haven't understood if this solution is as secure as "standard TKIP" is... I would like to know If I could be secure with this solution or not. To implement EAP I think I need a radius server and I dont have these on my network.

One end of the link (root bridge) supports a maximum of 1 association and accepts association only from the other bridge, and has MAC address filter enabled. The other end of the link (non-root bridge doesnt accept wi-fi client associations.

The wifi link negotiate a stable 11.0 mbit, that is about 5 megabit real througput. (ftp download from one end to the other at 500 kbyte/sec)

At the moment I use DES because it is the less cpu intensive (I have one C877 and one C831 in the sites, and both have DES/3DES hardware offload); in less than a week I am going to install an 851W to replace the 831, and I will use AES on both ends of the link (hardware offload supported both on

851 and 877). They have to handle the 5.5mbit throughput of the wireless link - negotiated at 11mbit but about 5mbit real throughput).

At the moment the C877 and the 831 (later 851) does a GRE+IPSEC tunnel (later will be esp-aes128+md5) on separate phisical interfaces and all traffic from the remote site passess in the gre tunnel, encrypted and secured by ipsec.

After I will upgrade the vpn, to AES128, should I disable the wep128+mic+tkip and run the bridge link in clear, to minimize the wep overhead, or it will be trascurable? Thank you

Reply to
Elia S.

Elia S. schrieb:

There is a minimal overhead with mic, the RC4 encryption is done in hardware, so no additional overhead if using WEP or CKIP.

Reply to
Uli Link

Thank you again.

In the end the security offered by the BR352 is wep128 plus CKIP, right? The cisco's proprietary version of TKIP but the WEP is still vulnerable if I use static keys, I just have more time because getting cracked?

I manually change the keys once a week but since a VPN is running inside, I don't have to bother if I get cracked (wep) or not, right?

thank you again

"Uli Link" ha scritto nel messaggio news:4b6fc36c$0$6731$ snipped-for-privacy@newsspool2.arcor-online.net...

Reply to
Elia S.

Elia S. schrieb:

If you check TKIP/CKIP the WEP key is changed for every packet transmitted, and if you authenticate the bridge client using 802.1x/LEAP a new session key is generated every reauthentication. The WEP cracking relies on having many packets encrypted with the very same static WEP key. So there is no attack vector left at all, except brute forcing/dictionary attack the LEAP password's hash. You can also configure broadcast key rotation, so even the WEP Key used for broadcasts is changed within a secure interval. But if you tunnel through GRE there are no broadcasts transmitted on the wireless link.

You can configure a internal RADIUS on your 877 (which should be on the root-bridge side). No manual dealing with any WEP keys. The reauthentication interval can be set on the RADIUS.

The weakest point in security is the unsecure telnet/http management of the BR35x bridges.

Reply to
Uli Link

Hello Cisco 877 internal radius? wow, you opened me a world!!! I will be immediately reading this topic!

Well , thank you again and again for you attention.

"Uli Link" ha scritto nel messaggio news:4b6fdd27$0$7624$ snipped-for-privacy@newsspool1.arcor-online.net...

The bridges (both the root bridge at HQ, and the non-root bridge are up

24/7/365.

Ok, but at the moment, without using any radius and so LEAP/802.1x auth, the tunnel in WEP+CKIP is considered secure?

I would like to avoid the GRE tunnel because obviously uses cpu power of the routers when encrypting data.

I tried configuring it on my p-t-p bridge and I had no success.

This is my current config:

HQ: C877 - VLAN1 192.168.1.x/24 LAN VLAN2: 10.0.0.1/29 (port dedicated to wifi bridge)

BR352 HQ (where the 877 is) 10.0.0.3/29

Remote site: BR352 remote 10.0.0.4/29 C831/851 later : eth1 10.0.0.2/29 eth0: 192.168.0.x/24 LAN

The GRE tunnel goes from 10.0.0.1 to 10.0.0.2 and there is a crypto map that encrypts all GRE tunnel. Since the default route of the 831/851 is the 877's end of the gre tunnel, every kind of traffic from the remote lan goes in gre tunnel and then encrypted securely.

Uhm.. they are now without any password. They can be accessed only via wired or wireless interface (but only from the other end of the bridge) the bridge doesnt allow any client to authenticate and just 1 association.

Reply to
Elia S.

I immediately bebug studying the internal radius on my cisco 877 with IOS

15.0 M1 ADVIPSERVICES

I have a question!!!

Does the integrater radius on C877 supports only EAP-FAST and LEAP ?

I tried configuring a 3com secure router with WPA+RADIUS and on the 3com docs it says that the AP supports only

EAP-TLS and EAP-PEAP

On the router I see RADSRV: Unknown eap type "3"

So I assume that the C877 works well with Aironet AP or devices wich supports leap or eap-fast, right?

I also tried using network EAP on the BR352 but I wasnot able to do anything.

Reply to
Elia S.

Your wireless connection is a 4km point-to-point, so you must be using some type of narrow-beam antennas or even a dish. Your probability of getting intercepted is very low because getting access to the signal is not going to be easy. Unless you have a reason to believe that someone would put in a lot of effort to hack you, I wouldn't worry about it. If you are concerned that someone would put in significant effort to access your data, you would be wise to spend a couple thousand dollars and purchase new wireless bridges that support 3DES encryption.

Reply to
Thrill5

Hello! Well just today I replaced one router at one end of the bridge. At the HQ I have a 877 and at the remote site I have now one 851W. I enabled a GRE+IPSEC (aes 128 esp-md5) vpn in the bridge so no one could intercept my data. I use two dish antenna to do the point-to-point but I am paranoic about security but at the moment I don't have in mind to upgrade the bridges since the 11mbit (5.5real) througput is more than sufficent for our needs.

"Thrill5" ha scritto nel messaggio news:hksfbk$fse$ snipped-for-privacy@news.eternal-september.org...

Reply to
Elia S.

~ I immediately bebug studying the internal radius on my cisco 877 with IOS ~ 15.0 M1 ADVIPSERVICES ~ ~ I have a question!!! ~ ~ Does the integrater radius on C877 supports only EAP-FAST and LEAP ? ~ ~ I tried configuring a 3com secure router with WPA+RADIUS and on the 3com ~ docs it says that the AP supports only ~ ~ EAP-TLS and EAP-PEAP ~ ~ On the router I see RADSRV: Unknown eap type "3" ~ ~ So I assume that the C877 works well with Aironet AP or devices wich ~ supports leap or eap-fast, right? ~ ~ I also tried using network EAP on the BR352 but I wasnot able to do ~ anything.

It is true: the internal RADIUS server in IOS (in the ISRs and in the autonomous IOS APs) supports only LEAP and EAP-FAST for EAP authentication. (Also MAC authentication, which isn't EAP.)

Aaron

Reply to
Aaron Leonard

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.