Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
759
Views
0
Helpful
5
Replies

Which security feature encrypts wireless data ?

Go to solution
ewang
Level 1
Level 1

‎02-10-2004 01:03 PM - edited ‎07-04-2021 09:21 AM

Among LEAP, MIC and TKIP, which one is responsible for encrypting wireless data ?

I think LEAP only authenticates users; MIC ensure no one alter the packets. TKIP makes it hard to figure out the keys

1. Is wireless data (if someone sniffers each packet) encrypted or clear text ?

2. if Yes, which feature is doing this job ?

thanks !

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bmcmurdo
Cisco Employee
Cisco Employee
In response to ewang

‎02-15-2004 11:55 PM

LEAP, as with all EAP types is an authentication protocol.

At the successful conclusion of a LEAP authentication both the WLAN client and the RADIUS server dynamically derive an encryption key (the RADIUS server passes the key to the AP).

Until AES is ratified by the IEEE and inplemented, WEP is still the encryption protocol used on IEEE/WiFi compliant WLANs.

WEP has several well-known cryptographic weaknesses which are fixed by TKIP and MIC.

-- TKIP fixes the WEP implementation of the RC4 algorithm by creating a per-packet key (by hashing the derived key and a per-packet Initialization vector). TKIP provides immunity from the "airsnort" attack amoungst others.

-- MIC provides message integrity Checking and provides a cryptographically strong method of ensuring that the encrypted frame has not been altered between transmission and reception.

As another poster has noted, LEAP *authentication* has proven to be vulnerable to an offline dictionary attack. To mitigate against this it is necessary to be able to enforce a strong windows password policy (one that ensures a >=10 character password with a mix of alphanumeric and special characters etc...)

Detai;ed information of Cisco WLAN security is available at the following URL;

www.cisco.com/go/aironet/security

View solution in original post

0 Helpful
5 Replies 5

Go to solution
ndoshi
Cisco Employee
Cisco Employee

‎02-10-2004 05:28 PM

Leap does encryption . At end of leap process , wireless client and AP both independently generate

key based on challange and response they get .That

key is used to encrypt the unicast data . Beauty is

this key is not passed over wireless so no man in middle attack . Also after that Ap will generate broadcast key to encrypt broadcast traffic .

If you sniff wireless leap encrypted data you will not able to read data portion .

I hope this helps

0 Helpful

Go to solution
ewang
Level 1
Level 1
In response to ndoshi

‎02-11-2004 06:41 AM

thanks for the answer from ndoshi !

however, from what point, does data start to be encrypted ?

for example, we use NT domain login as LEAP login.

When I type my username & password from the laptop PC, do they get transmitted to AP as

1. clear text

2. or encrypted (by which key ? WEP is not revelant with leap) ?

0 Helpful

Go to solution
pallette
Level 1
Level 1
In response to ewang

‎02-15-2004 11:12 PM

your username will be passed in clear text. I am not 100% which hashing technique is used for password with LEAP authentication(MS-CHAP,maybe) but it is not sent in clear text. However, make a note this is one of the vulnerabilities of LEAP, Ciso released last year stating that the password was suceptible to dictionary attacks. If you run some type of wired or wireless sniffer you will see the username passed in clear text. After successful login, the data payload will be encrypted.

HTH

0 Helpful

Go to solution
bmcmurdo
Cisco Employee
Cisco Employee
In response to ewang

‎02-15-2004 11:55 PM

LEAP, as with all EAP types is an authentication protocol.

At the successful conclusion of a LEAP authentication both the WLAN client and the RADIUS server dynamically derive an encryption key (the RADIUS server passes the key to the AP).

Until AES is ratified by the IEEE and inplemented, WEP is still the encryption protocol used on IEEE/WiFi compliant WLANs.

WEP has several well-known cryptographic weaknesses which are fixed by TKIP and MIC.

-- TKIP fixes the WEP implementation of the RC4 algorithm by creating a per-packet key (by hashing the derived key and a per-packet Initialization vector). TKIP provides immunity from the "airsnort" attack amoungst others.

-- MIC provides message integrity Checking and provides a cryptographically strong method of ensuring that the encrypted frame has not been altered between transmission and reception.

As another poster has noted, LEAP *authentication* has proven to be vulnerable to an offline dictionary attack. To mitigate against this it is necessary to be able to enforce a strong windows password policy (one that ensures a >=10 character password with a mix of alphanumeric and special characters etc...)

Detai;ed information of Cisco WLAN security is available at the following URL;

www.cisco.com/go/aironet/security

0 Helpful

Go to solution
straman
Level 1
Level 1

‎03-12-2004 05:36 AM

LEAP authenticates users and RADIUS server (mutual authentication) and provides dynamic WEP keys.

You're essentially right on TKIP and MIC

If WEP encryption is enabled, packets going through RF are encrypted by the WEP-key. TKIP provides additional security against cracking the base WEP key and if enabled ensures each packet is encrypted with a different encryption key.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card