WiFi Security Standard Somenath Mukhopadhyay [email_address]

WiFi Security Standard

Somenath Mukhopadhyay

[email_address]

Why WiFi Security is needed 802.11 wireless network has no clothes Wireless LANs are broadcasting secrets of enterprises that have spent millions on internet security The insecurity of WLAN has given rise to War-Driving

802.11 wireless network has no clothes

Wireless LANs are broadcasting secrets of enterprises that have spent millions on internet security

The insecurity of WLAN has given rise to War-Driving

802.11 Security Two Phases - Authentication & Encryption Open System Authentication(OSA)‏ NIL protection Shared Key Authentication – WEP Authentication

Two Phases - Authentication & Encryption

Open System Authentication(OSA)‏

NIL protection

Shared Key Authentication – WEP Authentication

OSA and Shared Key Authentication

WEP Authentication Frame Format Algorithm Number – 0 OSA, 1 WEP Transaction Sequence – First Message 0, Second Message 1, etc Status Code – Sent in the Final Message – SUCCESS/FAILURE Challenge Text – 128 bit random number sent by the AP

Algorithm Number – 0 OSA, 1 WEP

Transaction Sequence – First Message 0, Second Message 1, etc

Status Code – Sent in the Final Message – SUCCESS/FAILURE

Challenge Text – 128 bit random number sent by the AP

WEP Encryption Stream Ciphering – byte wise ciphering RC4 encryption technology

Stream Ciphering – byte wise ciphering

RC4 encryption technology

RC4 Encryption Technology Two Phases – Initialization and Encryption IV – Initialization Vector – 24 bit value Secret Key - 104 bit value IV changes for every data packet IV is sent along with the packet

Two Phases – Initialization and Encryption

IV – Initialization Vector – 24 bit value

Secret Key - 104 bit value

IV changes for every data packet

IV is sent along with the packet

WEP Checksumming

WEP Encryption

WEP Decryption

RC4 algorithm in details Key scheduling algorithm generation using RC4 First step – generating an array with 256 8 bit values Second step – scrambling the array Initialization: For i = 0 ... N - 1 S[i] = i j = 0 Scrambling: For i = 0 ... N - 1 j = j + S[i] + K[i mod l] Swap(S[i], S[j])

Key scheduling algorithm generation using RC4

First step – generating an array with 256 8 bit values

Second step – scrambling the array

Initialization:

For i = 0 ... N - 1

S[i] = i

j = 0

Scrambling:

For i = 0 ... N - 1

j = j + S[i] + K[i mod l]

Swap(S[i], S[j])

RC4 algorithm in details Generating the streaming key This part of the algorithm is responsible for creating the streaming values used to encrypt the plaintext Initialization: i = 0 j = 0 Generation Loop: i = i + 1 j = (j + S[i]) mod l Swap(S[i], S[j]) Output z = S[S[i] + S[j]]

Generating the streaming key

This part of the algorithm is responsible for creating the streaming values used to encrypt the plaintext

Initialization:

i = 0

j = 0

Generation Loop: i = i + 1

j = (j + S[i]) mod l

Swap(S[i], S[j])

Output z = S[S[i] + S[j]]

Example of a simple RC4 using 2 bits RC4 Assumptions I = 0 J = 0 Pass = “6152” Pass length = 4 Index N = 4 Initialization Logic: For i = 0 .... N-1 S[i] = i Next S[0] = 0, S[1] = 1, S[2] = 2, S[3] = 3

Assumptions

I = 0

J = 0

Pass = “6152”

Pass length = 4

Index N = 4

Initialization Logic:

For i = 0 .... N-1

S[i] = i

Next

S[0] = 0, S[1] = 1, S[2] = 2, S[3] = 3

Example of a simple RC4 using 2 bits RC4 Scrambling Logic: For i = 0 ... N - 1 j = j + S[i] + K[i mod l] Swap(S[i], S[j])‏ Initial values S[0] = 0, S[1] = 1, S[2] = 2, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 i = 0, j = 0, pass(K) = “6152”, pass length(l) = 4, Index(N) = 4

Scrambling

Logic: For i = 0 ... N - 1

j = j + S[i] + K[i mod l]

Swap(S[i], S[j])‏

Initial values

S[0] = 0, S[1] = 1, S[2] = 2, S[3] = 3

K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2

i = 0, j = 0, pass(K) = “6152”,

pass length(l) = 4, Index(N) = 4

Example of a simple RC4 using 2 bits RC4 Equations: j = j + S[i] + K[i mod l] Swap(S[i], S[j]) j=(0 + S[0] + K[0]) mod 4 j=(0+0+6) mod 4 j=6 mod 4 j=2 Swap (S[0] , S[2]) S[0]=0 , S[2]=2 => S[0]=2 , S[2]=0

Equations:

j = j + S[i] + K[i mod l]

Swap(S[i], S[j])

j=(0 + S[0] + K[0]) mod 4

j=(0+0+6) mod 4

j=6 mod 4

j=2

Swap (S[0] , S[2]) S[0]=0 , S[2]=2 => S[0]=2 , S[2]=0

Example of a simple RC4 using 2 bits RC4 Calculation for the second loop Initial values before the iteration S[0] = 2, S[1] = 1, S[2] = 0, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 1, j = 2 Equations: j = j + S[i] + K[i mod l] =>j = (2+S[1]+k[1]) mod 4 = (2+1+1)mod 4 = 0 Swap(S[i], S[j]) =>Swap(S[1],S[0]) =>S[0] =1 & S[1] = 2

Calculation for the second loop

Initial values before the iteration

S[0] = 2, S[1] = 1, S[2] = 0, S[3] = 3

K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2

pass length (l) = 4, Index(N) = 4, i = 1, j = 2

Equations:

j = j + S[i] + K[i mod l] =>j = (2+S[1]+k[1]) mod 4

= (2+1+1)mod 4 = 0

Swap(S[i], S[j]) =>Swap(S[1],S[0]) =>S[0] =1

& S[1] = 2

Example of a simple RC4 using 2 bits RC4 After second loop the values are S[0] = 1, s[1] = 2, S[2] = 0, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 2 , j = 0

After second loop the values are

S[0] = 1, s[1] = 2, S[2] = 0, S[3] = 3

K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2

pass length (l) = 4, Index(N) = 4, i = 2 , j = 0

Example of a simple RC4 using 2 bits RC4 Calculation for the third loop Initial values before the loop starts S[0] = 1, s[1] = 2, S[2] = 0, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 2 , j = 0 Equation j = j + S[i] + K[i mod l] =>j = (0+S[2]+k[2]) mod 4 = (0+0+5)mod 4 = 1 Swap(S[i], S[j]) =>Swap(S[2],S[1]) =>S[1] =0 & S[2] = 2

Calculation for the third loop

Initial values before the loop starts

S[0] = 1, s[1] = 2, S[2] = 0, S[3] = 3

K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2

pass length (l) = 4, Index(N) = 4, i = 2 , j = 0

Equation

j = j + S[i] + K[i mod l] =>j = (0+S[2]+k[2]) mod 4

= (0+0+5)mod 4 = 1

Swap(S[i], S[j]) =>Swap(S[2],S[1]) =>S[1] =0

& S[2] = 2

Example of a simple RC4 using 2 bits RC4 Final values after third loop S[0] = 1, s[1] = 0, S[2] =2, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 3 , j = 1

Final values after third loop

S[0] = 1, s[1] = 0, S[2] =2, S[3] = 3

K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2

pass length (l) = 4, Index(N) = 4, i = 3 , j = 1

Example of a simple RC4 using 2 bits RC4 Calculation for the fourth loop Initial values before the loop starts S[0] = 1, s[1] = 0, S[2] =2, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 3 , j = 1 Equation j = j + S[i] + K[i mod l] =>j = (1+S[3]+k[3]) mod 4 = (1+3+2)mod 4 = 2 Swap(S[i], S[j]) =>Swap(S[3],S[2]) =>S[2] =3 & S[3] = 2

Calculation for the fourth loop

Initial values before the loop starts

S[0] = 1, s[1] = 0, S[2] =2, S[3] = 3

K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2

pass length (l) = 4, Index(N) = 4, i = 3 , j = 1

Equation

j = j + S[i] + K[i mod l] =>j = (1+S[3]+k[3]) mod 4

= (1+3+2)mod 4 = 2

Swap(S[i], S[j]) =>Swap(S[3],S[2]) =>S[2] =3

& S[3] = 2

Example of a simple RC4 using 2 bits RC4 Final values after fourth loop (final loop)‏ S[0] = 1, s[1] = 0, S[2] =3, S[3] = 2 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 4 , j = 2

Final values after fourth loop (final loop)‏

S[0] = 1, s[1] = 0, S[2] =3, S[3] = 2

K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2

pass length (l) = 4, Index(N) = 4, i = 4 , j = 2

Example of a simple RC4 using 2 bits RC4 Logic of PRGA i = 0 j = 0 Generation Loop: i = i + 1 j = (j + S[i]) mod l Swap(S[i], S[j]) Output z = S[S[i] + S[j]] After first loop i=0+1=1 j=(0+S[1])mod 4=(0+0)mod 4=0 Swap (S[1] , S[0]) S[1]=0 , S[0]=1 ==> S[1]=1 , S[0]=0 z1=S[S[1]+S[0]]=S[0+1]=S[1]=1 Z1=0000 0001

Logic of PRGA

i = 0

j = 0

Generation Loop: i = i + 1

j = (j + S[i]) mod l

Swap(S[i], S[j])

Output z = S[S[i] + S[j]]

After first loop

i=0+1=1

j=(0+S[1])mod 4=(0+0)mod 4=0

Swap (S[1] , S[0]) S[1]=0 , S[0]=1 ==> S[1]=1 , S[0]=0

z1=S[S[1]+S[0]]=S[0+1]=S[1]=1

Z1=0000 0001

Example of a simple RC4 using 2 bits RC4 Similarly z2 = 0000 0001 Assume the plaintext to be “HI” After Xoring the plaintext with the RC4 keystream we get H(0100 1000) XOR Z1(0000 0001) = 0100 1001 ==> I and I(0100 1001) XOR Z2(0000 0001) = 0100 1000 ==>H After RC4 “HI” becomes “IH”

Similarly z2 = 0000 0001

Assume the plaintext to be “HI”

After Xoring the plaintext with the RC4 keystream we get

H(0100 1000) XOR Z1(0000 0001) = 0100 1001 ==> I

and

I(0100 1001) XOR Z2(0000 0001) = 0100 1000 ==>H

After RC4 “HI” becomes “IH”

RC4 Encryption Technology Integrity Checksum – Calculated on the message M to yield the plaintext P = <M,c(M)> Encryption - RC4 stream cipher with secret key k Initialization vector iv Keystrem is generated based on iv & k (RC4(iv,k))‏ Ciphertext C = P XOR RC4(iv,k)‏

Integrity Checksum – Calculated on the message M to yield the plaintext P = <M,c(M)>

Encryption -

RC4 stream cipher with secret key k

Initialization vector iv

Keystrem is generated based on iv & k (RC4(iv,k))‏

Ciphertext C = P XOR RC4(iv,k)‏

Weakness of WEP Key should not be reused One Way Authentication No key management protocol

Key should not be reused

One Way Authentication

No key management protocol

Weakness of WEP Key should not at all be reused C = KI XOR P Intruder can get C and if he knows part of P he can obtain KI (as KI = P XOR C)‏ Next time any packet encrypted with this KI can easily be decrypted.

Key should not at all be reused

C = KI XOR P

Intruder can get C and if he knows part of P he can obtain KI (as KI = P XOR C)‏

Next time any packet encrypted with this KI can easily be decrypted.

Weakness of WEP For a 11 mbps base station the key has to be reused in approximately 5 hrs. There is 50% chance that a key will be reused after every 4823 packets Moreover, the specification has made the changing of IV value with each packet as optional

For a 11 mbps base station the key has to be reused in approximately 5 hrs.

There is 50% chance that a key will be reused after every 4823 packets

Moreover, the specification has made the changing of IV value with each packet as optional

Weakness of WEP Pre-Shared Key – the absence of any key management protocol It requires manual key configuration in all the mobile devices that want to communicate with the AP

Pre-Shared Key – the absence of any key management protocol

It requires manual key configuration in all the mobile devices that want to communicate with the AP

Weakness of WEP One way authentication The AP does not authenticate itself to the mobile device A rouge node imitating as the AP can have access to everything the mobile device sends

One way authentication

The AP does not authenticate itself to the mobile device

A rouge node imitating as the AP can have access to everything the mobile device sends

802.11i Goals Develop 802.11i through a process open to all Anyone must be able to implement the entire standard or any part of it – no secret algorithm Market driven feature development Addresses all perceived security problems of WEP Deliver as rapidly as possible

Goals

Develop 802.11i through a process open to all

Anyone must be able to implement the entire standard or any part of it – no secret algorithm

Market driven feature development

Addresses all perceived security problems of WEP

Deliver as rapidly as possible

802.11i Facilities Authentication TKIP AES-CCMP Discovery & Negotiation Key Management

Authentication

TKIP

AES-CCMP

Discovery & Negotiation

Key Management

External components used by 802.11i 802.1x – an external standard used to provide an authentication framework, coordinate authentication and key management 802.1x Authenticator/Supplicant – local protocol entity to coordinate authentication and and key management with remote entity Authentication server(AS) – a logical construction that centralizes authentication and access control decision making

802.1x – an external standard used to provide an authentication framework, coordinate authentication and key management

802.1x Authenticator/Supplicant – local protocol entity to coordinate authentication and and key management with remote entity

Authentication server(AS) – a logical construction that centralizes authentication and access control decision making

Operating an 802.11i Link Data protection: TKIP and CCMP Authentication 802.11i key management Session Key distribution Security capabilities discovery Authentication Server Access Point Station Security negotiation

802.1X

TKIP Identification and Goals TKIP: T emporal K ey I ntegrity P rotocol Deploy as a software patch in already deployed equipment Short term only, to permit migration from existing equipment to more capable equipment without violating security constraints Patch old equipment from WEP to TKIP first Interoperate between patched and unpatched first generation equipment until all have been patched Finally deploy new equipment Security Goals: Address all known WEP problems Prevent Frame Forgeries Prevent Replay Correct WEP’s mis-use of encryption Never reuse keys

TKIP: T emporal K ey I ntegrity P rotocol

Deploy as a software patch in already deployed equipment

Short term only, to permit migration from existing equipment to more capable equipment without violating security constraints

Patch old equipment from WEP to TKIP first

Interoperate between patched and unpatched first generation equipment until all have been patched

Finally deploy new equipment

Security Goals: Address all known WEP problems

Prevent Frame Forgeries

Prevent Replay

Correct WEP’s mis-use of encryption

Never reuse keys

TKIP Overview TKIP: T emporal K ey I ntegrity P rotocol Features New Message Integrity Code (MIC) called Michael to prevent tampering that can be implemented on a low-power microprocessor Supplement Michael with Counter-measures, to increase forgery deterrence Increase the size of IV to avoid ever reusing the same IV Change the encryption key for every frame Under WEP it was infeasible to detect when you were under attack

TKIP: T emporal K ey I ntegrity P rotocol

Features

New Message Integrity Code (MIC) called Michael to prevent tampering that can be implemented on a low-power microprocessor

Supplement Michael with Counter-measures, to increase forgery deterrence

Increase the size of IV to avoid ever reusing the same IV

Change the encryption key for every frame

Under WEP it was infeasible to detect when you were under attack

Message Integrity The simplest method is to create a “checksum” by adding all the bytes of the message together Send this checksum along with the message The receiver will recalculate this checksum from the received msg and then test it against the checksum value sent with the message.

The simplest method is to create a “checksum” by adding all the bytes of the message together

Send this checksum along with the message

The receiver will recalculate this checksum from the received msg and then test it against the checksum value sent with the message.

Message Integrity Attacker can recompute the checksum after he makes any changes in the message Idea is to generate a checksum after combining together all the bytes and producing MIC MIC is produced using a special nonreversible process and combining a secret key Attacker cannot produce the MIC unless he knows the secret key

Attacker can recompute the checksum after he makes any changes in the message

Idea is to generate a checksum after combining together all the bytes and producing MIC

MIC is produced using a special nonreversible process and combining a secret key

Attacker cannot produce the MIC unless he knows the secret key

Message Integrity There are several well tested methods to produce the MIC However, for a small microprocessor these methods are not feasible One solution for TKIP is Michael

There are several well tested methods to produce the MIC

However, for a small microprocessor these methods are not feasible

One solution for TKIP is Michael

IV Length WEP uses 24 bit IV TKIP has added 32 more bits Total = 24 + 32 = 56 Practically 48 bits are used

WEP uses 24 bit IV

TKIP has added 32 more bits

Total = 24 + 32 = 56

Practically 48 bits are used

Per Packet Key Mixing It solves few things The value of the key used for RC4 encryption is different for every IV value 24 bit “old” IV value and 104 bit secret key

It solves few things

The value of the key used for RC4 encryption is different for every IV value

24 bit “old” IV value and 104 bit secret key

WPA2-AES-CCMP AES- CCMP is the strongest security in 802.11i AES stands for Advanced Encryption Standard CCMP stands for Counter Mode – CBC MAC Protocol TKIP was designed to accommodate the older hardware AES-CCMP was designed from ground up. Requires new hardware

AES- CCMP is the strongest security in 802.11i

AES stands for Advanced Encryption Standard

CCMP stands for Counter Mode – CBC MAC Protocol

TKIP was designed to accommodate the older hardware

AES-CCMP was designed from ground up. Requires new hardware

WPA2-AES-CCMP Security goals – addresses all known WEP problems Prevent frame forgeries Prevent Replay No key reuse

Security goals – addresses all known WEP

problems

Prevent frame forgeries

Prevent Replay

No key reuse

AES Encryption process The encryption process uses a set of specially derived keys called round keys These are applied, along with other operations, on an array of data, that exactly holds one block of data, called state array

The encryption process uses a set of

specially derived keys called round keys

These are applied, along with other operations,

on an array of data, that exactly holds one block

of data, called state array

AES Encryption process Following are the steps to encrypt a block of data Derive the set of round keys from cipher key Initialize the state array with block data (plaintext)‏ Add the initial round key to the starting state array Perform nine rounds of state manipulation Perform the 10 th /final round of state manipulation Copy the final state array out as the encrypted data

Following are the steps to encrypt a block of data

Derive the set of round keys from cipher key

Initialize the state array with block data

(plaintext)‏

Add the initial round key to the starting state array

Perform nine rounds of state manipulation

Perform the 10 th /final round of state manipulation

Copy the final state array out as the encrypted

data

AES Encryption Process The 128 bit block of data is stored in a two dimensional (4 x 4) array as shown below D0 D4 D8 D12 D1 D5 D9 D13 D2 D6 D10 D14 D3 D7 D11 D15

The 128 bit block of data is stored in a two

dimensional (4 x 4) array as shown below

D0 D4 D8 D12

D1 D5 D9 D13

D2 D6 D10 D14

D3 D7 D11 D15

Derivation of the Round Keys Cipher key is 128 bit long We derive eleven 128 bit round keys ( Rkey0 to Rkey10) from this cipher key These keys can be represented as follows 32 bits 32 bits 32 bits 32 bits Rkey0 W0 W1 W2 W3 Rkey1 W0 W1 W2 W3 Rkey2 W0 W1 W2 W3 Rkey3 W0 W1 W2 W3 Rkey4 W0 W1 W2 W3 Rkey5 W0 W1 W2 W3 Rkey6 W0 W1 W2 W3 Rkey7 W0 W1 W2 W3 Rkey8 W0 W1 W2 W3 Rkey9 W0 W1 W2 W3 Rkey10 W0 W1 W2 W3

Cipher key is 128 bit long

We derive eleven 128 bit round keys ( Rkey0 to

Rkey10) from this cipher key

These keys can be represented as follows

32 bits 32 bits 32 bits 32 bits

Rkey0 W0 W1 W2 W3

Rkey1 W0 W1 W2 W3

Rkey2 W0 W1 W2 W3

Rkey3 W0 W1 W2 W3

Rkey4 W0 W1 W2 W3

Rkey5 W0 W1 W2 W3

Rkey6 W0 W1 W2 W3

Rkey7 W0 W1 W2 W3

Rkey8 W0 W1 W2 W3

Rkey9 W0 W1 W2 W3

Rkey10 W0 W1 W2 W3

Derivation of the Round keys To start with the Round keys Rkey0 is simply the cipher key For each of the round keys Rkey1 to Rkey10 words W1, W2 and W3 are computed as the XOR of the previous word in the same row and the same word of the previous row For example: Rkey5:W1 = Rkey5:W0 XOR Rkey4:W1 Rkey8:W3 = Rkey8:W2 XOR Rkey7:W3

To start with the Round keys Rkey0 is simply

the cipher key

For each of the round keys Rkey1 to Rkey10

words W1, W2 and W3 are computed as the

XOR of the previous word in the same row and

the same word of the previous row

For example:

Rkey5:W1 = Rkey5:W0 XOR Rkey4:W1

Rkey8:W3 = Rkey8:W2 XOR Rkey7:W3

Derivation of the Round Keys The calculation of W0 for each key is the Xor of three 32 bit values The value of W0 from the previous row The value of W3 from the previous row rotated by 8 bits A special value from a table called Rcon Thus we write Rkey(i):W0 = Rkey(i-1):W0 XOR Rkey(i- 1):W3>>>8 XOR RCon(i)‏

The calculation of W0 for each key is the Xor of

three 32 bit values

The value of W0 from the previous row

The value of W3 from the previous row rotated

by 8 bits

A special value from a table called Rcon

Thus we write

Rkey(i):W0 = Rkey(i-1):W0 XOR Rkey(i-

1):W3>>>8 XOR RCon(i)‏

Derivation of the Round Keys The values of Rcon(i) are as follows: i Rcon(i)‏ 1 2 2 4 3 8 4 16 5 32 6 64 7 128 8 27 9 54 10 108

The values of Rcon(i) are as follows:

i Rcon(i)‏

1 2

2 4

3 8

4 16

5 32

6 64

7 128

8 27

9 54

10 108

AES Encryption Process Total 10 rounds of operation are performed to alter the state array These rounds involve four types of operations SubBytes ShiftRows MixColumns XorRoundKeys

Total 10 rounds of operation are performed to

alter the state array

These rounds involve four types of operations

SubBytes

ShiftRows

MixColumns

XorRoundKeys

AES Encryption Process All of these four operations are applied in the order mentioned in the first nine rounds In the 10 th round Mix Columns round is mot performed

All of these four operations are applied in the

order mentioned in the first nine rounds

In the 10 th round Mix Columns round is mot

performed

AES Encryption Process- SubBytes SubBytes Operation Create a substitution table of total 16 bytes using a mathematical formula Substitute each byte from the state table by the value from the substitution table Original values can be restored in the reverse operation Substitution table is stored in memory as part of the design

SubBytes Operation

Create a substitution table of total 16 bytes

using a mathematical formula

Substitute each byte from the state table by the

value from the substitution table

Original values can be restored in the reverse

operation

Substitution table is stored in memory as part of

the design

AES Encryption Process-ShiftRows Each row is rotated to right by a certain number of bytes 1 st Row is rotated by 0 bytes 2 nd Row is rotated by 1 byte 3 rd Row is rotated by 2 bytes 4 th Row is rotated by 3 bytes

Each row is rotated to right by a certain number

of bytes

1 st Row is rotated by 0 bytes

2 nd Row is rotated by 1 byte

3 rd Row is rotated by 2 bytes

4 th Row is rotated by 3 bytes

AES Encryption Process - MixColumn The columns are changed according to the following formula Left hand side is the new column produced

The columns are changed according to the

following formula

Left hand side is the new column produced

AES Encryption Process - XOrRoundKey In this operation the round keys are Xor-ed with the existing state array This is done once before the beginning of the rounds and then once for each round

In this operation the round keys are Xor-ed with

the existing state array

This is done once before the beginning of the

rounds and then once for each round

AES Decryption Process Initial decryption round XorRoundKey InvShiftRows InvSubBytes Nine Full Decryption rounds XorRoundKey InvMixColumn InvShiftRows InvSubBytes Perform final XorRoundKey

Initial decryption round

XorRoundKey

InvShiftRows

InvSubBytes

Nine Full Decryption rounds

XorRoundKey

InvMixColumn

InvShiftRows

InvSubBytes

Perform final XorRoundKey

CCMP CCMP works on MPDU MPDU consists of MAC header and unencrypted data First we construct the CCMP header Then MIC is calculated The combination of Data and MIC is encrypted using AES The MAC header and the CCMP header are added in the beginning of the encrypted data The block is then transmitted

CCMP works on MPDU

MPDU consists of MAC header and unencrypted data

First we construct the CCMP header

Then MIC is calculated

The combination of Data and MIC is encrypted using AES

The MAC header and the CCMP header are added in the beginning of the encrypted data

The block is then transmitted

Conclusion Large number of Wi-Fi systems have been deployed using RC4 algorithm WPA-TKIP was introduced to upgrade the existing system without changing the hardware However, for better security implemented from ground up, we need AES-CCMP

Large number of Wi-Fi systems have been deployed using RC4 algorithm

WPA-TKIP was introduced to upgrade the existing system without changing the hardware

However, for better security implemented from ground up, we need AES-CCMP

Not Covered This presentation has not covered the different authentication methods used in Wi-Fi. These include EAP, PEAP, EAP-TLS, EAP-TTLS and EAP-SIM

This presentation has not covered the different authentication methods used in Wi-Fi.

These include EAP, PEAP, EAP-TLS, EAP-TTLS and EAP-SIM

Thank You

Thank You