Wireless Encryption Disclaimer Sources include


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Wireless Encryption Disclaimer Sources include

  1. 1. Wireless Encryption
  2. 2. Disclaimer <ul><li>Sources include </li></ul><ul><ul><li>a NIST publication: Wireless Network Security: 802.11, Bluetooth and Handheld Devices , published November 2002, written by Tom Karygiannis and Les Owens. </li></ul></ul><ul><ul><li>Grad Students: Nathan Blackham, Charles Higby </li></ul></ul>
  3. 3. Wireless LANs <ul><li>802.11 sets the standards in the US. </li></ul><ul><li>Specifications: </li></ul>
  4. 4. 802.11 Classifications <ul><li>802.11 </li></ul><ul><ul><li>1-2 Mbps </li></ul></ul><ul><ul><li>2.4 GHz spectrum </li></ul></ul><ul><ul><li>Uses FHSS (Frequency Hopping Spread Spectrum) </li></ul></ul><ul><ul><ul><li>75+ frequencies per transmission </li></ul></ul></ul><ul><ul><ul><li>Max dwell time per frequency: 400 ms. </li></ul></ul></ul><ul><ul><li>Or DSSS (Direct Sequence Spread Spectrum) </li></ul></ul>
  5. 5. 802.11a <ul><li>54Mbps </li></ul><ul><li>5 GHz band (short range) </li></ul><ul><li>OFDM (Orthogonal Frequency Division Multiplexing) </li></ul><ul><ul><ul><li>Splits signal into smaller sub-signals and transmits multiple sub-signals on different frequencies. </li></ul></ul></ul><ul><li>Less interference from other signals </li></ul><ul><li>8 simultaneous channels </li></ul><ul><li>Not approved in Europe (military uses a portion of the 5 GHz band) </li></ul>
  6. 6. 802.11b <ul><li>Also known as High Rate or Wi-Fi </li></ul><ul><ul><li>11 Mbps (with TI’s DSP chip 22Mbps) </li></ul></ul><ul><ul><li>2.4 GHz – crowded band. </li></ul></ul><ul><ul><li>Still slower than wired Ethernet </li></ul></ul><ul><ul><li>Note: Any Wi-Fi (Wireless Fidelity) component that is certified by WECA is interoperable with any other brand of client hardware (not always true) </li></ul></ul><ul><ul><li>3 Simultaneous channels </li></ul></ul><ul><ul><li>Uses CCK (complementary Code Keying) </li></ul></ul>
  7. 7. 802.11g <ul><li>New technology is coming that will enable 20 - 54 Mbps over existing 802.11b networks. </li></ul><ul><li>Still operating in 2.4 GHz band range </li></ul><ul><li>Backward compatible with 802.11b components at 11 Mbps </li></ul><ul><li>3 Simultaneous channels </li></ul><ul><li>Uses both encoding techniques from ‘a’ and ‘b’ </li></ul>
  8. 8. WLAN Security <ul><li>Brief History of WLAN security </li></ul><ul><li>In 1999 IEEE 802.11 Working Group proposed WEP. </li></ul><ul><li>WEP Seeks to provide a level of WLAN security similar to that of wired LANs. </li></ul><ul><li>By encrypting data transmissions and preventing unauthorized users from connecting. </li></ul>
  9. 9. WEP – Protection for 802.11b <ul><li>Wired Equivalent Privacy </li></ul><ul><ul><li>“ No worse than what you get with wire-based systems” </li></ul></ul><ul><li>Criteria: </li></ul><ul><ul><li>“ Reasonably strong” </li></ul></ul><ul><ul><li>Self-synchronizing – stations often go in and out of coverage </li></ul></ul><ul><ul><li>Computationally efficient – in HW or SW since low MIPS CPUs might be used </li></ul></ul><ul><ul><li>Exportable – </li></ul></ul><ul><ul><li>Optional – not required to used it </li></ul></ul>
  10. 10. WEP – How It Works <ul><li>Secret key (40 bits or 104 bits) </li></ul><ul><li>Initialization vector (24 bits, by IEEE std.) </li></ul><ul><ul><li>Total of 64 or 128 bits “of protection.” </li></ul></ul><ul><li>RC4-based pseudo random number generator (PRNG) </li></ul><ul><li>Integrity Check Value (ICV): CRC 32 </li></ul>
  11. 11. IS WEP Secure? <ul><li>WEP is not a mandatory component of IEEE 802.11 </li></ul><ul><li>Most 802.11b products don’t have the computing power to run WEP encryption without significant performance degradation. </li></ul><ul><li>(This has enticed many users to turn off WEP) </li></ul><ul><li>WEP has proven vulnerabilities. </li></ul>
  12. 12. Notable Papers that identify and describe WEP deficiencies. <ul><li>A paper from UC Berkeley revealing WEP weaknesses due to key reuse and inadequate message authentication. </li></ul><ul><li>A paper from the University of Maryland highlighting weaknesses in 802.11 access control mechanisms. </li></ul><ul><li>A paper by Scott Fluhrer, Itsik Mantin, and Adi Shamir identifying weaknesses in the WEP protocol due to improper usage of the underlying RC4 Algorithm. </li></ul>
  13. 13. RC4 Algorithm <ul><li>RC4 is a stream cipher symmetric key algorithm. </li></ul><ul><li>Developed in 1987 by Ronald Rivest </li></ul><ul><li>On September 9, 1994, the RC4 algorithm was anonymously posted on the Internet on Cyberpunks “anonymous remailers” list. </li></ul>
  14. 14. WEP Data Frame IV (4 bytes) Data (PDU) (  1 byte) ICV (4 bytes) Init Vector (3 bytes) 1 byte Pad 6 bits Key ID 2 bits Note: can use up to 4 different keys.
  15. 15. WEP Encryption Initialization Vector (IV) Secret Key Plaintext Integrity Algorithm Seed WEP PRNG Key Sequence Integrity Check Value (ICV) IV Ciphertext Message
  16. 16. WEP Encryption Process <ul><li>Compute ICV using CRC-32 over plaintext msg. </li></ul><ul><li>Concatenate ICV to plaintext message. </li></ul><ul><li>Choose random IV and concat it to secret key and input it to RC4 to produce pseudo random key sequence. </li></ul><ul><li>Encrypt plaintext + ICV by doing bitwise XOR with key sequence to produce ciphertext. </li></ul><ul><li>Put IV in front of cipertext. </li></ul>
  17. 17. WEP Decryption IV Ciphertext Secret Key Message WEP PRNG Seed Key Sequence Integrity Algorithm Plaintext ICV’ ICV ICV’ - ICV
  18. 18. WEP Decryption Process <ul><li>IV of message used to generate key sequence, k. </li></ul><ul><li>Ciphertext XOR k  original plaintext + ICV. </li></ul><ul><li>Verify by computing integrity check on plaintext (ICV’) and comparing to recovered ICV. </li></ul><ul><li>If ICV  ICV’ then message is in error; send error to MAC management and back to sending station. </li></ul>
  19. 19. WEP Station Authentication <ul><li>Wireless Station (WS) sends Authentication Request to Access Point (AP). </li></ul><ul><li>AP sends (random) challenge text T. </li></ul><ul><li>WS sends challenge response (encrypted T). </li></ul><ul><li>AP sends ACK/NACK. </li></ul>WS AP Auth. Req. Challenge Text Challenge Response Ack
  20. 20. WEP Weaknesses <ul><li>Forgery Attack </li></ul><ul><ul><li>Packet headers are unprotected, can fake src and dest addresses. </li></ul></ul><ul><ul><li>AP will then decrypt data to send to other destinations. </li></ul></ul><ul><ul><li>Can fake CRC-32 by flipping bits. </li></ul></ul><ul><li>Replay </li></ul><ul><ul><li>Can eavesdrop and record a session and play it back later. </li></ul></ul><ul><li>Collision (24 bit IV; how/when does it change?) </li></ul><ul><ul><li>Sequential: roll-over in < ½ day on a busy net </li></ul></ul><ul><ul><li>Random: After 5000 packets, > 50% of reuse. </li></ul></ul><ul><li>Weak Key </li></ul><ul><ul><li>If ciphertext and plaintext are known, attacker can determine key. </li></ul></ul><ul><ul><li>Certain RC4 weak keys reveal too many bits. Can then determine RC4 base key. </li></ul></ul>
  21. 21. Weakness <ul><li>The RC4 algorithm is vulnerable to analytic attacks of the state table. </li></ul><ul><li>One in every 256 keys can be a weak key. These keys are identified by cryptoanalysis that is able to find circumstances under which one of more generated bytes are strongly correlated with a few bytes of the key. </li></ul><ul><li>WEAK KEYS: These are keys identified by cryptoanalysis that are able to find circumstances under which one or more generated bytes are strongly correlated with small subset of the key bytes. These keys can happen in one to 256 keys generated. </li></ul>
  22. 22. WEP Weakness <ul><li>Key Management </li></ul><ul><li>4 possible keys, externally populated </li></ul><ul><li>802.11 standard does not specify distribution mechanism (backbone network) </li></ul><ul><li>Can be unique key for each WS or single key for entire network (commonly used) </li></ul><ul><li>Single key increases chances of IV reuse </li></ul>
  23. 23. IEEE 802.11i <ul><li>Was formed to establish a comprehensive solution for WLAN security. </li></ul><ul><li>Group has nearly completed a standard called Robust Security Network (RSN). </li></ul>
  24. 24. Includes two parts <ul><li>Advanced Encryption Standard (AES) for encrypting WLAN traffic </li></ul><ul><li>IEEE 802.1x a port-based network authentication standard for WLAN user authentication and key management. </li></ul><ul><li>Also finished a series of fixes for WEP. </li></ul><ul><li>-- Fixes include Temporal Key Integrity Protocol (TKIP) </li></ul>
  25. 25. 802.11i <ul><ul><li>Improved encryption Algorithms </li></ul></ul><ul><ul><ul><li>Temporal Key Integrity Protocol (TKIP) – for legacy hardware </li></ul></ul></ul><ul><ul><ul><ul><li>Generates per-packet keys </li></ul></ul></ul></ul><ul><ul><ul><ul><li>48 bit IV prevents replay attacks </li></ul></ul></ul></ul><ul><ul><ul><li>Counter mode CBC-MAC Protocol (CCMP) – for new hardware </li></ul></ul></ul><ul><ul><ul><ul><li>Not for legacy hardware—insufficient CPU power to run AES encryption </li></ul></ul></ul></ul><ul><ul><li>802.1x – port based network access control </li></ul></ul><ul><ul><ul><li>Authentication </li></ul></ul></ul><ul><ul><ul><li>Encryption key distribution </li></ul></ul></ul>
  26. 26. 802.1X From Meetinghouse Data Communications, http://www.mtghouse.com/8021X.pdf
  27. 27. 802.11i >> WEP <ul><li>Forgery </li></ul><ul><ul><li>Stronger Message Integrity Code </li></ul></ul><ul><ul><li>Cryptographically secure hash </li></ul></ul><ul><ul><li>Apply hash to packet payload plus src and dest addresses </li></ul></ul><ul><li>Replay </li></ul><ul><ul><li>48 bit IV, strictly increasing sequence, cannot roll-over (must rekey), receiver discards out-of-sequence packets </li></ul></ul><ul><li>Weak Keys of WEP </li></ul><ul><ul><li>Per-packet key computed using transmitter address, IV, base key </li></ul></ul><ul><li>Collision </li></ul><ul><ul><li>48 bit IV, force a rekey after 2 15 packets </li></ul></ul><ul><ul><li>Use 802.1X EAPOL (Extensible Authentication Protocol Over LAN) to configure a new key for every association </li></ul></ul>
  28. 28. Tools <ul><li>Linux </li></ul><ul><ul><li>Airsnort – used for cracking WEP and scanning AP’s </li></ul></ul><ul><ul><li>Kismet – used to pickup AP’s whether broadcast SSID or not, and to view some settings and clients </li></ul></ul><ul><ul><li>WEPcrack – Perl scripts to crack WEP from a TCPdump </li></ul></ul><ul><ul><li>FakeAP – generates fake AP’s, used to hide a real one </li></ul></ul><ul><li>BSD </li></ul><ul><ul><li>Airtools – suite of multiple tools </li></ul></ul>
  29. 29. Tools <ul><li>Windows </li></ul><ul><ul><li>Netstumbler – auditing tool, finds APs </li></ul></ul><ul><ul><li>AeroPeek – packet analyzer </li></ul></ul><ul><ul><li>Sniffer Wireless – monitoring, capturing, decoding, filtering, etc. </li></ul></ul><ul><li>Many others </li></ul><ul><ul><li>Which do you know? </li></ul></ul>