SlideShare a Scribd company logo

802.11i

Download as PPTX, PDF
akruthi k
akruthi k

ieee 802.11i TKIP CCMP

Engineering
1 of 41
IEEE 802.11i Robust Security Networks TKIP CCMP
WEP Cryptographic Operations • Confidentiality and integrity are handled simultaneously in WEP WEP Data Processing
• 802.1X addresses two of the major flaws in WEP 1. authentication 2. key management • The major remaining flaw to be addressed – Lack of confidentiality • idea to overcome this problem – Link Layer encryption technique.
802.11i ? • 802.11i defines 2 protocols for link layer protection 1. Temporal Key Integrity Protocol (TKIP) 2. Counter Mode with CBC-MAC Protocol (CCMP)
• First new link layer encryption technique. • upgraded the security of WEP-based hardware • Retains the basic architecture and operations of WEP. • Initially called “WEP2” The Temporal Key Integrity Protocol (TKIP)
The Temporal Key Integrity Protocol (TKIP) 1. Key hierarchy and automatic key management – Use of master keys for deriving key for frame encryption. – key management operations automatically refreshes key. 2. Per-frame keying – Every frame has a unique RC4 key from the master key. – This process is called key mixing Differences from WEP (Features of TKIP)
The Temporal Key Integrity Protocol (TKIP) 3. Sequence counter Use: 1. out-of-order frames can be flagged, 2. mitigating against replay attacks 4. New message integrity check – CRC replaced with Michael integrity check – more robust cryptographic Algorithm – easier to detect frame forgeries Differences from WEP
The Temporal Key Integrity Protocol (TKIP) 5. Countermeasures on message integrity check failures – Michael can be compromised in an active attack – so TKIP includes countermeasures Differences from WEP
The Temporal Key Integrity Protocol (TKIP) • Doubles the length of the IV from 24 to 48 bits. • This made attackers difficult to predict the keys • key mixing – RC4 key unique to each frame – key mixing calculation is done by including temporal key+transmitter address+ sequence counter . TKIP initialization vector use and key mixing
The Temporal Key Integrity Protocol (TKIP) • TKIP IV also serves as a sequence counter. • When a new master key is installed it sets sequence counter to 1 and increments as the frames are transmitted. • following are the steps to defend replay attacks: – TKIP maintains the most recent sequence counter – The sequence counter is checked against the most recently received sequence counter – If it is larger than any previous value, the frame is accepted – If smaller, it is rejected. – If equal, duplicate frame for error. – Duplicate sequence numbers may represent an error. TKIP sequence counter and replay protection
The Temporal Key Integrity Protocol (TKIP) • WEP uses CRC which proved un suitable. • Major challenge of TKIP is to strengthen integrity check and also able to run on a low power processor – Michael is implemented entirely with bitwise operations – Can run on any processor without harming performance – MIC better than CRC , but fails against a sustained and determined attack • countermeasures detect the active attack and shut down the network and refresh the keys The Michael Integrity Check and countermeasures
TKIP Data Processing and Operation • Like WEP, TKIP provides confidentiality and integrity together. • Confidentiality is achieved through encryption using RC4 hardware with string security belts of key management.
TKIP Data Processing and Operation TKIP Inputs 1. The frame 2. A temporal key 3. A MIC key 4. The transmitter address 5. A sequence counter
TKIP Design – Key Mixing
TKIP data transmission 1. The 802.11 frame is queued for transmission. 2. The Message Integrity Check (MIC) is computed. 3. Sequence numbers are assigned to fragments. 4. Each frame is encrypted with a unique per-frame WEP key. 5. The frame plus Michael message integrity check value from step 2 and the RC4 key from step 4 are passed to WEP.
TKIP Data Processing and Operation
TKIP reception process
1. When a frame is received by the wireless interface and passes the frame check sequence . 2. The first step TKIP takes is to check the sequence number to prevent replay attacks. 3. The WEP seed used to encrypt the packet is recovered. 4. With the WEP seed in hand, the outer WEP layer around the frame can be removed and the contents recovered. 5. If fragmentation was applied, it may be necessary to wait for further frames to arrive before reassembling a complete payload. 6. Once the frame is reassembled, Michael is calculated over the contents of the frame. TKIP reception process
The Michael Integrity Check • Michael operates on frames passed down to it at the MAC service layer from higher-layer protocols • Michael is not a secure cryptographic protocol and it does not protect individual 802.11 frames • It protects the reassembled data unit given to 802.11 for transmission • Several attacks on WEP served as the motivation for Michael. • Message integrity check (MIC) value calculated on data, destination address (DA) and source address (SA). It also adds four zero bytes before the unencrypted data.
Michael data processing  Operates on 32-bit blocks of data.  Padding is used , if required, and only for the computation of the MIC, but not transmitted.  MIC is added on to the tail of the data frame  The data-plus-MIC is given to 802.11 for transmission  During the fragmentation process, the MIC value may be split across multiple 802.11 fragments
Michael countermeasures If an attacker is able to bypass replay protection and the WEP integrity check, it would be possible to mount a brute-force attack on the Michael integrity check. When a station detects a MIC failure 1. The MIC failure is noted and logged. Before the MIC is validated, the frame must pass through the replay protection hurdle as well as the legacy WEP integrity check. Getting a frame to Michael for validation is not a trivial undertaking. Therefore, any MIC validation error is likely to be an extremely security-relevant matter that should be investigated by system administrators. 2. If the failure is the second one within a 60-second window, countermeasures dictate shutting down communications for a further 60 seconds. When the second MIC failure within 60 seconds is detected, all TKIP communication is disabled for 60 seconds. Instituting a communication blackout makes it impossible for an attacker to mount a sustained attack quickly. 3. Keys are refreshed. Stations delete their copies of the master keys and request new keys from the authenticator; authenticators are responsible for generating and distributing new keys.
Counter Mode with CBC-MAC Protocol (CCMP) So far interpretation ?? –TKIP is better than WEP Still Problem ?? – TKIP relies on WEP encryption technique which is again proved insecure. What is the solution ?? – IEEE began working with AES technique for encryption. CCMP is the protocol that uses AES for encryption.
Counter Mode with CBC-MAC Protocol (CCMP) CCMP is basically a combination of counter(CTR) mode privacy and Cipher Block Chaining(CBC) message authentication with AES technique. The CCM mode combines CTR for confidentiality and CBC-MAC for authentication and integrity. Basically AES is flexible to use with any key size and block size. But all AES processing used within CCMP mandates AES with a 128 bit key and a 128 bit block size. Like TKIP, CCMP uses a fresh temporal key (TK) for every session. CCMP also requires a unique nonce value for each frame protected by a given TK, and CCMP uses a 48-bit packet number (PN) for this purpose.
CCMP Data Processing- encryption(Transmission) CCMP Inputs • The frame • A temporal key • A key identifier • A packet number
CCMP data transmission. 1. 802.11 frame is queued for transmission MAC header + payload. 2. A 48 bit packet number is assigned: 3. The Additional Authentication Data (AAD) field is constructed using MAC header of the frame: 4. Construct CCMP Nonce block : Packet number + sender address 5. CCMP Header is constructed: Packet number + key id 6. Run CCM encryption using the temporal key (TK), AAD, Nonce and data to form the ciphertext and Message Integrity Check (MIC): 7. The Encrypted frame is formed by concatenating the original MAC Header, the CCMP header, the Encrypted Data and the MIC. CCMP Data Processing
CCMP reception It’s the reverse of encryption and transmission process 1. When a frame is received by the wireless interface and checks Frame check sequence and if valid passes to CCMP. 2. The additional authentication data (AAD) is recovered from the received frame. 3. The CCMP nonce is also recovered from the frame. 4. The receiver decrypts the ciphertext. 5. The integrity check is calculated over the plaintext data and the additional authentication data. 6. Finally replay detection is done.
Data Transfer Summary WEP TKIP CCMP Cipher RC4 RC4 AES Key Size 40 or 104 bits 128 bits 128 bits encryption, 64 bit auth Key Life 24-bit IV, wrap 48-bit IV 48-bit IV Packet Key Concat. Mixing Fnc Not Needed Integrity Data CRC-32 Michael CCM Header None Michael CCM Replay None Use IV Use IV Key Mgmt. None EAP-based EAP-based
• These are the standard operations that will set the procedure for key derivation and distribution. • Defines two keys : 1. Pairwise keys 2. Group keys Robust Security Network (RSN) Operations
Robust Security Network (RSN) Operations • 802.11i pairwise Key Hierarchy Key Confirmation Key : to compute integrity checks on keys Key Encryption Key : to encrypt keying messages
• Group key hierarchy (for broadcast and multicast transmissions) Robust Security Network (RSN) Operations
802.11i Key Derivation and Distribution • This section explains the technique of key derivation and distribution securely- pairwise key and group key • The process is often called key exchange process. • Also explains the method of updating the keys.
802.11i Key Derivation and Distribution Updating pairwise keys: the four-way handshake
Updating pairwise keys: the four-way handshake Step1: i. Authenticator sends nonce(random value) to the supplicant. Nonce prevents the replay attack ii. After receiving this supplicant expands pairwise master key . Expansion = MAC address supplicant + MAC address MAC address of Authenticator + PMK + two nonces. Step 2: i. Supplicant sends supplicant nonce and a copy of security parameters from initial association with network. Whole message is authenticated by EAPOL KCK. ii. Authenticator extracts supplicant nonce which allows authenticator to derive full pairwise key through this. Authenticator validates the message. If invalid handshake fails.
Updating pairwise keys: the four-way handshake Step3: i. At this point keys are in place both sides but requires confirmation. ii. Authenticator sends supplicant a message indicating sequence number+ GTK which is encrypted using KEK and entire message is authenticated using KCK Step 4: i. Supplicant sends a final confirmation message that it has received the keying messages so that authenticator can start using the keys ii. Entire message is authenticated using KCK
1. The authenticator sends the supplicant a nonce, which is a random value that prevents replay attacks. There is no authentication of the message, but there is no danger from tampering. If the message is altered, the handshake fails and will be rerun. At this point, the supplicant can expand the pairwise master key into the full pairwise key hierarchy. Expansion requires the MAC addresses of the supplicant and authenticator, the pairwise master key, and the two nonces. 2. The supplicant sends a message that has the supplicant nonce and a copy of the security parameters from the initial association with the network. The whole message is authenticated by an integrity check code calculated using the EAPOL Key Confirmation Key. The authenticator receives the message and extracts the supplicant nonce, which allows the authenticator to derive the full pairwise key hierarchy. Part of the key hierarchy is the key used to "sign" the message. If the authenticator cannot validate the message, the handshake fails. Updating pairwise keys: the four-way handshake
3. Keys are now in place on both sides of the handshake, but need to be confirmed. The Authenticator sends the supplicant a message indicating the sequence number for which the pairwise key will be added. It also includes the current group transient key to enable update of the group key. The group transient key is encrypted using the EAPOL Key Encryption Key, and the entire message is authenticated using the Key Confirmation Key. 4. The supplicant sends a final confirmation message to the authenticator to indicate that it has received the keying messages and the authenticator may start using the keys. The message is authenticated using the Key Confirmation Key. Updating pairwise keys: the four-way handshake
Updating group keys: the group key handshake Because the group transient key is encrypted with the Key Encryption Key from the pairwise hierarchy, the group key handshake requires that a successful four-way handshake has already occurred. 1. The authenticator sends the group transient key (GTK), encrypted with the Key Encryption Key from the pairwise key hierarchy. The message is also authenticated with a code calculated with the Key Confirmation Key. 2. The supplicant sends an acknowledgment message, indicating the authenticator should begin to use the new key for group frames. This message is also authenticated using the Key Confirmation Key.
Improved 802.11i Architecture Stage 1: Network and Security Capability Discovery Stage 2: 802.1X Authentication (mutual authentication, shared secret, cipher suite) Stage 3: Secure Association (management frames protected) Stage 4: 4-Way Handshake (PMK confirmation, PTK derivation, and GTK distribution) Stage 5: Group Key Handshake Stage 6: Secure Data Communications Michael MIC Failure or Other Security Failures Group Key Handshake Timout 4-Way Handshake Timout Association Failure 802.1X Failure
State 1 Unauthenticated , Unassociated State 2 Authenticated, Unassociated State 3 Authenticated, and Associated Successful MAC layer Authentication Successful Association or Reassociation Disassociation Notification DeAuthentication Notification Deauthentica tion notification Class 1 Frames Class 1 & 2 Frames Class 1, 2 & 3 Frames Classic 802.11 State Machine
State 1 Unauthenticated, Unassociated State 2 Authenticated, Unassociated State 3 Authenticated, and Associated Successful MAC layer Authentication Successful Association or Reassociation Disassociation Notification DeAuthentication Notification Deauthentication notification Class 1 Frames + ESN Class 2 frames Class 1 & 2 Frames Class 1, 2 & 3 Frames 802.11i State Machine State 4 ESN Associated ESN Association or Reassociation ESN Disassociation Notification Successful upper layer Authentication Class 1, 2 & 3 Frames except Authentication & Deauthentication
802.11i Fast Handoff STAAPold APnew Associate-Request Associate-Response ACK DS Notified Reassociate-Request (Authenticated) Reassociate-Response (Authenticated) ACK DS Notified Disassociate (Authenticated) Transition Period ~ RTTSTA-AP 802.1X/Identity Request EAP-Success 802.1X/Identity Response EAP-Request EAP-Response Transition Period ~ nRTTSTA-AP n =3.5 (TLS), 2.5 (TLS continuation)

Recommended

Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Program security
Program securityProgram security
Program securityG Prachi
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Encapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityEncapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityKoushil Mankali
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesJanani S
 

Recommended

Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Program security
Program securityProgram security
Program securityG Prachi
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Encapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityEncapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityKoushil Mankali
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesJanani S
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authenticationchauhankapil
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic CryptographyInformation Technology
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1JeevananthamArumugam
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
network security
network securitynetwork security
network securitySrinivasa Rao
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
substitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxsubstitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxGauriBornare1
 
Deadlock in Distributed Systems
Deadlock in Distributed SystemsDeadlock in Distributed Systems
Deadlock in Distributed SystemsPritom Saha Akash
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Rotor machine,subsitution technique
Rotor machine,subsitution techniqueRotor machine,subsitution technique
Rotor machine,subsitution techniquekirupasuchi1996
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptographychauhankapil
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
Message passing in Distributed Computing Systems
Message passing in Distributed Computing SystemsMessage passing in Distributed Computing Systems
Message passing in Distributed Computing SystemsAlagappa Govt Arts College, Karaikudi
 
White box crytography in an insecure enviroment
White box crytography in an insecure enviromentWhite box crytography in an insecure enviroment
White box crytography in an insecure enviromentIqra khalil
 
Datalinklayer tanenbaum
Datalinklayer tanenbaumDatalinklayer tanenbaum
Datalinklayer tanenbaumMahesh Kumar Chelimilla
 
KRACK attack
KRACK attackKRACK attack
KRACK attackVadimDavydov3
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2Tushar Anand
 

More Related Content

What's hot

Message Authentication
Message AuthenticationMessage Authentication
Message Authenticationchauhankapil
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
substitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxsubstitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxGauriBornare1
 
Deadlock in Distributed Systems
Deadlock in Distributed SystemsDeadlock in Distributed Systems
Deadlock in Distributed SystemsPritom Saha Akash
 
Rotor machine,subsitution technique
Rotor machine,subsitution techniqueRotor machine,subsitution technique
Rotor machine,subsitution techniquekirupasuchi1996
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptographychauhankapil
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
White box crytography in an insecure enviroment
White box crytography in an insecure enviromentWhite box crytography in an insecure enviroment
White box crytography in an insecure enviromentIqra khalil
 

What's hot (20)

Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic Cryptography
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
network security
network securitynetwork security
network security
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
substitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxsubstitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptx
 
Deadlock in Distributed Systems
Deadlock in Distributed SystemsDeadlock in Distributed Systems
Deadlock in Distributed Systems
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Rotor machine,subsitution technique
Rotor machine,subsitution techniqueRotor machine,subsitution technique
Rotor machine,subsitution technique
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
Message passing in Distributed Computing Systems
Message passing in Distributed Computing SystemsMessage passing in Distributed Computing Systems
Message passing in Distributed Computing Systems
 
White box crytography in an insecure enviroment
White box crytography in an insecure enviromentWhite box crytography in an insecure enviroment
White box crytography in an insecure enviroment
 
Datalinklayer tanenbaum
Datalinklayer tanenbaumDatalinklayer tanenbaum
Datalinklayer tanenbaum
 

Similar to 802.11i

Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2Tushar Anand
 
Informal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPInformal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPvanhoefm
 
Wireless security837
Wireless security837Wireless security837
Wireless security837mark scott
 
Slide Deck Class Session 8 – FRSecure CISSP Mentor Program
Slide Deck Class Session 8 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 8 – FRSecure CISSP Mentor Program
Slide Deck Class Session 8 – FRSecure CISSP Mentor ProgramFRSecure
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...cmstiernberg
 
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017FRSecure
 
Wired equivalent privacy by SecArmour
Wired equivalent privacy by SecArmour Wired equivalent privacy by SecArmour
Wired equivalent privacy by SecArmourSec Armour
 
New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIPvanhoefm
 
Practical Verification of TKIP Vulnerabilities
Practical Verification of TKIP VulnerabilitiesPractical Verification of TKIP Vulnerabilities
Practical Verification of TKIP Vulnerabilitiesvanhoefm
 
Packet Processing Application
Packet Processing ApplicationPacket Processing Application
Packet Processing Applicationadil raja
 
Packet Processing Application
Packet Processing ApplicationPacket Processing Application
Packet Processing Applicationadil raja
 
Wi fi-security-the-details-matter
Wi fi-security-the-details-matterWi fi-security-the-details-matter
Wi fi-security-the-details-matterDESMOND YUEN
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 

Similar to 802.11i (20)

KRACK attack
KRACK attackKRACK attack
KRACK attack
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
 
Informal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPInformal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIP
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
 
Slide Deck Class Session 8 – FRSecure CISSP Mentor Program
Slide Deck Class Session 8 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 8 – FRSecure CISSP Mentor Program
Slide Deck Class Session 8 – FRSecure CISSP Mentor Program
 
Resilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential ModeResilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential Mode
 
spins
spinsspins
spins
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
 
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
 
Wired equivalent privacy by SecArmour
Wired equivalent privacy by SecArmour Wired equivalent privacy by SecArmour
Wired equivalent privacy by SecArmour
 
New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIP
 
WEP
WEPWEP
WEP
 
Practical Verification of TKIP Vulnerabilities
Practical Verification of TKIP VulnerabilitiesPractical Verification of TKIP Vulnerabilities
Practical Verification of TKIP Vulnerabilities
 
Packet Processing Application
Packet Processing ApplicationPacket Processing Application
Packet Processing Application
 
Packet Processing Application
Packet Processing ApplicationPacket Processing Application
Packet Processing Application
 
Wi fi-security-the-details-matter
Wi fi-security-the-details-matterWi fi-security-the-details-matter
Wi fi-security-the-details-matter
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 

More from akruthi k

Unit i-introduction
Unit i-introductionUnit i-introduction
Unit i-introductionakruthi k
 
Pattern matching programs
Pattern matching programsPattern matching programs
Pattern matching programsakruthi k
 
Physical layer overview
Physical layer overviewPhysical layer overview
Physical layer overviewakruthi k
 
802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opernakruthi k
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)akruthi k
 

More from akruthi k (10)

Unit i-introduction
Unit i-introductionUnit i-introduction
Unit i-introduction
 
Pattern matching programs
Pattern matching programsPattern matching programs
Pattern matching programs
 
Kmp
KmpKmp
Kmp
 
Boyer moore
Boyer mooreBoyer moore
Boyer moore
 
Physical layer overview
Physical layer overviewPhysical layer overview
Physical layer overview
 
Fhss
FhssFhss
Fhss
 
Dsss phy
Dsss phyDsss phy
Dsss phy
 
802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opern
 
802.1x
802.1x802.1x
802.1x
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)
 

Recently uploaded

result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 

Recently uploaded (20)

result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 

802.11i

  • 1. IEEE 802.11i Robust Security Networks TKIP CCMP
  • 2. WEP Cryptographic Operations • Confidentiality and integrity are handled simultaneously in WEP WEP Data Processing
  • 3. • 802.1X addresses two of the major flaws in WEP 1. authentication 2. key management • The major remaining flaw to be addressed – Lack of confidentiality • idea to overcome this problem – Link Layer encryption technique.
  • 4. 802.11i ? • 802.11i defines 2 protocols for link layer protection 1. Temporal Key Integrity Protocol (TKIP) 2. Counter Mode with CBC-MAC Protocol (CCMP)
  • 5. • First new link layer encryption technique. • upgraded the security of WEP-based hardware • Retains the basic architecture and operations of WEP. • Initially called “WEP2” The Temporal Key Integrity Protocol (TKIP)
  • 6. The Temporal Key Integrity Protocol (TKIP) 1. Key hierarchy and automatic key management – Use of master keys for deriving key for frame encryption. – key management operations automatically refreshes key. 2. Per-frame keying – Every frame has a unique RC4 key from the master key. – This process is called key mixing Differences from WEP (Features of TKIP)
  • 7. The Temporal Key Integrity Protocol (TKIP) 3. Sequence counter Use: 1. out-of-order frames can be flagged, 2. mitigating against replay attacks 4. New message integrity check – CRC replaced with Michael integrity check – more robust cryptographic Algorithm – easier to detect frame forgeries Differences from WEP
  • 8. The Temporal Key Integrity Protocol (TKIP) 5. Countermeasures on message integrity check failures – Michael can be compromised in an active attack – so TKIP includes countermeasures Differences from WEP
  • 9. The Temporal Key Integrity Protocol (TKIP) • Doubles the length of the IV from 24 to 48 bits. • This made attackers difficult to predict the keys • key mixing – RC4 key unique to each frame – key mixing calculation is done by including temporal key+transmitter address+ sequence counter . TKIP initialization vector use and key mixing
  • 10. The Temporal Key Integrity Protocol (TKIP) • TKIP IV also serves as a sequence counter. • When a new master key is installed it sets sequence counter to 1 and increments as the frames are transmitted. • following are the steps to defend replay attacks: – TKIP maintains the most recent sequence counter – The sequence counter is checked against the most recently received sequence counter – If it is larger than any previous value, the frame is accepted – If smaller, it is rejected. – If equal, duplicate frame for error. – Duplicate sequence numbers may represent an error. TKIP sequence counter and replay protection
  • 11. The Temporal Key Integrity Protocol (TKIP) • WEP uses CRC which proved un suitable. • Major challenge of TKIP is to strengthen integrity check and also able to run on a low power processor – Michael is implemented entirely with bitwise operations – Can run on any processor without harming performance – MIC better than CRC , but fails against a sustained and determined attack • countermeasures detect the active attack and shut down the network and refresh the keys The Michael Integrity Check and countermeasures
  • 12. TKIP Data Processing and Operation • Like WEP, TKIP provides confidentiality and integrity together. • Confidentiality is achieved through encryption using RC4 hardware with string security belts of key management.
  • 13. TKIP Data Processing and Operation TKIP Inputs 1. The frame 2. A temporal key 3. A MIC key 4. The transmitter address 5. A sequence counter
  • 14. TKIP Design – Key Mixing
  • 15. TKIP data transmission 1. The 802.11 frame is queued for transmission. 2. The Message Integrity Check (MIC) is computed. 3. Sequence numbers are assigned to fragments. 4. Each frame is encrypted with a unique per-frame WEP key. 5. The frame plus Michael message integrity check value from step 2 and the RC4 key from step 4 are passed to WEP.
  • 16. TKIP Data Processing and Operation
  • 18. 1. When a frame is received by the wireless interface and passes the frame check sequence . 2. The first step TKIP takes is to check the sequence number to prevent replay attacks. 3. The WEP seed used to encrypt the packet is recovered. 4. With the WEP seed in hand, the outer WEP layer around the frame can be removed and the contents recovered. 5. If fragmentation was applied, it may be necessary to wait for further frames to arrive before reassembling a complete payload. 6. Once the frame is reassembled, Michael is calculated over the contents of the frame. TKIP reception process
  • 19. The Michael Integrity Check • Michael operates on frames passed down to it at the MAC service layer from higher-layer protocols • Michael is not a secure cryptographic protocol and it does not protect individual 802.11 frames • It protects the reassembled data unit given to 802.11 for transmission • Several attacks on WEP served as the motivation for Michael. • Message integrity check (MIC) value calculated on data, destination address (DA) and source address (SA). It also adds four zero bytes before the unencrypted data.
  • 20. Michael data processing  Operates on 32-bit blocks of data.  Padding is used , if required, and only for the computation of the MIC, but not transmitted.  MIC is added on to the tail of the data frame  The data-plus-MIC is given to 802.11 for transmission  During the fragmentation process, the MIC value may be split across multiple 802.11 fragments
  • 21. Michael countermeasures If an attacker is able to bypass replay protection and the WEP integrity check, it would be possible to mount a brute-force attack on the Michael integrity check. When a station detects a MIC failure 1. The MIC failure is noted and logged. Before the MIC is validated, the frame must pass through the replay protection hurdle as well as the legacy WEP integrity check. Getting a frame to Michael for validation is not a trivial undertaking. Therefore, any MIC validation error is likely to be an extremely security-relevant matter that should be investigated by system administrators. 2. If the failure is the second one within a 60-second window, countermeasures dictate shutting down communications for a further 60 seconds. When the second MIC failure within 60 seconds is detected, all TKIP communication is disabled for 60 seconds. Instituting a communication blackout makes it impossible for an attacker to mount a sustained attack quickly. 3. Keys are refreshed. Stations delete their copies of the master keys and request new keys from the authenticator; authenticators are responsible for generating and distributing new keys.
  • 22. Counter Mode with CBC-MAC Protocol (CCMP) So far interpretation ?? –TKIP is better than WEP Still Problem ?? – TKIP relies on WEP encryption technique which is again proved insecure. What is the solution ?? – IEEE began working with AES technique for encryption. CCMP is the protocol that uses AES for encryption.
  • 23. Counter Mode with CBC-MAC Protocol (CCMP) CCMP is basically a combination of counter(CTR) mode privacy and Cipher Block Chaining(CBC) message authentication with AES technique. The CCM mode combines CTR for confidentiality and CBC-MAC for authentication and integrity. Basically AES is flexible to use with any key size and block size. But all AES processing used within CCMP mandates AES with a 128 bit key and a 128 bit block size. Like TKIP, CCMP uses a fresh temporal key (TK) for every session. CCMP also requires a unique nonce value for each frame protected by a given TK, and CCMP uses a 48-bit packet number (PN) for this purpose.
  • 24. CCMP Data Processing- encryption(Transmission) CCMP Inputs • The frame • A temporal key • A key identifier • A packet number
  • 25. CCMP data transmission. 1. 802.11 frame is queued for transmission MAC header + payload. 2. A 48 bit packet number is assigned: 3. The Additional Authentication Data (AAD) field is constructed using MAC header of the frame: 4. Construct CCMP Nonce block : Packet number + sender address 5. CCMP Header is constructed: Packet number + key id 6. Run CCM encryption using the temporal key (TK), AAD, Nonce and data to form the ciphertext and Message Integrity Check (MIC): 7. The Encrypted frame is formed by concatenating the original MAC Header, the CCMP header, the Encrypted Data and the MIC. CCMP Data Processing
  • 26. CCMP reception It’s the reverse of encryption and transmission process 1. When a frame is received by the wireless interface and checks Frame check sequence and if valid passes to CCMP. 2. The additional authentication data (AAD) is recovered from the received frame. 3. The CCMP nonce is also recovered from the frame. 4. The receiver decrypts the ciphertext. 5. The integrity check is calculated over the plaintext data and the additional authentication data. 6. Finally replay detection is done.
  • 27. Data Transfer Summary WEP TKIP CCMP Cipher RC4 RC4 AES Key Size 40 or 104 bits 128 bits 128 bits encryption, 64 bit auth Key Life 24-bit IV, wrap 48-bit IV 48-bit IV Packet Key Concat. Mixing Fnc Not Needed Integrity Data CRC-32 Michael CCM Header None Michael CCM Replay None Use IV Use IV Key Mgmt. None EAP-based EAP-based
  • 28. • These are the standard operations that will set the procedure for key derivation and distribution. • Defines two keys : 1. Pairwise keys 2. Group keys Robust Security Network (RSN) Operations
  • 29. Robust Security Network (RSN) Operations • 802.11i pairwise Key Hierarchy Key Confirmation Key : to compute integrity checks on keys Key Encryption Key : to encrypt keying messages
  • 30. • Group key hierarchy (for broadcast and multicast transmissions) Robust Security Network (RSN) Operations
  • 31. 802.11i Key Derivation and Distribution • This section explains the technique of key derivation and distribution securely- pairwise key and group key • The process is often called key exchange process. • Also explains the method of updating the keys.
  • 32. 802.11i Key Derivation and Distribution Updating pairwise keys: the four-way handshake
  • 33. Updating pairwise keys: the four-way handshake Step1: i. Authenticator sends nonce(random value) to the supplicant. Nonce prevents the replay attack ii. After receiving this supplicant expands pairwise master key . Expansion = MAC address supplicant + MAC address MAC address of Authenticator + PMK + two nonces. Step 2: i. Supplicant sends supplicant nonce and a copy of security parameters from initial association with network. Whole message is authenticated by EAPOL KCK. ii. Authenticator extracts supplicant nonce which allows authenticator to derive full pairwise key through this. Authenticator validates the message. If invalid handshake fails.
  • 34. Updating pairwise keys: the four-way handshake Step3: i. At this point keys are in place both sides but requires confirmation. ii. Authenticator sends supplicant a message indicating sequence number+ GTK which is encrypted using KEK and entire message is authenticated using KCK Step 4: i. Supplicant sends a final confirmation message that it has received the keying messages so that authenticator can start using the keys ii. Entire message is authenticated using KCK
  • 35. 1. The authenticator sends the supplicant a nonce, which is a random value that prevents replay attacks. There is no authentication of the message, but there is no danger from tampering. If the message is altered, the handshake fails and will be rerun. At this point, the supplicant can expand the pairwise master key into the full pairwise key hierarchy. Expansion requires the MAC addresses of the supplicant and authenticator, the pairwise master key, and the two nonces. 2. The supplicant sends a message that has the supplicant nonce and a copy of the security parameters from the initial association with the network. The whole message is authenticated by an integrity check code calculated using the EAPOL Key Confirmation Key. The authenticator receives the message and extracts the supplicant nonce, which allows the authenticator to derive the full pairwise key hierarchy. Part of the key hierarchy is the key used to "sign" the message. If the authenticator cannot validate the message, the handshake fails. Updating pairwise keys: the four-way handshake
  • 36. 3. Keys are now in place on both sides of the handshake, but need to be confirmed. The Authenticator sends the supplicant a message indicating the sequence number for which the pairwise key will be added. It also includes the current group transient key to enable update of the group key. The group transient key is encrypted using the EAPOL Key Encryption Key, and the entire message is authenticated using the Key Confirmation Key. 4. The supplicant sends a final confirmation message to the authenticator to indicate that it has received the keying messages and the authenticator may start using the keys. The message is authenticated using the Key Confirmation Key. Updating pairwise keys: the four-way handshake
  • 37. Updating group keys: the group key handshake Because the group transient key is encrypted with the Key Encryption Key from the pairwise hierarchy, the group key handshake requires that a successful four-way handshake has already occurred. 1. The authenticator sends the group transient key (GTK), encrypted with the Key Encryption Key from the pairwise key hierarchy. The message is also authenticated with a code calculated with the Key Confirmation Key. 2. The supplicant sends an acknowledgment message, indicating the authenticator should begin to use the new key for group frames. This message is also authenticated using the Key Confirmation Key.
  • 38. Improved 802.11i Architecture Stage 1: Network and Security Capability Discovery Stage 2: 802.1X Authentication (mutual authentication, shared secret, cipher suite) Stage 3: Secure Association (management frames protected) Stage 4: 4-Way Handshake (PMK confirmation, PTK derivation, and GTK distribution) Stage 5: Group Key Handshake Stage 6: Secure Data Communications Michael MIC Failure or Other Security Failures Group Key Handshake Timout 4-Way Handshake Timout Association Failure 802.1X Failure
  • 39. State 1 Unauthenticated , Unassociated State 2 Authenticated, Unassociated State 3 Authenticated, and Associated Successful MAC layer Authentication Successful Association or Reassociation Disassociation Notification DeAuthentication Notification Deauthentica tion notification Class 1 Frames Class 1 & 2 Frames Class 1, 2 & 3 Frames Classic 802.11 State Machine
  • 40. State 1 Unauthenticated, Unassociated State 2 Authenticated, Unassociated State 3 Authenticated, and Associated Successful MAC layer Authentication Successful Association or Reassociation Disassociation Notification DeAuthentication Notification Deauthentication notification Class 1 Frames + ESN Class 2 frames Class 1 & 2 Frames Class 1, 2 & 3 Frames 802.11i State Machine State 4 ESN Associated ESN Association or Reassociation ESN Disassociation Notification Successful upper layer Authentication Class 1, 2 & 3 Frames except Authentication & Deauthentication
  • 41. 802.11i Fast Handoff STAAPold APnew Associate-Request Associate-Response ACK DS Notified Reassociate-Request (Authenticated) Reassociate-Response (Authenticated) ACK DS Notified Disassociate (Authenticated) Transition Period ~ RTTSTA-AP 802.1X/Identity Request EAP-Success 802.1X/Identity Response EAP-Request EAP-Response Transition Period ~ nRTTSTA-AP n =3.5 (TLS), 2.5 (TLS continuation)