Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Confer ence on Personal Wireless Co mmunications 2005 (ICPWC 2005), 2 3-25 Jan. 2005, pp. 424 – 428 Reporter: Jung-wen Lo ( 駱駱駱 ) Date: 2005/7/14
Feb 02, 2016
Wireless security & privacy
Authors: M. Borsc and H. ShindeSource: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005), 23-25 Jan. 2005, pp. 424 – 428Reporter: Jung-wen Lo (駱榮問 )Date: 2005/7/14
2
Outline
Introduction WEP Format & Working of 64bits RC4 WEP Encryption & Decryption Weakness in WEP Type of Attack WEP Extensions Appendix
3
Introduction
WEP (Wired Equivalent Privacy) 802.11 optional encryption standard Implemented in the MAC layer Relies on RC4 Provide
User authentication Data privacy Data integrity
4
WEP Format & Working of 64-bit RC4
※ICV: Integrity check value = CRC32(Plain Text)
5
WEP Encryption & Decryption
6
Weakness in WEP (1/2)
Key management & Key size Key management is not specified in WEP
One single WEP key shared between every node on the network
Key size 40 bits in standard Vendors extend up to 104 bits
IV (Initialization Vector) is too small Size=24 bits 16,777,216 RC4 Cipher streams If RC4 cipher stream found, attacker can decrypt packets
with same IV IV starts from 0 in incremental order IV chooses randomly
7
Weakness in WEP (2/2)
Integrity Check Value (ICV) algorithm is not appropriate CRC32 is linear function of the message
Attacker can modify an encrypted message & easily fix the ICV
Weak of WEP using RC4 9000/16million weak keys Reveal in 2000 – 4000 packets Extend WEP key to 1
04 bits Authentication messages can be easily forged
802.11 define two forms authentication Shared key authentication: Reduce DoS attack Open system authentication: Give better network security
8
Type of Attack
Passive attack Attacker collects two same key stream cipher text packets
Reveal key Active attack to insert traffic
Attacker knows plaintext & cipher text pair Generate key stream & new cipher text
Active attack from both ends Attacker predicts both information & destination address
Modify address Table based attack
Attacker builds a table of IVs & corresponding key stream Dictionary building attack
Allows real time automated decryption of all traffic
9
WEP Extensions (1/3)
802.1X Entities
Supplicant (End user machine) Authentication server
Grant or deny authentication by help of authenticator Authenticator server
Compare credentials supplied by supplicant with information in its database
Drawbacks No authenticity or integrity protection between access
point & client
10
WEP Extensions (2/3) TKIP (Temporal Key Integrity Protocol)
Components MIC (Message Integrity Check)
Protect Header & Payload Packet sequencing
Employ packet sequencing number and synchronization to prevent replay attack
Per packet keying Keys have fixed lifetime and replaced frequently
Phase 1: Create intermediate key Phase 2: Encrypt the packet sequence number by intermediate key
Re-keying Solve the problem of re-using IVs in WEP Three key types
Temporal keys: 128-bit for encryption and 64-bit for data integrity Key encryption keys: protect temporal keys Master keys: secure for communication between client and AP
11
WEP Extensions (3/3)
802.11i AES uses 128-bit temporal key & 48-bit IV in MIC
calculation & encryption process Other alternatives
VPN’s VPN client associates to an AP the establishes an aut
henticated encrypted session with VPN server SSL
Authenticate client & server via public key cryptography
12
Apendix 1
TKIP Part of a draft standard from the IEEE 802.11i working
group
RSN (Robust Secure Network) Part of 802.11i standard Cipher Suites
Code 1: WEP Code 2: TKIP Code 3: WRAP (Wireless Robust Authenticated Protocol) Code 4: CCMP (Counter mode with Cipher block chaining
Message authentication code Protocol) Code 5: WEP-104
13
Appendix 2
WPA (Wi-Fi Protected Access) 802.1x + TKIP EAP: Extensible Authentication Protocol