Wireless Security
description
Transcript of Wireless Security
![Page 1: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/1.jpg)
![Page 2: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/2.jpg)
802.11 Basics
Security in 802.11WEP summary
WEP Insecurity
![Page 3: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/3.jpg)
ALOHAnet1999: IEEE 802.11a (54 Mbps)1999: IEEE 802.11b (11 Mbps)2003: IEEE 802.11g (54 Mbps)2009: IEEE 802.11n (150 Mbps)
![Page 4: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/4.jpg)
802.11b 2.4-2.485 GHz unlicensed
radio spectrum up to 11 Mbps direct sequence spread
spectrum (DSSS) in physical layer: all hosts use same chipping code
802.11a 5-6 GHz range up to 54 Mbps Physical layer: orthogonal
frequency division multiplexing (OFDM)
802.11g 2.4-2.485 GHz range up to 54 Mbps OFDM
All use CSMA/CA for multiple access
All have base-station and ad-hoc versions
All allow for reducing bit rate for longer range
4
![Page 5: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/5.jpg)
Wireless host communicates with a base station base station = access point (AP)
Basic Service Set (BSS) (a.k.a. “cell”) contains: wireless hosts access point (AP): base station
BSS’s combined to form distribution system (DS)
![Page 6: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/6.jpg)
No AP (i.e., base station) wireless hosts communicate with
each other to get packet from wireless host A to B
may need to route through wireless hosts
Applications: “Laptop” meeting in conference room Vehicle Network Interconnection of “personal” devices Battlefield
![Page 7: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/7.jpg)
802.11b: 2.4GHz-2.485GHz spectrum divided into 11 channels at different frequencies; 3 non-overlapping AP admin chooses frequency for AP interference possible: channel can be same as that
chosen by neighboring AP! AP regularly sends beacon frame
Includes SSID, beacon interval (often 0.1 sec) host: must associate with an AP
scans channels, listening for beacon frames selects AP to associate with; initiates association protocol may perform authentication After association, host will typically run DHCP to get IP
address in AP’s subnet
7
![Page 8: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/8.jpg)
8
framecontrol duration address
1address
2address
4address
3 payload CRC
2 2 6 6 6 2 6 0 - 2312 4
seqcontrol
Address 2: MAC addressof wireless host or AP transmitting this frame
Address 1: MAC addressof wireless host or AP to receive this frame Address 3: MAC address
of router interface to which AP is attached
Address 4: used only in ad hoc mode
![Page 9: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/9.jpg)
9
Internetrouter
APH1 R1
H1 MAC addr AP MAC addr R1 MAC addraddress 1 address 2 address 3
802.11 frame
H1 MAC addr R1 MAC addr dest. address source address
802.3 frame
802.11 frame: addressing
![Page 10: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/10.jpg)
10
Internetrouter
APH1 R1
AP MAC addr H1 MAC addr R1 MAC addraddress 1 address 2 address 3
802.11 frame
R1 MAC addr H1 MAC addr dest. address source address
802.3 frame
802.11 frame: addressing
![Page 11: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/11.jpg)
11
Type FromAPSubtype To
APMore frag WEPMore
dataPower
mgtRetry RsvdProtocolversion
2 2 4 1 1 1 1 1 11 1
framecontrol duration address
1address
2address
4address
3 payload CRC
2 2 6 6 6 2 6 0 - 2312 4
seqcontrol
frame:
frame control field expanded:
Type/subtype distinguishes beacon, association, ACK, RTS, CTS, etc frames.
To/From AP defines meaning of address fields
802.11 allows for fragmentation at the link layer
802.11 allows stations to enter sleep mode
Seq number identifies retransmitted frames (eg, when ACK lost)
WEP = 1 if encryption is used
![Page 12: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/12.jpg)
Service Set Identifier (SSID)Differentiates one access point from
anotherSSID is cast in ‘beacon frames’ every
few seconds.Beacon frames are in plain text!Encryption
![Page 13: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/13.jpg)
802.11 Basics
Security in 802.11WEP summary
WEP Insecurity
![Page 14: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/14.jpg)
Why do we need the encryption? Wi-Fi networks use radio transmissions
prone to eavesdropping Mechanism to prevent outsiders from
▪ accessing network data & traffic▪ using network resources
![Page 15: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/15.jpg)
Access points have two ways of initiating communication with a client
Shared Key or Open System authentication Open System: need to supply the correct SSID
Allow anyone to start a conversation with the AP
Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates
![Page 16: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/16.jpg)
Client begins by sending an association request to the AP
AP responds with a challenge text (unencrypted)
Client, using the proper key, encrypts text and sends it back to the AP
If properly encrypted, AP allows communication with the client
![Page 17: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/17.jpg)
1997: Original 802.11 standard only offers SSID MAC Filtering
1999: Introduce of Wired Equivalent Privacy (WEP) Several industry players formes WECA (Wireless
Ethernet Compatibility Alliance) for rapid adaption of 802.11 network products
2001: Discover weaknesses in WEP IEEE started Task Group i
2002: WECA was renamed in WI-FI 2003: WiFi Protected Access (WPA)
Interim Solution for the weakness of WEP 2004: WPA2 (IEEE-802.11i-2004)
![Page 18: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/18.jpg)
Primary built security for 802.11 protocol
RC4 encryption 64-bits RC4 keys Non-standard extension uses 128-bit
keys
Many flaws in implementation
![Page 19: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/19.jpg)
Interim solution for replacement of WEP
Goals: improved encryption user authentication
Two Modes WPA Personal : TKIP/MIC ; PSK WPA Enterprise : TKIP/MIC ; 802.1X/EAP
![Page 20: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/20.jpg)
WPA-Personal Also refer to WPA-PSK (WPA Pre-shared Key) Designed for home and small office networks and
doesn't require an authentication server.
WPA-Enterprise Known as WPA-802.1X Designed for enterprise networks and requires an authentication
server An Extensible Authentication Protocol (EAP) is used for
authentication Supports multiple authentication method based on:
▪ passwords (Sample: PEAP)▪ digital certificates (Sample: TLS, TTLS)
![Page 21: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/21.jpg)
TKIP (Temporal Key Integrity Protocol) The 128 bit RC4 stream cipher used in WPA
CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) An AES-based encryption mechanism used in
WPA2
![Page 22: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/22.jpg)
Approved in July 2004
AES is used for encryption
Two mode like WPA: Enterprise Mode:
▪ authentication: 802.1X/EAP▪ encryption: AES-CCMP
Personal Mode:▪ authentication: PSK▪ encryption: AES-CCMP
![Page 23: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/23.jpg)
23
WEP WPA WPA2Cipher RC4 RC4 AESKey Size (bits) 64/128 128 128Key Life 24 bit IV 48 bit IV 48 bit IVPacket Key Concatenation Two Phase Mix Not NeedData Integrity CRC32 Michael CCMKey Management
None 802.1X/PSK 802.1X/PSK
![Page 24: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/24.jpg)
• WEP is no longer a secure wireless method • WPA2 with AES encryption is currently the best
encryption scheme
• If on an unsecured network, use SSH or VPN tunneling to secure your data
![Page 25: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/25.jpg)
802.11 Basics
Security in 802.11WEP summary
WEP Insecurity
![Page 26: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/26.jpg)
26
A block of plaintext is bitwise XORed with a pseudorandom key sequence of equal length
RC4 PRNG
![Page 27: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/27.jpg)
Header Payload ICVPayload802.11 Frame
ICV computed – 32-bit CRC of payload
CRC
32
![Page 28: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/28.jpg)
ICV computed – 32-bit CRC of payload
One of four keys selected – 40-bits
KeyKeynumber
Key 1Key 2Key 3Key 4 40
4 x 40
![Page 29: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/29.jpg)
ICV computed – 32-bit CRC of payload
One of four keys selected – 40-bits IV selected – 24-bits, prepended to
keynumber
IV keynumber24 8
![Page 30: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/30.jpg)
ICV computed – 32-bit CRC of payload
One of four keys selected – 40-bits IV selected – 24-bits, prepended to
keynumber IV+key used to encrypt
payload+ICV
IV Key
ICVPayload ICVPayloadRC4
64
![Page 31: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/31.jpg)
ICV computed – 32-bit CRC of payload One of four keys selected – 40-bits IV selected – 24-bits, prepended to
keynumber IV+key used to encrypt payload+ICV IV+keynumber prepended to
encrypted payload+ICV
ICVPayloadIV keynumberHeaderWEP Frame
![Page 32: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/32.jpg)
Keynumber is used to select key
KeyKeynumber
Key 1Key 2Key 3Key 4 40
4 x 40
![Page 33: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/33.jpg)
IV Key
ICVPayload ICVPayloadRC4
64
Keynumber is used to select key
ICV+key used to decrypt payload+ICV
![Page 34: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/34.jpg)
CRCICVPayload
Header PayloadICV’
Keynumber is used to select key
ICV+key used to decrypt payload+ICV
ICV recomputed and compared against original
32
![Page 35: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/35.jpg)
Purpose – increase the encryption key size
Non-standard, but in wide use IV and ICV set as before104-bit key selected IV+key concatenated to form 128-
bit RC4 key
IV Key
ICVPayload ICVPayloadRC4
24 104128-bits
![Page 36: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/36.jpg)
Keys are manually distributed Keys are statically configured
often infrequently changed and easy to remember!
Key values can be directly set as hex data Key generators provided for convenience
ASCII string is converted into keying material Non-standard but in wide use Different key generators for 64- and 128-bit
![Page 37: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/37.jpg)
![Page 38: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/38.jpg)
http://www.wepkey.com/
38
![Page 39: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/39.jpg)
802.11 Basics
Security in 802.11WEP summary
WEP Insecurity
![Page 40: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/40.jpg)
Problem: Keystream ReuseWEP’ s Solution: Per Packet IvsBut…
40
so knowing one plaintext will get you the other
XOR cancels keystream
![Page 41: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/41.jpg)
IV only 24-bits in WEP, It must repeat after 2^24 or ~ 16.7M packets practical? How long to exhaust the IV space in busy
network? A busy AP constantly send 1500 bytes packet Consider Data Rate 11 Mbps IV exhausts after..
Consequences:– Keystream for corresponding IV is obtained
41
![Page 42: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/42.jpg)
2001: Fluhrer, Mantin, Shamir : Weaknesses in the Key Scheduling Algorithm of RC4.
completely passive attack Inductive chosen plaintext attack
Takes 5-10M. packets to find secret key Showed that WEP is near useless
42
![Page 43: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/43.jpg)
In 2001, airsnort was released but needs millions of packets
‹In 2004, aircrack and weblap require only hundreds of thousands of packets
http://securityfocus.com/infocus/1814 ‹http://www.securityfocus.com/
infocus/182443
![Page 44: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/44.jpg)
One common shared key If any device is stolen or
compromised, must change shared key in all devices
No key distribution mechanism
Infeasible for large organization: approach doesn’t scale
Crypto is flawed Early 2001: Integrity and
authentication attacks published
August 2001 (weak-key attack): can deduce RC4 key after observing several million packets
AirSnort application allows casual user to decrypt WEP traffic
Crypto problems 24 bit IV to short Same key for encryption
and message integrity ICV flawed, does not
prevent adversarial modification of intercepted packets
Cryptanalytic attack allows eavesdroppers to learn key after observing several millions of packets
44
![Page 45: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/45.jpg)
SSID and access control lists provide minimal security no encryption
WEP provides encryption, but is easily broken
Emerging protocol: 802.11i Back-end authentication server Public-key cryptography for authentication
and master key distribution TKIP: Strong symmetric crypto techniques
45
![Page 46: Wireless Security](https://reader036.fdocuments.in/reader036/viewer/2022081604/56815687550346895dc43750/html5/thumbnails/46.jpg)
Fluhrer, Mantin, Shamir - Weakness in the Key Scheduling Algorithm of RC4.http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf
Stubblefield, Loannidis, Rubin – Using the Fluhrer, Mantin, and Shamir Attack to Break WEP.http://www.cs.rice.edu/~astubble/wep/wep_attack.pdf
Rivest – RSA Security Response to Weakness in the Key Scheduling Algorithm of RC4.http://www.rsasecurity.com/rsalabs/technotes/wep.html
RC4 Encryption Algorithm.http://www.ncat.edu/~grogans/algorithm_breakdown.htm
46