Wirelss Security Technology

The security, or lack thereof, of wireless technology

Yuguang QiuUniversity Of Colorado DenverComputer Science Department

2015, April 26th

Wireless Security Technology Requirements

Outlines & Summary

1. Abstract

2. Introduction

3. Wi-Fi Security protocols•3.1 Security Protocols•3.2 Symmetric- Key Algorithms V.S Asymmetric- Key Algorithms•3.3 Encryption Algorithms

4. A hybrid crypto scheme

5. Conclusion

Abstract

Motivation: : Looking for a stronger encryption has been on the hunt!

Protocols: Protocols:

•WEP: A security algorithm for wireless networks, recognizable by using a 40-bit or 104-bit encryption key that must be manually entered on wireless access points and devices and does not change. (Static)•WPA: A protocol adopt Temporal Key Integrity Protocol (TKIP), which employs a per-packet key. It dynamically generates a new 128-bit key for each packet. (Dynamic)•WPA2: An advanced version of WPA using an AES-based encryption mode with strong security. Two versions: WPA2-Personal, and WPA2-Enterprise. (Dynamic and better encryption )

Encryption Method: Encryption Method:

•Many encryption algorithm exist which vary in complexity and ability to resist cracking•Two types in Ciphers: symmetric and asymmetric•Symmetric- Key Algorithms: AES, DES/Triple DES, RS4, RC4•Asymmetric- Key Algorithms: RSA, DSA, ECC

Wi-Fi Security Protocols and Encryption algorithm

Introduction

Potentially large number of cryptography solutions to attain security is widely known and recognize.

Currently, many encryption algorithm exist to help keep information secure and these algorithms vary in complexity and ability to resist cracking.

In this project, I introduced the basic background knowledge of Wi-Fi Security Protocols and corresponding encryption algorithms. Afterward, I will present a hybrid crypto scheme that combines the acclaimed effective in symmetric type of algorithm, AES and the Elliptic Curve Cryptography in Asymmetric algorithm. I also implemented such algorithm in C programming.

Wi-Fi Security ProtocolsWi-Fi Security Protocols

Types of Security

WEP : Wired Equivalent privacy X

• Was broken years ago and takes 15 min to break in

• Uses 40bit RC4 encryption

• Very week and not recommended

• Accepts only hexadecimal password

TKIP : A suite of algorithms wrapping WEP X

• Achieve best security given hardware constraints

• A cryptographic message integrity code, or MIC, called Michael, to defeat forgeries

• A per-packet key mixing function, to de-correlate the public IVs from weak keys

• A rekeying mechanism, to provide fresh encryption and integrity keys, undoing the threat of attacks from key reuse

Types of SecurityWPA: Wi-Fi Protected Access

• Much better than WEP

• Accept long password and with all possible combinations

• Easy to setup, as easy as WEP

• Available in all the common Wi-Fi routers

• A must for all home users

• Will take a long time to break in

WPA2: Advance Wi-Fi Protected Access

• Better than WPA

• Takes little more pain to setup

• Advised in corporate environments

• Strong encryption and authentication support

Encryption AlgorithmsEncryption Algorithms

•A stream cipher

•Generate key stream byte at a step

•Efficient in software

•Used lots of places: SSL, WEP, etc.

•Most popular stream cipher in existence

Rivest Cipher 4 (RC4)

- Array key contains N bytes of key, used-defined between 40-bits and 256-bits

- Array S always has a permutation of 0,1,…,255

RC4 math Definitions

RC4 ImplementationRC4 consists of two parts:

1.KSA – Turns a random key into an initial Permutation S of { 0,1,…..,N-1}. Each of the 256 entries in S are then swapped with the J th entry in S, which is computed to be j = [(j + S(i) + key[i mod key length]) mod 256]

for i = 0 to 255S[i] = iK[i] = key[i (mod N)]

next i j = 0 for i = 0 to 255

j = (j + S[i] + K[i]) (mod 256)swap(S[i],S[j])

next i i = j = 0

2. PRGA uses this permutation to generate a pseudo-random out sequence exchange the two values of S pointed to by i and j, and output the value of S pointed to by S[i] + S[j]. For each key stream byte, swap elements of array S and select a byte from the array.

i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(S[i], S[j]) t = (S[i] + S[j]) (mod 256) Key Stream Byte = S[t]

RC4 Attach and weakness Proof

Proof?

RC4/WEP Conclusions

1. This attack is practical!

2. This attack has been used to recover keys from real WEP traffic

3. This attack on RC4 is just one of many security flaws in WEP

(Temporal Key Integrity Protocol) TKIP

A set of algorithms to give the best possible solution

A cryptographic message integrity code (MIC), called Michael: to defeat forgeries A secret authentication key K , A tagging function, A verification predicate

A new IV sequencing discipline: to remove replay attacks from the attacker’s arsenal Reuse the WEP IV field as a packet sequence number

A per-packet key mixing function: Going through 2 key mixing phases and to de-correlate the public IVs from weak keys WEP constructs a per-packet key by simply concatenating a base-key and the IV

A re-keying mechanism: to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse.

Michael• 64-bit Michael key: represented as two 32-bit words (K0,K1).

• The tagging function first pads a message with the hex value 0x5a and enough zero pad to bring the total message length to a multiple of 32-bits, then partitions the result into a sequence of 32-bit words M1 M2 … Mn . (b is a function built up from rotates)

(L,R) ← (K0,K1) do i from 1 to n

L ← L ^ Mi

(L,R) ← b (L,R)

return (L,R) as the tag

If a TKIP implementation detects two failed forgeries in a second, assume under active attack.

The station deletes its keys, disassociates, waits for a minute, and then re-associates.

Per-Packet Key Mixing: PhasesPhase 1

i.XORs the MAC address of the station and the temporal key to produce an intermediate key

ii.Mixing MAC and the temporary key in this way causes different stations and APs to generate different intermediate keys, even if they have the same temporal key

iii.Intermediate key is computed only when the temporal key is changed

Phase 2

i.Takes the packet sequence number and encrypts it (intermediate key) ,producing finally a 128-bit per-packet key

ii.The first 3 bytes (24 bits) of Phase 2 output corresponds exactly to the WEP IV, and the last 13 bytes to the WEP base key.

iii.Use the existing WEP hardware to do the encryption using the per-packet key

Re-Key Mechanism

TKIP uses three distinct keys

TKIP Encryption/Decryption Process

Phase 2Key

Mixing

Michael Fragment(s)

WEPEncapsulation

TKIP Sequence Counter(s)

MIC Key

SA + DA +PlainText

MSDUPlaintextMPDU(s)

PlaintextMSDU + MIC

CiphertextMPDU(s)

WEP seed(s)Represented

as WEP IV + RC4 KeyPhase 1

KeyMixingMAC

Address

Temporal Key

Intermediate Key

Phase IIKey

MixingMichael

WEPDecapsulation

TKIP Sequence Counter

MIC KeyCiphertext

PlaintextMPDU

WEP seedPhase 1

KeyMixing

MACAddress

Intermediate Key

Unmix IV

Reassemble

MPDU

WEP IV

Out of Sequence

MPDU

In Sequence

MPDU

SA + DA + Plaintext MSDU

MSDU with failed TKIP MIC

MIC =MIC’?

MIC

Counter Measures

MIC’

PlaintextMSDU

Temporal Key

(Temporal Key Integrity Protocol) TKIP

A set of algorithms to give the best possible solution

A cryptographic message integrity code (MIC), called Michael: to defeat forgeries A secret authentication key K , A tagging function, A verification predicate

A new IV sequencing discipline: to remove replay attacks from the attacker’s arsenal Reuse the WEP IV field as a packet sequence number

A per-packet key mixing function: Going through 2 key mixing phases and to de-correlate the public IVs from weak keys WEP constructs a per-packet key by simply concatenating a base-key and the IV

A re-keying mechanism: to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse.

The AES Cipher Has 128/192/256 bit keys, 128 bit data

Processes data as block of 4 columns of 4 bytes, operates on entire data block in every round

Resistance against known attacks

Speed and code compactness on many CPUs

1. Uses a number of rounds

2. Each of which includes both linear and non-linear transformations

3. Convert plain text to a cipher

Round Step 1 - Substitute Bytes

Uses one table of 16x16 bytes containing a permutation of all 256 8-bit values each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits)

eg. byte {95} is replaced by byte in row 9 column 5 which has value {2A} S-box constructed using defined transformation of values in GF(28)

Round Step 2 / 3 – Shift Rows & Mix Columns

Each column is processed separately Each byte is replaced by a value dependent on all 4 bytes in the column Effectively a matrix multiplication in the finite field GF(28) using prime poly m(x) = x8 + x4 + x3 + x + 1

Decryption requires use of inverse matrix with larger coefficients - harder

Mix Columns

Round Step 4 - Add Round Key XOR state with 128-bits of the round key Again processed by column (though effectively a series of byte operations) Inverse for decryption identical

since XOR own inverse, with reversed keys

Symmetric /Asymmetric Algorithms Algorithms

Symmetric- Key Algorithms V.S Asymmetric- Key Algorithms

Asymmetric Encryption Symmetric Encryption

• Employs a public key and a private key

• Used in asymmetric encryption – RSA ECC

• Involved two parties who share a joint secret or key

• Enables private and secure communications between the two parties

• The same key is used for encryption and decryption.

Asymmetric = More functionality

Asymmetric = Lower Speed and expensive hardware

Symmetric = Cost-effective and efficient

Symmetric = No compromising security

What Is Elliptic Curve Cryptography (ECC)?

A public-key cryptosystem just like RSA

Every user has a public and a private key.

Public/Private key is used for encryption/signature verification.

Elliptic curves are used as an extension to other current cryptosystems.

Elliptic Curve Hellman Key Exchange

Elliptic Curve Digital Signature Algorithm

Linear scalability, small software footprint

Low hardware implementation costs, low bandwidth requirements, and high device performance

A hybrid crypto schemeIn this project, I present a new hybrid cryptosystem in the form of crossed cryptosystem capable of providing implicit authentication for the sender’s identity.

The algorithm presented here combines the best features of both the symmetric and asymmetric encryption techniques.

The plain text data is to be transmitted in encrypted using the AES algorithm while the AES key which is used to encrypt the data is encrypted using ECC

A hybrid crypto scheme

The cipher text of the message and the cipher text of the key are then sent to the receiver.

The message digest by this process would also be encrypted / decrypted using ECC techniques.

It uses ECC decryption to obtain the message digest sent by the sender. This value is compared with the computed message digest.

If both of them are equal, the message is accepted otherwise it is rejected.

Ultimately using ECC, the benefits of ECC are many:

A hybrid crypto scheme

This algorithm is presented to be implemented in a wireless device application through which recent technologies are more inclined.

This experience can be leveraged to refine the assessment implementation process and provide better options of algorithm.

Conclusion

Thank You !Thank You !

Questions?Questions?

Wirelss Security Technology

Documents

Transcript of Wirelss Security Technology