802 11 security wired equivalent privacy wep
Download
1 / 19

802.11 Security – Wired Equivalent Privacy (WEP) - PowerPoint PPT Presentation


  • 234 Views
  • Updated On :

802.11 Security – Wired Equivalent Privacy (WEP). By Shruthi B Krishnan. Agenda for the presentation. Introduction 802.11 Wireless LAN – brief description Goals of WEP Confidentiality in WEP Data Integrity in WEP Access Control in WLANs Security loopholes and attacks on WEP

Related searches for 802.11 Security – Wired Equivalent Privacy (WEP)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '802.11 Security – Wired Equivalent Privacy (WEP)' - sidonia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Agenda for the presentation l.jpg
Agenda for the presentation

  • Introduction

  • 802.11 Wireless LAN – brief description

  • Goals of WEP

  • Confidentiality in WEP

  • Data Integrity in WEP

  • Access Control in WLANs

  • Security loopholes and attacks on WEP

  • Lessons to be learnt


Introduction l.jpg
Introduction

  • History of wireless technology

  • Inception of wireless networking took place at the University of Hawaii in 1971. It was called ALOHAnet.

    • Star topology with 7 computers

    • Spanned 4 Hawaiian islands with the central system in Oahu

  • In 1997, world’s first WLAN standard– 802.11– was approved by IEEE

  • Wired Equivalent Privacy – security standard proposed by 802.11

  • Has many loopholes and has been completely broken


802 11 wireless lan brief description l.jpg
802.11 Wireless LAN – brief description

Distribution system

  • Stations

  • Wireless medium

  • Access Points

  • Distribution System

  • Basic Service Set (BSS)

  • Extended Service set (ESS)

Access Points

Wireless Medium

Mobile stations

Mobile stations


802 11 wireless lan brief description cont d network services l.jpg
802.11 Wireless LAN – brief description (cont’d)Network services

  • Distribution System services

    • Association

    • Disassociation

    • Reassociation

  • Station services

    • Authentication

    • Deauthentication

    • Privacy

Inside the network

Outside the network

Successful Association/ Reassociation

Successful Authentication

Disassociation

Deathentication

Authenticated and

Associated

Unauthenticated and

Unassociated

Authenticated and

Unassociated


Goals of wep l.jpg
Goals of WEP

  • Confidentiality

    • Uses stream cipher RC4 for encryption

  • Data Integrity

    • Uses cyclic redundancy check

  • Access control

    • Shared key authentication


Confidentiality in wep l.jpg
Confidentiality in WEP

  • One-time pad vs Stream ciphers

  • Perfect randomness is compromised for practicality

  • RC4 algorithm used for encryption of data frames

Plaintext

Ciphertext

+

KEY

Keystream

IV


Confidentiality in wep cont d wep keys and initialization vector iv l.jpg
Confidentiality in WEP – (cont’d)WEP keys and Initialization vector (IV)

  • Shared secret key

    • Shared among all users

    • Changed infrequently

    • Original standard – 40 bit key. Later implementations used 104 bit key

    • WEP uses set of up to 4 keys

    • Key distribution problems

  • Initialization vector

    • 24 bits

    • Prepended with the secret key

    • Need to be random to prevent key reuse or IV collision

    • IV sent in clear


Data integrity in wep l.jpg
Data Integrity in WEP

  • Computes Integrity Check Value (ICV)

  • ICV is appended with data frame and encrypted

  • CRC-32 algorithm used

    • Efficient in capturing data tampering

    • Cryptographically insecure


Confidentiality and data integrity in wep l.jpg
Confidentiality and data integrity in WEP

40 or 104 bit key

CRC-32

Plaintext

RC4

IV

Plaintext ICV

Keystream

+

Plaintext ICV

Frame Header

IV

Plaintext ICV

3 bytes

pad

Key

index

4 bytes


Access control in wlans l.jpg
Access Control in WLANs

  • Open System Authentication

  • Shared key authentication

Request for access

Challenge text, R

Encrypt R using WEP

Mobile station

Access Point


Security loopholes and attacks on wep attacks on shared key authentication l.jpg
Security loopholes and attacks on WEPAttacks on shared key authentication

Request for access

Challenge text, R1

Encrypt R1 using WEP (C1)

Good guy

Access Point

Keystream = R1 C1

+

Request for access

Challenge text, R2

Encrypt R2 using WEP (C2 = Keystream R2)

+

Bad guy

Access Point


Security loopholes and attacks on wep cont d attacks due to keystream reuse l.jpg
Security loopholes and attacks on WEP - (cont’d)Attacks due to keystream reuse

Plaintext

Plaintext

Ciphertext

+

  • Improper IV management

    • IV-space is small

    • Implementation dependent

    • Sent in clear

  • Recovery of plaintexts

  • Decryption dictionary attacks

    • Independent of keysize

+

+

Keystream

+

Ciphertext

Plaintext

Plaintext


Security loopholes and attacks on wep cont d attacks due to crc l.jpg
Security loopholes and attacks on WEP - (cont’d)Attacks due to CRC

Δ

=

Plaintext

+

Plaintext

  • CRC is good for message authentication, but bad for security

    • Both CRC checksum and RC4 are linear and can be easily manipulated

  • CRC is unkeyed

    • Attacker can inject messages into the system

Δc

=

ICV

+

ICV

Plaintext ICV

Δ

Δc

+

+

Plaintext ICV


Security loopholes and attacks on wep cont d attacks exploiting the access points l.jpg
Security loopholes and attacks on WEP - (cont’d)Attacks exploiting the Access Points

Mobile station

Access Point

Attacker

Change destination address


Security loopholes and attacks on wep cont d attacks exploiting the access points16 l.jpg
Security loopholes and attacks on WEP - (cont’d)Attacks exploiting the Access Points

TCP ACK

Message with flipped bits

Mobile station

Access Point

Intercepted ciphertext with flipped bits

TCP ACK

  • Access points can be used to monitor TCP/IP traffic

  • Recipient send an ACK only if TCP checksum is correct

  • TCP checksum remains unaltered if Pi ex-OR Pi+16 is 1.

Attacker

Modify any Pi and Pi+16


Security loopholes and attacks on wep cont d attacks on rc4 used by wep l.jpg
Security loopholes and attacks on WEP - (cont’d)Attacks on RC4 used by WEP

  • Research by Scott Fluhrer, Itsik Mantin and Adi Shamir

  • First byte of plaintext has to be known. For WEP implementations, it is 0xAA

  • Set of weak keys that correspondingly reveal some part of the secret key

  • Format of weak IVs

    • First byte (B) can range from 0x03 to 0x07

    • Second byte has to be 0xFF

    • Third byte (N) can be any known value between 0 & 255.

  • Probability to find a byte of secret key for 60 different values of N is non-negligible

  • Several successful experiments based on this attack

  • Popular key-recovery programs like Airsnort use this analysis


Lessons learnt from the failure of wep l.jpg
Lessons learnt from the failure of WEP

  • Key shared by all users of the system

  • Key is changed infrequently

  • No Perfect forward secrecy

  • Manual key management

  • Key reuse due to non-random IVs

    • Random IVs are not insisted upon

    • Short IVs

    • No protection for replay attacks

  • Use of unkeyed CRC instead of SHA1-HMAC

  • Encryption cipher used was weak

  • WEP was not publicly reviewed before it became a standard

    WEP is insecure!!


References l.jpg
References

  • The Institute of Electrical and Electronics Engineers (IEEE) website

    http://www.ieee.org

  • 802.11Wireless Networks- The Definitive Guide

    By Matthew S. Gast, O’REILLY Publications.

  • History of wireless

    http://www.ac.aup.fr/a38972/final_projectIT338/history.html

  • Intercepting Mobile Communications: The Insecurity of 802.11

    By Nikita Borisov, Ian Goldberg, and David Wagner

    http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

  • Weaknesses in the Key Scheduling Algorithm of RC4

    By Scott Fluhrer, Itsik Mantin and Adi Shamir

    http://www.crypto.com/papers/others/rc4_ksaproc.pdf

  • Unsafe at any key size: an analysis of the WEP encapsulation

    By J. Walker

    http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/0-362.zi%p

  • Your 802.11 Wireless Network has No Clothes

    By William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan,

    Department of Computer Science, University of Maryland

    http://www.cs.umd.edu/~waa/wireless.pdf

  • Popular WEP cracking software

    http://airsnort.sourceforge.net/

    http://sourceforge.net/projects/wepcrack/


ad