Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture."— Presentation transcript:

1 Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 8: IEEE 802.11 Security - 1 Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu

2 Kemal AkkayaWireless & Network Security 2 Management Messages in IEEE 802.11  Authentication frame:  802.11 authentication is a process whereby the access point either accepts or rejects the identity of a radio NIC.  Deauthentication frame:  A station sends a deauthentication frame to another station if it wishes to terminate secure communications.  Association request frame:  802.11 association enables the AP to allocate resources for and synchronize with a radio NIC.  Association response frame:  An AP sends an association response frame containing an acceptance or rejection notice to the radio NIC requesting association.  Reassociation request frame:  If a radio NIC roams away from the currently associated access point and finds another AP having a stronger beacon signal, the radio NIC will send a reassociation frame to the new AP.  Reassociation response frame:  An AP sends a reassociation response frame containing an acceptance or rejection notice to the radio NIC requesting reassociation.  Disassociation frame:  A station sends a disassociation frame to another station if it wishes to terminate the association.  Beacon frame:  The AP periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the AP to radio NICs that are within range.  Probe request frame:  A station sends a probe request frame when it needs to obtain information from another station.  Probe response frame:  A station will respond with a probe response frame, containing capability information, supported data rates, etc., when after it receives a probe request frame.

3 Kemal AkkayaWireless & Network Security 3 IEEE 802.11 Security  Probe: Look for a (better) AP  Authentication: Getting permission to access the AP  Association: Register with the AP  Data Flow: Encrypted messages Encrypted data messages

4 Kemal AkkayaWireless & Network Security 4 Wired Equivalent Privacy (WEP)  Primary built security for 802.11 protocol  Intended to make wireless as secure as a wired network  Uses RC4 Algorithm  Provides  Confidentiality: Encrypts data Through symmetric encryption using RC4 with a shared key  Integrity: Data received are the data sent Through message check sum using encrypted cyclic redundancy check (CRC)  Authentication: AP only allows authorized stations to associate Through challenge/response

5 Kemal AkkayaWireless & Network Security 5 RC4  Sender calculates Integrity Check Value (ICV) over data  four-byte hash/CRC for data integrity  Each side has 104-bit shared key  Sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key  Sender also appends keyID (in 8-bit field)  128-bit key inputted into pseudo random number generator to get keystream  Data in frame + ICV is encrypted with RC4:  Bytes of keystream are XORed with bytes of data & ICV  IV & keyID are appended to encrypted data to create payload  Payload inserted into 802.11 frame encrypted dataICVIV MAC payload Key ID

6 Kemal AkkayaWireless & Network Security 6 RC4 Encryption Process

7 Kemal AkkayaWireless & Network Security 7 Authentication with the Access Point  AP has two ways of initiating communication with a client  Shared Key  Open Key  Open key allows anyone to start a conversation with AP  No authentication  Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates  Shared Key Authentication  Client begins by sending an association request to the AP  AP responds with a challenge text (unencrypted)  Client, using the proper key, encrypts text and sends it back to the AP  If properly encrypted, AP allows communication with the client  Not secure!: Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text

8 Kemal AkkayaWireless & Network Security 8 Pros & Cons  Pros  Easy computation Fast – 10 times faster than DES Can use large bit blocks and keys  Stream based encryption  Key can be made to change at regular intervals using fancy programming  Implementation in Popular languages (C, perl) well documented.  Cons  Vulnerable to brute force attacks  Require a large data structure  Proven Breakable by researchers at ATT and Rice Univ. (August, 2001) “One hour of brute force computation to break standard WEP”  Once Key is broken all messages are easily readable.

9 Kemal AkkayaWireless & Network Security 9 Problems with WEP  1 static key  No encryption is strong if one key is used forever  Key length is short  Brute forcing is possible  Using CRC32 in ICV  Bit flipping attack: CRC(msg XOR delta) = CRC(M) XOR CRC(delta)  Bits cannot set or cleared, but could be flipped  No specification on key distribution  Lacks scalability  No protection against replay attack  Improper RC4 implementation  Protocol doesn’t actually specify IV’s use  2 existing attacks Numerical limitation FMS attack

10 Kemal AkkayaWireless & Network Security 10 Attacks  Numerical Limitation Attack  IV’s are only 24bit, and thus there are only 16,777,216 possible IV’s  A busy network will repeat IV’s often  By listening to the encrypted traffic and picking out the duplicate IV’s, it is possible to obtain the clear text  FMS Attack -- weak IV attack --  Some IV’s do not work well with RC4  Using a formula, one can take these weak IV and infer parts of the WEP key 5 % chance of guessing correctly  Once again, passively monitoring the network for a few hours can be enough time to gather enough weak IV’s to figure out the WEP key  4M ~ 6M packets to decrypt 40bit WEP key  The time needed to deploy the attack is linearly proportional to the key length 104bit key is just as useless as 40bits key  A lot of other attacks…

11 Kemal AkkayaWireless & Network Security 11 Conclusion: WEP  Confidentiality  FMS attack  Integrity  Bit-flipping attack  Authentication  Non existent  WEP is flawed by a technology weakness, and there is no simple solution to fix it  Attacks against WEP are passive and extremely difficult to detect NO MORE WEP

Download ppt "Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture."

Similar presentations

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.

© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.
IPsec Internet Headquarters Branch Office SA R1 R2

IPsec Internet Headquarters Branch Office SA R1 R2
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Wireless Network Security Issues By Advait Kothare SJSU CS265 Fall 2004.

Wireless Network Security Issues By Advait Kothare SJSU CS265 Fall 2004.
& WEP Tzachy Reinman System and Network Security Course

& WEP Tzachy Reinman System and Network Security Course
Foundations of Network and Computer Security J J ohn Black Lecture #34 Dec 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #34 Dec 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
The Final Nail in WEP’s Coffin Andrea Bittau, Mark Handley – University College London Joshua Lackey - Microsoft CPS372 Gordon College.

The Final Nail in WEP’s Coffin Andrea Bittau, Mark Handley – University College London Joshua Lackey - Microsoft CPS372 Gordon College.

Similar presentations

Ads by Google