Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shambhu Upadhyaya 1 802.11 Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)

Published byClarissa Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "Shambhu Upadhyaya 1 802.11 Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)"— Presentation transcript:

1 Shambhu Upadhyaya 1 802.11 Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)

2 Shambhu Upadhyaya 2 AES Advanced Encryption Standard Symmetric block cipher, published in 2001 Intended to replace DES and 3DES -DES is vulnerable to differential attacks -3DES has slow performances Requires coprocessor, therefore new hardware deployment The AES Cipher: -Block length is limited to 128 bit -The key size can be independently specified to 128, 192 or 256 bits

3 Shambhu Upadhyaya 3 AES-CCMP AES is a block cipher RSN security protocol build around AES is called AES-CCMP (Counter Mode-CBC MAC Protocol) CCMP defines a set of rules which uses AES for encryption and protection of 802.11 data AES to CCMP what RC4 is to TKIP

4 Shambhu Upadhyaya 4 AES Overview AES is a block cipher Combines 128 bit blocks of data along with a key to produce ciphertext Based on the Rijndael algorithm 802.11i’s implementation of the algorithm limits both the key and block size to 128 bits Uses various Modes of Operation to convert a continuous data stream to blocks of data

5 Shambhu Upadhyaya 5 Modes of Operation Electronic Code Book (ECB) -Takes input message one block at a time and encrypts each block sequentially using the same key -Can be implemented both in a parallel and serial fashion -Has some problems Massage may not be exactly aligned with the block boundaries so padding of the block may be required Has a security problem that if two blocks have the same data then the output of the encryption process produces the same ciphertext, hence leaking some information

6 Shambhu Upadhyaya 6 Electronic Code Book Encryption Initial Message Broken into Blocks Each block Encrypted Reassembled into Encrypted Message Serial Computation E EE EE Message AES Encryption Ciphertext Parallel Computation

7 Shambhu Upadhyaya 7 Counter Mode Does not use the AES cipher directly to encrypt the data Instead, it encrypts an arbitrary value called counter and XORs it with data to produce the ciphertext 1 E XOR 2 E 3 E 4 E 5 E 6 E 7 E Message Counter AES XOR Ciphertext

8 Shambhu Upadhyaya 8 Counter Mode The counter might start at an arbitrary value and increment according to some pattern known to both the sender and receiver Because the counter changes for each block the problem of repeating blocks seen in ECB is avoided However, it would still encrypt two identical but separate messages identically To avoid this problem the counter is based on a nonce value rather than starting it from a fixed value

9 Shambhu Upadhyaya 9 Counter Mode Some properties of counter mode are as follows -Decryption is same process as encryption as XORing the output again gives the original input, and hence simplifies implementation -Encryption can be done in parallel -The message need not break into an exact number of blocks for this method of encryption As this method does not provide authentication capabilities, additional capabilities must be added

10 Shambhu Upadhyaya 10 CCM: Counter Mode + CBC MAC Created especially for use in 802.11i RSN Builds on top of counter mode Uses CBC (Cipher Block Chaining) in conjunction with Counter mode to produce a MIC (Message Integrity Code) for authentication purposes CBC-MAC operates as follows -Take the first block and encrypt it using AES -XOR result with second block and encrypt it -XOR result with next block and so on

11 Shambhu Upadhyaya 11 CCM CBC – MAC works sequentially and cannot be parallelized Can be only used if the message is an exact number of blocks and hence requires padding CCM combines the two approaches: counter mode and CBC – MAC Adds features like -Specification of a nonce so successive messages are separated cryptographically -Linking together encryption and authentication under a single key -Extension of authentication to cover data that is not encrypted

12 Shambhu Upadhyaya 12 Offset Codebook Mode (OCB) An authenticated encryption scheme i.e., it achieves both encryption and authentication in a single computation Advantages -Parallelizable, can be done faster using multiple hardware blocks -Very efficient, taking slightly more than theoretical minimum encryption operations possible -Provably secure First selected by 802.11i working group and named WRAP However as it is a patented method, possible license concerns led to dropping it later

13 Shambhu Upadhyaya 13 CCMP in RSN Encrypts data at MPDU level Steps in encryption of single MPDU -(1) Start with an unencrypted MPDU complete with a IEEE 802.11 MAC header -(2) MAC header is separated from the MPDU and information from the header is used to construct the CCMP header -(3) MIC value is then computed to protect the CCMP header, data and part of MAC header -(4) Combination of data and MIC is then encrypted using CCM -(5) Finally MAC header, CCMP header and the encrypted data are appended to form a new encrypted MPDU

14 Shambhu Upadhyaya 14 CCMP in RSN Data MAC hdr CCMP hdr Data MAC hdrCCMP hdr DataMIC MAC hdr CCMP hdr Ciphertext Encryption MAC hdrCCMP hdr Ciphertext 1 2 3 4 5

15 Shambhu Upadhyaya 15 CCMP Header Prepended to the encrypted data and transmitted in clear Has 2 purposes -Provides a 48 bit packet number (PN) for replay protection -In case of multicasts specifies the group key to be used Format of the header -48 bits PN value -1 byte is reserved -Rest is used for KeyID

16 Shambhu Upadhyaya 16 Implementation CCMP Encryption Block CCMP Decryption Block CCMP Header Source Address Data Length MPDU data CCMP Header Source Address Data Length Encrypted MPDU MPDU Data

17 Shambhu Upadhyaya 17 Computing MIC Done using CBC-MAC which encrypts the starting block and XORs subsequent block and encrypts the result Final MIC is 128 bits of which lower 64 bits are discarded For this computation first MPDU is not taken directly but is computed in a special way using a nonce value This first block contains nonce and two more values: the flag and DLen

18 Shambhu Upadhyaya 18 Computing MIC Nonce ensures liveliness of data Using just the Packet Number as nonce might not work as key is shared by two parties and they might at some point use a PN already used by other Hence nonce is constructed by adding the source address to the packet number so as to avoid this problem Another field that’s a part of the nonce is priority which might be used in future implementations so as to accommodate different traffic streams Flag Priority Source Address Packet NumberDLen 8 848 16 104-bit Nonce

19 Shambhu Upadhyaya 19 Computing MIC Flag field is 01011001 to specify, among other things, that MIC is 64 bits DLen indicates the size of the plaintext field As CBC-MAC works on blocks of fixed length, both the CCMP Header and Plaintext data need to be padded to get it to the required length MIC is computed across a combination of the special first block, the authenticated data, and plaintext including the zero padded bytes

20 Shambhu Upadhyaya 20 Encrypting MPDUs After the MIC is computed the MPDU is encrypted using counter mode The counter is initialized in a way to avoid generating the same start value twice The Ctr value starts from 1 and counts upwards Flag Priority Source Address Packet NumberCtr 8 848 16 Nonce

21 Shambhu Upadhyaya 21 Decrypting MPDUs Firstly the correct pairwise keys are selected based on source MAC address The receiver checks the Packet Number of the received packet and ensures that it is not less than or equal to the last received PN If the Packet Number matches, the sequence number is combined with the source MAC and priority to create the nonce Then decryption proceeds as encryption, where successive values of counter are encrypted and XORed with received MPDUs Then the MIC is verified by recalculating the MIC over the data and padded zeroes If the new calculated value matched the MIC sent along with the MPDU the frame is accepted

22 Shambhu Upadhyaya 22 References Jon Edney and William Arbaugh, Real 802.11 Security, Addison-Wesley, 2004

Download ppt "Shambhu Upadhyaya 1 802.11 Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)"

Similar presentations

Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
P1451.5 Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Encryption Schemes Second Pass Brice Toth 21 November 2001.

Encryption Schemes Second Pass Brice Toth 21 November 2001.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Similar presentations

Ads by Google