1 Intercepting Mobile Communications: The Insecurity of 802.11 …or “Why WEP Stinks” Dustin Christmann.

Slides:



Advertisements
Similar presentations
Computer Networks TCP/IP Protocol Suite.
Advertisements

1 UNIT I (Contd..) High-Speed LANs. 2 Introduction Fast Ethernet and Gigabit Ethernet Fast Ethernet and Gigabit Ethernet Fibre Channel Fibre Channel High-speed.
Advanced Piloting Cruise Plot.
Symmetric Encryption Prof. Ravi Sandhu.
CWSP Guide to Wireless Security
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Block Cipher Modes of Operation and Stream Ciphers
ECE454/CS594 Computer and Network Security
IP Multicast Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.
Chapter 20 Network Layer: Internet Protocol
© 2012 National Heart Foundation of Australia. Slide 2.
Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
Attacks and defense strategies in a wireless local area network Course: CSCI5235 Instructor: Dr. Andrew T. Yang Student: Fan Yang.
25 seconds left…...
We will resume in: 25 Minutes.
Connecting LANs, Backbone Networks, and Virtual LANs
PSSA Preparation.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2001 Chapter 16 Integrated Services Digital Network (ISDN)
Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.
Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Wireless Privacy: Analysis of Security Nikita Borisov UC Berkeley
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol WEP Dan Petro.
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
The Final Nail in WEP’s Coffin Andrea Bittau, Mark Handley – University College London Joshua Lackey - Microsoft CPS372 Gordon College.
Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan.
WLAN What is WLAN? Physical vs. Wireless LAN
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
A History of WEP The Ups and Downs of Wireless Security.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.
Wireless Security Presented by: Amit Kumar Singh Instructor : Dr. T. Andrew Yang.
NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
WEP Case Study Information Assurance Fall or Wi-Fi IEEE standard for wireless communication –Operates at the physical/data link layer –Operates.
Wired Equivalent Privacy (WEP): The first ‘confidentiality’ algorithm for the wireless IEEE standard. PRESENTED BY: Samuel Grush and Barry Preston.
Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)
Intercepting Mobiles Communications: The Insecurity of ► Paper by Borisov, Goldberg, Wagner – Berkley – MobiCom 2001 ► Lecture by Danny Bickson.
Encryption Protocols used in Wireless Networks Derrick Grooms.
1 Wireless Threats 1 – Cracking WEP Cracking WEP in Chapter 5 of Wireless Maximum Security by Peikari, C. and Fogie, S.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
How To Not Make a Secure Protocol WEP Dan Petro.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
Doc.: IEEE /230 Submission May 2001 William Arbaugh, University of MarylandSlide 1 An Inductive Chosen Plaintext Attack against WEP/WEP2 William.
WLAN Security1 Security of WLAN Máté Szalay
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Wireless LAN Security Daniel Reichle Seminar Security Protocols and Applications SS2003.
หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.
Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id:
Wireless Security Ian Bodley.
ANALYSIS OF WIRED EQUIVALENT PRIVACY
Wireless Privacy: Analysis of Security
CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)
Security Issues with Wireless Protocols
Intercepting Mobile Communications: The Insecurity of
Presentation transcript:

1 Intercepting Mobile Communications: The Insecurity of …or “Why WEP Stinks” Dustin Christmann

2 Introduction This presentation will discuss the inadequacies of WEP encryption We’ll discuss the theoretical weaknesses of the WEP standard We’ll discuss the types of attacks that can exploit those weaknesses We’ll discuss the speed of “real world” attacks on WEP

3 Agenda What’s on your network? What is WEP? Theoretical weaknesses of WEP Types of attacks on WEP How well do these attacks work in the “real world”? Countermeasures

4 What’s on your wireless network? (Wi-Fi) networks are ubiquitous today Types of encryption: –Open (No encryption) –WEP –WPA/WPA2

5 So what is WEP? WEP is Wired Equivalent Privacy Link-layer encryption Defined in the IEEE standard “Least common denominator” Wi-Fi encryption Goals of WEP –Confidentiality –Access control –Data integrity

6 So how does WEP work?

7 First, let’s introduce the players Message: What you’re encrypting CRC: To verify the integrity of the message Plaintext: The message + CRC Initialization vector (IV): A 24- bit number which plays two roles that we’ll meet in a moment Key: A 40 or 104-bit number which is used to build the keystream Keystream: What is used to encrypt the plaintext Ciphertext: What we end up post- encryption MessageCRC IVKey Keystream Ciphertext

8 WEP encryption step-by-step Step 1: Compute CRC for the message CRC-32 polynomial is used MessageCRC

9 KeyIV WEP encryption step-by-step Step 2: Compute the keystream IV is concatenated with the key RC4 encryption algorithm is used on the 64 or 128 bit concatenation Keystream

10 WEP encryption step-by-step Step 3: Encrypt the plaintext The plaintext is XORed with the keystream to form the ciphertext The IV is prepended to the ciphertext MessageCRC Keystream Ciphertext IV

11 WEP decryption step-by-step Step 1: Build the keystream Extract the IV from the incoming frame Prepend the IV to the key Use RC4 to build the keystream Keystream Ciphertext IV Key

12 WEP decryption step-by-step Step 2: Decrypt the plaintext and verify XOR the keystream with the ciphertext Verify the extracted message with the CRC Keystream Ciphertext MessageCRC

13 What are the main weaknesses of WEP?

14 Initialization vector (IV) It’s carried in plaintext in the “encrypted” message! It’s only 24 bits! There are no restrictions on IV reuse! The IV forms a significant portion of the “seed” for the RC4 algorithm!

15 CRC algorithm The CRC is a linear function –First-order polynomial: y=mx+b –Key property when b is 0: f(x+y) = f(x) + f(y) The CRC is an unkeyed function

16 RC4 cipher Some seeds are “weaker” than others By extension, some IV values are weaker than others Weak seeds = more easily calculated keystreams

17 Defragmentation Not necessarily a weakness Part of standard –Affects WPA and WPA2 encryption as well

18 What are some potential attacks on a WEP network?

19 First, you know more about the plaintext than you think you know With , you know the first eight bytes of a packet Many IP services have packets of fixed lengths Most WLAN IP addresses follow common conventions. Many IP behaviors have predictable responses AA ?? DSAPEther typeORG CodeCTRLSSAP Can be either IP or ARP

20 Message modification Takes advantage of CRC’s linearity and unkeyed nature. C is the original cybertext c is the CRC-32 function Δ is the change in the message Need to know some of the plaintext, but not all!

21 Message injection Takes advantage of CRC’s unkeyed nature and IV reuse. C is the original cybertext P is the original plaintext RC4(v,k) is the keystream for IV v M’ is the new message c is the CRC-32 function Need to know all of the plaintext

22 Authentication spoofing Takes advantage of IV reuse Takes advantage of WEP challenge mechanism for new mobile stations Access point sends unencrypted 128-bit value Mobile station returns the same value encrypted Monitor the exchange and… –Learn an IV-keystream pair –Authenticate on the mobile network

23 Fragmentation attack Takes advantage of defragmentation and IV reuse Takes advantage of knowledge of plaintext of at least first eight bytes of data Each data includes 4 bytes of checksum An frame can be divided into 16 segments The access point will defragment the frame before forwarding, allowing the transmission of 16 * (known bytes of keystream – 4 bytes) of data

24 Full keystream recovery using fragmentation Send a 64-byte frame to a broadcast address in 16 segments Eavesdrop the defragmented 68-byte frame Send a 1024-byte frame to a broadcast address in 16 segments Eavesdrop the defragmented 1028-byte frame Send a 1496-byte frame to a broadcast address in 2 segments Eavesdrop the defragmented 1500-byte frame

25 IP redirection Takes advantage of defragmentation Eavesdrop encrypted frame Build encrypted IP header with the desired destination IP address Configure the headers for segmented transmission Send frames Receive unencrypted data at Internet-connected computer Ciphertextx IP Header y Message

26 So how easy do these techniques make a WEP network to compromise?

27 Answer: Darn easy Attacks greatly aided by automated tools Authors of “The Final Nail in WEP’s Coffin” broke 40-bit key in under 15 minutes and 104-bit key in under 80 minutes FBI agents demonstrated it in 3 minutes in 2005 – –“Usually it takes five to ten minutes”

28 Countermeasures DON’T USE WEP! Use WPA or WPA2 with a strong key Change the default settings on your wireless router Use VPN

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.