Security flaws of the WEP-Protocol by Bastian Sopora, Seminar Computer Security 2006.

Slides:



Advertisements
Similar presentations
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Advertisements

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Wireless Security David Wagner University of California, Berkeley.
16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.
Wireless Privacy: Analysis of Security Nikita Borisov UC Berkeley
Chalmers University of Technology Wireless security Breaking WEP and WPA.
1 IEEE Network Security Rohit Tripathi Graduate Student. University of Southern California.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol WEP Dan Petro.
Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.
IEEE Wireless Local Area Networks (WLAN’s).
15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan.
Wireless Insecurity.
Wireless Security. Why is it important? Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Over.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
AJ Mancini IV Paul Schiffgens Jack O’Hara. WIRELESS SECURITY  Brief history of Wi-Fi  Wireless encryption standards  WEP/WPA  The problem with WEP.
By Sean Fisk.  Not a new technology  Inherently insecure  In recent years, increased popularity.
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Wireless Networking.
A History of WEP The Ups and Downs of Wireless Security.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.
Wireless Security Presented by: Amit Kumar Singh Instructor : Dr. T. Andrew Yang.
NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)
WEP Protocol Weaknesses and Vulnerabilities
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
WEP Case Study Information Assurance Fall or Wi-Fi IEEE standard for wireless communication –Operates at the physical/data link layer –Operates.
Wired Equivalent Privacy (WEP): The first ‘confidentiality’ algorithm for the wireless IEEE standard. PRESENTED BY: Samuel Grush and Barry Preston.
Intercepting Mobiles Communications: The Insecurity of ► Paper by Borisov, Goldberg, Wagner – Berkley – MobiCom 2001 ► Lecture by Danny Bickson.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
WEP – Wireless Encryption Protocol A. Gabriel W. Daleson CS 610 – Advanced Security Portland State University.
Encryption Protocols used in Wireless Networks Derrick Grooms.
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
How To Not Make a Secure Protocol WEP Dan Petro.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
Giuseppe Bianchi Warm-up example WEP. Giuseppe Bianchi WEP lessons  Good cipher is far from being enough  You must make good USAGE of cipher.
IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
WLAN Security1 Security of WLAN Máté Szalay
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Wireless LAN Security Daniel Reichle Seminar Security Protocols and Applications SS2003.
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
Wireless Protocols WEP, WPA & WPA2.
WEP & WPA Mandy Kershishnik.
Security and Wireless LANs
Wireless Security Ian Bodley.
ANALYSIS OF WIRED EQUIVALENT PRIVACY
IEEE i Dohwan Kim.
Security Issues with Wireless Protocols
Inaugural meeting (for Hasheem: that means ‘the first meeting’
By: Anthony Gervasi & Adam Dickinson
Presentation transcript:

Security flaws of the WEP-Protocol by Bastian Sopora, Seminar Computer Security 2006

Agenda Introduction Introduction Basics of the WEP-Protocol Basics of the WEP-Protocol Weaknesses of WEP Weaknesses of WEP Breaking WEP Breaking WEP Alternatives & Outlook Alternatives & Outlook Summary & Discussion Summary & Discussion

Wireless Networking ALOHAnet ALOHAnet 1997: IEEE (IR) 1997: IEEE (IR) 1999: IEEE b (11Mbps) 1999: IEEE b (11Mbps) 2003: IEEE g (54Mbps) 2003: IEEE g (54Mbps) 2007: IEEE n (540Mbps) 2007: IEEE n (540Mbps)

The need for security Why do we need the WEP-Protocoll? Why do we need the WEP-Protocoll? Wi-Fi networks use radio transmissions Wi-Fi networks use radio transmissions  prone to eavesdropping Mechanism to prevent outsiders from Mechanism to prevent outsiders from accessing network data & traffic accessing network data & traffic using network resources using network resources

IEEE reactions 1999: Wired Equivalent Privacy (WEP) 1999: Wired Equivalent Privacy (WEP) 2003: WiFi Protected Access (WPA) 2003: WiFi Protected Access (WPA)

Agenda Introduction Introduction Basics of the WEP-Protocol Basics of the WEP-Protocol Weaknesses of WEP Weaknesses of WEP Breaking WEP Breaking WEP Alternatives & Outlook Alternatives & Outlook Summary & Discussion Summary & Discussion

WEP – the basic idea WEP = Wired Equivalent Privacy WEP = Wired Equivalent Privacy As secure as a wired network As secure as a wired network Part of the IEEE standard Part of the IEEE standard

WEP – how it works Encrypt all network packages using Encrypt all network packages using a stream-cipher (RC4) for confidentiality a stream-cipher (RC4) for confidentiality a checksum (CRC) for integrity a checksum (CRC) for integrity

WEP – different flavors Originally (1999) 64 bit: Originally (1999) 64 bit: Legal limits Legal limits 24 bit Initialization Vector (IV) 24 bit Initialization Vector (IV) 40 bit key 40 bit key 128 bit: 128 bit: 104 bit (26 Hex-Characters) key 104 bit (26 Hex-Characters) key 256 bit: 256 bit: 232 bit key 232 bit key Available, but not common Available, but not common

Small steps? Evolution of WEP to WEP128 to WEP256: Initialization Vector remains at 24 bit Initialization Vector remains at 24 bit Encryption key size increases Encryption key size increases

Agenda Introduction Introduction Basics of the WEP-Protocol Basics of the WEP-Protocol Weaknesses of WEP Weaknesses of WEP Breaking WEP Breaking WEP Alternatives & Outlook Alternatives & Outlook Summary & Discussion Summary & Discussion

The major flaw A Stream-Cipher should never use the same key twice A Stream-Cipher should never use the same key twice

The Stream-Cipher-Breakdown E(A) = A xor C [C is the key] E(A) = A xor C [C is the key] E(B) = B xor C Compute E(A) xor E(B) Compute E(A) xor E(B) xor is commutative, hence: E(A) xor E(B) = A xor C xor B xor C = A xor B xor C xor C = A xor B

The major flaw A Stream-Cipher should never use the same key twice... A Stream-Cipher should never use the same key twice......or else we know A xor B, which is relatively easy to break...or else we know A xor B, which is relatively easy to break if both messages are in a natural language. if both messages are in a natural language.or if we know one of the messages. if we know one of the messages.

The WEP-repetition For a 24 bit Initialization Vector, there is a 50% chance of repetition after 5000 packets... For a 24 bit Initialization Vector, there is a 50% chance of repetition after 5000 packets...

The Theory Fluhrer, Mantin, and Shamir wrote a paper on the WEP weakness in the RC4 implementation... Cornell University “ “Weaknesses in the Key Scheduling Algorithm of RC4“

Agenda Introduction Introduction Basics of the WEP-Protocol Basics of the WEP-Protocol Weaknesses of WEP Weaknesses of WEP Breaking WEP Breaking WEP Alternatives & Outlook Alternatives & Outlook Summary & Discussion Summary & Discussion

Feasibility of attack Practical Practical Cheap Cheap Easy Easy Fast Fast

Feasibility of attack Practical Practical Cheap Cheap Easy Easy Fast Fast WEP Users: time to panic! WEP Users: time to panic!

How to do it... Stubblefield, Ioannidis, and Rubin wrote a paper about the implementation in 2001 Stubblefield, Ioannidis, and Rubin wrote a paper about the implementation in 2001 Rice University & AT&T Rice University & AT&T “Using the Fluhrer, Mantin, and Shamir Attack to Break WEP” “Using the Fluhrer, Mantin, and Shamir Attack to Break WEP” Only six pages! Only six pages!

How to do it... Collect packets (about 6m for WEP128) Collect packets (about 6m for WEP128) Only observe the first byte Only observe the first byte Depends on only 3 values Depends on only 3 values (S[1], S[S[1]], S[S[1]+S[S[1]]) May be known plaintext (“0xAA“) May be known plaintext (“0xAA“) Try guessing the key, byte by byte Try guessing the key, byte by byte chance of 1/20 per byte chance of 1/20 per byte

How WE do it... Aircrack-ng Aircrack-ng Available freely for Linux, Windows and certain PDAs Available freely for Linux, Windows and certain PDAs Only requires about 1m packets for WEP128 Only requires about 1m packets for WEP128

Agenda Introduction Introduction Basics of the WEP-Protocol Basics of the WEP-Protocol Weaknesses of WEP Weaknesses of WEP Breaking WEP Breaking WEP Alternatives & Outlook Alternatives & Outlook Summary & Discussion Summary & Discussion

Outlook for WEP WEP2 WEP2 Enlarged IV Enlarged IV enforced 128-bit encryption enforced 128-bit encryption WEP+ WEP+ Only use strong IVs Only use strong IVs has to be used on both ends has to be used on both ends...a dead end...

Outlook for WEP WEP2 WEP2 No change in concept, just more packets needed No change in concept, just more packets needed WEP+ WEP+ How does one enforce the client side? How does one enforce the client side?...a dead end...

Alternatives WPA, WPA2, 802.1X WPA, WPA2, 802.1X 48 bit IV, mutate key after certain time 48 bit IV, mutate key after certain time Depend on an authentication server Depend on an authentication server IPsec, VPN IPsec, VPN Tunneling and secure wrapping of packets Tunneling and secure wrapping of packets

Agenda Introduction Introduction Basics of the WEP-Protocol Basics of the WEP-Protocol Weaknesses of WEP Weaknesses of WEP Breaking WEP Breaking WEP Alternatives & Outlook Alternatives & Outlook Summary & Discussion Summary & Discussion

Summary: WEP WEP is not secure! WEP is not secure! Faulty implementation of RC4 Faulty implementation of RC4 Developing an attack was easy Developing an attack was easy A successful attack only needs: A successful attack only needs: Off-the-shelf hardware (Laptop, Prism2) Off-the-shelf hardware (Laptop, Prism2) Free software Free software A very short time (a few days at most) A very short time (a few days at most)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.