WLAN Security1 Security of 802.11 WLAN Máté Szalay

Slides:

Advertisements

Similar presentations

1 Intercepting Mobile Communications: The Insecurity of …or “Why WEP Stinks” Dustin Christmann.

Advertisements

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.

Wireless Privacy: Analysis of Security Nikita Borisov UC Berkeley

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

COMP4690, HKBU1 Security of COMP4690: Advanced Topic.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.

How To Not Make a Secure Protocol WEP Dan Petro.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.

Foundations of Network and Computer Security J J ohn Black Lecture #34 Dec 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

IEEE Wireless Local Area Networks (WLAN’s).

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

WLAN What is WLAN? Physical vs. Wireless LAN

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

CSC-682 Advanced Computer Security

Wireless Networking.

A History of WEP The Ups and Downs of Wireless Security.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Wireless Insecurity By: No’eau Kamakani Robert Whitmire.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.

Wireless Security Presented by: Amit Kumar Singh Instructor : Dr. T. Andrew Yang.

Stream Cipher July 2011.

NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

WEP Protocol Weaknesses and Vulnerabilities

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

WEP, WPA, and EAP Drew Kalina. Overview  Wired Equivalent Privacy (WEP)  Wi-Fi Protected Access (WPA)  Extensible Authentication Protocol (EAP)

WEP Case Study Information Assurance Fall or Wi-Fi IEEE standard for wireless communication –Operates at the physical/data link layer –Operates.

Wired Equivalent Privacy (WEP): The first ‘confidentiality’ algorithm for the wireless IEEE standard. PRESENTED BY: Samuel Grush and Barry Preston.

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

Intercepting Mobiles Communications: The Insecurity of ► Paper by Borisov, Goldberg, Wagner – Berkley – MobiCom 2001 ► Lecture by Danny Bickson.

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.

WEP – Wireless Encryption Protocol A. Gabriel W. Daleson CS 610 – Advanced Security Portland State University.

1 Wireless Threats 1 – Cracking WEP Cracking WEP in Chapter 5 of Wireless Maximum Security by Peikari, C. and Fogie, S.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

CSE 5/7349 – April 5 th 2006 Wireless Networking.

Slide 1 Vitaly Shmatikov CS 378 (In)Security of b.

How To Not Make a Secure Protocol WEP Dan Petro.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

Giuseppe Bianchi Warm-up example WEP. Giuseppe Bianchi WEP lessons  Good cipher is far from being enough  You must make good USAGE of cipher.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

Doc.: IEEE /230 Submission May 2001 William Arbaugh, University of MarylandSlide 1 An Inductive Chosen Plaintext Attack against WEP/WEP2 William.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Wireless LAN Security Daniel Reichle Seminar Security Protocols and Applications SS2003.

หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.

1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.

Wireless Security Ian Bodley.

ANALYSIS OF WIRED EQUIVALENT PRIVACY

Wireless Privacy: Analysis of Security

IEEE i Dohwan Kim.

CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)

An Inductive Chosen Plaintext Attack against WEP/WEP2

Intercepting Mobile Communications: The Insecurity of

Presentation transcript:

WLAN Security1 Security of WLAN Máté Szalay

WLAN Security2 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

WLAN Security3 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

WLAN Security4 Introduction Wireless LAN IEEE a (5 GHz, 54Mbps) b (2.4 GHz, 11 Mbps) g (2.4 GHz, 6-54 Mbps) PDA, Notebook

WLAN Security5 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

WLAN Security6 WEP 1 Wired Equivalent Privacy Radio Interface Goals: Privacy/Confidentiality User authentication Message authentication

WLAN Security7 WEP 2 RC4 Checksum Message IV (24) k (40) Keystream

WLAN Security8 WEP 3 – RC4 RC4 Stream cipher 10 times faster than DES Ron Rivest, 1987 (Ron’s Code) Details available since 1994 Variable key size

WLAN Security9 WEP 4 M: message c(M): integrity checksum Key independent! v: IV (Initialization Vector) k: Secret Key P: plaintext P= C: ciphertext C=PRC4(v,k)

WLAN Security10 WEP 5 AB: v,C C=PRC4(v,k) = RC4(v,k)

WLAN Security11 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

WLAN Security12 Intercepting Traffic Open Radio Waves 2.4 GHz Significant time and equipment costs Modifying WLAN hardware Firmware upgrade

WLAN Security13 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

WLAN Security14 Keystream reuse 1 Same keystream portion is used to encrypt C 1 and C 2 C 1 C 2 =P 1 P 2 Partial knowledge of some plaintexts Known headers Languages

WLAN Security15 Keystream reuse 2 k is rarely changed WLAN uses per packet IV IV reuse means keystream reuse IV reuse is easy to detect PCMCIA cards set IV to 0 on reset and increment after each packet

WLAN Security16 Keystream reuse 3 24-bit IV Random IV Birthday paradox Per packet IV is recommended by standard 5Mbps, 24-bit IV space is exhausted in less than half a day

WLAN Security17 Exploiting keystream reuse Known headers Plaintext can be “chosen” Building up TCP connection from a known IP address Sending , and waiting for the user to check it over WLAN

WLAN Security18 Decryption Dictionaries IV reuse Plaintexts are learned Keystream segment is also learned Full table: 1500 bytes for 2^24 IVs 24 GB Starting from low IVs Fast and easy decryption

WLAN Security19 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

WLAN Security20 Key Management Not specified by standard Globally shared array of 4 keys Message contains key ID Practice: one key is used in the entire network Same IV from different users

WLAN Security21 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

WLAN Security22 Message Authentication - 1 Checksum is linear! C= RC4(v,k) M’=MD C’=C = RC4(v,k) = RC4(v,k)

WLAN Security23 Message Authentication - 2 Injection Checksum is unkeyed! Attacker learns M, C Recovers keystream Can inject any M using the same IV Receiver must accept IV reuse to be compliant

WLAN Security24 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

WLAN Security25 User Authentication Shared key authentication 128 bit random challenge Must be returned WEP encrypted Intercepting valid authentication Plaintext ciphertext pair is learned Attacker can authenticate without key!

WLAN Security26 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

WLAN Security27 Message confidentiality AP can decrypt for us Clone packets in WLAN network with different destination IP address IP checksum: problem

WLAN Security28 Conclusions Consider WLAN network “untrusted” Outside the firewall VPN (dialup) Improved key management MCL WLAN solution

WLAN Security29 Thank you for your attention!