Presentation is loading. Please wait.

Presentation is loading. Please wait.

WEP and 802.11i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "WEP and 802.11i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security."— Presentation transcript:

1 WEP and 802.11i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security

2 Papers on WEP Borisov, N., I. Goldberg, D. Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11”, Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking, July 16-21, 2001, ACM 2001 Borisov, N., I. Goldberg, D. Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11”, Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking, July 16-21, 2001, ACM 2001 Arbaugh, W.A., N. Shankar, Y.C.J. Wan, “Your 802.11 Wireless Network Has No Clothes”, http://www.cs.umd.edu/~waa/wireless.pdf, 2001 Arbaugh, W.A., N. Shankar, Y.C.J. Wan, “Your 802.11 Wireless Network Has No Clothes”, http://www.cs.umd.edu/~waa/wireless.pdf, 2001

3 What is WEP? WEP is “Wired Equivalent Privacy” or “Wireless Encryption Protocol” WEP is “Wired Equivalent Privacy” or “Wireless Encryption Protocol” It is the original wireless security protocol for the 802.11 standard. It is the original wireless security protocol for the 802.11 standard. It uses the RC4 stream cipher, using a 64-bit key consisting of: It uses the RC4 stream cipher, using a 64-bit key consisting of: A 24-bit master key A 24-bit master key A 40-bit initialization vector (IV) A 40-bit initialization vector (IV) It also employs a CRC integrity checksum. It also employs a CRC integrity checksum.

4 Main Points Borisov, et al.: Borisov, et al.: Keystream reuse Keystream reuse Key management Key management Message authentication Message authentication Shared key authentication Shared key authentication Arbaugh, et al.: Arbaugh, et al.: Proprietary access control mechanisms Proprietary access control mechanisms Shared key authentication Shared key authentication

5 Keystreams RC4 is a stream cipher RC4 is a stream cipher The key is used by a pseudo-random number generator (PRNG) to generate a keystream The key is used by a pseudo-random number generator (PRNG) to generate a keystream The keystream is XOR’ed with the plaintext and checksum to produce the ciphertext. The keystream is XOR’ed with the plaintext and checksum to produce the ciphertext. Whenever the same IV is used with the same master key, the keystream will be the same as well. Whenever the same IV is used with the same master key, the keystream will be the same as well.

6 Keystream Reuse IV’s are transmitted in the clear! IV’s are transmitted in the clear! Master keys are unlikely to be changed due to key management issues (more on this later…) Master keys are unlikely to be changed due to key management issues (more on this later…) 24 bits of IV are not sufficient to avoid collisions 24 bits of IV are not sufficient to avoid collisions If IVs are assigned randomly, collisions can be expected after 5000 packets. If IVs are assigned randomly, collisions can be expected after 5000 packets. If IVs are assigned sequentially, collisions are inevitable if cards are re-initialized. If IVs are assigned sequentially, collisions are inevitable if cards are re-initialized.

7 Recovering Plaintext Plaintexts can often be disentangled from each other. If not, it is easy to get a known plaintext Send an e-mail to a user on a wireless device, then sniff for it! Decryption dictionaries can be built

8 Key Management WEP does not include any key management protocols! WEP does not include any key management protocols! Master keys could be one of four globally shared keys Master keys could be one of four globally shared keys They could also be stored in an array specifying a separate key for each device (not widely used) They could also be stored in an array specifying a separate key for each device (not widely used) Key must be updated manually Key must be updated manually Often, one key is relied on Often, one key is relied on

9 Message Authentication Message modification: Message modification: The checksum can be modified to reflect any changes in the ciphertext The checksum can be modified to reflect any changes in the ciphertext Message injection: Message injection: Any attacker who derives the plaintext also derives the keystream! Any attacker who derives the plaintext also derives the keystream! Message rerouting: Message rerouting: The server authenticates the client, but not vice versa. The server authenticates the client, but not vice versa.

10 User Authentication WEP uses a “Shared Key Authentication” protocol to authenticate stations WEP uses a “Shared Key Authentication” protocol to authenticate stations Initiator requests shared key authentication Initiator requests shared key authentication Responder sends initiator random challenge text Responder sends initiator random challenge text Initiator sends responder encrypted challenge text Initiator sends responder encrypted challenge text Responder signals successful completion of protocol Responder signals successful completion of protocol This is supposed to prove that the initiator knows the correct key This is supposed to prove that the initiator knows the correct key However, if a keystream is known, no key is necessary, so anybody can authenticate! However, if a keystream is known, no key is necessary, so anybody can authenticate!

11 Proprietary Access Control Mechanisms Lucent closed networks: use SSID as shared secret Lucent closed networks: use SSID as shared secret Other vendors use MAC addresses Other vendors use MAC addresses Both appear in various management frames in the clear, which is not good if they’re supposed to be secret! Both appear in various management frames in the clear, which is not good if they’re supposed to be secret! Vendor key management solutions are unknown, but do not appear to be very good. Vendor key management solutions are unknown, but do not appear to be very good.

12 Problems with RC4 It has been known for a while that RC4 has weak keys It has been known for a while that RC4 has weak keys 1 out of every 256 1 out of every 256 These keys can be avoided These keys can be avoided It was discovered recently that it is easy to decrypt RC4 ciphertext if part of the key is known. It was discovered recently that it is easy to decrypt RC4 ciphertext if part of the key is known. Since WEP IVs are transmitted in the clear, that means… Since WEP IVs are transmitted in the clear, that means…

13 Who Weeps for WEP? R.I.P. WEP

14 Now What? IEEE is working on 802.11i to address these issues, and it should be completed shortly. IEEE is working on 802.11i to address these issues, and it should be completed shortly. In the meantime, the Wi-Fi Alliance has released WPA (Wi-Fi Protected Access) In the meantime, the Wi-Fi Alliance has released WPA (Wi-Fi Protected Access) Intended as a stopgap measure Intended as a stopgap measure Eventually, RSN (Robust Secure Networks) will be released as part of 802.11i Eventually, RSN (Robust Secure Networks) will be released as part of 802.11i

15 WPA Uses TKIP (Temporal Key Integrity Protocol) for cryptography and authentication Uses TKIP (Temporal Key Integrity Protocol) for cryptography and authentication Still uses RC4 Still uses RC4 Several WEP flaws have been corrected, but not permanently Several WEP flaws have been corrected, but not permanently Key management is improved Key management is improved Uses 802.1x (EAP) for authentication Uses 802.1x (EAP) for authentication Adds MIC (Message integrity check) and frame counter Adds MIC (Message integrity check) and frame counter Two modes: PSK and Enterprise Two modes: PSK and Enterprise PSK (Pre-Shared Key) suffers from similar key-management difficulties to WEP PSK (Pre-Shared Key) suffers from similar key-management difficulties to WEP Enterprise Mode requires a RADIUS server Enterprise Mode requires a RADIUS server

16 RSN Uses CCMP for cryptography Uses CCMP for cryptography Based on CCM mode of AES Based on CCM mode of AES TKIP also supported if necessary TKIP also supported if necessary Uses 802.1x for authentication and key management Uses 802.1x for authentication and key management

17 Boeing: A Case Study Two Boeing employees evaluated WPA Two Boeing employees evaluated WPA Good points Good points Bad points Bad points What they’d like to see from RSN What they’d like to see from RSN How they intend to proceed How they intend to proceed

18 Boeing: Before Wireless network was untrusted Wireless network was untrusted Outside firewall, VPN used to tunnel in Outside firewall, VPN used to tunnel in Extra layers of encryption and authentication required Extra layers of encryption and authentication required Application security required Application security required No ad-hoc networks allowed No ad-hoc networks allowed WEP used WEP used What else is there? What else is there? VPNs unsatisfactory VPNs unsatisfactory Limited availability of software, frequent restarts Limited availability of software, frequent restarts

19 Boeing: Trying out WPA Bouquets: Bouquets: Supports 802.1x and PEAP Supports 802.1x and PEAP Only software update required for APs and RADIUS server Only software update required for APs and RADIUS server Brickbats: Brickbats: No VLAN support (this was later fixed) No VLAN support (this was later fixed) Only works with Windows 2000 SP3+ and XP Only works with Windows 2000 SP3+ and XP Boeing’s own certificates often incompatible Boeing’s own certificates often incompatible Configuring APs and RADIUS server difficult Configuring APs and RADIUS server difficult

20 Boeing: State of the System Wireless devices range from laptops to palm devices to barcode scanners to sensors Wireless devices range from laptops to palm devices to barcode scanners to sensors Network architecture very fluid Network architecture very fluid Assumption of one user per computer not valid Assumption of one user per computer not valid Many devices are difficult to configure Many devices are difficult to configure

21 Boeing: What They Want Usable, secure, and affordable systems (in that order) Usable, secure, and affordable systems (in that order) Software upgrades as opposed to hardware upgrades Software upgrades as opposed to hardware upgrades Lots of authentication for users as well as devices Lots of authentication for users as well as devices Secure ad-hoc, and networks that can switch easily between ad-hoc and infrastructure Secure ad-hoc, and networks that can switch easily between ad-hoc and infrastructure

22 Boeing: Getting There from Here Likely that three virtual LANS will be running simultaneously: Likely that three virtual LANS will be running simultaneously: The original WEP/VPN The original WEP/VPN The just-implemented WPA The just-implemented WPA An eventual RSN An eventual RSN Devices will be upgraded to RSN as needed, other two VLANs will shrink through attrition Devices will be upgraded to RSN as needed, other two VLANs will shrink through attrition

23 Sources Main Papers: Main Papers: Arbaugh, W.A., N. Shankar, Y.C.J. Wan, “Your 802.11 Wireless Network Has No Clothes”, http://www.cs.umd.edu/~waa/wireless.pdf, 2001 Arbaugh, W.A., N. Shankar, Y.C.J. Wan, “Your 802.11 Wireless Network Has No Clothes”, http://www.cs.umd.edu/~waa/wireless.pdf, 2001 Borisov, N., I. Goldberg, D. Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11”, Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking, July 16-21, 2001, ACM 2001 Borisov, N., I. Goldberg, D. Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11”, Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking, July 16-21, 2001, ACM 2001 PowerPoint Presentations: PowerPoint Presentations: Whitlock, S., P. Dodd, “802.11i: The User Perspective”, NIST WLAN Security Meeting, December 4-5, 2002 Whitlock, S., P. Dodd, “802.11i: The User Perspective”, NIST WLAN Security Meeting, December 4-5, 2002 Dubrawsky, I., E. Vance, “Securing Wireless LANs”, Cisco Systems, 2002 Dubrawsky, I., E. Vance, “Securing Wireless LANs”, Cisco Systems, 2002 Other sources: Other sources: Walker, J.R., “Unsafe at Any Key Size: An Analysis of the WEP Encapsulation”, IEEE Document 802.11-00/362, Oct. 2000 Walker, J.R., “Unsafe at Any Key Size: An Analysis of the WEP Encapsulation”, IEEE Document 802.11-00/362, Oct. 2000 http://www.geek-faq.com http://www.geek-faq.com

Download ppt "WEP and 802.11i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security."

Similar presentations

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Your 802.11 Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.

16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
COMP4690, HKBU1 Security of 802.11 COMP4690: Advanced Topic.

COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Similar presentations

Ads by Google