1. Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005), 23-25 Jan. 2005, pp. 424 – 428 Reporter: Jung-wen Lo ( 駱榮問 ) Date: 2005/7/14

2. 2 Outline Introduction WEP Format & Working of 64bits RC4 WEP Encryption & Decryption Weakness in WEP Type of Attack WEP Extensions Appendix

3. 3 Introduction WEP (Wired Equivalent Privacy) 802.11 optional encryption standard Implemented in the MAC layer Relies on RC4 Provide User authentication Data privacy Data integrity

4. 4 WEP Format & Working of 64-bit RC4 ※ ICV: Integrity check value = CRC32(Plain Text)

5. 5 WEP Encryption & Decryption

6. 6 Weakness in WEP (1/2) Key management & Key size Key management is not specified in WEP One single WEP key shared between every node on the network Key size 40 bits in standard Vendors extend up to 104 bits IV (Initialization Vector) is too small Size=24 bits  16,777,216 RC4 Cipher streams If RC4 cipher stream found, attacker can decrypt packets with same IV IV starts from 0 in incremental order IV chooses randomly

7. 7 Weakness in WEP (2/2) Integrity Check Value (ICV) algorithm is not appropriate CRC32 is linear function of the message Attacker can modify an encrypted message & easily fix the ICV Weak of WEP using RC4 9000/16million weak keys Reveal in 2000 – 4000 packets  Extend WEP key to 104 bits Authentication messages can be easily forged 802.11 define two forms authentication Shared key authentication: Reduce DoS attack Open system authentication: Give better network security

8. 8 Type of Attack Passive attack Attacker collects two same key stream cipher text packets  Reveal key Active attack to insert traffic Attacker knows plaintext & cipher text pair  Generate key stream & new cipher text Active attack from both ends Attacker predicts both information & destination address  Modify address Table based attack Attacker builds a table of IVs & corresponding key stream Dictionary building attack Allows real time automated decryption of all traffic

9. 9 WEP Extensions (1/3) 802.1X Entities Supplicant (End user machine) Authentication server  Grant or deny authentication by help of authenticator Authenticator server  Compare credentials supplied by supplicant with information in its database Drawbacks No authenticity or integrity protection between access point & client

10. 10 WEP Extensions (2/3) TKIP (Temporal Key Integrity Protocol) Components MIC (Message Integrity Check)  Protect Header & Payload Packet sequencing  Employ packet sequencing number and synchronization to prevent replay attack Per packet keying  Keys have fixed lifetime and replaced frequently  Phase 1: Create intermediate key  Phase 2: Encrypt the packet sequence number by intermediate key Re-keying  Solve the problem of re-using IVs in WEP  Three key types  Temporal keys: 128-bit for encryption and 64-bit for data integrity  Key encryption keys: protect temporal keys  Master keys: secure for communication between client and AP

11. 11 WEP Extensions (3/3) 802.11i AES uses 128-bit temporal key & 48-bit IV in MIC calculation & encryption process Other alternatives VPN’s VPN client associates to an AP the establishes an authenticated encrypted session with VPN server SSL Authenticate client & server via public key cryptography

12. 12 Apendix 1 TKIP Part of a draft standard from the IEEE 802.11i working group RSN (Robust Secure Network) RSN Part of 802.11i standard Cipher Suites Code 1: WEP Code 2: TKIP Code 3: WRAP (Wireless Robust Authenticated Protocol) Code 4: CCMP (Counter mode with Cipher block chaining Message authentication code Protocol) Code 5: WEP-104

13. 13 Appendix 2 WPA (Wi-Fi Protected Access) 802.1x + TKIP EAP: Extensible Authentication Protocol