Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC-682 Advanced Computer Security

Published byLeo Carson Modified over 8 years ago

Similar presentations

Presentation on theme: "CSC-682 Advanced Computer Security"— Presentation transcript:

1 CSC-682 Advanced Computer Security
Attacks on wireless networks using WEP encryption presented by : Pompi Rotaru

2 Wireless technology IEEE a/b/g/n is the set of standards for W-LAN Wireless technology has been on the rise in recent years An individual can sit outside the building and connect to an unprotected wireless network Preserving privacy and integrity of wireless communications becomes an important objective of the network security team Basic service set : infrastructure mode independent (ad-hoc) mode

3 WEP Wired Equivalent Privacy (WEP) is most common mechanism for protection Encryption with 40-bit key (aka “64-bit encryption”) Encryption with 104-bit key (aka "128-bit encryption“) Uses as the most common encryption algorithm the RC4 algorithm.

4 History of WEP 1997 Release of the first final version of IEEE 802.11
2001 WEP broken by Fluhrer, Mantin, and Shamir 2004 WEP broken again by KoreK 2005 WEP broken again by KoreK again (chopchop attack) 2005 WEP broken again by Bittau, fragmentation attack 2007 WEP broken again by Pyshkin, Tews, Weinmann, with the help of Klein

5 RC4 algorithm description
Stream cipher designed by Ron Rivest in 1987 It works as a variable key-size stream cipher with byte- oriented operations Key Scheduling Algorithm (KSA) - which turns a random key into a permutation by scrambling the bits Pseudo-Random Generator Algorithm (PRGA) – using swap operations for the previously permutation it generates pseudo- random numbers X = RC4(K)

6 How WEP encryption works
A 3 bytes initialization vector (IV) is chosen A key stream X = RC4(K) is generated from secret key K A 32 bit long checksum called Integrity Check Value (ICV) is appended to the message to protect the integrity The resulting plain text is encrypted making an XOR operation with the generated key stream The unencrypted IV and the cipher-text are sent over the air

7

8

9 Types of WEP attacks Depending on key without recovering the WEP key
recovering the key Depending on communication static (no communication with AP) dynamic (involves communication with AP)

10 General steps for attack
Setup equipment (laptop, directional antenna) Find the target (airdump-ng, Kismet, NetStumbler) Capture data from air (airmon-ng, airodump-ng) Wait or make the target network busy (aireplay-ng) Start cracking from captured data (aircrack-ng)

11 The brute force / dictionary attack
“Power” of the WEP relies in the difficulty of discovery of the secret key through a brute-force attack “Dictionary attack” uses dictionary of keys, not all possible keys Such attack requires less then a month for all keys Steps : capture 2 WEP encrypted packets try to decrypt it using the captured IV and a potential key verify decrypted ICV (the CRC) (optional) verify the key on the 2nd packet

12 The FMS attack 2001 - Scott Fluhrer, Itsik Mantin and Adi Shamir
Static - with key recovery RC4 weaknesses : The “Invariance Weakness” - existence of large classes of weak keys The “IV Weakness” – using IV attacker can rederive the secret part by analyzing the initial word Finding the key → use key-output correlation = propagation of a weak key pattern into the outputs combined with biased distribution of bits in English text Decision tree Requires 9 millions packets (listen to traffic for 1…2 hours)

13 The KoreK attack Static - with key recovery
2004 – internet hacker KoreK Static - with key recovery Does not need weak IV Uses 16 additional correlations between the first 1 byte of an RC4 key, the first 2 bytes of the generated key stream, and the next keybyte Same decision-tree based approach same as FMS attack Requires packets

14 The KoreK chop-chop attack
2005 – same KoreK Does not recover the key, it just reveals the message Exploits an ICV vulnerability Process of truncation of packets while keeping them still valid Steps : capture one packet truncate the last byte and try to guess one “value” for plaintext correct the checksum and send packet to AP if guess is correct the AP will reply repeat until all bytes are decrypted

15 The Bittau attack 2005 - Andrea Bittau, Mark Handley and Joshua Lackey
Fragmentation : Possible to send multiple fragments (16) using the same key stream Each packet is encrypted independently at MAC layer Steps: listen to traffic, eavesdrop one packet then recover 8 bytes of key stream prepend an IP header to the eavesdropped packet and send to AP AP will sent the clear text to a controlled internet host Fragmentation is used to break ’s cryptography

16 The PTW attack Andrei Pyshkin, Erik Tews & Ralf-Philipp Weinmann They found a “multibyte correlation” between the first l bytes of an RC4 key, the generated keystream, and the next i bytes of the key. Steps : captures packets and recovers their keystreams (FMS, KoreK) evaluate the multibyte correlation function (Klein) create decision tree for key and start voting (Rk[0], Rk[1], Rk[2]…) Requires … packets Less then 60 seconds to crack a 104 bit WEP key

17 Protecting WEP Increase the number of bytes used for encryption (“protects” against FMS attack) Remove the weak IV - keystream re-use vulnerabilities Prevent key re-use Extensible Authentication Protocol (EAP) – change often the WEP-key (not enough against Bittau attack) Deploy Intrusion Detection Systems (IDS) to protect against injected traffic (really protects against PTW attack) Companies sell hardware using modified versions of the WEP protocol claiming to be secure

18 Conclusions WEP has a long history of vulnerabilities and “fixes”
WEP is a good example of how attacks evolve and mature over time Attacks that a few years ago took days, now take minutes if the right tools are used 2005 WEP is officially declared deprecated by IEEE committee 2008 WEP used by 30% of users in a US university Today – too many old networks, some using WEP WEP must be abandoned once and for all, rather than patch it yet again !!!

19 Bibliography http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf

Download ppt "CSC-682 Advanced Computer Security"

Similar presentations

Your 802.11 Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Wireless Security David Wagner University of California, Berkeley.

Wireless Security David Wagner University of California, Berkeley.
Wireless Privacy: Analysis of 802.11 Security Nikita Borisov UC Berkeley

Wireless Privacy: Analysis of Security Nikita Borisov UC Berkeley
Chalmers University of Technology Wireless security Breaking WEP and WPA.

Chalmers University of Technology Wireless security Breaking WEP and WPA.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.

The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.
Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.

Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Wireless Network Security Issues By Advait Kothare SJSU CS265 Fall 2004.

Wireless Network Security Issues By Advait Kothare SJSU CS265 Fall 2004.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.

RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.

Similar presentations

Ads by Google