Presentation is loading. Please wait.

Presentation is loading. Please wait.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Published byFay McCoy Modified over 8 years ago

Similar presentations

Presentation on theme: "COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal."— Presentation transcript:

1 COEN 350 Mobile Security

2 Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal computer crime statute, Title 18 U.S.C. 1030, Crime to knowingly access a computer used in interstate or foreign communication "without authorization" and obtain any information from the computer. Crime to access a computer without authorization with "intent to defraud" to obtain "anything of value." But not if "the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $ 5,000 in any 1-year period."

3 Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. Mobile computing needs to preserve battery power. Calculations cost more on a mobile platform.

4 Wireless Security Knowing the Threat Targets of opportunity Goal is Internet access. Easy pickings. Targeted attacks Needs an asset valuable enough. Internal attackers Can open an unintentional security hole

5 IEEE 802.11 Wired Equivalent Privacy (WEP) Protocol Based on a shared secret k. Distributed out of band. Uses CRC for internal integrity protection. Uses RC4 to encrypt network traffic.

6 WEP Protocol

7 Confidentiality Original packet is first check-summed. Checksum and data form the payload. Transmitting device creates a 24-bit random initialization vector IV. IV and shared key are used to encrypt with RC4

8 WEP Protocol Authentication Station associating with access point needs to authenticate itself. Both exchange the type of authentication that is accepted. Open: Just identification between station and AP Shared Secret: Participants send nonces to each other, encrypt the nonce using WEP (and the shared secret key), and verify the other’s response.

9 WEP has no key management Everyone allowed to have access to a wireless network has the same key. Anyone with the key can read ALL traffic.

10 RC4 RC4 uses the key and the IV to produce a stream of pseudo-random bytes. Calculates cipher text from plaintext by XORing the pseudo-random stream with the plain-text.

11 RC4

12 Attacks on RC4 Dictionary Attack Build database: 2 24 different IVs Build a database of 2 24 streams of MTU bytes (2,312 B) for each different IV. Takes < 40 GB storage. XOR two entries with the same IV. Result are the two plaintexts XORed. Natural language text has enough redundancy to decrypt the XOR of two text streams.

13 Attacks on RC4 Dictionary Attack Many packages can be completely or partially guessed. XORing guessed plaintext and captured cipher gives pseudo-random byte stream for a given IV. Some implementations reset IVs poorly. This simplifies dictionary attacks.

14 Attacks on RC4 Injection Attack Attacker creates packets on the wireless connection. Attacker XORs plaintext and cipher. Builds Pseudo-Random Stream database indexed by IV.

15 RC4 Fluhrer, Mantin, Shamir Attack First few bits of several thousand messages reveals key. Based on an analysis of the RC4 code. Originally kept secret, but later leaked on the internet.

16 RC4 Fluhrer, Mantin, Shamir Attack Key Scheduling Algorithm Sets up RC4 state array S S is a permutation of 0, 1, … 255 Output generator uses S to create a pseudo-random sequence. First byte of output is given by S[S[1]+S[S[1]]]. First byte depends on {S[1], S[S[1], S[S[1]+S[S[1]]}

17 RC4 Fluhrer, Mantin, Shamir Attack Key Scheduling Algorithm First byte of plain text package is part of the SNAP header 0xAA for IP and ARP packages 0xFF or 0xE0 for IPX Guessing the first byte is trivial Some IVs are vulnerable: “resolved” (KeyByte+3, 0xFF, *) Plus some more Easy to test whether an IV is vulnerable. Search for vulnerable IVs. They leak key bytes probabilistically. Large number of packets does it.

18 RC4 Fluhrer, Mantin, Shamir Attack Optimization needs about 5,000,000 to 1,000,000 packages. Counter-measures: Change key frequently. Change IV counters to avoid bad IVs.

19 WEP Message Modification WEP uses CRC code to ascertain integrity of messages. CRC code is linear: CRC(x  y) = CRC(x)  CRC(y). Attacker knows plaintext M and desired modification  for target plaintext M’ = M  . Attacker want to substitute X = P  (M,CRC(M)) for P  (M’,CRC(M’)). Attacker sends X  ( ,CRC(  )) = P  (M,CRC(M))  ( ,CRC(  )) = P  (M’,CRC(M’))

20 Wireless Insecurity Problems WiFi card software allows users to change the MAC address.

21 Wireless Security Casual user, low yield traffic WEP is good enough. Enterprise, Commercial Combine WEP with higher order security SSH VPN IPSec

22 Protocol Layers WEP Privacy only. Very elementary security. WPA Temporal Key Exchange Protocol Fixes WEP that scrambles keys between packages and adds a secure message check. AES: Advanced Encryption Standard 802.11i Military grade encryption, replaces DES 802.1X General purpose and extensible framework for authentication users and generating / distributing keys. Simple Secure Network (SSN) Recipe for authentication based on 802.1X

Download ppt "COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal."

Similar presentations

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Your 802.11 Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Security flaws of the WEP-Protocol by Bastian Sopora, Seminar Computer Security 2006.

Security flaws of the WEP-Protocol by Bastian Sopora, Seminar Computer Security 2006.
16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.

16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.
Wireless Privacy: Analysis of 802.11 Security Nikita Borisov UC Berkeley

Wireless Privacy: Analysis of Security Nikita Borisov UC Berkeley
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
COMP4690, HKBU1 Security of 802.11 COMP4690: Advanced Topic.

COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.

Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Similar presentations

Ads by Google