Wireless security & privacy

Authors: M. Borsc and H. ShindeSource: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005), 23-25 Jan. 2005, pp. 424 – 428Reporter: Jung-wen Lo (駱榮問 )Date: 2005/7/14

2

Outline

Introduction WEP Format & Working of 64bits RC4 WEP Encryption & Decryption Weakness in WEP Type of Attack WEP Extensions Appendix

3

Introduction

WEP (Wired Equivalent Privacy) 802.11 optional encryption standard Implemented in the MAC layer Relies on RC4 Provide

User authentication Data privacy Data integrity

4

WEP Format & Working of 64-bit RC4

※ICV: Integrity check value = CRC32(Plain Text)

5

WEP Encryption & Decryption

6

Weakness in WEP (1/2)

Key management & Key size Key management is not specified in WEP

One single WEP key shared between every node on the network

Key size 40 bits in standard Vendors extend up to 104 bits

IV (Initialization Vector) is too small Size=24 bits 16,777,216 RC4 Cipher streams If RC4 cipher stream found, attacker can decrypt packets

with same IV IV starts from 0 in incremental order IV chooses randomly

7

Weakness in WEP (2/2)

Integrity Check Value (ICV) algorithm is not appropriate CRC32 is linear function of the message

Attacker can modify an encrypted message & easily fix the ICV

Weak of WEP using RC4 9000/16million weak keys Reveal in 2000 – 4000 packets Extend WEP key to 1

04 bits Authentication messages can be easily forged

802.11 define two forms authentication Shared key authentication: Reduce DoS attack Open system authentication: Give better network security

8

Type of Attack

Passive attack Attacker collects two same key stream cipher text packets

Reveal key Active attack to insert traffic

Attacker knows plaintext & cipher text pair Generate key stream & new cipher text

Active attack from both ends Attacker predicts both information & destination address

Modify address Table based attack

Attacker builds a table of IVs & corresponding key stream Dictionary building attack

Allows real time automated decryption of all traffic

9

WEP Extensions (1/3)

802.1X Entities

Supplicant (End user machine) Authentication server

Grant or deny authentication by help of authenticator Authenticator server

Compare credentials supplied by supplicant with information in its database

Drawbacks No authenticity or integrity protection between access

point & client

10

WEP Extensions (2/3) TKIP (Temporal Key Integrity Protocol)

Components MIC (Message Integrity Check)

Protect Header & Payload Packet sequencing

Employ packet sequencing number and synchronization to prevent replay attack

Per packet keying Keys have fixed lifetime and replaced frequently

Phase 1: Create intermediate key Phase 2: Encrypt the packet sequence number by intermediate key

Re-keying Solve the problem of re-using IVs in WEP Three key types

Temporal keys: 128-bit for encryption and 64-bit for data integrity Key encryption keys: protect temporal keys Master keys: secure for communication between client and AP

11

WEP Extensions (3/3)

802.11i AES uses 128-bit temporal key & 48-bit IV in MIC

calculation & encryption process Other alternatives

VPN’s VPN client associates to an AP the establishes an aut

henticated encrypted session with VPN server SSL

Authenticate client & server via public key cryptography

12

Apendix 1

TKIP Part of a draft standard from the IEEE 802.11i working

group

RSN (Robust Secure Network) Part of 802.11i standard Cipher Suites

Code 1: WEP Code 2: TKIP Code 3: WRAP (Wireless Robust Authenticated Protocol) Code 4: CCMP (Counter mode with Cipher block chaining

Message authentication code Protocol) Code 5: WEP-104

13

Appendix 2

WPA (Wi-Fi Protected Access) 802.1x + TKIP EAP: Extensible Authentication Protocol