# Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

Save this PDF as:

Size: px
Start display at page:

Download "Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner"

## Transcription

1 Analysis of Security or Wired Equivalent Privacy Isn t Nikita Borisov, Ian Goldberg, and David Wagner

2 WEP Protocol Wired Equivalent Privacy Part of the Link-layer security protocol

3 Security Goals Prevent link-layer eavesdropping not end-to-end security Secondary goal: control network access Not always an explicit goal Essentially, equivalent to wired access point security

4 Open Design? An industry-driven committee (?) No apparent public review (X) Resulting standard is open ( ) but costs \$\$\$ (X) Use a well-studied cipher ( )

5 Protocol Setup LAN Access Point Shared Key Mobile Station Mobile Station Mobile Station

6 Protocol Setup Mobile station shares key with access point Each packet is encrypted with shared key + initialization vector (IV) Each packet includes an integrity check IC fails => packet rejected Optionally, reject all unencrypted packets

7 Packet Format IV RC4 encrypted Payload CRC-32 Key ID byte

8 Problem 1: Stateless Protocol Mobile stations and access points are not required to keep past state Fundamental consequence: can replay packets But IP allows for duplication anyway, right?

9 Stream Ciphers RC4 is a stream cipher Expands a key into an infinite pseudorandom keystream To encrypt, XOR keystream with plaintext Random ^ Anything = Random Encryption same as decryption

10 Example WIRELESS = C RC4( foo ) = ABCDEF 4A7D043D6FBE9C RC4( foo ) = ABCDEF WIRELESS = C XOR XOR

11 Problem 2: Linear Checksum Encrypted CRC-32 used as integrity check Fine for random errors, but not deliberate ones CRC is linear I.e. CRC(X^Y) = CRC(X)^CRC(Y) RC4(k,X^Y) = RC4(k,X)^Y Hence we can change bits in the packet

13 Can replay modified packets! Integrity check does not prevent packet modification Can maliciously flip bits in packets Modify active streams! TCP checksum: not quite linear, but can guess right about half the time Known plaintext for a single packet allows to send arbitrary traffic!

14 What about IVs? RC4 keystream should not be reused, since RC4(k,X)^RC4(k,Y) = X^Y Use initialization vector to generate different keystream for each packet by augmenting the key Key = base_key IV Include IV (plaintext) in header

15 Problem 3: IV reuse Same shared key used in both directions on some installations all stations share same key I.e. a network password Some implementations reset IV to 0 when initialized Easy to find collisions!

16 IV collision Two packets P1 and P2 with same IV C1 = P1 xor RC4(k IV) C2 = P2 xor RC4(k IV) C1 xor C2 = P1 xor P2 Known plaintext P1 gives P2, or use statistical analysis to find P1 and P2 Even easier if you have three packets!

17 Implementation bug or design flaw? What if random IVs were used? IV space 2 24 possibilities Collision after 4000 packets Rough estimate: a busy AP sends 1000 packets/sec Collision every 4s! Even with counting IV (best case), rollover every few hours

18 IV collisions, continued If we have 2 24 known plaintexts, can decrypt every packet Becomes more of a problem if stronger crypto (ie. 128-bit RC4) is deployed How to get known plaintext? IP traffic pretty predictable Authentication challenge? Send packets from outside?

19 Attack from Both Ends Access Point Packet Packet Internet Evil 1 Packet Mobile Station Evil 2

20 Problem 4: Encryption Oracle Access Points encrypts packets coming from the LAN before sending over air LAN eventually connects to Internet; attack AP from both ends Send packets from Internet with known content to a wireless node Voila! Known plaintext

21 Attack from Both Ends (2) Access Point Packet Packet Internet Evil 1 Packet Mobile Station Evil 2

22 Decryption Oracle?? Recall Problem 2: can flip bits in packets Suppose we can guess destination IP in encrypted packet Flip bits to change IP to host we control, send it to AP Tricks to adjust IP checksum AP happily forwards it to the our host Set port 80 to bypass firewalls Incorrect TCP checksum not checked until we see the packet!

23 Attack Practicality Sit outside competitor s office, use a software radio or an off the shelf wireless card! With minimal work, possible to monitor encrypted traffic Reverse engineer firmware for active attacks Economies of scale: only has to be done once!

24 Lessons Not Learned Most attacks are not new! Earlier versions of IPSEC had many similar problems (e.g. [Bel96]) Other attacks (e.g. reaction) applicable SSH (and many others) had CRC checksum problems Microsoft PPTP had RC4 directionality problems

25 Lessons to take away Protocol design is harder than it looks Can be circumvented at many points Public review is a Good Idea TM Time to develop attacks is short! Use previous work (and their failures) Put wireless network outside firewall, run VPN to inside firewall Better yet, use end-to-end encryption

### The Final Nail in WEP s Coffin

1/19 The Final Nail in WEP s Coffin Andrea Bittau 1 Mark Handley 1 Joshua Lackey 2 May 24, 2006 1 University College London. 2 Microsoft. Wired Equivalent Privacy 2/19 WEP is the 802.11 standard for encryption.

### RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

RC4 RC4 1 RC4 Invented by Ron Rivest o RC is Ron s Code or Rivest Cipher A stream cipher Generate keystream byte at a step o Efficient in software o Simple and elegant o Diffie: RC4 is too good to be true

### Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content

### Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

### How Insecure is Wireless LAN?

Page 1 of 7 How Insecure is Wireless LAN? Abstract Wireless LAN has gained popularity in the last few years due to its enormous benefits such as scalability, mobile access of the network, and reduced cost

### CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE

### TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture

### Security and Authentication for Wireless Networks

University of New Orleans ScholarWorks@UNO University of New Orleans Theses and Dissertations Dissertations and Theses 5-21-2004 Security and Authentication for 802.11 Wireless Networks Michel Getraide

### Overview of IEEE b Security

Overview of IEEE 802.11b Security Sultan Weatherspoon, Network Communications Group, Intel Corporation Index words: 802.11b, wireless, WLAN, encryption, security ABSTRACT There is much regulatory and standards

### Configuring WEP and WEP Features

CHAPTER 9 This chapter describes how to configure Wired Equivalent Privacy (WEP), Message Integrity Check (MIC), and Temporal Key Integrity Protocol (TKIP). This chapter contains these sections: Understanding

### Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Stream ciphers Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 91 Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 92 Stream Cipher Suppose you want to encrypt

### Configuring Cipher Suites and WEP

10 CHAPTER This chapter describes how to configure the cipher suites required to use WPA authenticated key management, Wired Equivalent Privacy (WEP), Temporal Key Integrity Protocol (TKIP), and broadcast

### 1 Achieving IND-CPA security

ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces

### Internet Protocol and Transmission Control Protocol

Internet Protocol and Transmission Control Protocol CMSC 414 November 13, 2017 Internet Protcol Recall: 4-bit version 4-bit hdr len 8-bit type of service 16-bit total length (bytes) 8-bit TTL 16-bit identification

### Wireless LAN Security. Gabriel Clothier

Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

### Authenticated Encryption

18733: Applied Cryptography Anupam Datta (CMU) Authenticated Encryption Online Cryptography Course Authenticated Encryption Active attacks on CPA-secure encryption Recap: the story so far Confidentiality:

### Security Setup CHAPTER

CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP

### The IPsec protocols. Overview

The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview

### Advanced Security and Mobile Networks

Advanced Security and Mobile Networks W.Buchanan (1) 9. GSM/3G Unit 7: Mobile Networks. Wireless. Security. Mobile IP. Mobile Agents. Spread spectrum. Military/Emergency Networks 8. Ad-hoc 7. Mobile Networks

### FAQ on Cisco Aironet Wireless Security

FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most

### The Security Mechanism for IEEE Wireless Networks

Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. The

### 1. Data Link Layer Protocols

1. Data Link Layer Protocols Purpose of the Data Link Layer The Data Link Layer Purpose of the Data Link Layer Data Link Sublayers Network LLC Sublayer Data Link Physical MAC Sublayer 802.3 Ethernet 802.11

### Plaintext Recovery Attacks Against WPA/TKIP

Plaintext Recovery Attacks Against WPA/TKIP Kenny Paterson, Bertram Poettering, Jacob Schuldt Royal Holloway, University of London! The 21st International Workshop on Fast Software Encryption March 4th,

### Covert channels in TCP/IP: attack and defence

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/{sjm217,

### Internetworking Lecture 10. Communications and network security

Internetworking Lecture 10 Communications and network security Communication and network security: Threat model Passive attacks: Eavesdropping, Wiretapping, Sniffing, and Traffic analysis Alice Bob Eve

### Security: Cryptography

Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity

### LOCK IT AND STILL LOSE IT ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS

LOCK IT AND STILL LOSE IT ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS FLAVIO GARCIA, DAVID OSWALD, TIMO KASPER, PIERRE PAVLIDES PRESENTED BY JACOB BEDNARD, WAYNE STATE UNIVERSITY CSC5991

### Frequently Asked Questions WPA2 Vulnerability (KRACK)

Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key

### Scribe Notes -- October 31st, 2017

Scribe Notes -- October 31st, 2017 TCP/IP Protocol Suite Most popular protocol but was designed with fault tolerance in mind, not security. Consequences of this: People realized that errors in transmission

### A Survey of a Wireless Security Threats and Security Mechanisms

Information Technology and Operations Center Department of Electrical Engineering and Computer Science United States Military Academy West Point, New York 10996 TECHNICAL REPORT ITOC-TR-2003-101 A Survey

### All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS Mathy Vanhoef and Frank Piessens, KU Leuven USENIX Security 2015 RC4 Intriguingly simple stream cipher WEP WPA-TKIP SSL / TLS PPP/MPPE And

### A Comparison of Data-Link and Network Layer Security for IEEE Networks

A Comparison of Data-Link and Network Layer Security for IEEE 802. Networks Group #8 Harold L. McCarter, Ryan Calme, Hongwu Zang, Wayne Jones INFS 62 Professor Yih-Feng Hwang July 7, 2006 Abstract This

### CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS

CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS Mohammad O. Pervaiz, Mihaela Cardei, and Jie Wu Department of Computer Science &Engineering, Florida Atlantic University 777 Glades Road, Boca Raton, Florida

### CPS2323. Symmetric Ciphers: Stream Ciphers

Symmetric Ciphers: Stream Ciphers Content Stream and Block Ciphers True Random (Stream) Generators, Perfectly Secure Ciphers and the One Time Pad Cryptographically Strong Pseudo Random Generators: Practical

### Wireless Security and Monitoring. Training materials for wireless trainers

Wireless Security and Monitoring Training materials for wireless trainers Goals to understand which security issues are important to consider when designing WiFi networks to be introduced to encryption,

### Lecture 8 - Message Authentication Codes

Lecture 8 - Message Authentication Codes Benny Applebaum, Boaz Barak October 12, 2007 Data integrity Until now we ve only been interested in protecting secrecy of data. However, in many cases what we care

### Temporal Key Integrity Protocol: TKIP. Tim Fielder University of Tulsa Tulsa, Oklahoma

Temporal Key Integrity Protocol: TKIP Tim Fielder University of Tulsa Tulsa, Oklahoma History IEEE released the first 802.11 specification back in 1997 The Wired Equivalent Privacy (WEP) authentication/encryption

### Double-DES, Triple-DES & Modes of Operation

Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES

### Initial connection setup. Adding subflow setup. Three-way handshake with MP_CAPABLE Exchange 64 bit key(key-a, Key-B)

- 2 - Despite the short history, Multipath TCP(MPTCP) prevails drastically As MPTCP was deployed, security concerns increase There have been multiple attempts at verifications to security of MPTCP Initial

### Encrypted Phone Configuration File Setup

This chapter provides information about encrypted phone configuration files setup. After you configure security-related settings, the phone configuration file contains sensitive information, such as digest

### The security of existing wireless networks

Security and Cooperation in Wireless Networks Cellular networks o o GSM UMTS WiFi LANs Bluetooth Security in Wireless Networks Wireless networks are more vulnerable to security issues: Broadcast communications

### VPN Auto Provisioning

VPN Auto Provisioning You can configure various types of IPsec VPN policies, such as site-to-site policies, including GroupVPN, and route-based policies. For specific details on the setting for these kinds

### Network Security Essentials

Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science

### A Scheme for Key Management on Alternate Temporal Key Hash

International Journal of Network Security, Vol.1, No.1, PP.8 13, July 2005 (http://isrc.nchu.edu.tw/ijns/) 8 A Scheme for Key Management on Alternate Temporal Key Hash Song-Kong Chong 1, Hsien-Chu Wu 2

### Outline. WEP privacy. Side-channel attacks. WEP shared key. WEP key size and IV size. Crypto failures, cont d

Outline CSci 5271 Introduction to Computer Security Day 21: Firewalls, NATs, and IDSes Stephen McCamant University of Minnesota, Computer Science & Engineering Side-channel attacks Timing analysis: Number

### RTP. Prof. C. Noronha RTP. Real-Time Transport Protocol RFC 1889

RTP Real-Time Transport Protocol RFC 1889 1 What is RTP? Primary objective: stream continuous media over a best-effort packet-switched network in an interoperable way. Protocol requirements: Payload Type

### Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,

Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP

### Wireless LANs. ITS 413 Internet Technologies and Applications

Wireless LANs ITS 413 Internet Technologies and Applications Aim: Aim and Contents Understand how IEEE 802.11 wireless LANs work Understand what influences the performance of wireless LANs Contents: IEEE

### 5 Tips to Fortify your Wireless Network

Article ID: 5035 5 Tips to Fortify your Wireless Network Objective Although Wi-Fi networks are convenient for you and your employees, there may be unwanted clients using up the bandwidth you pay for. In

### Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy CCS 2017, 1 October 2017

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Mathy Vanhoef @vanhoefm CCS 2017, 1 October 2017 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned 2 Overview

Wireless Networking WiFi Standards 802.11a 5GHz 54MB 802.11b 2.4 GHz 11MB 802.11g 2.4GHz 52MB 802.11n 2.4/5GHz 108MB 802.11b The 802.11b standard has a maximum raw data rate of 11 Mbit/s, and uses

### CCNA Exploration1 Chapter 7: OSI Data Link Layer

CCNA Exploration1 Chapter 7: OSI Data Link Layer LOCAL CISCO ACADEMY ELSYS TU INSTRUCTOR: STELA STEFANOVA 1 Explain the role of Data Link layer protocols in data transmission; Objectives Describe how the

### Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure

### Appendix E Wireless Networking Basics

Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical

### Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,

### ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

C 646 Lecture 7 Modes of Operation of Block Ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot,

### Distributed Queue Dual Bus

Distributed Queue Dual Bus IEEE 802.3 to 802.5 protocols are only suited for small LANs. They cannot be used for very large but non-wide area networks. IEEE 802.6 DQDB is designed for MANs It can cover

### CS 161 Computer Security

Paxson Spring 2017 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that any academic misconduct will be reported

### 06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of

ANSEL Wireless LAN Adapter 2302-wl360r User s Guide Version 1.1 08/04/2003 User s Guide 0 Copyright statement No part of this publication may be reproduced, stored in a retrieval system, or transmitted

### Securing a Wireless LAN

Securing a Wireless LAN This module describes how to apply strong wireless security mechanisms on a Cisco 800, 1800, 2800, or 3800 series integrated services router, hereafter referred to as an access

### Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,

### FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 9 Encryption and Firewalls By Whitman, Mattord & Austin 2008 Course Technology Learning Objectives Describe the role encryption

### 3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption

### When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References

### WIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK

WIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK S.DEEPTHI 1 G.MARY SWARNALATHA 2 PAPARAO NALAJALA 3 Assoc. Professor, Dept. of Electronics &Communication Engineering at Institute of Aeronautical Engineering,

### Wireless Networking Basics. Ed Crowley

Wireless Networking Basics Ed Crowley 2014 Today s Topics Wireless Networking Economic drivers and Vulnerabilities IEEE 802.11 Family WLAN Operational Modes Wired Equivalent Privacy (WEP) WPA and WPA2

### Chapter 11 The IPSec Security Architecture for the Internet Protocol

Chapter 11 The IPSec Security Architecture for the Internet Protocol IPSec Architecture Security Associations AH / ESP IKE [NetSec], WS 2008/2009 11.1 The TCP/IP Protocol Suite Application Protocol Internet

### Manual Key Configuration for Two SonicWALLs

Manual Key Configuration for Two SonicWALLs VPN between two SonicWALLs allows users to securely access files and applications at remote locations. The first step to set up a VPN between two SonicWALLs

### Cryptanalysis of ORYX

Cryptanalysis of ORYX D. Wagner 1, L. Simpson 2, E. Dawson 2, J. Kelsey 3, W. Millan 2, and B. Schneier 3 1 University of California, Berkeley daw@cs.berkeley.edu 2 Information Security Research Centre,

### Is Your Wireless Network Being Hacked?

The ITB Journal Volume 9 Issue 1 Article 5 2008 Is Your Wireless Network Being Hacked? Paul King Ivan Smyth Anthony Keane Follow this and additional works at: http://arrow.dit.ie/itbj Part of the Computer

### CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems Tunneling and VPNs CIT 480: Securing Computer Systems Slide #1 Topics 1. Tunneling 1. Encapsulation 2. Security 3. SSH 2. Virtual Private Networks 1. Site-to-site 2.

### Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

Lecture 18 Message Integrity Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422 Cryptography is the study/practice of techniques for secure communication,

### KRACKing WPA2 by Forcing Nonce Reuse. Mathy Nullcon, 2 March 2018

KRACKing WPA2 by Forcing Nonce Reuse Mathy Vanhoef @vanhoefm Nullcon, 2 March 2018 Introduction PhD Defense, July 2016: You recommend WPA2 with AES, but are you sure that s secure? Seems so! No attacks

### Cryptography and Network Security. Sixth Edition by William Stallings

Cryptography and Network Security Sixth Edition by William Stallings Chapter 20 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with

### Securing Wireless LANs with Certificate Services

1 Securing Wireless LANs with Certificate Services PHILIP HUYNH University of Colorado at Colorado Springs Abstract Wireless Local Access Network (WLAN) is used popularly in almost everywhere from the

### CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security Lecture 6 Michael J. Fischer Department of Computer Science Yale University January 27, 2010 Michael J. Fischer CPSC 467b, Lecture 6 1/36 1 Using block ciphers

1 One-Time Pad Secure communication is the act of conveying information from a sender to a receiver, while simultaneously hiding it from everyone else Secure communication is the oldest application of

### Chapter 8 Network Security. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009. Chapter 8: Network Security Chapter goals: understand principles of

### 1.4 VPN Processing Principle and Communication Method

This section contains a description of operation principle and communication method of VPN that can be constructed by SoftEther VPN. An overview of the modules and functions that was used by VPN communications.

### 1.264 Lecture 26. Security protocols. Next class: Anderson chapter 4. Exercise due before class

1.264 Lecture 26 Security protocols Next class: Anderson chapter 4. Exercise due before class 1 Encryption Encryption is the process of: Transforming information (referred to as plaintext) Using an algorithm

### Internet Security in my Crystal Ball

Steven M. Bellovin June 21, 2001 1 Florham Park, NJ 07932 AT&T Labs Research +1 973-360-8656 http://www.research.att.com/ smb Steven M. Bellovin Internet Security in my Crystal Ball security speculation

### End-to-end argument paper

End-to-end argument paper One of the most widely cited/read papers in systems - Odd because no numbers, graphs, etc. - No specific software or system, either But this paper is why we have TCP/IP! - E.g.,

### KRACKing WPA2 by Forcing Nonce Reuse. Mathy Chaos Communication Congress (CCC), 27 December 2017

KRACKing WPA2 by Forcing Nonce Reuse Mathy Vanhoef @vanhoefm Chaos Communication Congress (CCC), 27 December 2017 Introduction PhD Defense, July 2016: You recommend WPA2 with AES, but are you sure that

### Wireless LAN Controller (WLC) Mobility Groups FAQ

Wireless LAN Controller (WLC) Mobility Groups FAQ Document ID: 107188 Contents Introduction What is a Mobility Group? What are the prerequisites for a Mobility Group? How do I configure a Mobility Group

### SuxNet - Implementation of Secure Authentication for WLAN

Blekinge Institute of Technology Research Report No 2003:03 SuxNet - Implementation of Secure Authentication for WLAN Björn Mårtensson Stefan Chevul Håkan Järnliden Henric Johnson Arne Nilsson Editor:

### Request for Comments: 2420 Category: Standards Track September The PPP Triple-DES Encryption Protocol (3DESE)

Network Working Group H. Kummert Request for Comments: 2420 Nentec GmbH Category: Standards Track September 1998 Status of this Memo The PPP Triple-DES Encryption Protocol (3DESE) This document specifies

### Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content

### WLAN PCMCIA Card. Quick Setup Guide WLC3010

WLAN PCMCIA Card Quick Setup Guide WLC3010 This Quick Set-Up Guide only provides you with the basic instructions for setting up these wireless adaptors on your computer. A complete User Manual that includes

### Internet Control Message Protocol

Internet Control Message Protocol The Internet Control Message Protocol is used by routers and hosts to exchange control information, and to inquire about the state and configuration of routers and hosts.

### Enhancing Security of Improved RC4 Stream Cipher by Converting into Product Cipher

Enhancing Security of Improved RC4 Stream Cipher by Converting into Product Cipher Nishith Sinha Mallika Chawda Kishore Bhamidipati Assistant Professor ABSTRACT RC4 is one of the most widely used stream

### 0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple

### Introduction to Computer Security

Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 9 1 Announcements Assignment 1 Graded (out of 100) Max: 95 Min: 50 Mean: 77.33

### KRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018

KRACKing WPA2 in Practice Using Key Reinstallation Attacks Mathy Vanhoef @vanhoefm BlueHat IL, 24 January 2018 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned

### CSC 574 Computer and Network Security. TCP/IP Security

CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network

### Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer

ISO/OSI Model SSL: Security at Transport Layer Application Layer Peer-to-peer Application Layer Network Security Assurance Presentation Layer Session Layer Transport Layer Presentation Layer Session Layer

### Authenticated Encryption in SSH: Provably Fixing the SSH Binary Packet Protocol

Authenticated Encryption in SSH: Provably Fixing the SSH Binary Packet Protocol Mihir Bellare UC San Diego mihir@cs.ucsd.edu Tadayoshi Kohno UC San Diego tkohno@cs.ucsd.edu Chanathip Namprempre Thammasat