Overview of Security

Similar documents
Chapter 4 WIRELESS LAN

Wireless Security Security problems in Wireless Networks

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

05 - WLAN Encryption and Data Integrity Protocols

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Security in IEEE Networks

Analyzing Wireless Security in Columbia, Missouri

Overview of IEEE b Security

CS 393/682 Network Security

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

How Insecure is Wireless LAN?

Wireless Attacks and Countermeasures

Stream Ciphers. Stream Ciphers 1

The Final Nail in WEP s Coffin

Security in Data Link Protocols

CE Advanced Network Security Wireless Security

Security and Authentication for Wireless Networks

5 Tips to Fortify your Wireless Network

Wireless LAN Security (RM12/2002)

Wireless Network Security Spring 2015

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

How crypto fails in practice? CSS, WEP, MIFARE classic. *Slides borrowed from Vitaly Shmatikov

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

Wireless Network Security

What is Eavedropping?

Wireless technology Principles of Security

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

A Scheme for Key Management on Alternate Temporal Key Hash

Wireless Network Security Spring 2016

COSC4377. Chapter 8 roadmap

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

Physical and Link Layer Attacks

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Wireless Network Defensive Strategies

Chapter 24 Wireless Network Security

HACKING & INFORMATION SECURITY Presents: - With TechNext

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

Security in Data Link Protocols

FAQ on Cisco Aironet Wireless Security

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Wireless Network Security Spring 2011

EEC-682/782 Computer Networks I

WPA Migration Mode: WEP is back to haunt you

Network Encryption 3 4/20/17

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security

Securing Your Wireless LAN

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Lecture 1 Applied Cryptography (Part 1)

Wireless Networked Systems

A Light Weight Enhancement to RC4 Based Security for Resource Constrained Wireless Devices

Advanced Security and Mobile Networks

CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Wireless Network Security

Content of this part

Full Plaintext Recovery Attack on Broadcast RC4

Distributed Systems. Lecture 14: Security. 5 March,

LESSON 12: WI FI NETWORKS SECURITY

A Light Weight Enhancement to RC4 Based

Security Setup CHAPTER

Security of WiFi networks MARCIN TUNIA

Summary on Crypto Primitives and Protocols

Introduction to Software Security Hash Functions (Chapter 5)

S. Erfani, ECE Dept., University of Windsor Network Security

Wireless Networking Basics. Ed Crowley

Securing a Wireless LAN

BreezeACCESS VL Security

CSE 713: Wireless Networks Security Principles and Practices

Cryptanalysis. Ed Crowley

An Efficient Stream Cipher Using Variable Sizes of Key-Streams

Chapter 5 Local Area Networks. Computer Concepts 2013

Cryptography ThreeB. Ed Crowley. Fall 08

WarDriving. related fixed line attacks war dialing port scanning

Wireless Security i. Lars Strand lars (at) unik no June 2004

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

WLAN Security. รศ. ดร. อน นต ผลเพ ม Asso. Prof. Anan Phonphoem, Ph.D.

Security Requirements

Stream Ciphers - RC4. F. Sozzani, G. Bertoni, L. Breveglieri. Foundations of Cryptography - RC4 pp. 1 / 16

From wired internet to ubiquitous wireless internet

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Wireless Router at Home

Viewing Status and Statistics

Configuring Cipher Suites and WEP

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

A Survey of a Wireless Security Threats and Security Mechanisms

Chapter 8 Network Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Double-DES, Triple-DES & Modes of Operation

Transcription:

Overview of 802.11 Security Bingdong Li Present for CPE 601 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 1

Agenda Introduction 802.11 Basic Security Mechanisms What s Wrong? Major Risks Recommendations Improving in Progress 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 2

Introduction The nodes transmit over the air and hence anyone within the radio range can eavesdrop on the communication. Conventional security measures that apply to a wired network do not work in this case. The 802.11 security is notorious now, Walker (Oct 2000), Borisov et. al. (Jan 2001), Fluhrer-Mantin - Shamir (Aug 2001). 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 3

Agenda Introduction 802.11 Basic Security Mechanisms What s Wrong? Major Risks Recommendations Improving in Progress 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 4

802.11 Basic Security Mechanisms Service Set Identifier (SSID) MAC Address filtering A data encapsulation technique called Wired Equivalent Privacy (WEP) An authentication algorithm called Shared Key Authentication 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 5

Service Set Identifier (SSID) AP periodically broadcasts SSID in a beacon. Use of SSID weak form of security as beacon management frames on 802.11 WLAN are always sent in the clear. A hacker can use analysis tools (eg. AirMagnet, Netstumbler, AiroPeek) to identify SSID. Some vendors use default SSIDs which are pretty well known (eg. CISCO uses tsunami) 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 6

MAC Address Filtering The system administrator can specify a list of MAC addresses that can communicate through an access point. Advantage : Provides a little stronger security than SSID Disadvantages : Increases Administrative overhead Reduces Scalability Determined hackers can still break it 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 7

WEP Overview WEP relies on a shared key K between communicating parties 1. Checksum: For a message M, we calculate c(m). The plaintext is P={M,c(M)} 2. Encryption: The plaintext is encrypted using RC4. RC4 requires an initialization vector (IV) v, and the key K. Output is a stream of bits called the keystream. Encryption is XOR with P. 3. Transmission: The IV and the ciphertext C are transmitted. Message CRC v RC4(v,K) Ciphertext Transmit 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 8

WEP Encapsulation 802.11 Hdr Data Encapsulate Decapsulate 802.11 Hdr IV Data ICV WEP Encapsulation Summary: Encryption Algorithm = RC4 Per-packet encryption key = 24-bit IV concatenated to a pre-shared key WEP allows IV to be reused with any frame Data integrity provided by CRC-32 of the plaintext data (the ICV ) Data and ICV are encrypted under the per-packet encryption key 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 9

WEP Authentication AP Shared secret distributed out of band Response (Nonce RC4 encrypted under shared key) Challenge (Nonce) Decrypted nonce OK? 802.11 Authentication Summary: Authentication key distributed out-of-band Access Point generates a randomly generated challenge Station encrypts challenge using pre-shared secret 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 10

Agenda Introduction 802.11 Basic Security Mechanisms What s Wrong? Major Risks Recommendations Improving in Progress 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 11

So What s Wrong? Properties of Vernam Ciphers How to read WEP Encrypted Traffic How to authentication without the key Traffic modification Lessons Requirements for a networked data encapsulation scheme 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 12

Properties of Vernam Ciphers (1) The WEP encryption algorithm RC4 is a Vernam Cipher: Encryption Key K Pseudo-random number generator Random byte b Plaintext data byte p Ciphertext data byte p Decryption works the same way: p = c b 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 13

Properties of Vernam Ciphers (2) Vernam-style stream ciphers are susceptible to attacks when same IV and key are reused: C P RC4(v, K) C C 1 2 1 1 P 2 C 2 RC4(v, K) P P 1 1 RC4(v, K) P P 2 Particularly weak to known plaintext attack: If P 1 is known, then P 2 is easy to find (as is RC4). This might occur when contextual information gives P 1 (e.g. applicationlevel or network-level information reveals information) Even so, there are techniques to recover P 1 and P 2 when just (P 1 XOR P 2 ) is known (frequency analysis, crib dragging) Example, look for two texts that XOR to same value 2 RC4(v, K) 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 14

How to Read WEP Encrypted Traffic (1) 802.11 Hdr IV Data ICV 24 luxurious bits Encrypted under Key +IV using a Vernam Cipher By the Birthday Paradox, probability P n two packets will share same IV after n packets is P 2 = 1/2 24 after two frames and P n = P n 1 + (n 1)(1 P n 1 )/ 2 24 for n > 2. 50% chance of a collision exists already after only 4823 packets!!! Pattern recognition can disentangle the XOR d recovered plaintext. Recovered ICV can tell you when you ve disentangled plaintext correctly. After only a few hours of observation, you can recover all 2 24 key streams 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 15

How to Read WEP Encrypted Traffic (2) Ways to accelerate the process: Send spam into the network: no pattern recognition required! Get the victim to send e-mail to you The AP creates the plaintext for you! Decrypt packets from one Station to another via an Access Point If you know the plaintext on one leg of the journey, you can recover the key stream immediately on the other Etc., etc., etc. 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 16

How to Authenticate without the Key STA AP Response (Nonce RC4 encrypted under shared key) Challenge (Nonce) Decrypted nonce OK? With our background, an easy attack is obvious: Record one challenge/response with a sniffer Use the challenge to decrypt the response and recover the key stream Use the recovered key stream to encrypt any subsequent challenge 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 17

Traffic Modification (1) Vernam cipher thought experiment 2: how hard is it to change a genuine packet s data, so ICV won t detect the change? Represent an n-bit plaintext as an n-th degree polynomial: p = p n x n + p n 1 x n 1 + + p 0 x 0 (each p i = 0 or 1) Then the plaintext with ICV can be represented as : px 32 + ICV(p) = p n x n+32 + p n 1 x n 31 + + p 0 x 32 + ICV(p) If the n+32 bit RC4 key stream used to encrypt the body is represented by the n+32 nd degree polynomial b, then the encrypted message body is px 32 + ICV(p) + b 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 18

Traffic Modification (2) But the ICV is linear, meaning for any polynomials p and q IVC(p+q) = ICV(p) + ICV(q) This means that if q is an arbitrary nth degree polynomial, i.e., an arbitrary change in the underlying message data: (p+q)x 32 + ICV(p+q) + b = px 32 + qx 32 + ICV(p) + ICV(q) + b = ((px 32 + ICV(p)) + b) + (qx 32 + ICV(q)) Conclusion: Anyone can alter an WEP encapsulated packet in arbitrary ways without detection (Spoofing and Injection). 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 19

Lessons Data encryption by itself offers no protection from attack It s access control, stupid there is no meaningful privacy if the data authenticity problem is not solved It is profoundly easy to mis-use a cipher don t try this at home Get any cryptographic scheme reviewed by professionals 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 20

Agenda Introduction 802.11 Basic Security Mechanisms What s Wrong? Major Risks Recommendations Improving in Progress 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 21

Major Risks Unauthorized Use of Service Insertion Attacks (Intrusions!) Interception and monitoring wireless traffic Misconfiguration Jamming Client to Client Attacks (Intrusions also!) 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 22

Agenda Introduction 802.11 Basic Security Mechanisms What s Wrong? Major Risks Recommendations Improving in Progress 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 23

Strengthen WLAN security Recommendations Wireless LAN related Configuration Enable WEP, use 128bit key* Using the encryption technologies Disable SSID Broadcasts Change default Access Point Name Choose complex admin password Apply Filtering Use MAC (hardware) address to restrict access The Use of 802.1x Enable firewall function 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 24

Agenda Introduction 802.11 Basic Security Mechanisms What s Wrong? Major Risks Recommendations Improving in Progress 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 25

Improving IEEE 802.11i: Enhanced security (2004) to enhance the MAC layer IEEE 802.11w: (or known as TGw) Protected Management Frames (2009) to protect management and broadcast frames. 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback