Doc.: IEEE 802.11-10/0899r2 Submission July2010 Dan Harkins, Aruba NetworksSlide 1 Secure PSK Authentication Date: 2010-07-14 Authors:

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Advertisements

Doc.: IEEE /1263r0 Submission November 2008 Dan Harkins, Aruba NetworksSlide 1 A Modest Proposal…. Date: Authors:
Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Secure Pre-Shared Key Authentication for IKE
Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.: IEEE /0877r0 Submission June WG Slide 1 TGs response to CN NB comments Date: Authors:
Password Cracking Lesson 10. Why crack passwords?
Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: Authors:
1 MD5 Cracking One way hash. Used in online passwords and file verification.
Time Passes, Security Changes… Christian Huitema Monday, August 1, 2005 IETF, Application Area Meeting.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Insecurity.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Doc.: IEEE /0508r0 Submission May 2007 Matthew Gast, Trapeze NetworksSlide 1 EAP Method Requirements for Emergency Services Notice: This document.
Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.
Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
WEP Protocol Weaknesses and Vulnerabilities
Doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Wireless Networking & Security Greg Stabler Spencer Smith.
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
Doc.: IEEE r0 Submission July 2011 Dan Harkins, Aruba NetworksSlide 1 Prohibiting Technology Date: Authors:
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
Submission doc.: IEEE /1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 1 Opportunistic Wireless Encryption Date:
Doc.: IEEE /1077r0 Submission September 2010 Dan Harkins, Aruba NetworksSlide 1 Galois/Counter Mode (GCM) Date: Authors:
Distributed WPA Cracking CSCI Distributed Systems Spring 2011 University of Colorado Rodney Beede Ryan Kroiss Arpit Sud
Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 1 Enhanced Security Date: Authors:
Doc.: IEEE /211r0-Michael-Attacks-And-Countermeasures Submission March 2003 Dan Harkins, Trapeze Networks.Slide 1 Attacks against Michael and.
How To Not Make a Secure Protocol WEP Dan Petro.
Doc.: IEEE /0057r0 Submission January 2010 Dan Harkins, Aruba NetworksSlide 1 [place presentation subject title text here] Date: Authors:
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Doc.: IEEE /1147r1 Submission November 2009 David Halasz, AclaraSlide 1 Path Protection Date: Authors:
Submission doc.: IEEE /313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date:
WPA Cracking with Rainbow Tables For Educational Purposes Only Kurt Wondra November 18 th, 2010  1) Scanning for Vulnerable Networks  2) Capturing Usable.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.
Re-evaluating the WPA2 Security Protocol
Enhanced Security Date: Authors: May 2009 May 2009
Secure PSK Authentication
Authentication and Upper-Layer Messaging
Enhanced Security Features for
Securing A Wireless Network
Enhanced Security Features for
Outline Desirable characteristics of ciphers Uses of cryptography
Secure PSK Authentication
Opportunistic Wireless Encryption
Password Authenticated Key Exchange
Security Properties Straw Polls
Password Authenticated Key Exchange
Changes to SAE State Machine
11i PSK use in 11s: Consider Dangerous
Security Issues with Wireless Protocols
Password Authenticated Key Exchange
11i PSK use in 11s: Consider Dangerous
Presentation transcript:

doc.: IEEE /0899r2 Submission July2010 Dan Harkins, Aruba NetworksSlide 1 Secure PSK Authentication Date: Authors:

doc.: IEEE /0899r2 Submission July 2010 Dan Harkins, Aruba NetworksSlide 2 Abstract This presentation presents the problems with D0.1’s use of PSKs and a solution to them.

doc.: IEEE /0899r2 Submission July 2010 Dan Harkins, Aruba NetworksSlide 3 What’s the Problem? PSKs are being used for authentication in a PBSS It is difficult to provision a “strong” PSK. –Strength is a function of entropy in the PSK. –For a character-based PSK there is approximately 1.5 bits of entropy per character. –Generating a key suitable for use with GCM implies a character string of around 100 characters. –Humans have a hard time entering a string of 20 characters repeatedly with a low probability of error. Weak PSKs will be used because doing otherwise is prohibitive and problematic for operators and users. –Need a robust protocol to use PSKs properly, can’t just mandate all PSKs are uniformly random binary strings of sufficient length.

doc.: IEEE /0899r2 Submission Okay, So What’s the Problem? The PSK is leaked when used in Draft 0.1 –Using the PSK directly in the 4-Way Handshake has known and well- published problems. Cracking tools available on the Internet. –A PSKID, based on a hash of the PSK, is included in beacons. Protocols using the PSK are susceptible to an off-line dictionary attack –An attacker has all information needed to run through a dictionary of potential passwords until the correct one is found. –This attack is not detectable by legitimate members of the PBSS. Learning the PSK allows an attacker to recover all past and future traffic. The strength of the PSK determines the strength of the GCM key and that’s not strong enough (see previous slide). July 2010 Dan Harkins, Aruba NetworksSlide 4

doc.: IEEE /0899r2 Submission What’s the Solution? A protocol that uses a PSK that is resistant to attack –Each active attack leaks a single bit of information– whether the singular guess was correct or not. Passive attack is not possible. –Probability of guessing the PSK is 1/(S-x) after x guesses of the PSK from a pool of possible PSKs of size S. –Perfect Forward Secrecy is achieved. A protocol which can produce a cryptographically strong key suitable for use with GCM –An entropy amplifier! –The strength of the PSK does not determine the strength of the GCM key. A robust, misuse-resistant protocol A protocol called SAE from the 11s draft July 2010 Dan Harkins, Aruba NetworksSlide 5

doc.: IEEE /0899r2 Submission SAE Based upon the Dragonfly key exchange. –Secure against active, passive and dictionary attack Uses public key cryptography to produce a strong GCM key that is authenticated with a (potentially weak) PSK. An RSNA authentication protocol for Uses authentication frames (not data frames). Free, open source (BSD licensed) reference implementation available: July 2010 Dan Harkins, Aruba NetworksSlide 6

doc.: IEEE /0899r2 Submission July 2010 Dan Harkins, Aruba NetworksSlide 7 References ad-secure-psk-authentication.doc

doc.: IEEE /0899r2 Submission Backup Is PSK insecurity really a big deal? In a word: yes. –The Church of WiFi has released DVDs containing all permutations of the 1,000 most popular SSIDs and the 1,000,000 most popular passwords. –There are off-the-shelf tools to crack PSKs aircrack-ng – available for Windows and Linux coWPAtty – available for Windows and Linux –Don’t have the wherewithal to run off-the-shelf tools with easily obtained DVDs? Don’t worry! WPA Cracker offers a cloud cracking service: August 2010 Dan Harkins, Aruba NetworksSlide 8

doc.: IEEE /0899r2 Submission Backup WPA Cracker –Available with both English and German dictionaries! –The “standard” English dictionary has 136 million PSKs in it. The “extended” English dictionary has an addition 284 million PSKs. The “numbers” dictionary has an additional 100 million PSKs. Combine them all for an aggregate dictionary of 520 million PSKs! –It takes an average of 20 minutes and costs only $17 “Simply upload your network capture, start your job, and WPA Cracker will you the results within minutes!” –With 11ad all an attacker needs is a beacon to give to WPA Cracker! August 2010 Dan Harkins, Aruba NetworksSlide 9

doc.: IEEE /0899r2 Submission Backup PSK problems have generated considerable bad press and problems for IEEE Std –"Weakness in Passphrase Choice in WPA Interface". 04 Nov Bob Moskowitz –“Hacking WEP and WPA-PSK”, 20 Mar –The Chinese government has proposed a replacement for at ISO (JTC1/SC6) and the security issues with PSK are the justification they’re using– “ is insecure, WAPI fixes it” Do you really want to see the following headlines? –“New wireless gigabit standard broken already” –“A red carpet to hackers, the latest offering from ” August 2010 Dan Harkins, Aruba NetworksSlide 10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.