Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Slides:



Advertisements
Similar presentations
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Advertisements

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol WEP Dan Petro.
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
IEEE Wireless Local Area Networks (WLAN’s).
15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
AJ Mancini IV Paul Schiffgens Jack O’Hara. WIRELESS SECURITY  Brief history of Wi-Fi  Wireless encryption standards  WEP/WPA  The problem with WEP.
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
CSC-682 Advanced Computer Security
A History of WEP The Ups and Downs of Wireless Security.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Wireless Insecurity By: No’eau Kamakani Robert Whitmire.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
WEP Protocol Weaknesses and Vulnerabilities
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Security in Wireless Networks IEEE i Presented by Sean Goggin March 1, 2005.
WEP, WPA, and EAP Drew Kalina. Overview  Wired Equivalent Privacy (WEP)  Wi-Fi Protected Access (WPA)  Extensible Authentication Protocol (EAP)
Wireless Networking & Security Greg Stabler Spencer Smith.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 3 Read sections first (skipping 3.2.2)
WEP Case Study Information Assurance Fall or Wi-Fi IEEE standard for wireless communication –Operates at the physical/data link layer –Operates.
Intercepting Mobiles Communications: The Insecurity of ► Paper by Borisov, Goldberg, Wagner – Berkley – MobiCom 2001 ► Lecture by Danny Bickson.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
1 Wireless Threats 1 – Cracking WEP Cracking WEP in Chapter 5 of Wireless Maximum Security by Peikari, C. and Fogie, S.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
 Houses  In businesses  Local institutions  WEP – Wired Equivalent Privacy -Use of Initialization Vectors (IVs) -RC4 Traffic Key (creates keystreams)
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.
Wireless security Wi–Fi (802.11) Security
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
Giuseppe Bianchi Warm-up example WEP. Giuseppe Bianchi WEP lessons  Good cipher is far from being enough  You must make good USAGE of cipher.
IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
WLAN Security1 Security of WLAN Máté Szalay
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id:
Module 48 (Wireless Hacking)
Re-evaluating the WPA2 Security Protocol
Wireless Protocols WEP, WPA & WPA2.
We will talking about : What is WAP ? What is WAP2 ? Is there secure ?
WEP & WPA Mandy Kershishnik.
Wireless Security Ian Bodley.
IEEE i Dohwan Kim.
Wireless Network Security
CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)
Symmetric-Key Encryption
Presentation transcript:

Wireless Security Ryan Hayles Jonathan Hawes

Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption  WPA2 –Overview –Encryption/Decryption  Dictionary Attack

WEP Protocol Basics  Based mostly on the RC4 Stream Cipher  Single symmetric key  CRC checksum to protect integrity

WEP Vulnerability  Problem: Keystream Reuse  WEP’s Solution: Per Packet IVs

WEP Vulnerability Cont.  WEP and standards recommends (not requires) the IV be changed after every packet.  No standard to generate IVs  IV field is 24 bits, forcing a busy connection to exhaust all IVs in less than a half a day  Random 24 bit IV will be expected to have a collision after transmitting 5000 packets (Birthday Problem)

WEP Vulnerability Cont. Consequences: –Keystream for corresponding IV is obtained –1500 bytes for each of the 2 24 possible IVs –24GB to construct a full table, which would enable the attacker to immediately decrypt each subsequent ciphertext

WEP Attacks  The FMS Attack (2001) –First key recovery attack –Base on predictable headers Attack can compromise the first few bytes of the keystream Leads to correlations in other bytes –4-6 million packets needed to succeed with probability greater or equal to 50%

WEP Attacks Cont.  The Korek Attack (2004) –Based on the FMS Attack, but extended with 16 more correlations between the first few bytes of an RC4 key, keystream, and the next key byte. –Reduced the number of packets needed to 700,00 to succeed with probability greater or equal to 50%

WEP Attacks Cont.  The PTW Attack (2007) –Extends both FMS and KoreK –Process every packet and cast votes for likelihood of key –The key is generally close to having the most votes Test each key for correctness –Reduced the number of packets needed to 35,000-40,000 to succeed with probability greater or equal to 50%

WEP Attacks Cont.  The Chopchop Attack –Allows an attacker to decrypt the last m bytes by sending m * 128 packets to the network. –Does not reveal the root key

WPA Overview  Wi-Fi Protected Access (WPA) –Security standard developed after WEP’s vulnerabilities had been exposed and successfully attacked –Development was a collaborative effort between the Wi-Fi Alliance and the Institute of Electrical and Electronics Engineers (IEEE) –Purpose was to be an immediate solution while the long-term solution (802.11i/WPA2) was being finished

WPA Overview Cont.  WPA strengthened WEP by: –Including authentication using 802.1X framework (commercial systems) or a passphrase (home systems) –Creating a key hierarchy out of the master key –Doubling the size of the initialization vector (IV) used during encryption –Including a more robust data integrity algorithm (Michael)

WPA Overview Cont.  A session consists of: –Authentication of the client to the access point (802.1X/passphrase) –4-way handshake to exchange key values and generate the key hierarchy –Data session to send encrypted information using the Temporal Key Integrity Protocol (TKIP) RC4 for encryption Michael for integrity checking

WPA Key Hierarchy  Key Hierarchy consists of a master key and session keys –Master key, called the Pair-wise Master Key, is derived from either an 802.1X key or from the passphrase –Session keys, collectively called the Pair-wise Transient Key, are derived from the master key

WPA Key Hierarchy Cont.  Pair-wise Transient Key is segmented into: –Key Confirmation Key and Key Encryption Key used during the 4-way handshake –Temporal Keys (2) used during the data session

WPA Encryption

WPA Decryption

WPA2 Overview  Wi-Fi Protected Access 2 –Security standard developed by the Wi-Fi Alliance and is an implementation of IEEE’s i –Uses the same authentication process, 4-way handshake, and key hierarchy as WPA –Replaces TKIP with the Advance Encryption Standard (AES) CCMP protocol AES in Counter-Mode for encryption AES in Cipher Block Chaining-Message Authentication Code (CBC-MAC) for integrity checking

WPA2 Encryption

WPA2 Decryption

WPA/WPA2 Attack  Offline Dictionary Attack Overview: –Master key is generated using: Passphrase and SSID –Session keys are generated using: Master key, MAC address of client, MAC address of access point, nonce from client, and nonce from access point –Attacker’s goal is to reproduce the key hierarchy to access the network –Attacker needs to capture SSID, MAC addresses, and nonces and perform a dictionary attack to find the passphrase

WPA/WPA2 Attack Cont.  Offline Dictionary Attack Capture: –Listen for access point broadcasts Recovers SSID –Passively sniff the network for the 4-way handshake Recovers MAC address of client, MAC address of access point, nonce from client, nonce from access point, and a MIC (derived from session key (KCK) and handshake messages) –Attacker has captured all necessary values and is ready to perform dictionary attack offline

WPA/WPA2 Attack Cont.  Offline Dictionary Attack Method: –Perform dictionary attack on passphrase to generate master key using: Dictionary file (passphrase) and captured SSID –Generate session keys using: Master key, captured MAC addresses, and captured nonces –Generate MIC using: Session key (KCK) and captured handshake messages –Verify MIC against captured MIC Recovers passphrase and key hierarchy –Attacker can access the network

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.