Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Slides:



Advertisements
Similar presentations
“Advanced Encryption Standard” & “Modes of Operation”
Advertisements

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
Advanced Encryption Standard
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
The Dangers of Mitigating Security Design Flaws: A Wireless Case Study Nick Petroni Jr., William Arbaugh University of Maryland Presented by: Abe Murray.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Encryption Schemes Second Pass Brice Toth 21 November 2001.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat.
Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.
Cryptography and Network Security
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
WEP Protocol Weaknesses and Vulnerabilities
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 3 Read sections first (skipping 3.2.2)
AES Advanced Encryption Standard. Requirements for AES AES had to be a private key algorithm. It had to use a shared secret key. It had to support the.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.
Advanced Encryption Standard. Origins NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be.
Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.
A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.
WEP – Wireless Encryption Protocol A. Gabriel W. Daleson CS 610 – Advanced Security Portland State University.
Encryption Protocols used in Wireless Networks Derrick Grooms.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
 Houses  In businesses  Local institutions  WEP – Wired Equivalent Privacy -Use of Initialization Vectors (IVs) -RC4 Traffic Key (creates keystreams)
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
WLAN Security1 Security of WLAN Máté Szalay
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.
Authentication and handoff protocols for wireless mesh networks
Wireless Protocols WEP, WPA & WPA2.
Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser
Triple DES.
New Cache Designs for Thwarting Cache-based Side Channel Attacks
Wireless Security Ian Bodley.
ATTACKS ON WINZIP ENCRYPTION
IEEE i Dohwan Kim.
Dynamic High-Performance Multi-Mode Architectures for AES Encryption
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
Counter With Cipher Block Chaining-MAC
Counter Mode, Output Feedback Mode
Secret-Key Encryption
By: Anthony Gervasi & Adam Dickinson
Presentation transcript:

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction suman Our Approach Future Directions References IEEE security is a major concern. Wired Equivalent Privacy (WEP) had several major vulnerabilities. new wireless security standard i with Robust Security Network Association (RSNA) i recommends use of Counter Mode with Cipher Block Chaining Message Authentication Code (CCMP). CCMP features - Advanced Encryption Standard (AES) as its underlying encryption algorithm. AES attacks - No successful publicly known algebraic cryptanalytic attack till now. Known Side Channel attacks. Side channel attack exploits extra information (i.e., timing information, power consumption etc.) leaked by the system to guess keys. Timing based side channel attack uses encryption timing information to guess keys. Implement our attack against real-world AP and evaluate the effect of wireless delays. In case of Pre Shared Key (PSK) mode of CCMP, investigating if dictionary based password guessing attacks can be used to help our attack guess the keys faster. Making our attack work with less number of time samples by modifying it to exploit the structured nature of counter value as used in CCMP. D. Bernstein. Cache-timing Attacks on AES, April J. Bonneau and I. Mironov. Cache-Collision Timing Attacks Against AES. In CHES, pages 201–215, 2006 Counter mode using AES AES-128 used by i CCMP One AES Round Performance-sensitive software implementations of AES - Pre-compute output of SUBBYTE, SHIFTROWS MIXCOLUMN and put these values in large lookup tables each mapping one byte of input to four bytes of output. Variable time lookup in these tables caused by cache collisions is the source of timing attacks against AES. Possible Solution Modify AES implementations to keep multiple copies of each lookup table in memory and randomly choose one of the copies of the appropriate lookup table to retrieve the value. This will increase the space overhead of AES implementations and may yield lower performance as well because of the probable loss of spatial and temporal locality. Need to investigate the exact nature of performance degradation and how does it vary with the number of copies maintained for each table. Potential Issues ‏ [1] noted that the input bytes to the first round of AES encryption are plaintext bytes XOR-ed with key material bytes. These bytes are used to index the lookup tables. This causes the entire encryption time to be affected by each of the byte values of XOR-ed output of key and plaintext. Bonneau [2] presents another cache access pattern based timing attack on AES which works by gathering timing information on AES final round and uses it to launch an attack to recover full AES key. We adapt the attack presented in [1] to work against i CCMP. The counter value for each new packet is initialized using packet number, source MAC address of the packet, flag and priority fields. All these are sent in cleartext so the attacker can calculate the value of the counter. So in our scheme an attacker will- Collect timing data for each possible values XOR-ed key material and plaintext input of on reference AP which is similar to the target AP. Correlate collected data with the data collected from the target AP to guess the value of XOR-ed key material and plaintext input. Derive the key by XOR-ing known plaintext (i.e., counter value) with the guessed value to get the key. [2] notes constant process load => Higher probability of success. Access Point process load remains constant. Our attack is based on the time taken to encrypt a plaintext. In CCMP an attacker can only measure the time taken to encrypt a particular plaintext (i.e., counter value) directly by measuring encryption time of packets which are less than AES block size (128 bits). Encryption time of packets bigger than that will be equal to the total time of encrypting all the counter values used for different blocks of that packet. Needs to take care of the possibility of wireless delays outweighing the effects of cached lookups. Effect of delay can be minimized by only considering packets with delays exceeding the minimum delay by less than a certain threshold value. A typical wireless network

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.