The Dangers of Mitigating Security Design Flaws: A Wireless Case Study Nick Petroni Jr., William Arbaugh University of Maryland Presented by: Abe Murray.

Slides:



Advertisements
Similar presentations
Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
Advertisements

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
How To Not Make a Secure Protocol WEP Dan Petro.
Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.
Foundations of Network and Computer Security J J ohn Black Lecture #34 Dec 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
IEEE Wireless Local Area Networks (WLAN’s).
Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
The Final Nail in WEP’s Coffin Andrea Bittau, Mark Handley – University College London Joshua Lackey - Microsoft CPS372 Gordon College.
15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan.
802.11b Vulnerabilities, Ad-Hoc Mode, RF Jamming and Receiver Design Ritesh H Shukla Graduate Student ECE Dept Under the Guidance of Prof. William R Michalson.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Computer Security CS 426 Lecture 3
WLAN What is WLAN? Physical vs. Wireless LAN
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
CSC-682 Advanced Computer Security
CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.
A History of WEP The Ups and Downs of Wireless Security.
Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.
Wireless Security Presented by: Amit Kumar Singh Instructor : Dr. T. Andrew Yang.
NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
WEP Protocol Weaknesses and Vulnerabilities
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.
Wired Equivalent Privacy (WEP): The first ‘confidentiality’ algorithm for the wireless IEEE standard. PRESENTED BY: Samuel Grush and Barry Preston.
Intercepting Mobiles Communications: The Insecurity of ► Paper by Borisov, Goldberg, Wagner – Berkley – MobiCom 2001 ► Lecture by Danny Bickson.
WEP – Wireless Encryption Protocol A. Gabriel W. Daleson CS 610 – Advanced Security Portland State University.
Encryption Protocols used in Wireless Networks Derrick Grooms.
1 Wireless Threats 1 – Cracking WEP Cracking WEP in Chapter 5 of Wireless Maximum Security by Peikari, C. and Fogie, S.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Your Wireless Network has No Clothes* William A. Arbaugh, Narendar Shankar Y.C. Justin Wan University of Maryland Presentation by Eddy Purnomo,
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
Giuseppe Bianchi Warm-up example WEP. Giuseppe Bianchi WEP lessons  Good cipher is far from being enough  You must make good USAGE of cipher.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
Doc.: IEEE /230 Submission May 2001 William Arbaugh, University of MarylandSlide 1 An Inductive Chosen Plaintext Attack against WEP/WEP2 William.
WLAN Security1 Security of WLAN Máté Szalay
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless LAN Security Daniel Reichle Seminar Security Protocols and Applications SS2003.
หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.
Module 48 (Wireless Hacking)
Wireless Security Ian Bodley.
ANALYSIS OF WIRED EQUIVALENT PRIVACY
CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)
An Inductive Chosen Plaintext Attack against WEP/WEP2
RC4 RC
Security Issues with Wireless Protocols
The RC4 Algorithm Network Security.
Presentation transcript:

The Dangers of Mitigating Security Design Flaws: A Wireless Case Study Nick Petroni Jr., William Arbaugh University of Maryland Presented by: Abe Murray CS577: Advanced Computer Networks

Outline Abstract / Intro WEP Overview Attacks –Dictionary –Inductive –Authors’ Implementation Implementation Results “Mitigation” Angle Closing CS577: Advanced Computer Networks

Abstract Mitigating system flaws is hard to do right –But vendors do this all the time… Design flaws are hard to patch –Often best approach is to re-architect system… WLAN Security (WEP) –Shows the FUNDAMENTAL PREMISE that adding security after the fact is near impossible… CS577: Advanced Computer Networks

Introduction The authors present a case study showing: –Mitigating one flaw worsens another flaw –Overall security remains the same The authors develop an “inductive” attack against WEP: –1 st synchronous attack against WEP –Example of mitigation problem –Does not rely on knowledge of target network CS577: Advanced Computer Networks

Introduction The authors present a case study showing: –Mitigating one flaw worsens another flaw –Overall security remains the same The authors develop an “inductive” attack against WEP: –1 st synchronous attack against WEP –Example of mitigation problem –Does not rely on knowledge of target network CS577: Advanced Computer Networks

Outline Abstract / Intro WEP Overview Attacks –Dictionary –Inductive –Authors’ Implementation Implementation Results “Mitigation” Angle Closing CS577: Advanced Computer Networks

WEP Overview IEEE specification calls for “reasonably strong” protection –WEP - “Wired Equivalent Privacy” - fails to deliver –Protects at the Data Link Layer –Symmetric Stream RC4 cipher Shared secret “k” Secret used to generate stream of pseudorandom bytes equal in length to target plaintext –Encryption: –Decryption: CS577: Advanced Computer Networks

WEP Overview CS577: Advanced Computer Networks Graphic by Petroni and Arbaugh

Outline Abstract / Intro WEP Overview Attacks –Dictionary –Inductive –Authors’ Implementation Implementation Results “Mitigation” Angle Closing CS577: Advanced Computer Networks

Dictionary Attacks Definition: Any brute-force attack in which a large table is used or generated Relevance: RC4 – each key has unique associated pseudorandom stream used for encryption & decryption Build dictionary of all streams (1 per IV) Don’t need key to participate in network! IV size → 2 24 possible key streams, WLAN MTU 2312 Bytes → ~40 GB Dictionary! CS577: Advanced Computer Networks

Inductive Attacks Approach: Obtain full network access without knowing the key with minimal knowledge of target HOW? Use known network protocols (redundantly encrypted data) to intelligently guess an initial number of encrypted bytes CS577: Advanced Computer Networks

Step 1: Guess the first byte(s): CS577: Advanced Computer Networks Table by Petroni and Arbaugh Graphic by Petroni and Arbaugh

Step 2: Guess the next byte: CS577: Advanced Computer Networks Graphic by Petroni and Arbaugh

The Author’s Attack CS577: Advanced Computer Networks Attack System: –WLAN card operating in promiscuous mode (Intersil Prism 2 chipset) –Ability to directly manipulate transmitted bytes (OpenBSD 3.1 with modified drivers) Attack Approach: –Choice between ICMP and SNAP/ARP –Choose ARP so at Layer 2, though both work

Outline Abstract / Intro WEP Overview Attacks –Dictionary –Inductive –Authors’ Implementation Implementation Results “Mitigation” Angle Closing CS577: Advanced Computer Networks

Implementation Results CS577: Advanced Computer Networks Table by Petroni and Arbaugh

Outline Abstract / Intro WEP Overview Attacks –Dictionary –Inductive –Authors’ Implementation Implementation Results “Mitigation” Angle Closing CS577: Advanced Computer Networks

“Mitigation” Angle CS577: Advanced Computer Networks Table by Petroni and Arbaugh

Outline Abstract / Intro WEP Overview Attacks –Dictionary –Inductive –Authors’ Implementation Implementation Results “Mitigation” Angle Closing CS577: Advanced Computer Networks

Closing Remarks Authors showed how to mitigate their attack –Stop forwarding packets with bad data –Detect attack activity –Packet Filtering (though effectively cripples network) –Dynamic Rekeying Neat attack all by itself Interesting example of how patching bad security rarely works Questions? CS577: Advanced Computer Networks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.