Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 8: IEEE Security - 1 Dr. Kemal Akkaya
Kemal AkkayaWireless & Network Security 2 Management Messages in IEEE Authentication frame: authentication is a process whereby the access point either accepts or rejects the identity of a radio NIC. Deauthentication frame: A station sends a deauthentication frame to another station if it wishes to terminate secure communications. Association request frame: association enables the AP to allocate resources for and synchronize with a radio NIC. Association response frame: An AP sends an association response frame containing an acceptance or rejection notice to the radio NIC requesting association. Reassociation request frame: If a radio NIC roams away from the currently associated access point and finds another AP having a stronger beacon signal, the radio NIC will send a reassociation frame to the new AP. Reassociation response frame: An AP sends a reassociation response frame containing an acceptance or rejection notice to the radio NIC requesting reassociation. Disassociation frame: A station sends a disassociation frame to another station if it wishes to terminate the association. Beacon frame: The AP periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the AP to radio NICs that are within range. Probe request frame: A station sends a probe request frame when it needs to obtain information from another station. Probe response frame: A station will respond with a probe response frame, containing capability information, supported data rates, etc., when after it receives a probe request frame.
Kemal AkkayaWireless & Network Security 3 IEEE Security Probe: Look for a (better) AP Authentication: Getting permission to access the AP Association: Register with the AP Data Flow: Encrypted messages Encrypted data messages
Kemal AkkayaWireless & Network Security 4 Wired Equivalent Privacy (WEP) Primary built security for protocol Intended to make wireless as secure as a wired network Uses RC4 Algorithm Provides Confidentiality: Encrypts data Through symmetric encryption using RC4 with a shared key Integrity: Data received are the data sent Through message check sum using encrypted cyclic redundancy check (CRC) Authentication: AP only allows authorized stations to associate Through challenge/response
Kemal AkkayaWireless & Network Security 5 RC4 Sender calculates Integrity Check Value (ICV) over data four-byte hash/CRC for data integrity Each side has 104-bit shared key Sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key Sender also appends keyID (in 8-bit field) 128-bit key inputted into pseudo random number generator to get keystream Data in frame + ICV is encrypted with RC4: Bytes of keystream are XORed with bytes of data & ICV IV & keyID are appended to encrypted data to create payload Payload inserted into frame encrypted dataICVIV MAC payload Key ID
Kemal AkkayaWireless & Network Security 6 RC4 Encryption Process
Kemal AkkayaWireless & Network Security 7 Authentication with the Access Point AP has two ways of initiating communication with a client Shared Key Open Key Open key allows anyone to start a conversation with AP No authentication Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates Shared Key Authentication Client begins by sending an association request to the AP AP responds with a challenge text (unencrypted) Client, using the proper key, encrypts text and sends it back to the AP If properly encrypted, AP allows communication with the client Not secure!: Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text
Kemal AkkayaWireless & Network Security 8 Pros & Cons Pros Easy computation Fast – 10 times faster than DES Can use large bit blocks and keys Stream based encryption Key can be made to change at regular intervals using fancy programming Implementation in Popular languages (C, perl) well documented. Cons Vulnerable to brute force attacks Require a large data structure Proven Breakable by researchers at ATT and Rice Univ. (August, 2001) “One hour of brute force computation to break standard WEP” Once Key is broken all messages are easily readable.
Kemal AkkayaWireless & Network Security 9 Problems with WEP 1 static key No encryption is strong if one key is used forever Key length is short Brute forcing is possible Using CRC32 in ICV Bit flipping attack: CRC(msg XOR delta) = CRC(M) XOR CRC(delta) Bits cannot set or cleared, but could be flipped No specification on key distribution Lacks scalability No protection against replay attack Improper RC4 implementation Protocol doesn’t actually specify IV’s use 2 existing attacks Numerical limitation FMS attack
Kemal AkkayaWireless & Network Security 10 Attacks Numerical Limitation Attack IV’s are only 24bit, and thus there are only 16,777,216 possible IV’s A busy network will repeat IV’s often By listening to the encrypted traffic and picking out the duplicate IV’s, it is possible to obtain the clear text FMS Attack -- weak IV attack -- Some IV’s do not work well with RC4 Using a formula, one can take these weak IV and infer parts of the WEP key 5 % chance of guessing correctly Once again, passively monitoring the network for a few hours can be enough time to gather enough weak IV’s to figure out the WEP key 4M ~ 6M packets to decrypt 40bit WEP key The time needed to deploy the attack is linearly proportional to the key length 104bit key is just as useless as 40bits key A lot of other attacks…
Kemal AkkayaWireless & Network Security 11 Conclusion: WEP Confidentiality FMS attack Integrity Bit-flipping attack Authentication Non existent WEP is flawed by a technology weakness, and there is no simple solution to fix it Attacks against WEP are passive and extremely difficult to detect NO MORE WEP