無線網路安全 WEP

Requirements of Network Security Information Security Confidentiality Integrity Availability Non-repudiation Attack defense Passive Attack Active Attack

Passive Attack Release of message contents, Traffic analysis

Active Attack(1/4) Masquerade

Active Attack(2/4) Replay

Active Attack(3/4) Modification of Messages

Active Attack(4/4) Denial of Service

The Defense Cryptography system Symmetry key (shared key) Asymmetric key (public key) Issue: Key distribution Plain text Encryption Algorithm Encryption Algorithm Ciphertext Decryption Algorithm Decryption Algorithm Plain text (original) Encryption key Decryption key (open) (secret)

Symmetric-Key Systems DES (Data Encryption Standard) A block cipher with a 56-bit key. Has been one of the most widely used encryption algorithms Too weak today because of the computing power of current CPU. Triple-DES (or 3DES)A enhanced version of DES with increased key length. IDEA(International Data Encryption Algorithm) Encrypting data faster and more secure than DES. (128-bit) Blowfish A compact and simple block cipher with a variable-length key of up to 448 bits. RC2 (Rivest cipher no. 2) A block cipher with a variable-length key of up to 2048 bits. The details of the algorithm used have not been officially published. RC4 (Rivest cipher no. 4)A stream cipher with a variable-length key of up to 2048 bits. AES (Advanced Encryption Standard) One of the most popular algorithms used in symmetric-key system

Asymmetric-Key Systems RSA (named after its creators–Rivest, Shamir and Adleman) Based on the problem of factoring large integers Advances in the mathematical methods will affect the algorithm's vulnerability. DSS (Digital Signature Standard) Developed by the US National Security Agency (NSA). Can be used only for digital signatures and not for encryption or key distribution.

The Attack - Cryptanalysis Ciphertext only Brute-force Known plaintext has a sample of plaintext and a corresponding sample of ciphertext deduce the encryption key for decrypt other portion of ciphertext Chosen text select particular blocks of plaintext to yield more information about the key

The Defense - Integrity Modification attack may occur in a series of related cipher blocks  Data integrity is broken Message Digest Fixed-length hash value dependent on original data Requirement: difficulty to deduce the original data (one-way hash) MD5 Takes any arbitrary length input string and produces a fixed 128-bit value. SHA (secure hash algorithm) Similar to MD5 but produces a 160-bit hash value so is more resistant to brute force attacks 1.

The Defense - Freshness For replay attack Timestamp the message and the time stamp need to be bound together in some way Sequence number Useless in connectionless packet-switched network Nonce an unpredictable value in a challenge–response sequence

The Defense - Freshness

The Defense - Authentication To provide some assurance about the source of a message Challenge–Response protocol using public key on message digest  Digital Signature To assure that the public key is really belong to its owner  Digital Certificate Third-party certification authority is required

Attacks on Wireless Networks Eavesdropping Communication Jamming Denial of Service, DoS Man-In-The-Middle attack

Attacks on Wireless Networks

Eavesdropping In wireless network, attacker can easily capture packet from air- interface. For packets with no encryption or weak encryption, attacker can analyze and crack them.

Attacks on Wireless Networks Communication Jamming In wireless network, the signal could be interfered by others. Use high power signal generator can interrupt the communication between MNs and AP

Attacks on Wireless Networks Denial of service (DoS) Attacker use lots of packets to paralyze AP or server Methods include: ARP packet SYN flooding attack ICMP/UDP flooding attack Smurf ….

Attacks on Wireless Networks SYN flooding attack ICMP flooding attack UDP flooding attack

Attacks on Wireless Networks Smurf flood attack

Attacks on Wireless Networks Man In The Middle attack In network, Man-in-the-Middle attack could be the forgery AP. The AP attempts lead user to give him private information.

Wire Equivalent Privacy

Properties WEP Wired Equivalent Privacy Data encryption using shared WEP keys Original goal – Providing privacy similar to a wired network Using RC4 cipher (stream cipher) Shared Key Authentication Single key is shared by all users and access points Challenge-response Manual key distribution

RC4 Cipher

WEP Data Processing

40-bit WEP key must be manually prepared Setup manually in the configuration of the AP and the stations Totally, 4 keys can be setup but only one of them can be selected for encryption Key is shared among all members 24-bit Initial Vector (IV) is randomly generated Transmitted in plaintext 32-bit ICV = 32-bit CRC of the frame body

RC4 Algorithm stream cipher symmetric key Use two array, state and key byte state table. State[256]=[ ] 2. It has the capability of using keys between 1 and 2048 bits. Key[ ] = [ ……. ] Hint. WEP use 40 bits

RC4 Algorithm * Two phases  Key Setup 1. f = ( f + S i + K g ) mod Swapping S i with S f  Ciphering ( XOR) 1. i = ( i + 1 ) mod 4, and f = ( f + S i ) mod Swaping S i with S f 3. t = ( S i + S f ) mod 256 Random byte S t

Key Setup Example Iteration 1: i=0, f=0, g=0 S[ ]=[ S 0, S 1, S 2, S 3 ] = [ 0, 1, 2, 3 ] K[ ]=[ K 0, K 1 ] = [ 2, 5 ] Because f=(f + S 0 + K 0 )mod 4=2, then swap S 0 with S 2 New array S[ ]=[ S 0, S 1, S 2, S 3 ] = [ 2, 1, 0, 3 ] i= i +1 = 1 g =(g+1)mod 2 = 1

Key Setup Example Iteration 2: i=1, f=2, g=1 S[ ]=[ S 0, S 1, S 2, S 3 ] = [ 2, 1, 0, 3 ] K[ ]=[ K 0, K 1 ] = [ 2, 5 ] Because f=(f + S 1 + K 1 )mod 4=0, then swap S 1 with S 0 New array S[ ]=[ S 0, S 1, S 2, S 3 ] = [ 1, 2, 0, 3 ] i = i +1 = 2 g =(g+1)mod 2 = 0

Key Setup Example Iteration 3: i=2, f=0, g=0 S[ ]=[ S 0, S 1, S 2, S 3 ] = [ 1, 2, 0, 3 ] K[ ]=[ K 0, K 1 ] = [ 2, 5 ] Because f=(f + S 2 + K 0 )mod 4=2, then swap S 2 with S 2 New array S[ ]=[ S 0, S 1, S 2, S 3 ] = [ 1, 2, 0, 3 ] i= i +1 = 3 g =(g+1)mod 2 = 1

Key Setup Example Iteration 4: i=3, f=2, g=1 S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 0, 3 ] K[ ]=[ K0, K1 ] = [ 2, 5 ] Because f=(f + S3 + K1)mod 4=2, then swap S3 with S2 New array S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 3, 0 ]

Ciphering Example “H” : i=0, f=0 S[ ]=[ S 0, S 1, S 2, S 3 ] = [ 1, 2, 3, 0 ] Because i = ( i + 1 )mod 4 = 1 f =( f + S 1 )mod 4 = 2, then swap S 1 with S 2 New array S[ ]=[ S 0, S 1, S 2, S 3 ] = [ 1, 3, 2, 0 ] t = ( S 1 + S 2 )mod 4 = 1 S 1 = 3 ( ) H XOR

Ciphering Example “I” : i=1, f=2 S[ ]=[ S0, S1, S2, S3 ] = [ 1, 3, 2, 0 ] Because i = ( i + 1 )mod 4 = 2 f =( f + S2)mod 4 = 0, then swap S 2 with S 0 New array S[ ]=[ S 0, S 1, S 2, S 3 ] = [ 2, 3, 1, 0 ] t = ( S2 + S0 )mod 4 = 3 S3 = 0 ( ) I XOR

Ciphering Example  Result Plaintext : Cipher :

Weakness Key Management WEP uses static (keys are not changed dynamically)master keys  easy to crack. Since all users use same WEP key, difficult to change the key. The IV value is too short. IV+WEP key  Weak key attacks (FMS attack). Reconstruct the key from a number of collected encrypted messages Weak keys in RC4 algorithm No effective detection of message integrity  Modifying the contents of a frame without changing the ICV no protection against message replay.