Security Technologies built into std. Presented by T.R.Santhosh
4/14/ Outline Introduction to Standard. Security Technologies embedded into ; –Wired Equivalent Privacy (WEP) How it works Drawbacks –Wi-Fi Protected Access (WPA) WPA2
4/14/ Introduction to is IEEE standard for Wireless LAN. Specifically, the standard addresses: –Functions required for an compliant device to operate either in a peer-to-peer fashion or integrated with an existing wired LAN –Operation of the device within possibly overlapping wireless LANs and the mobility of this device between multiple wireless LANs –MAC level access control and data delivery services to allow upper layers of the network –Several physical layer signaling techniques and interfaces –Privacy and security of user data being transferred over the wireless media
4/14/ Wired Equivalent Privacy (WEP) WEP was included as the privacy of the original IEEE standard ratified in September 1999.IEEE WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity.stream cipherRC4 confidentialityCRC-32integrity Two methods of authentication can be used with WEP: –Open System authentication –Shared Key authentication.
4/14/ How WEP works WEP uses the RC4 algorithm to encrypt the packets of information as they are sent out from the access point or wireless network card. As soon as the access point receives the packets sent by the user’s network card it decrypts them. The actual encryption logic in RC4 is very simple. The plain text is XOR-ed with a keystream. The security of RC4 comes from the secrecy of the packet key that’s derived from the keystream.
4/14/ How WEP works Contd., So what’s a packet key? –The packet key is formed by combining a pre-shared password, a state array and an initialization vector (IV). Pre-shared Password: –The same pre-shared password is used by all users for each packet that is transmitted. State Array: –It’s a series of numbers which are scrambled and then used by RC4 to construct the key stream. Initialization Vector (IV): –The IV is a 3-byte random number generated by the computer. It’s either prepended or appended to the cipher text and sent to the receiver who strips the IV off before decrypting the cipher text.
4/14/ RC4 Algorithm The RC4 algorithm consists of 2 main parts: –The Key Scheduling Algorithm: The KSA process involves creating a scrambled state array. This state array will now be used as input in the second phase, called the PRGA phase. –The Pseudo Random Generation Algorithm: The state array from the KSA process is used here to generate a final key stream. Each byte of the key stream generated is then Xor’ed with the corresponding plain text byte to produce the desired cipher text.
4/14/ RC4 Algorithm Contd., Key Scheduling Algorithm –State array is the array of values equal to the index you want to use in the algorithm. The Index for WEP by default is 256. The components required for the KSA are the values of the variables i and j, the index value, the pre-shared password and its length. –The algorithm which uses these values to generate a final keystream is outlined below. for i from 0 to 255 S[i] := I endfor j := 0 for i from 0 to 255 j := (j + S[i] + key[i mod keylength]) mod 256mod swap(S[i],S[j]) endfor
4/14/ RC4 Algorithm Contd., Pseudo Random Generation Algorithm (PRGA) –A pseudorandom number generator (PRNG) is an algorithm that generates a random sequence of numbers. The PRGA is responsible for creating the streaming values used to encrypt the plaintext, which is based on the state array, the output of the KSA. –The methodology that the PRGA follows is outlined below. i := 0 j := 0 while GeneratingOutput: i := (i + 1) mod 256 j := (j + S[i]) mod 256 swap(S[i],S[j]) output S[(S[i] + S[j]) mod 256] endwhile
4/14/ How RC4 Works - Example Let’s illustrate the above concepts in the form of an example. –The plain text that is to be encrypted is TEST. –The password which will be used here is – The initial values of our variable are as follows: i=0 j=0 password=6258 pass length=4 index=4 Following the algorithm we get: –Step-1 State array: State[0]=0 State[1]=1 State[2]=2 State[3]=3 Password: K[0]=6 K[1]=2 K[2]=5 K[3]=8 j = [0 + S[0] + K[0]] mod 4 = 6 mod 4 = 2 Swap(State[0], State[2]) = Swap(0,2) State[0]=2 State[1]=1 State[2]=0 State[3]=3 Step-2 If the loop continues after the fourth iteration we will get, Final State Array: State[0]=1 State[1]=0 State[2]=3 State[3]=2
4/14/ How RC4 Works Contd., Once the KSA state array is ready, the PRGA procedure is initialized. The procedure is as follows: Initially i=0 j=0 K[0]=6 K[1]=2 K[2]=5 K[3]=8 First Loop: State[0]=1 State[1]=0 State[2]=3 State[3]=2 i=1; j=0+State[1]=0+0=0 Swap(State[1], State[0]) = Swap(0,1) State[0]=0 State[1]=1 State[2]=3 State[3]=2 z = State[State[1] + State[0] mod 4] = State[1] = 1 z1 = Once all the iterations are over, we will get the key and the encrypted text will be T xor z1 = xor = = U E xor z2 = xor = = D S xor z3 = xor = = R T xor z4 = xor = = U
4/14/ How to crack WEP Each client Wi-Fi network card and access point in a WEP-protected network shares the same WEP key.Wi-Fi network cardaccess point Encryption uses the RC4 algorithm, a stream cipher. It is essential that the same key never be used twice with a stream cipher. To prevent this from happening, WEP includes a 24-bit initialization vector (IV) in each message packet.RC4stream cipherinitialization vector The RC4 key for that packet is the IV concatenated with the WEP key. The simplest to understand uses the fact that the 24-bit IV only allows a little under 17 million possibilities. Because of the birthday paradox, it is likely that for every 4096 packets, two will share the same IV and hence the same RC4 key, allowing the packets to be attacked.birthday paradox In probability theory, the birthday problem, or birthday paradox, pertains to the probability that in a set of randomly chosen people some pair of them will have the same birthday. In a group of 23 (or more) randomly chosen people, there is more than 50% probability that some pair of them will have the same birthday. For 57 or more people, the probability is more than 99%, tending toward 100% as the pool of people grows.probability theoryparadoxprobabilityrandomlybirthday
4/14/ How to crack WEP Contd., If adversary catches 10,000 packets then they can get many packets with same IV. Lets assume they are sending a test packet to the network and capture the encrypted packet. Now they have the pieces of information: –Plain text 1 using IV. –Cipher text 1 generated with IV. With this they can find the keystream with the following equation Key stream = Cipher text 1 XOR Plaintext 1 Once they find the keystream then they can decrypt all the messages, with some simple mathematical calculations. Now with high end machines and tools, this cracking can be done within minutes.
4/14/ Wi-Fi Protected Access WPA WPA was created by the Wi-Fi Alliance, an industry trade group, which owns the trademark to the Wi-Fi name and certifies devices that carry that name.Wi-Fi AllianceWi-Fi WPA was designed to enhance the security of wireless networks. There are two flavors of WPA: enterprise and personal. –Enterprise is meant for use with an IEEE 802.1X authentication server, which distributes different keys to each user.IEEE 802.1X –Personal WPA utilizes less scalable "pre-shared key" (PSK) mode, where every allowed computer is given the same passphrase. In PSK mode, security depends on the strength and secrecy of the passphrase.pre-shared key Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger initialization vector, this provides greatly improved protection against, and effectively defeats, the well-known key recovery attacks on WEP.RC4stream cipherinitialization vectorTemporal Key Integrity Protocol (TKIP) key recovery attacks
4/14/ Temporal Key Integrity Protocol Temporal Key Integrity Protocol or TKIP is a security protocol used in the IEEE wireless networks. security protocolIEEE TKIP is a "wrapper" that goes around the existing WEP encryption. TKIP comprises the same encryption engine and RC4 algorithm defined for WEP. However, the key used for encryption in TKIP is 128 bits long. This solves the first problem of WEP: a too-short key length. An important part of TKIP is that it changes the key used for each packet. The key is created by mixing together a combination of things, including a base key, the MAC address of the transmitting station, and the serial number for the packet.
4/14/ Temporal Key Integrity Protocol Each packet transmitted using TKIP has a unique 48-bit serial number that is incremented every time a new packet is transmitted and used both as the Initialization Vector and part of the key. Putting a sequence number into the key ensures that the key is different for every packet. This solves another problem of WEP, called "collision attacks," which can occur when the same key is used for two different packets. With different keys, there are no collisions. Having the serial number of the packet also be the initialization vector helps to reduce yet another WEP problem, called "replay attacks." Because a 48- bit sequence number will take thousands of years to repeat itself, no one can replay old packets from a wireless connection---they will be detected as out of order because the sequence numbers won't be right. Example for Replay Attack: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob must accept.Alicehash function
4/14/ WPA Cont., In addition to authentication and encryption, WPA also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key.cyclic redundancy check A more secure message authentication code is used in WPA, using an algorithm named "Michael".message authentication code
4/14/ Message authentication code A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. A MAC algorithm accepts as input a secret key and an arbitrary- length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's integrity to detect any changes to the message content.cryptographicauthenticatealgorithmsecret keyintegrity
4/14/ Message authentication code
4/14/ WPA Contd., Changes in WPA over WEP –The size of the keys and IV is increased. –Reduced the number of packets sent with related keys. –Added a secure message verification system. With all the above features WPA makes breaking into a wireless LAN far more difficult.
4/14/ WPA2 WPA2 implements the mandatory elements of i. In particular, it introduces a new AES-based algorithm, CCMP, that is considered fully secure.AESCCMP From March 13, 2006, WPA2 certification is mandatory for all new devices wishing to be Wi-Fi certified.March
4/14/ References les/80211_article.html les/80211_article.html 6Dec/wep-encryption/ 6Dec/wep-encryption/ 7Feb/cracking-wep/ 7Feb/cracking-wep/ Fi_Protected_Access Fi_Protected_Access
4/14/ References Contd., al_Key_Integrity_Protocol al_Key_Integrity_Protocol e_integrity_code e_integrity_code attack attack _paradox _paradox
4/14/ Questions