COEN 350 Mobile Security
Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal computer crime statute, Title 18 U.S.C. 1030, Crime to knowingly access a computer used in interstate or foreign communication "without authorization" and obtain any information from the computer. Crime to access a computer without authorization with "intent to defraud" to obtain "anything of value." But not if "the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $ 5,000 in any 1-year period."
Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. Mobile computing needs to preserve battery power. Calculations cost more on a mobile platform.
Wireless Security Knowing the Threat Targets of opportunity Goal is Internet access. Easy pickings. Targeted attacks Needs an asset valuable enough. Internal attackers Can open an unintentional security hole
IEEE Wired Equivalent Privacy (WEP) Protocol Based on a shared secret k. Distributed out of band. Uses CRC for internal integrity protection. Uses RC4 to encrypt network traffic.
WEP Protocol
RC4 RC4 uses the key and the IV to produce a stream of pseudo-random bytes. Calculates ciphertext from plaintext by XORing the pseudo-random stream with the plain-text.
RC4
Attacks on RC4 Dictionary Attack Build database: 2 24 different IVs Build a database of 2 24 streams of MTU bytes (2,312 B) for each different IV. Takes < 40 GB storage. XOR two entries with the same IV. Result are the two plaintexts XORed. Natural language text has enough redundancy to decrypt the XOR of two text streams.
Attacks on RC4 Dictionary Attack Many packages can be completely or partially guessed. XORing guessed plaintext and captured cipher gives pseudo-random byte stream for a given IV. Some implementations reset IVs poorly. Dictionary attack is simpler.
Attacks on RC4 Injection Attack Attacker creates packets on the wireless connection. Attacker XORs plaintext and cipher. Builds Pseudo-Random Stream database indexed by IV.
RC4 Fluhrer, Mantin, Shamir Attack Key Scheduling Algorithm Sets up RC4 state array S S is a permutation of 0, 1, … 255 Output generator uses S to create a pseudo-random sequence. First byte of output is given by S[S[1]+S[S[1]]]. First byte depends on {S[1], S[S[1], S[S[1]+S[S[1]]}
RC4 Fluhrer, Mantin, Shamir Attack Key Scheduling Algorithm First byte of plain text package is part of the SNAP header 0xAA for IP and ARP packages 0xFF or 0xE0 for IPX Some IVs are vulnerable: “resolved” (KeyByte+3, 0xFF, *) Plus some more Easy to test whether an IV is vulnerable. Search for vulnerable IVs. They leak key bytes probabilistically. Large number of packets does it.
RC4 Fluhrer, Mantin, Shamir Attack Optimization needs about 5,000,000 to 1,000,000 packages. Counter-measures: Change key frequently. Change IV counters to avoid bad IVs.
WEP Message Modification WEP uses CRC code to ascertain integrity of messages. CRC code is linear: CRC(x y) = CRC(x) CRC(y). Attacker knows plaintext M and desired modification for target plaintext M’ = M . Attacker want to substitute X = P (M,CRC(M)) for P (M’,CRC(M’)). Attacker sends X ( ,CRC( )) = P (M,CRC(M)) ( ,CRC( )) = P (M’,CRC(M’))
Wireless Security Casual user, low yield traffic WEP is good enough. Enterprise, Commercial Combine WEP with higher order security SSH VPN IPSec
Protocol Layers WEP Privacy only. Very elementary security. WPA Temporal Key Exchange Protocol Fixes WEP that scrambles keys between packages and adds a secure message check. AES: Advanced Encryption Standard i Military grade encryption, replaces DES 802.1X General purpose and extensible framework for authentication users and generating / distributing keys. Simple Secure Network (SSN) Recipe for authentication based on 802.1X