Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id: 1014052061 1.

Published byAvice Daniels Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id: 1014052061 1."— Presentation transcript:

1 Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id: 1014052061 1

2 Introduction  Wireless networking is becoming popular among internet users  Large number of wireless protocols are available for home and business use  By using mobile computers, users can have the access to the resources no matter of their location within the wireless network.  The IEEE802.11 defines some level of protection for wireless users which introduces WEP Protocol 2

3 WEP Protocol  Wired Equivalent Protocol - it tries to make the level of protection of wireless local networks similar to the protection level of wired local networks  As wireless networks began to grow in popularity, many researchers discovered flaws in the original WEP design  But “something is better than nothing”, even with it's known weaknesses The intention for WEP design was to make it hard to break-in as opposed to impossible to break-in. 3

4 WEP- Authentication  Open System Authentication  Enables mobile stations to access the access point without confirmation of the station’s identity.  One way handshake  Easy to attack and allows unauthorized attacks 4

5 WEP- Authentication  Shared Key Authentication 5 Wireless Device Wireless Access Point Auth Req Auth Challenge Auth Response Auth Success  In WEP, no secret key is exchanged after authentication  Sometimes, The same secret key or shared key is used for both authentication and encryption.  So there is no way to tell whether the subsequent messages come from the trusted device or from an impostor.

6 WEP- Encryption  Message: What you’re encrypting  CRC: To verify the integrity of the message  Plaintext: The message + CRC  Initialization vector (IV): A 24-bit number which plays two roles  Key: A 40 or 104-bit number which is used to build the keystream  Keystream: What is used to encrypt the plaintext  Ciphertext: What we end up post-encryption MessageCRC IVKey Keystream Ciphertext 6

7 7 WEP encryption step-by-step Step 1: Compute CRC for the message  CRC-32 polynomial is used Message CRC

8 8 KeyIV WEP encryption step-by-step Step 2: Compute the keystream  IV is concatenated with the key  RC4 encryption algorithm is used on the 64 or 128 bit concatenation Keystream

9 9 WEP encryption step-by-step Step 3: Encrypt the plaintext  The plaintext is XORed with the keystream to form the ciphertext  The IV is prepended to the ciphertext MessageCRC Keystream Ciphertext IV

10 10 WEP decryption step-by-step Step 1: Build the keystream  Extract the IV from the incoming frame  Prepend the IV to the key  Use RC4 to build the keystream Keystream Ciphertext IV Key

11 11 WEP decryption step-by-step Step 2: Decrypt the plaintext and verify  XOR the keystream with the ciphertext  Verify the extracted message with the CRC Keystream Ciphertext MessageCRC

12 WEP Protocol Execution  Message CRC Generator CRC + MessageCRC Key IV Generator IV + KeyIV RC4  Keystream 12 XOR IVCypherText

13 What are the main weaknesses of WEP? INITIALIZATION VECTOR:  IEEE does not specify how to generate IV  It’s carried in plaintext in the “encrypted” message!  It’s only 24 bits!  There are no restrictions on IV reuse!  The IV forms a significant portion of the “seed” for the RC4 algorithm! 13

14 What are the main weaknesses of WEP? KNOWN PLAINTEXT ATTACK:  PlainTexts P1, P2, Keystreams K1, K2 and Resulting cyphertexts C1, C2 respectively  If attacker picks two packets derived from the same IV and s/he knows one plain text other can be obtained easily As C1 XOR C2= P1 XOR P2 14

15 What are the main weaknesses of WEP?  Once a key stream is known, a new ciphertext can be constructed by XOR-ing the new plain text and the known keystream to create a new, fraud cipher text.  The same IV can be used with every packet. 15

16 The Next Solution  In order to solve this problem, Wi-Fi defines WPA (Wi-Fi Protected Access) standard to improve the protection of wireless devices.  It acts as a strong protective mechanism for wireless networks  Enables the existing Wi-Fi wireless devices to be upgraded with the new software solution  Is applicable in small, as well as in large wireless networks, and  Is applicable immediately.  WPA allows a more complex data encryption on the TKIP protocol (Temporal Key Integrity Protocol) and assisted by MIC (Message Integrity Check) 16

17 WPA Authentication  Personal WPA or WPA-PSK (Key Pre-Shared):  Used for small office and home for domestic use  Does not use an authentication server  Both the client and the AP already possess this key  WPA provides mutual authentication, and the key is never transmitted over the air. 17

18 WPA Authentication  Enterprise WPA :  This WPA uses 802.1X+EAP for authentication  No pre-shared key is used here  A RADIUS server is needed 18

19 Extensible Authentication Protocol 19 EAP Methods EAP Supplicants EAP Methods EAP Radius Server EAP Authenticator EAP Peer Authentication Server EAP Messages PPP Radius

20 WPA Encryption WPA allows a more complex data encryption on the TKIP protocol (Temporal Key Integrity Protocol) and assisted by MIC (Message Integrity Check) 20

21 TKIP- Temporal Key Integrity Protocol  It is a set of algorithms that wrap WEP to give the best possible solution  Components of TKIP:  A cryptographic message integrity code, or MIC, called Michael: to defeat forgeries;  A new IV sequencing discipline: to remove replay attacks from the attacker’s arsenal;  A per-packet key mixing function: to de-correlate the public IVs from weak keys  A re-keying mechanism: to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse 21

22 TKIP- MIC (Message Integrity Check)  64-bit Michael key is represented as two 32-bit words (K0,K1).  The tagging function first pads a message with the hex value 0x5a and enough zero pad to bring the total message length to a multiple of 32- bits, then partitions the result into a sequence of 32-bit words M1 M2 … Mn.  Then computes the tag from the key (L,R) ← (K0,K1) do i from 1 to n L ← L ^ Mi (L,R) ← b (L,R) return (L,R) as the tag Where b is a function built up from rotates, little-Endean additions, and bit swaps. 22

23 TKIP- MIC (Message Integrity Check)  MIC strength is in the number of tag bits (n).  This means that if the attacker wants to send a false message, 2 n messages have to be sent  Strict IV Messages:  False messages appear when the attacker meets the message and sends it as his own.  Links IV counter with the MIC key.  Transmitter and receiver set IV to zero each time TKIP key is changed and Sender increments IV sequence for each packet that is sent.  If the IV sequence is out of order then it is a forgery message 23

24 TKIP- Key Generation 24 Phase 1:  Combine MAC Address and Temporal Key  This phase is calculated only if temporal key of the session is changed MAC Address Temporal Key Intermediate Key High 32 bit IV

25 TKIP- Key Generation 25 Phase 2: Produce Intermediate Key  Hash function is calculated using phase 1 output and low 16 bits of IV  The purpose of phase 2 is to make it difficult for the attacker to find correlation between IV and a key for each of the packets Intermediate Key Low 16 bit IV Final 128 bit per packet key

26 TKIP- Key Integration 26 13 byte Final 128 bit per packet key 3 byte

27 TKIP- Refresh Key Mechanism  TKIP uses three distinct keys 1. Temporal keys 2. Key encryption keys 3. Master keys 27

28 Temporal Keys  Two Temporal Key types:  128-bit encryption key  64-bit Michael key  Used by stations and APs for normal TKIP communication 28

29 Key Encryption Keys  As the name suggests, a temporal key is “ temporal ” and needs to be updated frequently  Key Encryption Keys encrypt the information regarding the key distribution. They protect the Temporal Keys. 29

30 Master Key  Used to secure the distribution of the key encryption keys  A station gets a master key after it is “authenticated” 30

31 ReKey Summary Master KeyKey Encryption Keys Master Key encrypts Key Encryption Keys Key Encryption KeysTemporal Keys Key Encryption Keys encrypt Temporal Keys Temporal KeysUser Data Temporal Keys encrypt User Data Master Key Authentication Server generates a Master Key Station is Authenticated 31

32 WPA- At a Glance 32 MAC Address Temporal Key Hash Phase 1 IV High Hash Phase 2 IV Low Michael Key Data Michael Tag Data + Tag CRC Data + Tag + CRC RC4 XOR IV Encrypted Data

33 WPA Weaknesses  Keys generated from short passwords are subject to dictionary attack  Key that is less than 20 characters is easy to attack. 33

34 Next 802.11i Equivalent- WPA2  The 802.11i standard is virtually identical to WPA2  Terms are often used interchangeably 802.11i and WPA2  They are the future of wireless access  WPA was provided as an intermediate solution and WPA2 was designed as a future-proof solution 34

35 WPA2- Authentication  WPA2, like WPA, supports two modes of security, sometimes referred to as “home user” and “corporate”  In “home user” mode a pre-shared secret is used  The “corporate” security is based on the EAP authentication framework ( including RADIUS) 35

36 WPA2- Encryption AES-CCMP is a combination of two AES counter mode encryption and CBC-MAC (Cipher Block Chaining –Message Authentication Code protocol) techniques used for WPA2 Encryption. 36

37 WPA2- Key Management  WPA2 uses AES-CCMP Protocol for Key Management  The process of management and creation of the key is the same for the TKIP and AES-CCMP  Both TKIP and AES-CCMP are defined by 802.11i standard, but there is a difference in the number of keys  AES-CCMP uses the same number of keys for message encryption and data integrity while TKIP uses two keys  TKIP is based on RC4 encryption technique while AES-CCMP uses advanced encryption standard  AES-CCMP is mandatory in 802.11i standard while TKIP is supported by 802.11i standard. 37

38 AES Mode With Counter 38 Counter Value Key Result 1 Step 1:  The technique adds counter and AES temporal key using AES encryption algorithm

39 AES Mode With Counter 39 Result 1 First Message Block First Encrypted Block Step 2:  The Result is then encrypted by XOR-ing with the first block message

40 CBC-MAC Calculation 40 Starting block AES Result1  Result 1 Next 128-bits AES  Result 2  XResult 1  Result 2 Next 128-bits AES  Result 3  XResult 2 XOR The procedure is repeated until all the 128-bit blocks have been encrypted.

41 Benefits of WPA2  AES has no known attacks and the current analysis indicates that it takes 2 120 operations to break an AES key  In addition to the encryption benefits, WPA2 also adds two enhancements to support fast roaming of wireless clients moving between wireless AP’s.  PMK caching support – allows for reconnections to AP’s that the client has recently been connected without the need to re-authenticate.  Pre-authentication support – allows a client to pre-authenticate with an AP towards which it is moving while still maintaining a connection to the AP it’s moving away from.  PMK caching support and Pre-authentication support enable WPA2 to reduce the roaming time 41

42 Vulnerabilities of WPA2  DoS (Denial of Service) attacks like RF jamming, data flooding  None of the Wi-Fi security standards can prevent attacks on the physical layer simply because they operate on Layer 2 and above. 42

43 SUMMARY 43 AuthenticationEncryptionIntegrity WEPWeakRC4CRC WPA802.1x-EAPTKIP+RC4MIC WPA2802.1x-EAPAESCBC-MAC

44 THANK YOU 44

Download ppt "Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id: 1014052061 1."

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Temporal Key Integrity Protocol (TKIP) Presented By: Laxmi Nissanka Rao Kim Sang Soo.

Temporal Key Integrity Protocol (TKIP) Presented By: Laxmi Nissanka Rao Kim Sang Soo.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Review of Wireless LAN Security Chapter-9

Review of Wireless LAN Security Chapter-9

Similar presentations

Ads by Google