Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT4833/6833 WiFi Security Building Blocks (I).

Published byKellie Hancock Modified over 5 years ago

Similar presentations

Presentation on theme: "IT4833/6833 WiFi Security Building Blocks (I)."— Presentation transcript:

1 IT4833/6833 WiFi Security Building Blocks (I)

2 Data-oriented Wireless NWs & Security
Objectives To understand data-oriented wireless and mobile networks and security systems: Data-oriented wireless networks Wireless LAN (WLAN, ) World Interoperability for Microwave Access (WiMAX, ) Bluetooth (IEEE ) Security in WLAN Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA, WPA 2 – IEEE i) Summary Data-oriented Wireless NWs & Security

3 Data-oriented Wireless NWs & Security
Key Establishment in Rely on “pre-shared” keys between the mobile node or station (STA) and the Access Points (APs.) So, there is NO key establishment protocol being used. Problems Manual configuration of keys -> So, open to manual error. -> Can not be expected to choose a “strong” key. allows each STA (and AP) in a Basic Service Set (BSS) to be configured with 4 different keys. -> 4 user groups  finer control over reliable STA recognition In practice, use the same key across BSSs over the whole Extended Service Set (ESS.) -> Makes roaming easier and faster. More susceptible to compromise. Data-oriented Wireless NWs & Security

4 Data-oriented Wireless NWs & Security
Anonymity in – “IP”-based networks For a given IP address, it is very difficult to determine the identity of the subscriber, since IP addresses are dynamically assigned using protocols such as DHCP (Dynamic Host Configuration Protocol) NAT (Network Address Translation) creates two types of IP addresses (i.e., private IP address and global IP address) Private IP address  NAT  Globally valid IP address NOTE: In TWNs, the routing of a call is done using IMSI/TMSI (directly associated with the subscriber) Data-oriented Wireless NWs & Security

5 Open System Authentication
“Default” Authentication Scheme Allows any and all station to join the network (no authentication). AP can enforce the use of “Shared Key Authentication (SKA) Data-oriented Wireless NWs & Security

6 Open System Authentication
Data-oriented Wireless NWs & Security

7 Shared Key Authentication
Based on “challenge-response” mechanism. Two groups of STAs group 1 : access allowed – shared a secret key with AP group 2 : access not allowed Data-oriented Wireless NWs & Security

8 Data-oriented Wireless NWs & Security
Pre-Shared Key Data-oriented Wireless NWs & Security

9 Problems with 802.11 Authentication
Authentication with shared key. No way for the AP to reliably determine the exact identity of STA (only checking a “group” of STAs) One-way Authentication STA can not authenticate Network Rouge APs can access virtually everything that the STA sends. Suffers all drawbacks that WEP suffers. Data-oriented Wireless NWs & Security

10 Pseudo Authentication
Allows only stations which know the network’s SSID to join the network: poses minimal challenge since the SSID of the network is often transmitted in the clear without encryption. Data-oriented Wireless NWs & Security

11 Data-oriented Wireless NWs & Security
MAC Address Filtering Allows stations with certain MAC addresses to join the network: not a very secure authentication scheme since most wireless access cards used by stations allow the user to change their MAC address via software; Data-oriented Wireless NWs & Security

12 WEP: Confidentiality in 802.11
Step 1: Calculate Integrity Check Value (ICV), 4 bytes ICV is the same as “Message Integrity Check” Step 2: Select a “master key” From one of the “four pre-shared secret keys” Step 3: Obtain a “key seed” - How? Select an IV, Concatenate it with the “master key” Step 4: Generate cipher-text Key seed is fed to an RC4 key generator The resulting key stream is XORed with MPDU + ICV (step 1) Step 5: A 4-byte header is appended to the encrypted packet 3-byte IV value 1-byte key-id (specifying one of four pre-shared secret keys being used as the “master key” WEP Packet MPDU: MAC Protocol Data Unit Data-oriented Wireless NWs & Security

13 Data-oriented Wireless NWs & Security
Data Integrity in To detect data modification How? Calculating ICV (Integrity Check Value) over the received data Comparing it with the ICV attached in the message ICV : CRC-32 (Cyclic Redundancy Check 32 bits) Not cryptographically computed -> Weak. Data-oriented Wireless NWs & Security

14 Data-oriented Wireless NWs & Security
Problems in WEP Using a “stream cipher in synchronous mode” (RC4) for encrypting data packets Requires that “key generators” at the two communicating nodes MUST BE kept “synchronized” (Why? The loss of a single bit of a data stream causes the loss of ALL data following the lost bit!) In wireless environment, data loss is widespread. WEP’s approach: Apply encryption/decryption per packet basis. [Changing the problem: from the “session” level to the “packet” level] Require to use unique key for every packet. WEP key = {IV||master key}, 64 bits Per-packet key : simple concatenation of IV (24 bits) and master key (40 bits) Master Key: fixed (no change), every packet contains it! IV: to be sent in clear text Data-oriented Wireless NWs & Security

15 Data-oriented Wireless NWs & Security
Loopholes in Security Does not provide any key establishment mechanism WEP use synchronous stream cipher– difficult to perform synchronization during the entire session. Use per-packet key. (IC || preshared key)=weak key Limited key space. Changing the IV with each packet is optional, making key reuse highly probable. No support for STA to authenticate the network. Data-oriented Wireless NWs & Security

16 WEP Confidentiality Issues
First, the IV size at 24 bits was too short – key space is only 16,777,216; Second, WEP did not specify how to select an IV for each packet; Third, WEP did not even make it mandatory to vary the IV on a per-packet basis — this means WEP explicitly allowed reuse of per-packet keys. Fourth, there was no mechanism to ensure that the IV was unique on a per station basis -- thus making a collision even more likely. Finally, simply concatenating the IV with the pre-shared key to obtain a per-packet key is cryptographically unsecure, making WEP vulnerable to attacks. Data-oriented Wireless NWs & Security

17 Data-oriented Wireless NWs & Security
Problems in WEP (2/2) IV reuse -> chance of duplicate IV Data-oriented Wireless NWs & Security

18 Data-oriented Wireless NWs & Security
WPA Data-oriented Wireless NWs & Security

19 Data-oriented Wireless NWs & Security
WPA IEEE Task group : i security standard Use AES as default mode WPA2 Not backward compatible Wi-Fi Alliance (major vendors) Aim to ensure product interoperability To improve the security of network without requiring a hardware upgrade. Temporal key Integrity Protocol (TKIP) – known as WAP Include the key management and the authentication architecture(802.1X) specified in i. WPA: TKIP (confidentiality), MICHAEL (integrity) WPA2: AES (confidentiality, integrity) Data-oriented Wireless NWs & Security

20 Temporal Key Integrity Protocol
TKIP was designed to provide backward compatibility with WEP; Has to operate with WEP hardware, which is dedicated to WEP implementation since software implementations of WEP are too slow. To be precise, the WEP encryption process is implemented in hardware. One of the most severe constraints for TKIP designers was that the hardware engine cannot be changed. Data-oriented Wireless NWs & Security

21 Data-oriented Wireless NWs & Security
Key Hierarchy in WEP: 2-tier Key Hierarchy WPA: 3-tier Key Hierarchy PMK (Pair-wise Master Key): Two ways (1) using 802.1X – usually for “enterprise” (2) without using 802.1X (via manual administration) – usually for “home” PTK (Pair-wise Transient Keys): a set of “session keys” (4 of them) At the beginning of new session (STA <-> AP) Edward Jung Data-oriented Wireless NWs & Security

22 Data-oriented Wireless NWs & Security
PMK  PTK Data-oriented Wireless NWs & Security

23 Data-oriented Wireless NWs & Security
PTK  Per-Packet Key Goal: To obtain the per-packet key Key Idea: Key Mixing in 2 separate phases Phase 1: the session data encryption key is “combined” with the high order of 32 bit of the IV and the MAC address Phase 2: output of phase 1 is “combined” with the lower order 16 bits of the IV and fed to phase 2 (to generate the 104-bit per packet key). Note: (1) The key-mixing function makes it very hard for an eavesdropper to correlate the IV and the per-packet key used to encrypt the packet. Data-oriented Wireless NWs & Security

24 Data-oriented Wireless NWs & Security
PTK  Per-Packet Key Data-oriented Wireless NWs & Security

25 WPA Confidentiality Improvements
TKIP doubles the IV size from 24 bits to 48 bits – increasing the time to key collision from a few hours to a few hundred years; Using the per-packet key mixing function (much more complicated) instead of simply concatenating the IV to the master key to generate the per-packet key increases the effective IV size (and hence improves on WEP security) while still being compatible with existing WEP hardware. Data-oriented Wireless NWs & Security

26 Why should the same key not be used?
When used with frequency analysis technique, it is often enough to get enough information about the two plaintext. If P1 (one of plaintext) is known, P2 can be calculated easily. WAP Key Space: 64bit key 40bit is fixed, 24bit IV  224 key space. Mbps : {(1500*8) * 224 } / 11*106 = 5.08 hr Edward Jung Data-oriented Wireless NWs & Security

27 Data-oriented Wireless NWs & Security
WPA Integrity Using MICHAEL protocol -- not computation intensive so that it can be used on existing WEP hardware which has very little computation power. However, it is not cryptographically secure; If a TKIP implementation detects two failed forgeries in one second, the STA assumes that it is under attack and as a countermeasure deletes its keys, disassociates, waits for a minute and then re-associates. IV can also be used as a TKIP Sequence Counter (TSC) – avoid replay attack to which WEP was susceptible. Data-oriented Wireless NWs & Security

28 Data-oriented Wireless NWs & Security
TKIP Overall Picture Data-oriented Wireless NWs & Security

29 Data-oriented Wireless NWs & Security
WAP vs. WEP Data-oriented Wireless NWs & Security

30 Data-oriented Wireless NWs & Security
WAP vs. WEP Data-oriented Wireless NWs & Security

31 Data-oriented Wireless NWs & Security
WPA2 (IEEE i) Edward Jung Data-oriented Wireless NWs & Security

32 Key Establishment & Authentication
Key-establishment and the key hierarchy architecture WPA and WPA2 are almost identical WPA2 use the same key for encryption and integrity protection. Authentication Identical with WPA. Pre-shared or X. Edward Jung Data-oriented Wireless NWs & Security

33 Data-oriented Wireless NWs & Security
AES Edward Jung Data-oriented Wireless NWs & Security

34 Data-oriented Wireless NWs & Security
Confidentiality AES counter mode Ci = Mi XOR EK( i ) Security lies on the counter. Counter value should not be repeated with same key, the system is secure. - fresh key for every session. Edward Jung Data-oriented Wireless NWs & Security

35 Data-oriented Wireless NWs & Security
Integrity AES CBC-MAC protocol. AES-CCMP(counter-mode CBMC-MAC) Edward Jung Data-oriented Wireless NWs & Security

36 Confidentiality + Integrity
Edward Jung Data-oriented Wireless NWs & Security

37 Data-oriented Wireless NWs & Security
WPA2 Overall Picture Data-oriented Wireless NWs & Security

38 Data-oriented Wireless NWs & Security
WEP vs WAP vs WPA2 Data-oriented Wireless NWs & Security

39 Data-oriented Wireless NWs & Security
WEP vs WAP vs WPA2 Data-oriented Wireless NWs & Security

Download ppt "IT4833/6833 WiFi Security Building Blocks (I)."

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Temporal Key Integrity Protocol (TKIP) Presented By: Laxmi Nissanka Rao Kim Sang Soo.

Temporal Key Integrity Protocol (TKIP) Presented By: Laxmi Nissanka Rao Kim Sang Soo.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.

IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Similar presentations

Ads by Google