Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Similar presentations


Presentation on theme: "Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption."— Presentation transcript:

1 Wireless Security Ryan Hayles Jonathan Hawes

2 Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption  WPA2 –Overview –Encryption/Decryption  Dictionary Attack

3 WEP Protocol Basics  Based mostly on the RC4 Stream Cipher  Single symmetric key  CRC checksum to protect integrity

4 WEP Vulnerability  Problem: Keystream Reuse  WEP’s Solution: Per Packet IVs

5 WEP Vulnerability Cont.  WEP and 802.11 standards recommends (not requires) the IV be changed after every packet.  No standard to generate IVs  IV field is 24 bits, forcing a busy connection to exhaust all IVs in less than a half a day  Random 24 bit IV will be expected to have a collision after transmitting 5000 packets (Birthday Problem)

6 WEP Vulnerability Cont. Consequences: –Keystream for corresponding IV is obtained –1500 bytes for each of the 2 24 possible IVs –24GB to construct a full table, which would enable the attacker to immediately decrypt each subsequent ciphertext

7 WEP Attacks  The FMS Attack (2001) –First key recovery attack –Base on predictable headers Attack can compromise the first few bytes of the keystream Leads to correlations in other bytes –4-6 million packets needed to succeed with probability greater or equal to 50%

8 WEP Attacks Cont.  The Korek Attack (2004) –Based on the FMS Attack, but extended with 16 more correlations between the first few bytes of an RC4 key, keystream, and the next key byte. –Reduced the number of packets needed to 700,00 to succeed with probability greater or equal to 50%

9 WEP Attacks Cont.  The PTW Attack (2007) –Extends both FMS and KoreK –Process every packet and cast votes for likelihood of key –The key is generally close to having the most votes Test each key for correctness –Reduced the number of packets needed to 35,000-40,000 to succeed with probability greater or equal to 50%

10 WEP Attacks Cont.  The Chopchop Attack –Allows an attacker to decrypt the last m bytes by sending m * 128 packets to the network. –Does not reveal the root key

11 WPA Overview  Wi-Fi Protected Access (WPA) –Security standard developed after WEP’s vulnerabilities had been exposed and successfully attacked –Development was a collaborative effort between the Wi-Fi Alliance and the Institute of Electrical and Electronics Engineers (IEEE) –Purpose was to be an immediate solution while the long-term solution (802.11i/WPA2) was being finished

12 WPA Overview Cont.  WPA strengthened WEP by: –Including authentication using 802.1X framework (commercial systems) or a passphrase (home systems) –Creating a key hierarchy out of the master key –Doubling the size of the initialization vector (IV) used during encryption –Including a more robust data integrity algorithm (Michael)

13 WPA Overview Cont.  A session consists of: –Authentication of the client to the access point (802.1X/passphrase) –4-way handshake to exchange key values and generate the key hierarchy –Data session to send encrypted information using the Temporal Key Integrity Protocol (TKIP) RC4 for encryption Michael for integrity checking

14 WPA Key Hierarchy  Key Hierarchy consists of a master key and session keys –Master key, called the Pair-wise Master Key, is derived from either an 802.1X key or from the passphrase –Session keys, collectively called the Pair-wise Transient Key, are derived from the master key

15 WPA Key Hierarchy Cont.  Pair-wise Transient Key is segmented into: –Key Confirmation Key and Key Encryption Key used during the 4-way handshake –Temporal Keys (2) used during the data session

16 WPA Encryption

17 WPA Decryption

18 WPA2 Overview  Wi-Fi Protected Access 2 –Security standard developed by the Wi-Fi Alliance and is an implementation of IEEE’s 802.11i –Uses the same authentication process, 4-way handshake, and key hierarchy as WPA –Replaces TKIP with the Advance Encryption Standard (AES) CCMP protocol AES in Counter-Mode for encryption AES in Cipher Block Chaining-Message Authentication Code (CBC-MAC) for integrity checking

19 WPA2 Encryption

20 WPA2 Decryption

21 WPA/WPA2 Attack  Offline Dictionary Attack Overview: –Master key is generated using: Passphrase and SSID –Session keys are generated using: Master key, MAC address of client, MAC address of access point, nonce from client, and nonce from access point –Attacker’s goal is to reproduce the key hierarchy to access the network –Attacker needs to capture SSID, MAC addresses, and nonces and perform a dictionary attack to find the passphrase

22 WPA/WPA2 Attack Cont.  Offline Dictionary Attack Capture: –Listen for access point broadcasts Recovers SSID –Passively sniff the network for the 4-way handshake Recovers MAC address of client, MAC address of access point, nonce from client, nonce from access point, and a MIC (derived from session key (KCK) and handshake messages) –Attacker has captured all necessary values and is ready to perform dictionary attack offline

23 WPA/WPA2 Attack Cont.  Offline Dictionary Attack Method: –Perform dictionary attack on passphrase to generate master key using: Dictionary file (passphrase) and captured SSID –Generate session keys using: Master key, captured MAC addresses, and captured nonces –Generate MIC using: Session key (KCK) and captured handshake messages –Verify MIC against captured MIC Recovers passphrase and key hierarchy –Attacker can access the network


Download ppt "Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption."

Similar presentations


Ads by Google