Presentation is loading. Please wait.

Presentation is loading. Please wait.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part II.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part II."— Presentation transcript:

1 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part II

2 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Outline 6.1 Wireless Communications and 802.11 WLAN Standards 6.2 WEP: Wired Equivalent Privacy 6.3 WPA: Wi-Fi Protected Access 6.4 IEEE 802.11i/WPA2 6.5 Bluetooth Security 6.6 Wireless Mesh Network Security

3 J. Wang. Computer Network Security Theory and Practice. Springer 2008 WPA:  A rush solution to the security problems of WEP WPA2:  Based on 802.11i (official version) Encrypt and authenticate MSDUs: counter mode-CBC MAC protocol with AES-128 Authenticate STAs: 802.1X  Initialization vectors transmitted in plaintext are no longer needed to generate per-frame keys  But most of the existing Wi-Fi WPA cards cannot be upgraded to support 802.11i WPA 2 Overview

4 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Key Generation Same key hierarchy as WPA  256-bit pairwise master key (PMK)  Four 128-bit pairwise transient keys (PTKs)  384-bit temporal key for CCMP in each session Pseudorandom number generated based on SMAC, SNonce, AMAC, Anonce Exchanged following the 4-way handshake protocol Divided into three 128-bit transient keys:  Two for connection between STA and AP  One as a session key for AES-128

5 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Encryption: Ctr = Ctr 0 C i = AES-128 K (Ctr + 1)  M i i = 1, 2, …, k Authentication and integrity check: C i = 0 128 C i = AES-128 K (C i–1  M i ) i = 1, 2, …, k CCMP Encryption and MIC

6 J. Wang. Computer Network Security Theory and Practice. Springer 2008 802.11i Security Strength and Weakness Cryptographic algorithms and security mechanism are superior to WPA and WEP However, still vulnerable to DoS attacks:  Rollback Attacks RSN devices can communicate with pre-RSN devices Attacker tricks an RSN device to roll back to WEP Let RSN APs decline WEP or WPA connections???

7 J. Wang. Computer Network Security Theory and Practice. Springer 2008 802.11i Security Weakness  RSN IE Poisoning Attacks Against 4-way handshake protocol Attacker can forge message with wrong RSN IE and disconnects STA from AP  De-Association Attacks Break an existing connection between an STA and an AP using forged MAC-layer management frames

8 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Outline 6.1 Wireless Communications and 802.11 WLAN Standards 6.2 WEP 6.3 WPA 6.4 IEEE 802.11i/WPA2 6.5 Bluetooth Security 6.6 Wireless Mesh Network Security

9 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Proposed in 1998 as an industrial standard For building ad hoc wireless personal area networks (WPANs) IEEE 802.15 standard is based on Bluetooth Wireless devices supported:  Different platforms by different vendors can communicate with each other  Low power, limited computing capabilities and power supplies Implemented on Piconets Overview

10 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Self-configured and self-organized ad-hoc wireless networks Dynamically allow new devices to join in and leave ad- hoc network  Up to 8 active devices are allowed to use the same physical channel  All devices in piconet are peers  One peer is designated as master node for synchronization  The rest are slave nodes  MAX 255 devices connected in a piconet  Node’s state: parked, active, and standby  A device an only belong to one piconet at a time Bluetooth: Piconets

11 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Scatternet schematic Scatternets: Overlapped Piconets

12 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Nodes in the same piconet share the same personal identification number (PIN) Nodes generate share secret key for authentication  Generates a 128-bit initialization key based on the PIN  Generates a 128-bit link key (combination key) to authenticate and create encryption key Uses a stream cipher E 0 to encrypt payload Uses a block cipher SAFER+ to construct three algorithms E 1, E 21, and E 22 for generating subkeys and authenticating devices Secure Pairings

13 J. Wang. Computer Network Security Theory and Practice. Springer 2008 To Authenticate Bluetooth device An enhancement of SAFER (Secure And Fast Encryption Routine) A Fiestel cipher with a 128-bit block size Two components:  Key scheduling component  Encryption component Eight identical rounds (two subkeys for each round) An output transformation (one subkey) SAFER+ Block Ciphers

14 J. Wang. Computer Network Security Theory and Practice. Springer 2008 K = k 0 k 1 …k 15, a 128-bit encryption key. k 16 = k 0  k 1  …  k 15 17 128-bit subkeys K 1, K 2, …, K 17 : SAFER+ Subkeys K 1  k 0 k 2 k 3 …k 15 for j = 0,1,…,16 do k j <- LS 3 (k j ) K 2  k 1 k 2 k 3 …k 16 xor 8 B 2 for i = 3, 4, …, 17 do for j = 0,1,…,16 do k j  LS 3 (k j ) K i  k i-1 k i k i+1 …k 16 k 0 k 1 …k i-3 xor 8 B i-3 B i : a bias vector B i [j] = (45 45 17i+j+i mode 257 ) mod 257) mod 256 j = 0,1,….,15, B i = B i [0] B i [1] … B i [15] i = 2,3,….17,

15 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Schematic of SAFER+ subkey generation

16 J. Wang. Computer Network Security Theory and Practice. Springer 2008 SAFER+ Encryption Encryption Rounds Let X = x 1 x 2 …x 2k-1 x 2k, where x i is a byte Pseudo Hadamard Transform (PHT): PHT(X) = PHT(x 1, x 2 )||…||PHT(x 2k-1, x 2k ) PHT(x,y) = (2x+y) mod 2 8 || (x+y) mod 2 8 Armenian Shuffles (ArS): ArS (X) = x 8 x 11 x 12 x 15 x 2 x 1 x 6 x 5 x 10 x 9 x 14 x 13 x 0 x 7 x 4 x 3 where X is a 16-byte string  Table look up on two S-boxes for e and l : e(x) = (45 x mod (2 8 + 1)) mod 2 8 l is e -1 : l(y) = x if e(x) = y   and  8 with two subkeys  The i -th round in SAFER+:

17 J. Wang. Computer Network Security Theory and Practice. Springer 2008  Output Transformation:  After eight rounds, the output transformation component applies K 17 and Y 9 as applying K 2i-1 to Y i without using S-box and generate ciphertext block C.

18 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Bluetooth Algorithm E 1 E 1 takes the following parameters as input:  K : 128-bit key   : 128-bit random string   : 48-bit address and outputs a 128-bit string: A r is original SAFER+ is modified SAFER+, which combines the input of round 1 to the input of round 3 to make the algorithm non- invertible is obtained from K using  and  8 (see p. 238) E(  ) =  ||  ||  [0:3]

19 J. Wang. Computer Network Security Theory and Practice. Springer 2008 E 21 takes  and  as input: E 21 (ρ, α) = A’ r (ρ’, E(α)) ρ’= ρ[0:14]|| (ρ[15]  00000110) Bluetooth Algorithm E21

20 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Bluetooth Algorithm E22

21 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Initialize Key: K init = E 22 (PIN, In_RAND A, BD_ADDR B ) D A and D B create link key: D A sends (LK_RAND A  K init ) to D B D B sends (LK_RAND B  K init ) to D A K AB = E 21 (LK_RAND A, BD_ADDR A )  E 21 (LK_RAND B, BD_ADDR B ) D A authenticates D B : D A sends AU_RAND A to D B D B sends SRES A to D A where SRES A = E ( K AB, AU_RAND A, BD_ADDR B ) [0:3] D A verifies SRES A Bluetooth Authentication

22 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Bluetooth Authentication Diagram

23 J. Wang. Computer Network Security Theory and Practice. Springer 2008 PIN Cracking Attack Malice intercepts an entire pairing and authentication session between devices D A and D B

24 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Malice cracks the PIN by brute force: Enumerate all 2 48 possible values of PIN Use IN_RAND A from Message 1 and BD_ADDR B to compute a candidate: K’ init = E 22 (PIN’, In_RAND A, BD_ADDR B ) Use K’ init to XOR Message 2 and Message 3 to obtain LK_RAND’ A and LK_RAND’ B. Then compute K’ AB = E 21 (LK_RAND’ A, BD_ADDR A )  E 21 (LK_RAND’ B, BD_ADDR B ) Use AU_RAND A from Message 4, K’ AB, and BD_ADDR B to compute SRES’ A = E 1 (AU_RAND A, K’ AB, BD_ADDR B ) [0:3] Verify if SRES’ A = SRES A using Message 5 May use Messages 6 and 7 to confirm the PIN code PIN Cracking Attack

25 J. Wang. Computer Network Security Theory and Practice. Springer 2008 A new pairing protocol to improve Bluetooth security Secure simple pairing (SSP) protocol:  Use elliptic-curve Diffie-Hellman (ECDH) key exchange algorithm to replace PIN To resist PIN cracking attack  Use public key certificates for authentication. To prevent man-in-the-middle attack. Bluetooth Secure Simple Pairing

26 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Outline 6.1 Wireless Communications and 802.11 WLAN Standards 6.2 WEP 6.3 WPA 6.4 IEEE 802.11i/WPA2 6.5 Bluetooth Security 6.6 Wireless Mesh Network Security

27 J. Wang. Computer Network Security Theory and Practice. Springer 2008 An AP may or may not connect to a wired network infrastructure Each STA is connected to one AP WMNs vs. WLANs:  WLANs: star networks  WMNs: multi-hop networks A region:  An AP and all the STAs connected to it  Can be viewed as a WLAN  Can apply the 802.11i/WPA2 security standard Wireless Mesh Network (WMN)

28 J. Wang. Computer Network Security Theory and Practice. Springer 2008 Blackhole Attack.  Impersonate a legitimate router and drop packet instead of forwarding it  Coax users to use his router Wormhole Attack  Reroute packets from one region to another Rushing Attacks  Target at on-demand routing protocols: Router must forward the 1st route request packet and drop the subsequent packets from the same source to reduce clutter  Rush an impersonated route request before the legitimate one arrives Router-Error-Injection Attacks  Injecting certain forged route-error packets to break normal communication Security Holes in WMNs

Download ppt "J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part II."

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.

Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part I.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part I.
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

Similar presentations

Ads by Google