Presentation is loading. Please wait.

Presentation is loading. Please wait.

802.11 Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "802.11 Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan."— Presentation transcript:

1 802.11 Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan

2 Agenda for the presentation Introduction 802.11 Wireless LAN – brief description Goals of WEP Confidentiality in WEP Data Integrity in WEP Access Control in WLANs Security loopholes and attacks on WEP Lessons to be learnt

3 Introduction History of wireless technology Inception of wireless networking took place at the University of Hawaii in 1971. It was called ALOHAnet.  Star topology with 7 computers  Spanned 4 Hawaiian islands with the central system in Oahu In 1997, world’s first WLAN standard– 802.11– was approved by IEEE Wired Equivalent Privacy – security standard proposed by 802.11 Has many loopholes and has been completely broken

4 802.11 Wireless LAN – brief description Stations Wireless medium Access Points Distribution System Basic Service Set (BSS) Extended Service set (ESS) Distribution system Access Points Wireless Medium Mobile stations

5 802.11 Wireless LAN – brief description (cont’d) Network services Distribution System services  Association  Disassociation  Reassociation Station services  Authentication  Deauthentication  Privacy Successful Authentication Unauthenticated and Unassociated Authenticated and Unassociated Authenticated and Associated Successful Association/ Reassociation Disassociation Deathentication Outside the network Inside the network

6 Goals of WEP Confidentiality  Uses stream cipher RC4 for encryption Data Integrity  Uses cyclic redundancy check Access control  Shared key authentication

7 Confidentiality in WEP One-time pad vs Stream ciphers Perfect randomness is compromised for practicality RC4 algorithm used for encryption of data frames KEY Plaintext Keystream Ciphertext + IV

8 Confidentiality in WEP – (cont’d) WEP keys and Initialization vector (IV) Shared secret key  Shared among all users  Changed infrequently  Original standard – 40 bit key. Later implementations used 104 bit key  WEP uses set of up to 4 keys  Key distribution problems Initialization vector  24 bits  Prepended with the secret key  Need to be random to prevent key reuse or IV collision  IV sent in clear

9 Data Integrity in WEP Computes Integrity Check Value (ICV) ICV is appended with data frame and encrypted CRC-32 algorithm used  Efficient in capturing data tampering  Cryptographically insecure

10 Plaintext ICV Plaintext CRC-32 Plaintext ICV RC4 IV Keystream + Plaintext ICV Confidentiality and data integrity in WEP IVFrame Header 4 bytes3 bytes padKey index 40 or 104 bit key

11 Access Control in WLANs Request for access Challenge text, R Encrypt R using WEP Mobile stationAccess Point Open System Authentication Shared key authentication

12 Keystream = R 1 C 1 Security loopholes and attacks on WEP Attacks on shared key authentication Request for access Challenge text, R 1 Encrypt R 1 using WEP (C 1 ) Good guyAccess Point Request for access Challenge text, R 2 Encrypt R 2 using WEP (C 2 = Keystream R2 ) Bad guyAccess Point + +

13 Security loopholes and attacks on WEP - (cont’d) Attacks due to keystream reuse Improper IV management  IV-space is small  Implementation dependent  Sent in clear Recovery of plaintexts Decryption dictionary attacks  Independent of keysize Ciphertext Plaintext Keystream Ciphertext + + Plaintext + +

14 Security loopholes and attacks on WEP - (cont’d) Attacks due to CRC CRC is good for message authentication, but bad for security  Both CRC checksum and RC4 are linear and can be easily manipulated CRC is unkeyed  Attacker can inject messages into the system Plaintext ICV Δ + ΔcΔc + Δ = Plaintext = ICV ΔcΔc + +

15 Security loopholes and attacks on WEP - (cont’d) Attacks exploiting the Access Points Mobile station Access Point Change destination address Attacker

16 Security loopholes and attacks on WEP - (cont’d) Attacks exploiting the Access Points Mobile station Access Point Modify any P i and P i+16 Attacker TCP ACK Message with flipped bits Intercepted ciphertext with flipped bits Access points can be used to monitor TCP/IP traffic Recipient send an ACK only if TCP checksum is correct TCP checksum remains unaltered if P i ex-OR P i+16 is 1.

17 Security loopholes and attacks on WEP - (cont’d) Attacks on RC4 used by WEP Research by Scott Fluhrer, Itsik Mantin and Adi Shamir First byte of plaintext has to be known. For WEP implementations, it is 0xAA Set of weak keys that correspondingly reveal some part of the secret key Format of weak IVs  First byte (B) can range from 0x03 to 0x07  Second byte has to be 0xFF  Third byte (N) can be any known value between 0 & 255. Probability to find a byte of secret key for 60 different values of N is non-negligible Several successful experiments based on this attack Popular key-recovery programs like Airsnort use this analysis

18 Lessons learnt from the failure of WEP Key shared by all users of the system Key is changed infrequently No Perfect forward secrecy Manual key management Key reuse due to non-random IVs  Random IVs are not insisted upon  Short IVs  No protection for replay attacks Use of unkeyed CRC instead of SHA1-HMAC Encryption cipher used was weak WEP was not publicly reviewed before it became a standard WEP is insecure!!

19 References The Institute of Electrical and Electronics Engineers (IEEE) website http://www.ieee.org 802.11Wireless Networks- The Definitive Guide By Matthew S. Gast, O’REILLY Publications. History of wireless http://www.ac.aup.fr/a38972/final_projectIT338/history.html Intercepting Mobile Communications: The Insecurity of 802.11 By Nikita Borisov, Ian Goldberg, and David Wagner http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html Weaknesses in the Key Scheduling Algorithm of RC4 By Scott Fluhrer, Itsik Mantin and Adi Shamir http://www.crypto.com/papers/others/rc4_ksaproc.pdf Unsafe at any key size: an analysis of the WEP encapsulation By J. Walker http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/0-362.zi%p Your 802.11 Wireless Network has No Clothes By William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan, Department of Computer Science, University of Maryland http://www.cs.umd.edu/~waa/wireless.pdf Popular WEP cracking software http://airsnort.sourceforge.net/ http://sourceforge.net/projects/wepcrack/

Download ppt "802.11 Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan."

Similar presentations

1 Intercepting Mobile Communications: The Insecurity of 802.11 …or “Why WEP Stinks” Dustin Christmann.

1 Intercepting Mobile Communications: The Insecurity of …or “Why WEP Stinks” Dustin Christmann.
CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.
Your 802.11 Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Wireless Security Why Swiss-Cheese Security Isn’t Enough David Wagner University of California at Berkeley.

Wireless Security Why Swiss-Cheese Security Isn’t Enough David Wagner University of California at Berkeley.
Security flaws of the WEP-Protocol by Bastian Sopora, Seminar Computer Security 2006.

Security flaws of the WEP-Protocol by Bastian Sopora, Seminar Computer Security 2006.
Wireless Security David Wagner University of California, Berkeley.

Wireless Security David Wagner University of California, Berkeley.
Wireless Privacy: Analysis of 802.11 Security Nikita Borisov UC Berkeley

Wireless Privacy: Analysis of Security Nikita Borisov UC Berkeley
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
WEP and 802.11i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.

WEP and i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
COMP4690, HKBU1 Security of 802.11 COMP4690: Advanced Topic.

COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)

Similar presentations

Ads by Google