1. 04/14/2011 1

2.  The IEEE 802.11 wireless LAN standard was established in 1989 and was originally intended to seek a wireless equivalent to Ethernet.  Wide spread popularity in recent years.  Major difference between wired and wireless networks is access to the transmitted data.  From the initial development stages of wireless technologies experts knew that security would be a major issue that needed to be solved in order for this technology to be able to overtake the place of wired networks. 2

3.  Wireless security is a major demand in the secure data transferring services.  Accidental association  Malicious association  Non-traditional networks  Identity theft (MAC spoofing)  Man-in-the-middle attacks  Denial of service  Network injection 3

4.  In WLANs, privacy is achieved by data contents protection with encryption.  There have been three major generations of security approaches, which is mentioned below: WEP (Wired Equivalent Privacy) WPA (Wi-Fi Protected Access) WPA2/802.11i (Wi-Fa Protection Access, Version 2)  Each of these protocols has two generations named as personal and enterprise. 4

5. 5

6.  WEP’s security goals are :- Access control: protecting the wireless network from unauthorized access. Confidentiality: to prevent eavesdropping. Data integrity: to prevent tampering with transmitted messages. 6

7.  WEP uses RC4 algorithm for encryption and key stream generation.  Sender side: The secret key used in WEP algorithm is 40-bit long is concatenated with a 24-bit Initialization Vector (IV) for acting as the encryption/decryption key. The resulting key acts as the seed for a Pseudo-Random Number Generator (PRNG). The plaintext input in a integrity algorithm and concatenate by the plaintext again. The result of key sequence and ICV will go to RC4 algorithm. A final encrypted message is made by attaching the IV in front of the Cipher text. 7

8. 8

9.  WEP uses five operations to decrypt the received (IV + Cipher text). The Pre-Shared Key and IV concatenated to make a secret key. The Cipher text and Secret Key go to in CR4 algorithm and a plaintext come as a result. The ICV and plaintext will separate. The plaintext goes to Integrity Algorithm to make a new ICV (ICV’). Finally the new ICV (ICV‘)compare with original ICV. 9

10. 10

11.  Random bits whose size depends on the encryption algorithm and is normally as large as the block size of the cipher or as large as the Secret key.  The IV must be known to the recipient of the encrypted information to be able to decrypt it.  WEP algorithm does this by transmitting the IV along with the packet.  In WEP for two different lengths (64, 128 bit) of keys IV is 24- bit. 11

12.  Simple 5- or 13-character password that is shared between the access point and all wireless network users.  For the 64-bit key the length of secret key is 40 bits and for 128-bit key the length is 104 bits. 12

13.  WEP defines a method to create a unique secret key for each packet using the 5- or 13-characters of the pre-shared key and three more pseudo-randomly selected characters picked by the wireless hardware (IV).  For example, our Pre-shared key is "ARASH". This word would then be merged with "AHL" as IV to create a secret key of "AHLARASH", which would be used in encryption operations of packet.  The next packet would still use "ARASH", but concatenate it this time with "ARA" to create a new secret key of "ARAARASH".  This process would randomly continue during the transmission of data. 13

14.  Is one of hashing algorithm and it is abbreviation of "Cyclic Redundancy Code".  The "CRC" term is reserved for algorithms that are based on the "polynomial" division idea.  Take the data as a VERY long binary number and divide it by a constant divisor. 14

15.  RC4 is not specific to WEP; it is a random generator, also known as a key stream generator or a stream cipher. 15

16.  Size of IV is short and will be reused. Regardless of the key size, 24-bit long of WEP’s IV can only provide 16,777,216 different RC4 cipher streams for a given WEP key. If the RC4 cipher stream for a given IV is found, an attacker can decrypt subsequent packets that were encrypted with the same IV or can forge packets. If a hacker collects enough frames based on the same IV, the individual can determine the shared values among them, i.e., the key stream or the shared secret key. 16

17.  Is a major issue and key updating mechanism is poor.  Most wireless networks that use WEP have one single WEP key shared between every node on the network.  Since synchronizing the change of keys is difficult, network administrators must personally visit each wireless device in use and manually enter the appropriate WEP key.  Result is key rarely changed by the system administrators. 17

18.  Weak keys, meaning that there is more correlation between the key and the output.  The first three bytes of the key are taken from the IV that is sent unencrypted in each packet which can be used to find weak keys.  Out of the 16 million IV values available, about 9,000 are interesting.  The attacker captures "interesting packets" filtering for IVs that suggest weak keys.  Because all original IP packets start with a known value, it’s easy to know when he/she has the right key.  To determine a 104-bit WEP key, he/she has to capture between 2,000 and 4,000 interesting packets. 18

19.  Two types of authentication: Open System and Shared Key authentication.  Turning on authentication with WEP reduced the security.  Shared Key authentication involves demonstrating the knowledge of the shared WEP key by encrypting a challenge.  Any monitoring attacker can observe the challenge and the encrypted response.  From those, then can determine the RC4 stream used to encrypt the response.  The attacker can later forge an authentication. 19

20.  WEP does not prevent replay attacks.  An attacker can simply record and replay packets as desired and they will be accepted as legitimate.  WEP allows an attacker to undetectably modify a message without knowing the encryption key. (Weakness in CRC) 20

21.  Improved data encryption (TKIP)  Temporal Key Integrity Protocol (TKIP) using a hashing algorithm and, by adding an integrity- checking feature, ensures that the keys haven’t been tampered with.  It is an alternative to WEP that fixes all the security problems and does not require new hardware. 21

22.  Like WEP, TKIP uses the RC4 stream cipher as the encryption and decryption processes and all involved parties must share the same secret key.  This secret key must be 128 bits and is called the "Temporal Key" (TK).  TKIP also uses an Initialization Vector (IV) of 48-bit and uses it as a counter.  Even if the TK is shared, all involved parties generate a different RC4 key stream.  Since the communication participants perform a 2-phase generation of a unique "Per-Packet Key" (PPK) that is used as the key for the RC4 key stream. 22

23.  TKIP adds four new algorithms to WEP: A cryptographic message integrity code, or MIC, called Michael, to defeat forgeries A new IV sequencing discipline, to remove replay attacks from the attacker’s arsenal. A per-packet key mixing function, to de-correlate the public IVs from weak keys A re-keying mechanism, to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse. 23

24. 24

25.  Michael is the name of the TKIP message integrity code.  New MIC designed that has 64-bits length and represented as two 32-bit little- Endian words (K0,K1)  The Michael function first pads a message with the hexadecimal value 0x5a and enough zero  pad to bring the total message length to a multiple of 32- bits.  Then partitions the result into a sequence of 32-bit words M1 M2… Mn, and finally computes the tag from the key and the message words using a simple iterative structure: 25

26.  (L,R) ← (K0,K1)  do i from 1 to n  L←L XOR Mi  (L,R)← Swap(L,R)  return (L,R) as the tag 26

27.  To defeat replays, TKIP reuses the WEP IV field as a packet sequence number.  Both transmitter and receiver initialize the packet sequence space to zero whenever new TKIP keys are set.  Transmitter increments the sequence number with each packet it sends.  TKIP requires the receiver to enforce proper IV sequencing of arriving packets. 27

28.  WEP constructs a per-packet RC4 key by concatenating a base key and the packet IV.  The new per-packet key is called the TKIP key mixing function.  It substitutes a temporal key for the WEP base key and constructs the WEP per-packet key in a novel fashion.  The mixing function operates in two phases. 28

29.  It eliminates the same key from use by all links.  It combines the 802 MAC addresses of the local wireless interface and the temporal key by iteratively XORing each of their bytes to index into an S-box, to produce an intermediate key.  The Phase 1 intermediate key must be computed only when the temporal key is updated.  Most implementations cache its value as a performance optimization. 29

30.  It de-correlates the public IV from known the per-packet key.  Uses a tiny cipher to encrypt the packet sequence number under the intermediate key, producing a 128-bit per-packet key.  This design accomplishes the second mixing function design goal.  Making it difficult for a rival to be connected to IVs and per- packet keys. 30

31.  Rekeying delivers the fresh keys consumed by the various TKIP algorithms.  There are three key types: temporal keys, encryption keys and master keys.  Occupying the lowest level of the hierarchy are the temporal keys consumed by the TKIP privacy and authentication algorithms proper.  TKIP employs a pair of temporal key types: a 128-bit encryption key, and a second 64-bit key for data integrity.  TKIP uses a separate pair of temporal keys in each direction of an association.  Each association has two pairs of keys, for a total of four temporal keys 31

32. 32

33.  Personal WPA or WPA-PSK (Key Pre-Shared) that use for small office and home for domestic use authentication which does not use an authentication server and the data cryptography key can go up to 256 bits.  Enterprise WPA or Commercial that the authentication is made by an authentication server 802.1x, generating an excellent control and security in the users' traffic of the wireless network. 33

34.  WPA uses 802.1X+EAP for authentication.  Replaces WEP with the more advanced TKIP encryption  No preshared key is used here, but you will need a RADIUS server.  Remote Authentication Dial In User Service (RADIUS) 34

35.  WPA2 was designed as a future-proof solution based on lessons learned by WEP implementers.  One of the most significant improvement is encryption algorithm which uses Advanced Encryption Standard (AES).  In particular it uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. 35

36. 36

37. 37

38. 38

39.  Wireless Security issues  WEP algorithm  WEP Weakness  WEP Improvements  TKIP  WPA  WPA2  Security impact on bandwidth 39

40.  Lashkari, A.H.; Towhidi, F.; Hosseini, R.S.;, "Wired Equivalent Privacy (WEP)," Future Computer and Communication, 2009. ICFCC 2009. International Conference on, vol., no., pp.492-495, 3-5 April 2009  Arash Habibi Lashkari, Mir Mohammad Seyed Danesh, Behrang Samadi, "A survey on wireless security protocols (WEP, WPA and WPA2/802.11i)," iccsit, pp.48-52, 2009 2nd IEEE International Conference on Computer Science and Information Technology, 200  Ying Wang; Zhigang Jin; Ximan Zhao;, "Practical Defense against WEP and WPA-PSK Attack for WLAN," Wireless Communications Networking and Mobile Computing (WiCOM), 2010 6th International Conference on, vol., no., pp.1-4, 23-25 Sept. 2010  Boland, H.; Mousavi, H.; "Security issues of the IEEE 802.11b wireless LAN," Electrical and Computer Engineering, 2004. Canadian Conference on, vol.1, no., pp. 333- 336  Emilio J.M. Arruda Filho, Paulo N. L. Fonseca Jr.%, Mairio J. S. Leitdo and Paulo S. F. De: “Security versus Bandwidth: The Support of Mechanisms WEP e WPA in 802.11g Network” 40

41. Thank You 41