2. Wireless Security Presented by: Amit Kumar Singh Instructor : Dr. T. Andrew Yang

3. Going Wireless  Recent technologies include 802.11b,802.11g etc.  Most commonly and widely present are 802.11b (11 mbps)  802.11b uses security techniques like WEP to make the network secure.  IEEE came up with 802.11x standards for wireless ethernet.

4. What is WEP ?  Wireless connections need to be secured since the intruders should not be allowed to access, read and modify the network traffic.  Mobile systems should be connected at the same time.  Algorithm is required which provides a high level of security as provided by the physical wired networks.  Protect wireless communication from eavesdropping, prevent unauthorized access.

5. Security Goals of WEP:  Access Control  Ensure that your wireless infrastructure is not used.  Data Integrity  Ensure that your data packets are not modified in transit.  Confidentiality  Ensure that contents of your wireless traffic is not leaked.

6. Understanding WEP  WEP relies on a secret key which is shared between the sender (mobile station) and the receiver (access point).  Secret Key : packets are encrypted using the secret key before they are transmitted.  Integrity Check : it is used to ensure that packets are not modified in transit

7. Understanding WEP contd…  To send a message to M: Compute the checksum c(M). Checksum does not depend on the secret key ‘k’.Compute the checksum c(M). Checksum does not depend on the secret key ‘k’. Pick a IV ‘v’ and generate a key stream RC4(v,k).Pick a IV ‘v’ and generate a key stream RC4(v,k). XOR with the key stream to get the cipher text.XOR with the key stream to get the cipher text. Transmit ‘v’ and the cipher text over a radio link.Transmit ‘v’ and the cipher text over a radio link.

8. How WEP Works Key Stream = RC4(v,k) MessageCRC Transmitted Data XOR Cipher TextV Plain Text

9. How WEP works ?   WEP uses RC4 encryption algorithm known as “stream cipher” to protect the confidentiality of its data.   Stream cipher operates by expanding a short key into an infinite pseudo-random key stream.   Sender XOR’s the key stream with plaintext to produce cipher text.   Receiver has the copy of the same key, and uses it to generate an identical key stream.   XORing the key stream with the cipher text yields the original message.

10. Attack types  Passive Attacks To decrypt the traffic based on statistical analysis (Statistical Attack)To decrypt the traffic based on statistical analysis (Statistical Attack)  Active Attacks To inject new traffic from authorized mobile stations, based on known plaintext.To inject new traffic from authorized mobile stations, based on known plaintext.  Active Attacks To decrypt the traffic based on tricking the access pointTo decrypt the traffic based on tricking the access point  Dictionary Attacks Allow real time automated decryption of all traffic.Allow real time automated decryption of all traffic.

11. Defenses of WEP  Integrity Check (IC) field Used to ensure that packet has not been modified in transit  Initialization Vector (IV) Used to avoid encrypting two cipher texts with the same key stream Used to argument the shared key and produce a different RC4 key for each packet

12. References  http://www.cs.fsu.edu/~yasinsac/group/sl ides/cubukcu.pdf http://www.cs.fsu.edu/~yasinsac/group/sl ides/cubukcu.pdf http://www.cs.fsu.edu/~yasinsac/group/sl ides/cubukcu.pdf   http://www.isaac.cs.berkeley.edu/isaac/w ep-faq.html   www.itserv.com/wireless  http://www.bluefiresecurity.com/bluefire_ downloads.php?download=main http://www.bluefiresecurity.com/bluefire_ downloads.php?download=main http://www.bluefiresecurity.com/bluefire_ downloads.php?download=main  http://www.isaac.cs.berkeley.edu/isaac/m obicom.pdf