Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Wireless Networks IEEE 802.11i Presented by Sean Goggin March 1, 2005.

Published byLorena Gibson Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in Wireless Networks IEEE 802.11i Presented by Sean Goggin March 1, 2005."— Presentation transcript:

1 Security in Wireless Networks IEEE 802.11i Presented by Sean Goggin March 1, 2005

2 3/1/2005Sean Goggin2 Overview Inherent Problems in Wireless Is WEP Really Equivalent? Additional Solutions 802.11i – A New Solution Conclusion

3 3/1/2005Sean Goggin3 Inherent Problems in Wireless Modern Wired Network –Multiple Nodes Interconnected with CAT-5, RG-58, Fiber, and Etc. –Typically Difficult to Intercept

4 3/1/2005Sean Goggin4 Inherent Problems in Wireless Modern Wireless Network –Multiple Nodes Interconnected Over Radio Frequency –Lacks Simplest Form of Physical Protection

5 3/1/2005Sean Goggin5 Inherent Problems in Wireless Denial-of-Service Attack (DOS Attack) –Media is Open to the Public –Easily Disrupted, Compromises Availability –Only Solution is to Locate and Disable

6 3/1/2005Sean Goggin6 Inherent Problems in Wireless Man-in-the-Middle Attack (MITM Attack) –Easily Intercepted –Compromises Integrity and Confidentially –Mitigate with use of Encryption

7 3/1/2005Sean Goggin7 Inherent Problems in Wireless Do to the Nature of Wired vs. Wireless, Wired is More Secure Wireless Requires Protocol to Increase Security IEEE & Wired Equivalent Privacy –40-bit (Exportable) and 104-bit Key –RC4

8 3/1/2005Sean Goggin8 Is WEP Really Equivalent? IEEE Selects RC4 Cipher for WEP RC4 is a Stream Cipher System –Utilizes a Shared Key and Pseudo Random Number Generator (PRNG) to Create Keystream to XOR with Source’s Data, then Sends Cipher Text –Destination Utilizes the Shared Key and PRNG to Create Keystream to XOR Cipher Text and Decrypt Source’s Data Courtesy of 802.11 Wireless Networks: The Definitive Guide

9 3/1/2005Sean Goggin9 Is WEP Really Equivalent? WEP Process –40-bit Key + 24-bit Initialization Vector (IV) = 64-bit RC4 Key –RC4 Key and PRNG Create Keystream Equal in Length to Plain Text + CRC –Keystream XORed with Plain Text and CRC Value –Transmit IV + Cipher Text

10 3/1/2005Sean Goggin10 Is WEP Really Equivalent? Key Management Issue –Up to 4 WEP Keys Can Be Used –Scalability vs. Security Manually Configure 1-4 Keys in an Enterprise Manually Distribute 1-4 Keys to an Enterprise Terminated Employees Public Keys & Monitoring Station

11 3/1/2005Sean Goggin11 Is WEP Really Equivalent? Encryption Issue –“Weaknesses in the Key Scheduling Algorithm of RC4 “ by Fluhrer, Mantin, and Shamir Addressed Poor Implementation of RC4 in WEP Weak IVs are Poorly Chosen and Repeated Reused Keys Make Crypt Analysis Possible Function is Linear, not Exponential

12 3/1/2005Sean Goggin12 Is WEP Really Equivalent? Attacking WEP –The Key is Comprised of 5 Bytes or 13 Bytes –The First Byte LLC Encapsulation & SNAP Header (00xA) (00xA) XOR First Byte of Cipher Text = First Byte of Keystream –The Remaining Bytes Weak IVs in form of B+3:FF:N –B Refers to the Byte of the Key –FF is Weak Middle Byte of all 1s –N is any value from 0 to 255

13 3/1/2005Sean Goggin13 Is WEP Really Equivalent? Attacking WEP, Continued –The Remaining Bytes, Continued Gather Weak IVs into Groups of B –5 Groups for 40-bit, 13 Groups for 104-bit –Takes Approximately 115 Samples Per Group to Crack a Byte of the Key Even Though More Weak IVs are Needed for 104-bit Key, it Provides More Weak IVs by Nature Cracking 104-bit vs. 40-bit Takes More Time, But Insignificant Amount More Wireless Network Traffic, Faster Weak IVs Appear

14 3/1/2005Sean Goggin14 Is WEP Really Equivalent? Tools to Crack WEP –AirSnort Developed by Bruestle & Hegerle to Demonstrate Work Done by Fluhrer, Mantin, and Shamir Capture Component –Captures Raw Packets using Wireless Interface Crack Component –Performs Analysis and Cracks Bytes of Key –WEPCrack & dweputils Similar Functions as AirSnort

15 3/1/2005Sean Goggin15 Is WEP Really Equivalent? Other Attacks –Simple XOR Attack Cipher Text is Plain Text XOR Keystream If a Known Plain Text is then XOR with Cipher Text the KeyStream will be Exposed –Use SPAM, Heavy Virus Network Traffic (ie: Sasser), or Other Well-Known Network Traffic Used for Message Injection & Authentication Spoofing

16 3/1/2005Sean Goggin16 Is WEP Really Equivalent? Other Attacks, Continued –Brute-Force Attack Phrase Key Generators Often Flawed –Uses ASCII Values to Seed the PRNG –ASCII Always Start with 0 and Range from 0 to 7F –7F vs FF… 21-bit vs. 32-bit Seed –Newsham Attacked 40-bit Key using P3/500, 35 Seconds to Key –Sometimes Applies to 104-bit Key Generator (MD5 Hash)

17 3/1/2005Sean Goggin17 Additional Solutions Best Practices –Disabling SSID Beaconing SSID Beaconing Identifies AP to Wireless Interfaces Easier for Legitimate Users and Intruders/Attackers to Find AP Disabling SSID May Requires Additional Configuration of User’s Interface Attacker can Detect Presence of AP, but without SSID cannot Associate with AP

18 3/1/2005Sean Goggin18 Additional Solutions Best Practices, Continued –MAC Authentication (CSUN) Legitimate Users Register MAC Address AP Disregard Packets from Non-Registered MAC –Problems Both SSID and Legitimate MAC can be Gathered with Network Sniffer and Wireless Card if Weak or No Encryption Used WEP is Weak, So What is Left?

19 3/1/2005Sean Goggin19 Additional Solutions Virtual Private Network (VPN) –Secure Data Above the Link-Layer –May Require More Bandwidth –Variety of Protocols IPsec (CSUN), SSL, & PPTP Wi-Fi Protected Access (WPA) –After WEP was Exposed a Temporary Solution was Needed

20 3/1/2005Sean Goggin20 Additional Solutions Wi-Fi Protected Access (WPA), Continued –Wi-Fi Alliance Took Components of 802.11i Draft Temporal Key Integrity Protocol Larger IV (48-bit vs. 24-bit) Message Integrity Check (MIC) Replaced CRC 802.1x or Pre-Shared Key (PSK) RC4 –Could be Implemented on Existing Hardware

21 3/1/2005Sean Goggin21 802.11i – A New Solution Originally Meant to Address Security and Quality of Service (QoS) Apparent Need for Additional Security Created 802.11e QoS & 802.11i Security WPA is Released in April 2003 as Temporary Solution Until 802.11i Ratification 802.11i Ratified on June 24 th, 2004

22 3/1/2005Sean Goggin22 802.11i – A New Solution Components of 802.11i –802.1x –Advanced Encryption Standard in Counter- Mode/Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP) –Temporal Key Integrity Protocol (TKIP)

23 3/1/2005Sean Goggin23 802.11i – A New Solution 802.1x –Based on IETF Extensible Authentication Protocol (EAP) Future Proof Open Standard Allows for Any Authentication Standard to be Used Designed to Regulate at Physical Port –Point of Authenticating User & Network – Typically Uses RADIUS

24 3/1/2005Sean Goggin24 802.11i – A New Solution 802.1x, Step 1 –Supplicant Request Association with Authenticator –Authenticator Associates with Supplicant –Authenticator Requests Identity from Supplicant via EAP

25 3/1/2005Sean Goggin25 802.11i – A New Solution 802.1x, Step 2 –Supplicant Responds with Identity to Authenticator via EAP –Authenticator Sends Access Request for Supplicant’s Identity to Authentication Server via RADIUS

26 3/1/2005Sean Goggin26 802.11i – A New Solution 802.1x, Step 3 –Authentication Server Validates Supplicant’s Identity –Authentication Server Notifies Authenticator the Supplicant is Valid and Issues Keying Material via RADIUS –If Supplicant Fails to be Validated, Authentication Server Submits Identity Request instead

27 3/1/2005Sean Goggin27 802.11i – A New Solution 802.1x, Step 4 –The Authenticator Initiates a 4-Way Handshake with Supplicant to Establish Keys –Once Keys are Established the Supplicant is Permitted to Access the Network

28 3/1/2005Sean Goggin28 802.11i – A New Solution The 4-Way Handshake in 802.1x –Terminology Master Key (MK) Pairwise Master Key (PMK) Authenticator Nonce (Anonce) Supplicant Nonce (Snonce) Pairwise Transient Key (PTK) Group Temporal Key (GTK)

29 3/1/2005Sean Goggin29 802.11i – A New Solution The 4-Way Handshake in 802.1x –Both the Supplicant and Authenticator have PMK Derived from MK issued by the Authentication Server –Step 1 Authenticator Generates Anonce and Sends it to the Supplicant

30 3/1/2005Sean Goggin30 802.11i – A New Solution The 4-Way Handshake in 802.1x –Step 2 Supplicant Generates Snonce Supplicant Constructs PTK from Anonce, Snonce, Authenticator MAC, Supplicant MAC, and PMK Supplicant Sends Snonce and MIC to Authenticator

31 3/1/2005Sean Goggin31 802.11i – A New Solution The 4-Way Handshake in 802.1x –Step 3 Authenticator Derives PTK from Anonce, Snonce, Authenticator MAC, Supplicant MAC, and PMK Authenticator Constructs GTK from Above Data and Sends GTK and MIC to Supplicant

32 3/1/2005Sean Goggin32 802.11i – A New Solution The 4-Way Handshake in 802.1x –Step 4 Supplicant Sends ACK to Authenticator Concluding Handshake Process Supplicant & Authenticator Have Established All Necessary Keys

33 3/1/2005Sean Goggin33 802.11i – A New Solution Pairwise Transient Key (PTK) –Broken into 3 Keys Key Confirmation Key (KCK) –Used to Compute and Confirm EAP MICs Key Encryption Key (KEK) –Used for Encryption of EAP Data Temporal Key (TK) –Used for Encryption of Supplicant-Authenticator Traffic Group Temporal Key (GTK) –Used for Broadcast and Multicast Encryption

34 3/1/2005Sean Goggin34 802.11i – A New Solution Additional Features of 802.1x –Key Caching Authenticator & Supplicant Cache Keys While Roaming Prevents Excessive Load on Authentication Server –Pre-Authentication If the Supplicant Sense the Next AP while Roaming it can Begin Authentication via Network to Next AP Reduces Association Time to Next AP

35 3/1/2005Sean Goggin35 802.11i – A New Solution AES-CM/CBC-MAC Protocol (AES- CCMP) –Features 128-bit Advanced Encryption Standard Counter-Mode Cipher Block Chaining 48-bit Initialization Vectors 802.1x Key Assignment (TK from PTK) Message Integrity Check

36 3/1/2005Sean Goggin36 802.11i – A New Solution Counter-Mode –Turns a Block Cipher into a Stream Cipher –Generates the Next Keystream Block by Encrypting Successive Values of a Counter –Counter is any Simple Function which Produces Sequence which is Guaranteed not to Repeat for a Long Time

37 3/1/2005Sean Goggin37 802.11i – A New Solution Courtesy of: WikiPedia - Block cipher modes of operation

38 3/1/2005Sean Goggin38 802.11i – A New Solution Cipher Block Chaining –Each Block of Plain Text is XORed with Previous Block of Cipher Text Before Being Encrypted –Each Cipher Text Block is then Dependent on the Blocks that Preceded

39 3/1/2005Sean Goggin39 802.11i – A New Solution Courtesy of: WikiPedia - Block cipher modes of operation

40 3/1/2005Sean Goggin40 802.11i – A New Solution AES-CCMP, Continued –AES-CM Provides Confidentiality –CBC-MAC Provides Authentication & Integrity –CCMP Protects Non-Encrypted Fields Such as Source & Destination Data Protects Against Replay Attack –16 Octets Larger then Non-Encrypted Data Slight Speed Decrease, Large Security Increase –More Enterprise then Home Consumer

41 3/1/2005Sean Goggin41 802.11i – A New Solution AES-CCMP vs. WEP –AES vs. RC4 –128-bit vs. 104-bit Key –Block Cipher vs. Stream Cipher –48-bit vs. 24-bit Initialization Vector –CBC-MAC vs. RC4 –New vs. Established

42 3/1/2005Sean Goggin42 802.11i – A New Solution Temporal Key Integrity Protocol (TKIP) –Features 128-bit RC4 Per-Packet Key Mixing Enhanced Initialization Vectors including Sequencing Rules 802.1x Key Assignment (TK from PTK) Michael MIC Runs on Legacy Hardware

43 3/1/2005Sean Goggin43 802.11i – A New Solution Courtesy of: How Secure Is Your Wireless Network? Safeguarding Your Wi-Fi LAN

44 3/1/2005Sean Goggin44 802.11i – A New Solution TKIP – Phase 1 –Source MAC XORed with TK = Mixed Key TKIP – Phase 2 –Mixed Key XORed with Trip Sequence Counter = Per-Packet Mixed Key –Feed to WEP Engine as 128-bit Key

45 3/1/2005Sean Goggin45 802.11i – A New Solution Michael MIC –64-bit MIC Key, Source Address, Destination Address, and Plain Text used to Generate 8 Byte MIC Hash –MIC replaces CRC –Plain Text+ MIC are Fed to WEP Engine as Plain Text WEP Now Performs RC4 Operations Using 128-bit Key and Plain Text + MIC

46 3/1/2005Sean Goggin46 802.11i – A New Solution

47 3/1/2005Sean Goggin47 802.11i – A New Solution Michael’s Countermeasure –If CRC, Integrity Check Value, and IV Fail Verification, Only then Check MIC Avoids False Positive –If All Fail, Attack Underway Stop Using Current Keys & Re-Key Rate Limit Re-Keying to Once Per Minute

48 3/1/2005Sean Goggin48 802.11i – A New Solution AES-CCMP vs. TKIP –AES vs. RC4 –Block vs. Stream Cipher –CBC-MAC vs. RC4 –New Hardware vs. Existing Hardware –New vs. Relatively New

49 3/1/2005Sean Goggin49 802.11i – A New Solution Additional Features of 802.11i –Pre-Shared Key (PSK) Utilized instead of PMK, Less Secure? Home or Ad Hoc Network –Password-to-Key Mapping Generates 256-bit PSK from ASCII –Random Number Generation Established Minimum Guide Line

50 3/1/2005Sean Goggin50 802.11i – A New Solution 802.11i & WPA 2 –Wi-Fi Alliance Certification Program for 802.11i Compliance –Possibly Misleading, WPA Hardware May Not Be Compatible TKIP is in WPA & WPA 2 Most WPA Hardware Not Capable of AES-CCMP –User-Friendly Name for 802.11i

51 3/1/2005Sean Goggin51 Conclusion 802.11i Shows Promise, Only Proven with Test of Time Performance/Security Trade-off Worth it? May Not Be as Important to Home Users as it is for Enterprises

52 3/1/2005Sean Goggin52 Conclusion With Major Investment in Last 5 Years in 802.11b, New Hardware May Not Be Adopted Promptly Why Buy 802.11i Instead of 802.16 or 802.20? Where is the Hardware?

53 Questions & Answers Security in Wireless Networks 802.11i

54 Next Time… Advances in Optical Networks SONET April 19, 2005

55 3/1/2005Sean Goggin55 References Wireless Security’s Future (PDF)Wireless Security’s Future Intercepting Mobile Communications: The Insecurity of 802.11(PDF)Intercepting Mobile Communications: The Insecurity of 802.11 IEEE 802.11i Overview (PDF)IEEE 802.11i Overview 802.11i and Wireless Security 802.11 Security Wikipedia – Block Cipher Modes of Operation Wikipedia – Advanced Encryption Standard

Download ppt "Security in Wireless Networks IEEE 802.11i Presented by Sean Goggin March 1, 2005."

Similar presentations

CN8816: Network Security 1 Security in Wireless LAN 802.11i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
WEP and 802.11i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.

WEP and i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.

Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).

Similar presentations

Ads by Google