Presentation is loading. Please wait.

Presentation is loading. Please wait.

WLAN Security1 Security of 802.11 WLAN Máté Szalay

Published byMerilyn Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "WLAN Security1 Security of 802.11 WLAN Máté Szalay"— Presentation transcript:

1 WLAN Security1 Security of 802.11 WLAN Máté Szalay szalaym@hit.bme.hu

2 WLAN Security2 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

3 WLAN Security3 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

4 WLAN Security4 Introduction Wireless LAN IEEE 802.11 802.11a (5 GHz, 54Mbps) 802.11b (2.4 GHz, 11 Mbps) 802.11g (2.4 GHz, 6-54 Mbps) PDA, Notebook

5 WLAN Security5 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

6 WLAN Security6 WEP 1 Wired Equivalent Privacy Radio Interface Goals: Privacy/Confidentiality User authentication Message authentication

7 WLAN Security7 WEP 2 RC4 Checksum Message IV (24) k (40) Keystream

8 WLAN Security8 WEP 3 – RC4 RC4 Stream cipher 10 times faster than DES Ron Rivest, 1987 (Ron’s Code) Details available since 1994 Variable key size

9 WLAN Security9 WEP 4 M: message c(M): integrity checksum Key independent! v: IV (Initialization Vector) k: Secret Key P: plaintext P= C: ciphertext C=PRC4(v,k)

10 WLAN Security10 WEP 5 AB: v,C C=PRC4(v,k) = RC4(v,k)

11 WLAN Security11 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

12 WLAN Security12 Intercepting Traffic Open Radio Waves 2.4 GHz Significant time and equipment costs Modifying WLAN hardware Firmware upgrade

13 WLAN Security13 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

14 WLAN Security14 Keystream reuse 1 Same keystream portion is used to encrypt C 1 and C 2 C 1 C 2 =P 1 P 2 Partial knowledge of some plaintexts Known headers Languages

15 WLAN Security15 Keystream reuse 2 k is rarely changed WLAN uses per packet IV IV reuse means keystream reuse IV reuse is easy to detect PCMCIA cards set IV to 0 on reset and increment after each packet

16 WLAN Security16 Keystream reuse 3 24-bit IV Random IV Birthday paradox Per packet IV is recommended by standard 5Mbps, 24-bit IV space is exhausted in less than half a day

17 WLAN Security17 Exploiting keystream reuse Known headers Plaintext can be “chosen” Building up TCP connection from a known IP address Sending email, and waiting for the user to check it over WLAN

18 WLAN Security18 Decryption Dictionaries IV reuse Plaintexts are learned Keystream segment is also learned Full table: 1500 bytes for 2^24 IVs 24 GB Starting from low IVs Fast and easy decryption

19 WLAN Security19 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

20 WLAN Security20 Key Management Not specified by standard Globally shared array of 4 keys Message contains key ID Practice: one key is used in the entire network Same IV from different users

21 WLAN Security21 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

22 WLAN Security22 Message Authentication - 1 Checksum is linear! C= RC4(v,k) M’=MD C’=C = RC4(v,k) = RC4(v,k)

23 WLAN Security23 Message Authentication - 2 Injection Checksum is unkeyed! Attacker learns M, C Recovers keystream Can inject any M using the same IV Receiver must accept IV reuse to be compliant

24 WLAN Security24 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

25 WLAN Security25 User Authentication Shared key authentication 128 bit random challenge Must be returned WEP encrypted Intercepting valid authentication Plaintext ciphertext pair is learned Attacker can authenticate without key!

26 WLAN Security26 Contents Introduction WEP Intercepting Traffic Keystream Reuse Key Management Message Authentication User Authentication Message Confidentiality

27 WLAN Security27 Message confidentiality AP can decrypt for us Clone packets in WLAN network with different destination IP address IP checksum: problem

28 WLAN Security28 Conclusions Consider WLAN network “untrusted” Outside the firewall VPN (dialup) Improved key management MCL WLAN solution

29 WLAN Security29 Thank you for your attention! szalaym@hit.bme.hu

Download ppt "WLAN Security1 Security of 802.11 WLAN Máté Szalay"

Similar presentations

1 Intercepting Mobile Communications: The Insecurity of 802.11 …or “Why WEP Stinks” Dustin Christmann.

1 Intercepting Mobile Communications: The Insecurity of …or “Why WEP Stinks” Dustin Christmann.
Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.
Your 802.11 Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.

16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.
Wireless Privacy: Analysis of 802.11 Security Nikita Borisov UC Berkeley

Wireless Privacy: Analysis of Security Nikita Borisov UC Berkeley
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
COMP4690, HKBU1 Security of 802.11 COMP4690: Advanced Topic.

COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.

RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.
Foundations of Network and Computer Security J J ohn Black Lecture #34 Dec 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #34 Dec 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Similar presentations

Ads by Google