Wireless Security By Neeraj Poddar Advanced

Download Report

Transcript Wireless Security By Neeraj Poddar Advanced

04/14/2011
1




The IEEE 802.11 wireless LAN standard was established in
1989 and was originally intended to seek a wireless
equivalent to Ethernet.
Wide spread popularity in recent years.
Major difference between wired and wireless networks is
access to the transmitted data.
From the initial development stages of wireless technologies
experts knew that security would be a major issue that
needed to be solved in order for this technology to be able to
overtake the place of wired networks.
2








Wireless security is a major demand in the
secure data transferring services.
Accidental association
Malicious association
Non-traditional networks
Identity theft (MAC spoofing)
Man-in-the-middle attacks
Denial of service
Network injection
3


In WLANs, privacy is achieved by data contents protection
with encryption.
There have been three major generations of security
approaches, which is mentioned below:
• WEP (Wired Equivalent Privacy)
• WPA (Wi-Fi Protected Access)
• WPA2/802.11i (Wi-Fa Protection Access, Version 2)

Each of these protocols has two generations named as
personal and enterprise.
4
5

WEP’s security goals are :• Access control: protecting the wireless network
from unauthorized access.
• Confidentiality: to prevent eavesdropping.
• Data integrity: to prevent tampering with
transmitted messages.
6


WEP uses RC4 algorithm for encryption and key stream generation.
Sender side:
• The secret key used in WEP algorithm is 40-bit long is
concatenated with a 24-bit Initialization Vector (IV) for acting as
the encryption/decryption key.
• The resulting key acts as the seed for a Pseudo-Random Number
Generator (PRNG).
• The plaintext input in a integrity algorithm and concatenate by the
plaintext again.
• The result of key sequence and ICV will go to RC4 algorithm.
• A final encrypted message is made by attaching the IV in front of
the Cipher text.
7
8

WEP uses five operations to decrypt the received (IV +
Cipher text).
• The Pre-Shared Key and IV concatenated to make a
secret key.
• The Cipher text and Secret Key go to in CR4 algorithm
and a plaintext come as a result.
• The ICV and plaintext will separate.
• The plaintext goes to Integrity Algorithm to make a
new ICV (ICV’).
• Finally the new ICV (ICV‘)compare with original ICV.
9
10




Random bits whose size depends on the encryption algorithm
and is normally as large as the block size of the cipher or as
large as the Secret key.
The IV must be known to the recipient of the encrypted
information to be able to decrypt it.
WEP algorithm does this by transmitting the IV along with the
packet.
In WEP for two different lengths (64, 128 bit) of keys IV is 24bit.
11


Simple 5- or 13-character password that is shared
between the access point and all wireless network
users.
For the 64-bit key the length of secret key is 40
bits and for 128-bit key the length is 104 bits.
12




WEP defines a method to create a unique secret key for each
packet using the 5- or 13-characters of the pre-shared key
and three more pseudo-randomly selected characters picked
by the wireless hardware (IV).
For example, our Pre-shared key is "ARASH". This word would
then be merged with "AHL" as IV to create a secret key of
"AHLARASH", which would be used in encryption operations
of packet.
The next packet would still use "ARASH", but concatenate it
this time with "ARA" to create a new secret key of
"ARAARASH".
This process would randomly continue during the
transmission of data.
13



Is one of hashing algorithm and it is
abbreviation of "Cyclic Redundancy Code".
The "CRC" term is reserved for algorithms
that are based on the "polynomial" division
idea.
Take the data as a VERY long binary number
and divide it by a constant divisor.
14

RC4 is not specific to WEP; it is a random
generator, also known as a key stream
generator or a stream cipher.
15

Size of IV is short and will be reused.
• Regardless of the key size, 24-bit long of WEP’s IV can only
provide 16,777,216 different RC4 cipher streams for a
given WEP key.
• If the RC4 cipher stream for a given IV is found, an attacker
can decrypt subsequent packets that were encrypted with
the same IV or can forge packets.
• If a hacker collects enough frames based on the same IV,
the individual can determine the shared values among
them, i.e., the key stream or the shared secret key.
16




Is a major issue and key updating mechanism is poor.
Most wireless networks that use WEP have one single WEP key
shared between every node on the network.
Since synchronizing the change of keys is difficult, network
administrators must personally visit each wireless device in
use and manually enter the appropriate WEP key.
Result is key rarely changed by the system administrators.
17






Weak keys, meaning that there is more correlation between the key and the
output.
The first three bytes of the key are taken from the IV that is sent unencrypted
in each packet which can be used to find weak keys.
Out of the 16 million IV values available, about 9,000 are interesting.
The attacker captures "interesting packets" filtering for IVs that suggest weak
keys.
Because all original IP packets start with a known value, it’s easy to know
when he/she has the right key.
To determine a 104-bit WEP key, he/she has to capture between 2,000 and
4,000 interesting packets.
18

Two types of authentication: Open System and Shared Key
authentication.

Turning on authentication with WEP reduced the security.

Shared Key authentication involves demonstrating the
knowledge of the shared WEP key by encrypting a challenge.

Any monitoring attacker can observe the challenge and the
encrypted response.

From those, then can determine the RC4 stream used to
encrypt the response.

The attacker can later forge an authentication.
19



WEP does not prevent replay attacks.
An attacker can simply record and replay
packets as desired and they will be
accepted as legitimate.
WEP allows an attacker to undetectably
modify a message without knowing the
encryption key. (Weakness in CRC)
20



Improved data encryption (TKIP)
Temporal Key Integrity Protocol (TKIP) using a
hashing algorithm and, by adding an integritychecking feature, ensures that the keys haven’t
been tampered with.
It is an alternative to WEP that fixes all the security
problems and does not require new hardware.
21

Like WEP, TKIP uses the RC4 stream cipher as the encryption and
decryption processes and all involved parties must share the
same secret key.

This secret key must be 128 bits and is called the "Temporal
Key" (TK).

TKIP also uses an Initialization Vector (IV) of 48-bit and uses it as
a counter.

Even if the TK is shared, all involved parties generate a different
RC4 key stream.

Since the communication participants perform a 2-phase
generation of a unique "Per-Packet Key" (PPK) that is used as the
key for the RC4 key stream.
22

TKIP adds four new algorithms to WEP:
• A cryptographic message integrity code, or MIC, called
Michael, to defeat forgeries
• A new IV sequencing discipline, to remove replay attacks
from the attacker’s arsenal.
• A per-packet key mixing function, to de-correlate the
public IVs from weak keys
• A re-keying mechanism, to provide fresh encryption and
integrity keys, undoing the threat of attacks stemming
from key reuse.
23
24





Michael is the name of the TKIP message integrity code.
New MIC designed that has 64-bits length and represented as
two 32-bit little- Endian words (K0,K1)
The Michael function first pads a message with the
hexadecimal value 0x5a and enough zero
pad to bring the total message length to a multiple of 32bits.
Then partitions the result into a sequence of 32-bit words M1
M2… Mn, and finally computes the tag from the key and the
message words using a simple iterative structure:
25





(L,R) ← (K0,K1)
do i from 1 to n
L←L XOR Mi
(L,R)← Swap(L,R)
return (L,R) as the tag
26




To defeat replays, TKIP reuses the WEP IV field as a packet
sequence number.
Both transmitter and receiver initialize the packet sequence
space to zero whenever new TKIP keys are set.
Transmitter increments the sequence number with each
packet it sends.
TKIP requires the receiver to enforce proper IV sequencing of
arriving packets.
27




WEP constructs a per-packet RC4 key by
concatenating a base key and the packet IV.
The new per-packet key is called the TKIP key
mixing function.
It substitutes a temporal key for the WEP base key
and constructs the WEP per-packet key in a novel
fashion.
The mixing function operates in two phases.
28


It eliminates the same key from use by all links.
It combines the 802 MAC addresses of the local wireless
interface and the temporal key by iteratively XORing each of
their bytes to index into an S-box, to produce an
intermediate key.


The Phase 1 intermediate key must be computed only when
the temporal key is updated.
Most implementations cache its value as a performance
optimization.
29




It de-correlates the public IV from known the per-packet key.
Uses a tiny cipher to encrypt the packet sequence number
under the intermediate key, producing a 128-bit per-packet
key.
This design accomplishes the second mixing function design
goal.
Making it difficult for a rival to be connected to IVs and perpacket keys.
30

Rekeying delivers the fresh keys consumed by the various TKIP algorithms.

There are three key types: temporal keys, encryption keys and master keys.




Occupying the lowest level of the hierarchy are the temporal keys consumed
by the TKIP privacy and authentication algorithms proper.
TKIP employs a pair of temporal key types: a 128-bit encryption key, and a
second 64-bit key for data integrity.
TKIP uses a separate pair of temporal keys in each direction of an
association.
Each association has two pairs of keys, for a total of four temporal keys
31
32


Personal WPA or WPA-PSK (Key Pre-Shared) that
use for small office and home for domestic use
authentication which does not use an
authentication server and the data cryptography
key can go up to 256 bits.
Enterprise WPA or Commercial that the
authentication is made by an authentication server
802.1x, generating an excellent control and
security in the users' traffic of the wireless
network.
33




WPA uses 802.1X+EAP for authentication.
Replaces WEP with the more advanced TKIP
encryption
No preshared key is used here, but you will
need a RADIUS server.
Remote Authentication Dial In User
Service (RADIUS)
34



WPA2 was designed as a future-proof
solution based on lessons learned by WEP
implementers.
One of the most significant improvement is
encryption algorithm which uses Advanced
Encryption Standard (AES).
In particular it uses Counter Mode with
Cipher Block Chaining Message
Authentication Code Protocol.
35
36
37
38








Wireless Security issues
WEP algorithm
WEP Weakness
WEP Improvements
TKIP
WPA
WPA2
Security impact on bandwidth
39





Lashkari, A.H.; Towhidi, F.; Hosseini, R.S.; , "Wired Equivalent Privacy (WEP)," Future
Computer and Communication, 2009. ICFCC 2009. International Conference on , vol.,
no., pp.492-495, 3-5 April 2009
Arash Habibi Lashkari, Mir Mohammad Seyed Danesh, Behrang Samadi, "A survey on
wireless security protocols (WEP, WPA and WPA2/802.11i)," iccsit, pp.48-52, 2009 2nd
IEEE International Conference on Computer Science and Information Technology, 200
Ying Wang; Zhigang Jin; Ximan Zhao; , "Practical Defense against WEP and WPA-PSK
Attack for WLAN," Wireless Communications Networking and Mobile Computing
(WiCOM), 2010 6th International Conference on , vol., no., pp.1-4, 23-25 Sept. 2010
Boland, H.; Mousavi, H.; "Security issues of the IEEE 802.11b wireless LAN," Electrical and
Computer Engineering, 2004. Canadian Conference on , vol.1, no., pp. 333- 336
Emilio J.M. Arruda Filho , Paulo N. L. Fonseca Jr.%, Mairio J. S. Leitdo and Paulo S. F. De:
“Security versus Bandwidth: The Support of Mechanisms WEP e WPA in 802.11g Network”
40
Thank You
41