1 / 11

Dr. Kemal Akkaya E-mail: kemal@cs.siu

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 8: IEEE 802.11 Security - 1. Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu. Management Messages in IEEE 802.11. Authentication frame:

leland
Download Presentation

Dr. Kemal Akkaya E-mail: kemal@cs.siu

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Department of Computer ScienceSouthern Illinois University CarbondaleWireless and Network SecurityLecture 8: IEEE 802.11 Security - 1 Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu Wireless & Network Security 1

  2. Management Messages in IEEE 802.11 • Authentication frame: • 802.11 authentication is a process whereby the access point either accepts or rejects the identity of a radio NIC. • Deauthentication frame: • A station sends a deauthentication frame to another station if it wishes to terminate secure communications. • Association request frame: • 802.11 association enables the AP to allocate resources for and synchronize with a radio NIC. • Association response frame: • An AP sends an association response frame containing an acceptance or rejection notice to the radio NIC requesting association. • Reassociation request frame: • If a radio NIC roams away from the currently associated access point and finds another AP having a stronger beacon signal, the radio NIC will send a reassociation frame to the new AP. • Reassociation response frame: • An AP sends a reassociation response frame containing an acceptance or rejection notice to the radio NIC requesting reassociation. • Disassociation frame: • A station sends a disassociation frame to another station if it wishes to terminate the association. • Beacon frame: • The AP periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the AP to radio NICs that are within range. • Probe request frame: • A station sends a probe request frame when it needs to obtain information from another station. • Probe response frame: • A station will respond with a probe response frame, containing capability information, supported data rates, etc., when after it receives a probe request frame. Wireless & Network Security 2

  3. IEEE 802.11 Security • Probe: Look for a (better) AP • Authentication: Getting permission to access the AP • Association: Register with the AP • Data Flow: Encrypted messages Encrypted data messages Wireless & Network Security 3

  4. Wired Equivalent Privacy (WEP) • Primary built security for 802.11 protocol • Intended to make wireless as secure as a wired network • Uses RC4 Algorithm • Provides • Confidentiality: Encrypts data • Through symmetric encryption using RC4 with a shared key • Integrity: Data received are the data sent • Through message check sum using encrypted cyclic redundancy check (CRC) • Authentication: AP only allows authorized stations to associate • Through challenge/response Wireless & Network Security 4

  5. RC4 encrypted IV KeyID data ICV MAC payload • Sender calculates Integrity Check Value (ICV) over data • four-byte hash/CRC for data integrity • Each side has 104-bit shared key • Sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key • Sender also appends keyID (in 8-bit field) • 128-bit key inputted into pseudo random number generator to get keystream • Data in frame + ICV is encrypted with RC4: • Bytes of keystream are XORed with bytes of data & ICV • IV & keyID are appended to encrypted data to create payload • Payload inserted into 802.11 frame Wireless & Network Security 5

  6. RC4 Encryption Process Wireless & Network Security 6

  7. Authentication with the Access Point • AP has two ways of initiating communication with a client • Shared Key • Open Key • Open key allows anyone to start a conversation with AP • No authentication • Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates • Shared Key Authentication • Client begins by sending an association request to the AP • AP responds with a challenge text (unencrypted) • Client, using the proper key, encrypts text and sends it back to the AP • If properly encrypted, AP allows communication with the client • Not secure!: • Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text Wireless & Network Security 7

  8. Pros & Cons • Pros • Easy computation • Fast – 10 times faster than DES • Can use large bit blocks and keys • Stream based encryption • Key can be made to change at regular intervals using fancy programming • Implementation in Popular languages (C, perl) well documented. • Cons • Vulnerable to brute force attacks • Require a large data structure • Proven Breakable by researchers at ATT and Rice Univ. (August, 2001) • “One hour of brute force computation to break standard WEP” • Once Key is broken all messages are easily readable. Wireless & Network Security 8

  9. Problems with WEP • 1 static key • No encryption is strong if one key is used forever • Key length is short • Brute forcing is possible • Using CRC32 in ICV • Bit flipping attack: • CRC(msg XOR delta) = CRC(M) XOR CRC(delta) • Bits cannot set or cleared, but could be flipped • No specification on key distribution • Lacks scalability • No protection against replay attack • Improper RC4 implementation • Protocol doesn’t actually specify IV’s use • 2 existing attacks • Numerical limitation • FMS attack Wireless & Network Security 9

  10. Attacks • Numerical Limitation Attack • IV’s are only 24bit, and thus there are only 16,777,216 possible IV’s • A busy network will repeat IV’s often • By listening to the encrypted traffic and picking out the duplicate IV’s, it is possible to obtain the clear text • FMS Attack -- weak IV attack -- • Some IV’s do not work well with RC4 • Using a formula, one can take these weak IV and infer parts of the WEP key • 5 % chance of guessing correctly • Once again, passively monitoring the network for a few hours can be enough time to gather enough weak IV’s to figure out the WEP key • 4M ~ 6M packets to decrypt 40bit WEP key • The time needed to deploy the attack is linearly proportional to the key length • 104bit key is just as useless as 40bits key • A lot of other attacks… Wireless & Network Security 10

  11. Conclusion: WEP • Confidentiality • FMS attack • Integrity • Bit-flipping attack • Authentication • Non existent • WEP is flawed by a technology weakness, and there is no simple solution to fix it • Attacks against WEP are passive and extremely difficult to detect NO MORE WEP Wireless & Network Security 11

More Related