1 / 26

802.11 Wireless Encryption: From RC4 to AES

802.11 Wireless Encryption: From RC4 to AES. Michael Han. Overview: 802.11b. IEEE Infrastructure Description Medium Range for protocols such as Ethernet Not End to End, Node to Node (AP) Link Layer Security -> NIC Card. 802.11b: WEP . Goal: Wired Equivalency Protocol 3 Services

Faraday
Download Presentation

802.11 Wireless Encryption: From RC4 to AES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 802.11 Wireless Encryption:From RC4 to AES Michael Han

  2. Overview: 802.11b • IEEE Infrastructure Description • Medium Range for protocols such as Ethernet • Not End to End, Node to Node (AP) • Link Layer Security -> NIC Card

  3. 802.11b: WEP • Goal: Wired Equivalency Protocol • 3 Services • Authentication • Confidentiality • Integrity We want to focus on Confidentiality

  4. WEP : RC4 Properties • Symmetric key Algorithm • Stream Cipher Algorithm • 24-bit IV appended to 40-bit key • XOR Key stream with plaintext = Encrypted Text • Key stream is independent of plaintext

  5. RC4: Algorithm • An 8 * 8 S-Box (S0 S255), each of the entries is a permutation of the numbers 0 to 255, and the permutation is a function of the variable length key. • function cipher=rcfour(plain, key) format compact; szplain = size(plain); szplain = szplain(2); szkey = size(key); szkey = szkey(2);S = [0:255]; i = 0; j = 0; for k = 1: szplain k i = i + 1 modk = mod(k,szkey) + 1; Kc = key(modk); j = mod((S(i) + j + Kc), 256) + 1 t = S(i); S(i) = S(j); S(j) = t; Sc = mod((S(i)+S(j)), 256) Ck = S( Sc ) cipher(k) = bitxor(Ck, plain(k)+0)end END;

  6. RC4: Encryption • Integrity checksum- CRC 32 • c(M) M = Message • Plan text: P = (M, c(M)) *P does not depend on key • Encryption • C =P XOR RC4(v,k) • Transmitted Data: • [v, C]

  7. RC4: Packet Structure

  8. RC4: Encryption/Decryption View

  9. RC4: Decryption

  10. Insecurity of RC4 • Insecurities can be deduced from what we learned in CSCI 556 • 40-bit key and Shared • Pseudorandom- IV based • Key stream reuse • XOR based • Weak Keys • System Level: WEP is optional!

  11. Overview: 802.11i • Goal: Address 802.11b security flaws • Obstacle: 802.11b widely deployed • Temporal Key Integrity Protocol (TKIP) • Cipher Counter with Cipher Block Chaining Message Authentication Protocol (CCMP) • AES in counter mode

  12. 802.11i: CCMP • Authentication • CBC-MAC = 8 octets • Nonce size = 48 bits • AAD • Confidentiality • Default: 128-bit key • Block size = 128 bits • Encryption Algorithm = AES • Requires coprocessor to operate

  13. CCMP: AES • NIST Standard based of Rijndael • AES is NOT Rijndael • Variable Fixed Block Size = 128 bits • Rijndael has variable block size • Key Size = {128, 192, 256} • 128 for Secret ; 256 for Top Secret • No Known Weak keys • IV =48-bit for replay detection • Operates on State • 4 x 4 array of bytes

  14. AES: Key-Block-Round

  15. CCMP: Cipher Block Chaining

  16. AES: Key Expansion • Uses Cipher Key K to generate key Schedule • Sub-Key is 4-bytes applied to Round Key • Generates Nb(Nr+1) words • Based on encryption pre-requisites • Initial Nb words, Nr rounds require Nb words of key data

  17. AES: Key Expansion

  18. AES: Stages • SubBytes • Array updated with 8-bit S-box • Shift Rows • Cyclically shirts bytes rows by offset • Mix Columns • 4 bytes of each column are combined using invertible linear transformation • Add Round Key • Sub key is combined with state *Final round omits Mix Columns Stage http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf

  19. AES: Encryption

  20. AES: Decryption

  21. Energy Analysis • Security is not the only factor • Wireless connection does not mean connected devices • Locale of security is NIC card • AES vs. RC4 • AES uses less energy for smaller packets • RC4 uses less energy for larger packets

  22. Encryption Throughput

  23. CPU Process Time

  24. Energy Consumption

  25. Wireless Security? • 802.11i address 802.11b flaws • Is 802.11i secure? • Current deployment of 802.11i

  26. References • Nikita Borisov, Ian Goldberg, and David Wagner. Intercepting mobile communications: The insecurity of 802.11. In Proceedings of MOBICOM 2001, 2001. • J. R. Walker. Unsafe at any key size; an analysis of the WEP encapsulation. IEEE Document 802.11-00/362, Oct. 2000. • Sultan Weatherspoon. Overview of IEEE 802.11b Security. Whitepaper, Network Communications Group, Intel Corporation\ • Scott Fluhrer, Itsik Mantin, Adi Shamir. Weakness in Key Scheduling Algorithm for RC4. White Paper • Nikita Borisov, Ian Goldberg, and David Wagner. Security of WEP Algorithm. http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html • Cherita Corbett. Security for 802.11 Wireless Networks. Dept of Electrical and Computer Engineering, Georgia Institute of Technology. • Brandon Brown. 802.11: The Security Differences between b and i. IEEE 2003 • William Burr: Selecting the Advanced Encryption Standard. IEEE Security & Privacy 2003. • http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf • P. Prasithasanagre , P. Krishnamurthy. Analysis of Energy Consumption of RC4 and AES Algorithms in Wireless LANS. IEEE GLOBECOM 2003.

More Related