1 / 20

The Dangers of Mitigating Security Design Flaws: A Wireless Case Study

The Dangers of Mitigating Security Design Flaws: A Wireless Case Study. Nick Petroni Jr., William Arbaugh University of Maryland. Presented by: Abe Murray. CS577: Advanced Computer Networks. Outline. Abstract / Intro WEP Overview Attacks Dictionary Inductive Authors’ Implementation

bella
Download Presentation

The Dangers of Mitigating Security Design Flaws: A Wireless Case Study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Dangers of Mitigating Security Design Flaws:A Wireless Case Study Nick Petroni Jr., William Arbaugh University of Maryland Presented by: Abe Murray CS577: Advanced Computer Networks

  2. Outline • Abstract / Intro • WEP Overview • Attacks • Dictionary • Inductive • Authors’ Implementation • Implementation Results • “Mitigation” Angle • Closing CS577: Advanced Computer Networks

  3. Abstract • Mitigating system flaws is hard to do right • But vendors do this all the time… • Design flaws are hard to patch • Often best approach is to re-architect system… • WLAN Security (WEP) • Shows the FUNDAMENTAL PREMISE that adding security after the fact is near impossible… CS577: Advanced Computer Networks

  4. Introduction • The authors present a case study showing: • Mitigating one flaw worsens another flaw • Overall security remains the same • The authors develop an “inductive” attack against WEP: • 1st synchronous attack against WEP • Example of mitigation problem • Does not rely on knowledge of target network CS577: Advanced Computer Networks

  5. Introduction • The authors present a case study showing: • Mitigating one flaw worsens another flaw • Overall security remains the same • The authors develop an “inductive” attack against WEP: • 1st synchronous attack against WEP • Example of mitigation problem • Does not rely on knowledge of target network CS577: Advanced Computer Networks

  6. Outline • Abstract / Intro • WEP Overview • Attacks • Dictionary • Inductive • Authors’ Implementation • Implementation Results • “Mitigation” Angle • Closing CS577: Advanced Computer Networks

  7. WEP Overview • IEEE 802.11 specification calls for “reasonably strong” protection • WEP - “Wired Equivalent Privacy” - fails to deliver • Protects at the Data Link Layer • Symmetric Stream RC4 cipher • Shared secret “k” • Secret used to generate stream of pseudorandom bytes equal in length to target plaintext • Encryption: • Decryption: CS577: Advanced Computer Networks

  8. WEP Overview Graphic by Petroni and Arbaugh CS577: Advanced Computer Networks

  9. Outline • Abstract / Intro • WEP Overview • Attacks • Dictionary • Inductive • Authors’ Implementation • Implementation Results • “Mitigation” Angle • Closing CS577: Advanced Computer Networks

  10. Dictionary Attacks • Definition: Any brute-force attack in which a large table is used or generated • Relevance:RC4 – each key has unique associated pseudorandom stream used for encryption & decryption • Build dictionary of all streams (1 per IV)Don’t need key to participate in network! • IV size → 224 possible key streams, • WLAN MTU 2312 Bytes → ~40 GB Dictionary! CS577: Advanced Computer Networks

  11. Inductive Attacks • Approach: Obtain full network access without knowing the key with minimal knowledge of target • HOW?Use known network protocols (redundantly encrypted data) to intelligently guess an initial number of encrypted bytes CS577: Advanced Computer Networks

  12. Step 1: Guess the first byte(s): Graphic by Petroni and Arbaugh Table by Petroni and Arbaugh CS577: Advanced Computer Networks

  13. Step 2: Guess the next byte: Graphic by Petroni and Arbaugh CS577: Advanced Computer Networks

  14. The Author’s Attack • Attack System: • WLAN card operating in promiscuous mode (Intersil Prism 2 chipset) • Ability to directly manipulate transmitted bytes (OpenBSD 3.1 with modified drivers) • Attack Approach: • Choice between ICMP and SNAP/ARP • Choose ARP so at Layer 2, though both work CS577: Advanced Computer Networks

  15. Outline • Abstract / Intro • WEP Overview • Attacks • Dictionary • Inductive • Authors’ Implementation • Implementation Results • “Mitigation” Angle • Closing CS577: Advanced Computer Networks

  16. Implementation Results Table by Petroni and Arbaugh CS577: Advanced Computer Networks

  17. Outline • Abstract / Intro • WEP Overview • Attacks • Dictionary • Inductive • Authors’ Implementation • Implementation Results • “Mitigation” Angle • Closing CS577: Advanced Computer Networks

  18. “Mitigation” Angle Table by Petroni and Arbaugh CS577: Advanced Computer Networks

  19. Outline • Abstract / Intro • WEP Overview • Attacks • Dictionary • Inductive • Authors’ Implementation • Implementation Results • “Mitigation” Angle • Closing CS577: Advanced Computer Networks

  20. Closing Remarks • Authors showed how to mitigate their attack • Stop forwarding packets with bad data • Detect attack activity • Packet Filtering (though effectively cripples network) • Dynamic Rekeying • Neat attack all by itself • Interesting example of how patching bad security rarely works • Questions? CS577: Advanced Computer Networks

More Related