240 likes | 413 Views
Wireless Security. Chapter 6 – Wireless Network Security. Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized at the same time, as if the two were holding a conversation
E N D
Chapter 6 – Wireless Network Security Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized at the same time, as if the two were holding a conversation Researchers and scholars who have studied the data on avian communication carefully write the (a) the communication code of birds such has crows has not been broken by any means; (b) probably all birds have wider vocabularies than anyone realizes; and (c) greater complexity and depth are recognized in avian communication as research progresses. —The Human Nature of Birds, Theodore Barber
IEEE 802.11 • IEEE 802 committee for LAN standards • IEEE 802.11 formed in 1990’s • charter to develop a protocol & transmission specifications for wireless LANs (WLANs) • since then demand for WLANs, at different frequencies and data rates, has exploded • hence seen ever-expanding list of standards issued
Wi-Fi Alliance • 802.11b first broadly accepted standard • Wireless Ethernet Compatibility Alliance (WECA) industry consortium formed 1999 • to assist interoperability of products • renamed Wi-Fi (Wireless Fidelity) Alliance • created a test suite to certify interoperability • initially for 802.11b, later extended to 802.11g • concerned with a range of WLANs markets, including enterprise, home, and hot spots
802.11 Wireless LAN Security • wireless traffic can be monitored by any radio in range, not physically connected • original 802.11 spec had security features • Wired Equivalent Privacy (WEP) algorithm • but found this contained major weaknesses • 802.11i task group developed capabilities to address WLAN security issues • Wi-Fi Alliance Wi-Fi Protected Access (WPA) • final 802.11i Robust Security Network (RSN)
WEP Design Goals • Symmetric key crypto • Confidentiality • Station authorization • Data integrity • Self synchronizing: each packet separately encrypted • Given encrypted packet and key, can decrypt; can continue to decrypt packets when preceding packet was lost • Unlike Cipher Block Chaining (CBC) in block ciphers • Efficient • Can be implemented in hardware or software
keystream generator key keystream Review: Symmetric Stream Ciphers • Combine each byte of keystream with byte of plaintext to get ciphertext • m(i) = ith unit of message • ks(i) = ith unit of keystream • c(i) = ith unit of ciphertext • c(i) = ks(i) m(i) ( = exclusive or) • m(i) = ks(i) c(i) • WEP uses RC4
Stream cipher and packet independence • Recall design goal: each packet separately encrypted • If for frame n+1, use keystream from where we left off for frame n, then each frame is not separately encrypted • Need to know where we left off for packet n • WEP approach: initialize keystream with key + new IV for each packet: keystream generator Key+IVpacket keystreampacket
encrypted IV KeyID data ICV MAC payload WEP encryption (1) • Sender calculates Integrity Check Value (ICV) over data • four-byte hash/CRC for data integrity • Each side has 104-bit shared key • Sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key • Sender also appends keyID (in 8-bit field) • 128-bit key inputted into pseudo random number generator to get keystream • data in frame + ICV is encrypted with RC4: • Bytes of keystream are XORed with bytes of data & ICV • IV & keyID are appended to encrypted data to create payload • Payload inserted into 802.11 frame
WEP encryption (2) New IV for each frame
encrypted IV KeyID data ICV MAC payload WEP decryption overview • Receiver extracts IV • Inputs IV and shared secret key into pseudo random generator, gets keystream • XORs keystream with encrypted data to decrypt data + ICV • Verifies integrity of data with ICV • Note that message integrity approach used here is different from the MAC (message authentication code) and signatures (using PKI).
K (R) A-B End-point authentication w/ nonce Nonce:number (R) used only once –in-a-lifetime How:to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!
AP authentication request nonce (128 bytes) nonce encrypted shared key success if decrypted value equals nonce WEP Authentication Not all APs do it, even if WEP is being used. AP indicates if authentication is necessary in beacon frame. Done before association.
Breaking 802.11 WEP encryption security hole: • 24-bit IV, one IV per frame, -> IV’s eventually reused • IV transmitted in plaintext -> IV reuse detected • attack: • Trudy causes Alice to encrypt known plaintext d1 d2 d3 d4 … • Trudy sees: ci = diXORkiIV • Trudy knows cidi, so can compute kiIV • Trudy knows encrypting key sequence k1IV k2IV k3IV … • Next time IV is used, Trudy can decrypt!
802.11i: improved security • numerous (stronger) forms of encryption possible • provides key distribution • uses authentication server separate from access point
1 Discovery of security capabilities 3 2 3 4 STA, AP use PMK to derive Temporal Key (TK) used for message encryption, integrity 802.11i: four phases of operation AP: access point STA: client station AS: Authentication server wired network STA and AS mutually authenticate, together generate Master Key (MK). AP servers as “pass through” STA derives Pairwise Master Key (PMK) AS derives same PMK, sends to AP
EAP: extensible authentication protocol • EAP: end-end client (mobile) to authentication server protocol • EAP sent over separate “links” • mobile-to-AP (EAP over LAN) • AP to authentication server (RADIUS over UDP) wired network EAP TLS EAP RADIUS EAP over LAN (EAPoL) IEEE 802.11 UDP/IP