190 likes | 200 Views
Learn about the vulnerabilities in Wireless Equivalent Privacy (WEP) encryption, its history, how WEP encryption works, types of attacks on WEP networks, and steps to secure wireless networks. Explore attacks such as brute-force, dictionary, FMS, KoreK, chop-chop, Bittau, and PTW. Enhance your understanding of network security and protect your wireless communication.
E N D
Attacks on wireless networks using WEP encryption CSC-682 Advanced Computer Security presented by : Pompi Rotaru
Wireless technology IEEE 802.11 a/b/g/n is the set of standards for W-LAN Wireless technology has been on the rise in recent years An individual can sit outside the building and connect to an unprotected wireless network Preserving privacy and integrity of wireless communications becomes an important objective of the network security team Basic service set : infrastructure mode independent (ad-hoc) mode
WEP • Wired Equivalent Privacy (WEP) is most common mechanism for protection • Encryption with 40-bit key (aka “64-bit encryption”) • Encryption with 104-bit key (aka "128-bit encryption“) • Uses as the most common encryption algorithm the RC4 algorithm.
History of WEP • 1997 Release of the first final version of IEEE 802.11 • 2001 WEP broken by Fluhrer, Mantin, and Shamir • 2004 WEP broken again by KoreK • 2005 WEP broken again by KoreK again (chopchop attack) • 2005 WEP broken again by Bittau, fragmentation attack • 2007 WEP broken again by Pyshkin, Tews, Weinmann, with the help of Klein
RC4 algorithm description • Stream cipher designed by Ron Rivest in 1987 • It works as a variable key-size stream cipher with byte-oriented operations • Key Scheduling Algorithm (KSA) - which turns a random key into a permutation by scrambling the bits • Pseudo-Random Generator Algorithm (PRGA) – using swap operations for the previously permutation it generates pseudo-random numbers • X = RC4(K)
How WEP encryption works • A 3 bytes initialization vector (IV) is chosen • A key stream X = RC4(K) is generated from secret key K • A 32 bit long checksum called Integrity Check Value (ICV) is appended to the message to protect the integrity • The resulting plain text is encrypted making an XOR operation with the generated key stream • The unencrypted IV and the cipher-text are sent over the air
Types of WEP attacks • Depending on key • without recovering the WEP key • recovering the key • Depending on communication • static (no communication with AP) • dynamic (involves communication with AP)
General steps for attack • Setup equipment (laptop, directional antenna) • Find the target (airdump-ng, Kismet, NetStumbler) • Capture data from air (airmon-ng, airodump-ng) • Wait or make the target network busy (aireplay-ng) • Start cracking from captured data (aircrack-ng)
The brute force / dictionary attack • “Power” of the WEP relies in the difficulty of discovery of the secret key through a brute-force attack • “Dictionary attack” uses dictionary of keys, not all possible keys • Such attack requires less then a month for all keys • Steps : • capture 2 WEP encrypted packets • try to decrypt it using the captured IV and a potential key • verify decrypted ICV (the CRC) • (optional) verify the key on the 2nd packet
The FMS attack • 2001 - Scott Fluhrer, Itsik Mantin and Adi Shamir • Static - with key recovery • RC4 weaknesses : • The “Invariance Weakness” - existence of large classes of weak keys • The “IV Weakness” – using IV attacker can rederive the secret part by analyzing the initial word • Finding the key → use key-output correlation = propagation of a weak key pattern into the outputs combined with biased distribution of bits in English text • Decision tree • Requires 9 millions packets (listen to traffic for 1…2 hours)
The KoreK attack • 2004 – internet hacker KoreK • Static - with key recovery • Does not need weak IV • Uses 16 additional correlations between the first 1 byte of an RC4 key, the first 2 bytes of the generated key stream, and the next keybyte • Same decision-tree based approach same as FMS attack • Requires 700000 packets
The KoreK chop-chop attack • 2005 – same KoreK • Does not recover the key, it just reveals the message • Exploits an ICV vulnerability • Process of truncation of packets while keeping them still valid • Steps : • capture one packet • truncate the last byte and try to guess one “value” for plaintext • correct the checksum and send packet to AP • if guess is correct the AP will reply • repeat until all bytes are decrypted
The Bittau attack • 2005 - Andrea Bittau, Mark Handley and Joshua Lackey • Fragmentation : • Possible to send multiple fragments (16) using the same key stream • Each packet is encrypted independently at MAC layer • Steps: • listen to traffic, eavesdrop one packet then recover 8 bytes of key stream • prepend an IP header to the eavesdropped packet and send to AP • AP will sent the clear text to a controlled internet host • Fragmentation is used to break 802.11’s cryptography
The PTW attack • 2007 - Andrei Pyshkin, Erik Tews & Ralf-Philipp Weinmann • They found a “multibyte correlation” between the first l bytes of an RC4 key, the generated keystream, and the next i bytes of the key. • Steps : • captures packets and recovers their keystreams (FMS, KoreK) • evaluate the multibyte correlation function (Klein) • create decision tree for key and start voting (Rk[0], Rk[1], Rk[2]…) • Requires 35000 …. 40000 packets • Less then 60 seconds to crack a 104 bit WEP key
Protecting WEP • Increase the number of bytes used for encryption (“protects” against FMS attack) • Remove the weak IV - keystream re-use vulnerabilities • Prevent key re-use • Extensible Authentication Protocol (EAP) – change often the WEP-key (not enough against Bittau attack) • Deploy Intrusion Detection Systems (IDS) to protect against injected traffic (really protects against PTW attack) • Companies sell hardware using modified versions of the WEP protocol claiming to be secure
Conclusions • WEP has a long history of vulnerabilities and “fixes” • WEP is a good example of how attacks evolve and mature over time • Attacks that a few years ago took days, now take minutes if the right tools are used • 2005 WEP is officially declared deprecated by IEEE 802.11 committee • 2008 WEP used by 30% of users in a US university • Today – too many old networks, some using WEP • WEP must be abandoned once and for all, rather than patch it yet again !!!
Bibliography http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf http://dl.aircrack-ng.org/breakingwepandwpa.pdf http://eprint.iacr.org/2007/120.pdf http://tapir.cs.ucl.ac.uk/bittau-wep.pdf http://www.netstumbler.org/showthread.php?t=12489 http://www.netstumbler.org/showpost.php?p=93942&postcount=35 http://www.pisa.org.hk/event/live-wifi-attack-defense/WEP_cracking_demo.pdf http://en.wikipedia.org/wiki/Fluhrer,_Mantin,_and_Shamir_attack http://www.cc.gatech.edu/~traynor/cs8803-f08/slides/lecture13-wep2.pdf http://www.rossbuffington.com/WEP_Insecurity.pdf http://www.franken.de/uploads/media/WEP-Cracking.pdf http://www.quequero.org/How_To_Attack_a_WEP/WPA_Protected_Wireless_Network_(eng) http://yawcu.sourceforge.net/documentation.pdf http://eprint.iacr.org/2007/471.pdf