110 likes | 279 Views
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 8: IEEE 802.11 Security - 1. Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu. Management Messages in IEEE 802.11. Authentication frame:
E N D
Department of Computer ScienceSouthern Illinois University CarbondaleWireless and Network SecurityLecture 8: IEEE 802.11 Security - 1 Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu Wireless & Network Security 1
Management Messages in IEEE 802.11 • Authentication frame: • 802.11 authentication is a process whereby the access point either accepts or rejects the identity of a radio NIC. • Deauthentication frame: • A station sends a deauthentication frame to another station if it wishes to terminate secure communications. • Association request frame: • 802.11 association enables the AP to allocate resources for and synchronize with a radio NIC. • Association response frame: • An AP sends an association response frame containing an acceptance or rejection notice to the radio NIC requesting association. • Reassociation request frame: • If a radio NIC roams away from the currently associated access point and finds another AP having a stronger beacon signal, the radio NIC will send a reassociation frame to the new AP. • Reassociation response frame: • An AP sends a reassociation response frame containing an acceptance or rejection notice to the radio NIC requesting reassociation. • Disassociation frame: • A station sends a disassociation frame to another station if it wishes to terminate the association. • Beacon frame: • The AP periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the AP to radio NICs that are within range. • Probe request frame: • A station sends a probe request frame when it needs to obtain information from another station. • Probe response frame: • A station will respond with a probe response frame, containing capability information, supported data rates, etc., when after it receives a probe request frame. Wireless & Network Security 2
IEEE 802.11 Security • Probe: Look for a (better) AP • Authentication: Getting permission to access the AP • Association: Register with the AP • Data Flow: Encrypted messages Encrypted data messages Wireless & Network Security 3
Wired Equivalent Privacy (WEP) • Primary built security for 802.11 protocol • Intended to make wireless as secure as a wired network • Uses RC4 Algorithm • Provides • Confidentiality: Encrypts data • Through symmetric encryption using RC4 with a shared key • Integrity: Data received are the data sent • Through message check sum using encrypted cyclic redundancy check (CRC) • Authentication: AP only allows authorized stations to associate • Through challenge/response Wireless & Network Security 4
RC4 encrypted IV KeyID data ICV MAC payload • Sender calculates Integrity Check Value (ICV) over data • four-byte hash/CRC for data integrity • Each side has 104-bit shared key • Sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key • Sender also appends keyID (in 8-bit field) • 128-bit key inputted into pseudo random number generator to get keystream • Data in frame + ICV is encrypted with RC4: • Bytes of keystream are XORed with bytes of data & ICV • IV & keyID are appended to encrypted data to create payload • Payload inserted into 802.11 frame Wireless & Network Security 5
RC4 Encryption Process Wireless & Network Security 6
Authentication with the Access Point • AP has two ways of initiating communication with a client • Shared Key • Open Key • Open key allows anyone to start a conversation with AP • No authentication • Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates • Shared Key Authentication • Client begins by sending an association request to the AP • AP responds with a challenge text (unencrypted) • Client, using the proper key, encrypts text and sends it back to the AP • If properly encrypted, AP allows communication with the client • Not secure!: • Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text Wireless & Network Security 7
Pros & Cons • Pros • Easy computation • Fast – 10 times faster than DES • Can use large bit blocks and keys • Stream based encryption • Key can be made to change at regular intervals using fancy programming • Implementation in Popular languages (C, perl) well documented. • Cons • Vulnerable to brute force attacks • Require a large data structure • Proven Breakable by researchers at ATT and Rice Univ. (August, 2001) • “One hour of brute force computation to break standard WEP” • Once Key is broken all messages are easily readable. Wireless & Network Security 8
Problems with WEP • 1 static key • No encryption is strong if one key is used forever • Key length is short • Brute forcing is possible • Using CRC32 in ICV • Bit flipping attack: • CRC(msg XOR delta) = CRC(M) XOR CRC(delta) • Bits cannot set or cleared, but could be flipped • No specification on key distribution • Lacks scalability • No protection against replay attack • Improper RC4 implementation • Protocol doesn’t actually specify IV’s use • 2 existing attacks • Numerical limitation • FMS attack Wireless & Network Security 9
Attacks • Numerical Limitation Attack • IV’s are only 24bit, and thus there are only 16,777,216 possible IV’s • A busy network will repeat IV’s often • By listening to the encrypted traffic and picking out the duplicate IV’s, it is possible to obtain the clear text • FMS Attack -- weak IV attack -- • Some IV’s do not work well with RC4 • Using a formula, one can take these weak IV and infer parts of the WEP key • 5 % chance of guessing correctly • Once again, passively monitoring the network for a few hours can be enough time to gather enough weak IV’s to figure out the WEP key • 4M ~ 6M packets to decrypt 40bit WEP key • The time needed to deploy the attack is linearly proportional to the key length • 104bit key is just as useless as 40bits key • A lot of other attacks… Wireless & Network Security 10
Conclusion: WEP • Confidentiality • FMS attack • Integrity • Bit-flipping attack • Authentication • Non existent • WEP is flawed by a technology weakness, and there is no simple solution to fix it • Attacks against WEP are passive and extremely difficult to detect NO MORE WEP Wireless & Network Security 11