120 likes | 135 Views
Encryption Protocols used in Wireless Networks. Derrick Grooms. Introduction. WEP WPA WP2. History - WEP. Wired Equivalent Privacy (WEP) WEP was part of the IEEE 802.11 standard ratified in September 1999
E N D
Encryption Protocols used in Wireless Networks Derrick Grooms
Introduction • WEP • WPA • WP2
History - WEP • Wired Equivalent Privacy (WEP) • WEP was part of the IEEE 802.11 standard ratified in September 1999 • Initially used a 40 bit key (for 64 bit protocol), later increased to 104 bit (for 128 bit protocol) when initial restraints on cryptography were lessened by congress • Susceptible to eavesdropping, related-key, and key guessing attacks
WEP - implementation • WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. • RC4 – user provides a key, the key is used to create a pseudo-random string of bits that are then XOR’d with plaintext for the cipher text • CRC-32 (cyclic redundancy check ) – same system used for DVDs and CDs • In general terms, a mathematical formula is created for a specific stream of text and appended to the string, after the text arrives the append is compared to a second calculation based on the text that arrived
WEP – implementation (cont.) • WEP is sound in theory but fails due to implementation • WEP fails because it uses IVs (initialization vectors) to generate uniquely different streams using the same RC4 encryption key • WEP’s IVs were not long enough to generate unique streams so every 5000 transmissions the same IV was used and with enough collected IV’s the RC4 key could be determined • IV is only 48 bits
WEP – implementation (cont.) • Cracking process • Once you have 2 messages that use the same IV you then have 2 cipher texts that can be XOR’d together to produce the same result that you would get by XORing the two plaintexts
WEP – implementation (cont.) • Cracking process • By providing your own plaintext and using the XOR’d result of the two cipher text’s you can then derive the unknown plain text
WEP – implementation (cont.) • Cracking process – brute force • Once the stream key is known it’s just a matter of sending stream key encrypted messages to an access point using different WEP keys until the access acknowledges you’ve used a successful WEP key
WEP – implementation (cont.) • Cracking process • Since it’s not possible to provide your own plaintext and receive a cipher text version without having access to the host computer, most programs use a slightly modified process to achieve the same result • RFC 1042 (SNAP headers), all IP and ARP packets always start with 0xAA, so the first few bytes of plaintext are almost always known, by collecting enough cipher text derived from the known plaintext, the stream key can eventually be determined (airsnort, WEPcrack, etc. use this method)
WPA - implementation • WPA was created as a temporary fix for WEP until WPA2 was fully developed • Uses 128 bit RC4 encryption key, and 48 bit IV, like WEP • Unlike WEP it addressed repeating IV’s by only a portion of the IV key to be sent • Also implemented a packet counter to insure the same packet could not be sent an unreasonable amount of times • Dynamic keying – WPA encryption keys update once in about every 10,000 packets • Not always compatible with older technology
WPA2 - implementation • Wi-Fi Protected Access (WPA) • Implements full IEEE 802.11i standard • Standard in wi-fi certified devices as of March 13, 2006 • Not compatible with older technology, but the new standard • Currently believed to be un-crackable