1 / 24

Lecture 3

Lecture 3. Objectives. WEP protocol Access control Dynamic WEP WEP2. Basic IEEE 802.11 Security Protections. Data transmitted by a WLAN could be intercepted and viewed by an attacker Important that basic wireless security protections be built into WLANs

tekli
Download Presentation

Lecture 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 3

  2. Objectives • WEP protocol • Access control • Dynamic WEP • WEP2

  3. Basic IEEE 802.11 Security Protections • Data transmitted by a WLAN could be intercepted and viewed by an attacker • Important that basic wireless security protections be built into WLANs • Three categories of WLAN protections: • Access control • Wired equivalent privacy (WEP) • Authentication • Some protections specified by IEEE, while others left to vendors

  4. Access Control • Intended to guard availability of information • Wireless access control: Limit user’s admission to AP • Filtering • Media Access Control (MAC) address filtering: Based on a node’s unique MAC address Figure 8-2: MAC address

  5. Access Control (continued) Figure 8-4: MAC address filtering

  6. Access Control (continued) • MAC address filtering considered to be a basic means of controlling access • Requires pre-approved authentication • Difficult to provide temporary access for “guest” devices

  7. Wired Equivalent Privacy (WEP) • Guard the confidentiality of information • Ensure only authorized parties can view it • Used in IEEE 802.11 to encrypt wireless transmissions • “Scrambling”

  8. WEP: Implementation (continued) Figure 8-6: Symmetric encryption

  9. WEP: Implementation (continued) • WEP shared secret keys must be at least 40 bits • Most vendors use 104 bits • Options for creating WEP keys: • 40-bit WEP shared secret key (5 ASCII characters or 10 hexadecimal characters) • 104-bit WEP shared secret key (13 ASCII characters or 16 hexadecimal characters) • Passphrase (16 ASCII characters) • APs and wireless devices can store up to four shared secret keys • Default key used for all encryption

  10. WEP: Implementation (continued) Figure 8-8: Default WEP keys

  11. WEP: Implementation (continued) Figure 8-9: WEP encryption process

  12. WEP: Implementation (continued) • When encrypted frame arrives at destination: • Receiving device separates IV from ciphertext • Combines IV with appropriate secret key • Create a keystream • Keystream used to extract text and ICV • Text run through CRC • Ensure ICVs match and nothing lost in transmission • Generating keystream using the PRNG is based on the RC4 cipher algorithm • Stream Cipher

  13. WEP flaws

  14. WEP flaw

  15. WEP FMS attack

  16. Dynamic WEP • Solves weak IV problem by rotating keys frequently • More difficult to crack encrypted packet • Uses different keys for unicast and broadcast traffic • Unicast WEP key unique to each user’s session • Dynamically generated and changed frequently • Broadcast WEP key must be same for all users on a particular subnet and AP

  17. Dynamic WEP

  18. Dynamic WEP (continued) Figure 9-1: Dynamic WEP

  19. Dynamic WEP (continued) • Can be implemented without upgrading device drivers or AP firmware • No-cost and minimal effort to deploy • Does not protect against man-in-the-middle attacks • Susceptible to DoS attacks

  20. Wireless Security Solutions • IEEE 802.11a and 802.11b standards included WEP specification • Vulnerabilities quickly realized • Organizations implemented “quick fixes” • Did not adequately address encryption and authentication • IEEE and Wi-Fi Alliance started working on comprehensive solutions • IEEE 802.11i and Wi-Fi Protected Access (WPA) • Foundations of today’s wireless security

  21. WEP2 • Attempted to overcome WEP limitations by adding two new security enhancements • WEP key increased to 128 bits • Kerberos authentication • User issued “ticket” by Kerberos server • Presents ticket to network for a service • Used to authenticate user • No more secure than WEP • Collisions still occur • New dictionary-based attacks available

  22. WEP2 Security Analysis • IV (key) reuse • Larger IV, re-key support makes unintentional reuse much less likely • Without IV replay protection, intentional reuse still possible • Dictionary attack • New vulnerabilities introduced by mandatory KerberosV authentication • Realtime decryption • Much more difficult due to larger IV • 2^128 * 1500 octets = 5.1E32 GB

  23. WEP Cracking • To crack the WEP key for an access point, we need to gather lots of initialization vectors (IVs). • Normal network traffic does not typically generate these IVs very quickly. Theoretically, if you are patient, you can gather sufficient IVs to crack the WEP key by simply listening to the network traffic and saving them. • Since none of us are patient, we use a technique called injection to speed up the process. Injection involves having the access point (AP) resend selected packets over and over very rapidly. This allows us to capture a large number of IVs in a short period of time.

  24. Labs • 8-1,8-2 and 8-3 of the text book

More Related