1 / 17

Security in wireless networks

Security in wireless networks. Wireless networks more vulnerable no inherent physical protection: sending/receiving messages do not need physical access to network infrastructure broadcast communication As a consequence eavesdropping is easy injecting bogus messages is easy

chacha
Télécharger la présentation

Security in wireless networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in wireless networks • Wireless networks more vulnerable • no inherent physical protection: sending/receiving messages do not need physical access to network infrastructure • broadcast communication • As a consequence • eavesdropping is easy • injecting bogus messages is easy • replaying previously recorded messages is easy • illegitimate access to network & services is easy • denial of service is easy (jamming)

  2. Outline • Security in WLAN • Thwarting malicious behavior • Thwarting selfish behavior

  3. Securing 802.11 WLAN • first attempt • Wired Equivalent Privacy (WEP), 1999 • current attempt • IEEE 802.11i or RSN (Robust Security Network) or WPA2 (WiFi protected access 2), 2004 • intermediate solution • IEEE Temporary Key Integrity Protocol (TKIP) or WPA, 2003 • subset of 802.11i

  4. Wired Equivalent Privacy (WEP) • specified in 802.11 standard for WLAN MAC • protocol goals • confidentiality: prevent eavesdropping • access control: prevent unauthorized access • data integrity: prevent tampering of messages • failure: none of the security goals is attained

  5. WEP components • Authentication • before association to AP • Encryption • using RC4 stream cipher

  6. 4 3 2 3 2 2 1 1 1 Recall 802.11 association BBS 1 BBS 1 BBS 2 BBS 2 AP 1 AP 1 AP 2 AP 2 H1 H1 • Active Scanning: • Probe Request frame broadcast from H1 • Probes response frame sent from APs • Association Request frame sent: H1 to selected AP • Association Response frame sent: H1 to selected AP • Passive Scanning: • beacon frames sent from APs • association Request frame sent: H1 to selected AP • association Response frame sent: H1 to selected AP

  7. WEP Authentication • before association, host needs to authenticate itself to AP • authentication procedure: • host requests authentication from AP • AP sends 128 bit nonce • host encrypts nonce using shared symmetric key • AP decrypts nonce, authenticates host • once authenticated, host can send an association request • no key distribution mechanism • authentication: knowing the shared key is enough

  8. WEP encryption: RC4 stream cipher • host/AP share 40 bit symmetric key (semi-permanent) • host appends 24-bit initialization vector (IV) to create 64-bit key • 64 bit key used to generate stream of keys, kiIV • kiIV used to encrypt i-th byte, di, in frame: ci = diXORkiIV • IV and encrypted bytes, ci sent in frame

  9. 802.11 WEP encryption Sender-side WEP encryption

  10. Security hole in 802.11 WEP encryption • 24-bit IV, one IV per frame -> IV’s eventually reused • Common PCMCIA cards sets IV to zero and increment it by 1 for each packet • IV transmitted in plaintext -> IV reuse detected

  11. 802.11 WEP encryption • one attack: • Trudy causes Alice to encrypt known plaintext d1 d2 d3 d4 … • Trudy sees: ci = diXORkiIV • Trudy knows cidi, so can compute kiIV • Trudy knows encrypting key sequence k1IV k2IV k3IV … • Next time IV is used, Trudy can decrypt!

  12. WEP – Lessons learnt engineering security protocols is difficult combining strong building blocks in a wrong way -> insecure system at the end don’t do it alone security is a non-functional property  it is extremely difficult to tell if a system is secure or not using expert in design phase pays out (fixes after deployment will be much more expensive) experts will not guarantee your system is 100% secure but at least they know many pitfalls they know the details of crypto algorithms

  13. 802.11i: improved security • stronger encryption (using AES instead of RC4 ) • extensible set of authentication mechanism • borrowed from 802.1X (for wired LAN) • key distribution • uses authentication server • run on AP for small network • or separate from AP • can serve multiple APs • centralize authentication decision

  14. 1 Discovery of security capabilities 3 2 3 4 STA, AP use PMK to derive Temporal Key (TK) used for message encryption, integrity 802.11i authentication & access control AP: access point STA: client station AS: Authentication server wired network STA and AS mutually authenticate, together generate Master Key (MK). AP serves as “pass through” STA derives Pairwise Master Key (PMK) AS derives same PMK, sends to AP

  15. EAP: extensible authentication protocol • EAP: end-end client (mobile) to authentication server protocol • EAP sent over separate “links” • mobile-to-AP (EAP over LAN) • AP to authentication server (RADIUS over UDP) wired network EAP TLS EAP RADIUS EAP over LAN (EAPoL) IEEE 802.11 UDP/IP

  16. TKIP: intermediate solution • runs on old hardware (supporting RC4) • WEP weaknesses are corrected • new message integrity protection mechanism called Michael • use IV as replay counter • increase IV length to 48 bits in order to prevent IV reuse • per-packet keys to prevent attacks based on weak keys

  17. TKIP – Generating RC4 keys 48 bits data encryption key from PTK IV upper 32 bits lower 16 bits 128 bits key mix (phase 1) MAC address key mix (phase 2) dummy byte RC4 seed value IV d IV per-packet key 3x8 = 24 bits 104 bit

More Related