1 / 6

Electronic Security

Electronic Security. Inaugural meeting (for Hasheem: that means ‘the first meeting ’. What Is Electronic Security?. For our purposes: Security that does not involve the mechanical exploitation of vulnerabilities in physical locks

huffmanc
Télécharger la présentation

Electronic Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Security Inaugural meeting (for Hasheem: that means ‘the first meeting’

  2. What Is Electronic Security? For our purposes: • Security that does not involve the mechanical exploitation of vulnerabilities in physical locks • The examination of security systems which are implemented primarily by means of an electronic Basically, anything interesting that involves both security and electronics (we are open to suggestions for future meetings! )

  3. Quick and Dirty Network Security:(NOT an exhaustive list, just enough concept to move to our main topic) • Privacy • Only trusted parties can participate in conversations (actively) • Anyone who tries to listen won’t understand the conversation • Integrity • When person A sends message M to person B, the person B can be certain that M did not change at all from the time A sent it to the time B received it

  4. WEP(or: when smart engineers make very, very bad decisions) Wired Equivalent Privacy • Outlined in the IEEE 802.11b standard • Uses RC4 stream cipher for privacy/encryption • Used badly/improperly • Uses CRC-32 checksum for integrity • Ultimately this provides ZERO integrity

  5. RC4 is a Stream Cipher Keystream: To infinity and beyond! Plaintext: Cyphertext: • Claude E Shannon proved that this encryption scheme provides PERFECT security if and only if: • There is no repeating pattern in the keystream • The keystream is as long as the plaintext • RC4 Provides a PSEUDORANDOM keystream = a secret key + Initialization Vector. • Not perfect, but pretty good… ONLY if the IV NEVER repeats!

  6. WEP Implementation(credit for this image: Vitaly Shmatikov) RC4 keystream = IV + secret key 1 keystream := 1 data layer frame IV is sent in the clear CRC-32 is a linear translation through xor, so anyone can re -compute THE FREAKING IV IS SENT IN THE CLEAR, IT MAKES UP 24 BITS OF THE KEY NO MATTER HOW BIG THE KEY IS Vulnerable to Fluhrer et al. attack on RC4. John Gordon will now demonstrate.

More Related