1 / 17

Vulnerability In Wi-Fi

Vulnerability In Wi-Fi. By Angus U CS 265 Section 2 Instructor: Mark Stamp. Outline. Why Wireless? Overview Security in Wirelss Networking WEP Authentication Integrity Encryptions Off Standard: Access Control List Attacks Future Solution. Wireless?.

nonnie
Télécharger la présentation

Vulnerability In Wi-Fi

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp

  2. Outline • Why Wireless? • Overview Security in Wirelss Networking • WEP • Authentication • Integrity • Encryptions • Off Standard: Access Control List • Attacks • Future Solution

  3. Wireless? • Wire: Limited by power and LAN cable • Mobility  unwire  Laptop & Wireless • Simple Installation • Convenience to use • Cost of equipment • Popularity

  4. Wireless Standards • IEEE 802.11b • 11Mbps 2.4Ghz band Unlicensed, 1999 • IEEE 802.11a • 54Mbps, 5Ghz band Licensed • IEEE 802.11g • 54Mbps 2.4Ghz band Unlicensed, 2003 • IEEE 802.11i: (Amendment)

  5. Overview Wireless • Wi-Fi : Wireless Fidelity • Hotspot: Where you can have Wi-Fi access • Two types of Wireless Networking • ad hoc: meeting or conference (no internet) • Infrastructure: base station & clients • Connect to external Network (Internet) • Needs: Access point and/or Wireless NIC

  6. Overview Security in Wireless Protocol: WEP Authentication (challenge & Response) Integrity: CRC-32 Encryption: Stream cipher, RC4, with IV

  7. WEP • Wired Equivalent Privacy Protocol • Security behind the Wi-Fi • Designed to encrypt and decrypt data for Wi-Fi • Disable or 40 bit keys or 104 bit keys • Uses RC4 encryption algorithm • 64 bits for RC4 keys or none • 40 bits for WEP key & 24 bits for IV

  8. Authentication in WEP • Open & Shared Key • Picture from Mark Stamp • Problem: Know Plaintext Attack Request for shared key auth. Nonce N E(N, KA-B) Bob (base station) Authentication response Alice

  9. Access Control List (not in WEP) • Created by Vendors, not in 802.11 Family • Identity Problem: Who you are? • Based on the shared Key? • Only one shared Key • Access List: a list of MAC addresses • Failure: MAC addresses can be modifiable • Open source device drivers

  10. Encryption in WEP • IV + Secret Key XOR Plaintext • IV is only 24 bits, too short • 40 bits for WEP is still too short • Remember: The other 64 bits for RC4 • Given P1 = P2 then C1 = C2 • No session Key, One key for all operations • Encryption and Decryption • Access point & Users

  11. Integrity in WEP • No protect against replays • (No sequence Number in Packet) • CRC-32 checksum is not good enough for integrity in experiment • High Possibility of Collision

  12. Key Management in WEP • No key distribution systems • Static Key and the same key for everything • Manually Enter the secret key in Both sides • Not practice, is often ignored

  13. Attacks in WEP • Numerous Attacks since 2001 • Fluhrer-Mantin-Shamir (FMS) attacks • Publicly Released the tools to attack WEP • Off-the-Shelf Hardware and Software • Impossible to detect • Only a couple of hours

  14. Solution: IEEE 802.11i • A Future Standard for Wi-Fi • IEEE 802.11i still Amendment • Two new Protocols to address above issues • New key management: IEEE802.1X • Short Term Solution: TKIP • Long Term Solution: CCMP

  15. TKIP • Temporal Key Integrity Protocol • No new hardware required but • firmware upgrade & driver upgrade • Three element: • A message integrity code • A packet sequencing • A per-packet key mixing function • 128-bit Encryption, 64-bit Authentication

  16. CCMP • Counter-Mode-CBC-MAC Protocol • New Protocol in 802.11i • required new hardware • Many properties similar to TKIP • Free from constraints of existed Hardware • RC4 replaced by AES • AES 128-bit, 48-bit IV, no per-packet key • Fix all well known WEP flaws

  17. The End • Good-bye

More Related