1 / 14

IEEE 802.11 Security

IEEE 802.11 Security. Specifically WEP, WPA, and WPA2. Brett Boge, Presenter CS 450/650 University of Nevada, Reno. Introduction / History. IEEE 802.11 standard for wireless LAN (802.11-1997) Ratified September 1999 WEP included

reba
Télécharger la présentation

IEEE 802.11 Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IEEE 802.11 Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno

  2. Introduction / History • IEEE 802.11 standard for wireless LAN (802.11-1997) • Ratified September 1999 • WEP included • 2001 UC Berkeley Fluhrer, Mantin, and Shamir"Weaknesses in the Key Scheduling Algorithm of RC4“ • ~2002 WPA • 2004 802.11i ratified with WPA2 • IEEE 802.11-2007

  3. WEP Wired Equivalent Privacy • Part of the original 802.11 standard • Uses RC4 for confidentiality • Uses CRC32 for integrity • 64 bit WEP uses a 40-bit key (aka WEP-40) • Limited by the government • 128 bit WEP uses a 104-bit key • Deprecated in 2004

  4. RC4 • 1987, "Rivest Cipher 4“, aka “Ron’s Code” • 1994 spread on the internet • Stream cipher • KSA (Key scheduling algorithm): • S[i] = {0,1,2,3…} • j = 0 • for i = 0 – 255 • j := (j + S[i] + key[i mod keylength]) mod 256 • swap values of S[i] and S[j] • end

  5. RC4 • PRGA: • i = 0 • j = 0 • as long as we need output: • i = (i + 1) mod 256 • j = (j + S[i]) mod 256 • swap S[i] and S[j] • output S[(S[i] + S[j]) mod 256]

  6. WEP • Uses RC4 for encryption • Uses CRC32 for integrity Encryption:

  7. Initialization Vector • Fixed-sized input into a crypto function • Prevents repetition • Uniqueness important • WEP uses 24 bit

  8. WEP “Authentication” 2 Methods

  9. Attacking WEP Fluhrer, Mantin, and Shamir • 2001 “Weaknesses in the Key Scheduling Algorithm of RC4” • Key recovery • Requires a sufficiently large number of messages • Exploits weak IVs With certain weak IVs, knowing the nth byte of a keystream allows the attacker to derive the n+1th byte. IV’s of form (a + 3, n − 1, x) will help to provide a possible key value at index a

  10. Additional WEP Weaknesses • No key management, shared key • Statistical attack against duplicate IVs • 2005 - FBI showed that WEP can be cracked in 3 minutes usingpublicly available tools • More correlations between the keystream and the key thanshowed by Fluhrer, Mantin, and Shamir (KSA weaknesses) • 2007 - Erik Tews, Andrei Pychkine, and Ralf-Philipp Weinmann 104bit WEP key: 50% - 40,000 80% - 60,000 95% - 80,000

  11. WPA Wi-Fi Protected Access • 2002 Wi-Fi AllianceWPA stopgap until 802.11i • No shared key, uses TKIP • 128 bit • Per-packed • Subject to old weaknesses • Uses RC4 to run on old hardware • Stronger Integrity, no CRC, uses MACs

  12. WPA2 Wi-Fi Protected Access • 2004 Wi-Fi AllianceIEEE 802.11i-2004 • No TKIP, uses CCMP as standard • Counter Mode with Cipher Block ChainingMessage Authentication Code Protocol • Block Cipher using AES • Mandatory for all devices bearing the Wi-Fi mark

  13. WPA/WPA2 Authentication

  14. Conclusion • WEP • Many weaknesses, deprecated • WPA • uses weaker TKIP, better than WEP • Less intensive • Supported on older equipment • WPA2 • uses AES • 802.11i standard • Despite wireless security, using a tunnel (IPsec, SSH) • when on a wireless network is a good idea to double your • Protection.

More Related