Upload
ambrose-long
View
214
Download
1
Embed Size (px)
Citation preview
University of Kansas
Motivation
802.2 Logical link control (LLC)
OSI Model
Network
Data Link
802.3MAC
802.3PHY
802.3CSMA/CD
802.11 MAC
Physical
802.11
802.11FHSSPHY
802.11DSSSPHY
802.11aOFDMPHY
802.11bHR/DSSS
PHY
802.1 Management and Internetworking
802 Family
Wireless networks based on the IEEE 802.11 standard require lengthy layer two configuration parameters to be set
SSID (Network Name)WEP Encryption Keys
Embedded devices with limited input capabilities are unable to join the wireless
network until properly configured
Traditional layer three configurations protocols like DHCP can be utilized once data layer communication is established
University of Kansas
802.11 Encapsulation• 802.11 headers are unencrypted
• Access Points copy MAC addresses during the bridging process
• Data portion encrypted – No use to a station without keys
• Source address - 6 octets of data
• Broadcast
FrameControl
Addr 4SeqAddr 3Addr 2Addr 1Duration/
ID
DestinationMACEthernet
SourceMAC
0xAA 0x030xAARFC 1042
encapsulation0x00-00-00
TYPE
TYPE DATA
DATA FCS
SNAP Header
802.11 Header 802.11 Data
University of Kansas
Wi-Fi-Co Protocol
The Configurator host sends wireless network parameters to an embedded device via broadcast packets
FrameControl
Addr 1Duration Addr 4Addr 3Addr 2 Seq
802.11 MAC HeaderWEP IV DATA FCS
Cleartext Encrypted Cleartext
SSIDIntegrityCheck
DefaultKey
WEP KEY(s)Header
I I I SEQ D D
ff ff ff ff ff ff
MAC Source Address
MAC Destination Address
Broadcast
Const. Identifer Data
Wi-Fi-Co Configuration Buffer
Configuration data is embedded in the source MAC address
A Wi-Fi station is able to capture the configuration frames and assemble the data from the cleartext 802.11 headers
University of Kansas
Wi-Fi-Co Timing Diagram
Configurator Target
Configuration Message 2
Configuration Message 1
Configuration Message M
Target ConfigurationComplete
Socket connection back toConfigurator
0.0
0.05105
0.05710
0.09105
0.11105
0.68905
1.21105
1.23111
1.31710
1.28915
1.25204
2.41241
2.43141
2.45870
2.46014
• Configurator constantly broadcasts configuration data in fragmented packets
• The target assembles configuration data and decodes link level parameters
• Must “hop” Wi-Fi channels to guarantee that configuration data will be received
University of Kansas
Protecting WEP Keys
• Broadcast packets easily intercepted• On wired Ethernet network portion• On wireless network portion
• Configuration data Encrypted• Shared key symmetric cipher • Embedded devices ship with
unique, pre-programmed key• Certificate with product code• Additional input required on
the Configuration host where it is much easier than input to embedded device
University of Kansas
Applications