Embed Size (px)
Citation preview
Seminar Reporton Wi-Fi Security Protocols
Presented by: SurbhiCUPB/M.Tech-CS/SET/CST/2014-15/15
Introduction to Wi-Fi security
• Wireless makes life incredibly easy and gives us great mobility.
• Requires no physical connection.• They are more vulnerable than wired
networks.• These extends beyond walls.• Difficult to locate attacker.• Passive attacks.
Wired Equivalence Privacy (WEP)
• Shared key between stations and an Access Point.• Key used in stream cipher to encrypt WLAN traffic.• Uses RC4 stream cipher – RC4 algorithm generates a stream of pseudo-random
bits using key and Initialisation Vector (IV) as input.– RC4 is also used in the decryption of the cipher text.
• Uses 32-bit Cyclic Redundancy Check (CRC32)– Basically a hash function– Used to compute Integrity Check Vector (ICV)
Shared Key Authentication
WEP Encryption
RC4
ICV computation using CRC32
IV
Ciphertext
||
||Plaintext
Secret key
InitialisationVector (IV) Key-stream
|| append XOR
Insecurities of WEP
•Key Generation • ICV Generation•Weak IV’s•WEP Attacks
Key Generation Problem
• Secret Keys are directly used for encryption and no key updates.
• Certain keys are more susceptible to showing the relationship between plaintext and cipher text.
• IV is too small so its reuse is unavoidable.• Key distribution is done manually.
Initialization Vector (IV)• IV should be different for every message
transmitted.• But 802.11 standard doesn’t specify how IV is
calculated.• Wireless cards use several methods:– Some use a simple ascending counter for each message.– Some switch between alternate ascending and descending
counters.– Some use a pseudo-random IV generator.
• If 24-bit IV is an ascending counter, and if AP transmits at 11 Mbps, then all IVs are exhausted in roughly 5 hours!
ICV Generation Problem
• The ICV is generated from a cyclic redundancy check (CRC-32).
• Easy for attacker to even change encrypted packet and then change ICV to generate valid packet so as to get response from AP.
WEP attacksPacket injection
• A packet sent in a WEP protected network which has been intercepted by an attacker, can later be injected into the network again, as long as the key has not been changed .
• WEP was never designed to be resistant against such an attack.
WEP attacksFake authentication
• Allows an attacker to join a WEP protected network, even if the attacker has not got the secret root key.
• Shared Key Authentication(SKA)– The attacker has to be able to sniff an SKA
handshake between the AP and another station.
WEP attacksChop-chop attack
• Allows an attacker to interactively decrypt the last m bytes of plaintext of an encrypted packet by sending m128 packets in average to the network.
• Procedure:– Select a captured packet for decryption– Truncate the packet by one byte, correct the checksum
and send the packet to the AP to find out if the guess is correct
– If the guess is correct, we know the last byte of plaintext and we can continue with the second last byte
– If the guess was incorrect make another different guess for that byte (at most 256 guesses guesses per byte)
WEP attacksFMS attack
• First key recovery attack against the RC4 algorithm.
• Main idea:– If the RC4 key is composed from a known IV and an unknown secret
part by concatenation;– And if the attacker knows the first byte of key-stream for enough
different IVs;– Then the whole RC4 key can be determined in a statistical attack.– Attack only makes use of some of the IVs – so-called “weak” IVs.
• Complexity of attack grows only linearly with key size rather than exponentially.
WEP attacksGenerating traffic for the FMS attack
• Capture encrypted ARP request packets (associate an IP address with its physical associate an IP address with its physical address)address).
• Replay encrypted ARP packets to generate encrypted ARP replies.
• These replies provide more traffic, potentially with IVs indicating weak keys.
Wi-Fi Protected Access (WPA)
• The IEEE 802.11 community has responded to the many security problems identified in WEP.
• Intermediate solution: Wi-Fi Protected Access (WPA).
• Longer-term solution: WPA2.• WPA and WPA2 are standardised in IEEE
802.11i
Wi-Fi Protected Access (WPA)
• Wi-Fi Protected Access (WPA)– Works with 802.11b, a and g.– An intermediate solution to address WEP’s problems.– Existing hardware can still be used; only firmware upgrade needed.
• WPA introduced new authentication protocol, improved integrity protection measure and per-packet keys.– To provide stronger authentication than in WEP.– To prevent replay attacks.– To prevent spoofing attacks (i.e. bit flipping on WEP CRC).
WPA-PSK(Wireless Protected Access)
WPA- Enterprise(Wireless Protected Access)
Temporal Key Integrity Protocol (TKIP)
WPA introduced Temporal Key Integrity Protocol (TKIP).
•It is designed to be usable on already existing hardware by installing a new firmware.
•It is known to have several security weaknesses, but raises bar considerably compared to WEP.
TKIP Security Measures • TKIP uses MIC(Message Integrity Check) to ensure the
integrity of message.– If more than two messages with invalid ICV are received by
a station within a minute, TKIP is disabled for a minute and a renegotiation of the keys is suggested.
• A per packet sequence counter is used to prevent replay attacks.– If a packet is received out of order, it is dropped by the
receiving station.– This prevents all kind of injection attacks where a packet is
replayed.
WPATKIP Encryption
WPA(Wireless Protected Access)
WPA attacks
• Dictionary attack on pre-shared key mode• Denial of service attack – If WPA equipment sees two packets with invalid
MICs in 1 second, then:• All clients are disassociated.• All activity stopped for one minute.• So two malicious packets per minute is enough to stop a
wireless network.
WPA2
WPA2 is interim solution to WEP issues but does require new hardware.•An enterprise level key management was added to IEEE 802.11, which allows a lot of modes of authentication:
– No need for a single secret pre-shared key.– Use of a username and a password, smartcards, certificates, hardware
security tokens etc.
•Every station uses individual keys to communicate with an AP– Eavesdropping by another station in the same network is not possible
anymore.
Conclusion
WEP allows a lots of attacks due to use of weak IV, small IV space and poor encryption technique being used. On the other hand WAP is better then WEP as WAP key is not directly used in encryption. Key mixing is done for every session and same IV cannot be used in the same session. Thus prevent message replay attacks and message injection attacks are also prevented using MIC.WPA2 is the best Wi-Fi protocol as it uses AES encryption technique that is the most robust and very hard to crack.
