The security, or lack thereof, of wireless technology
Yuguang QiuUniversity Of Colorado DenverComputer Science Department
2015, April 26th
Wireless Security Technology Requirements
Outlines & Summary
1. Abstract
2. Introduction
3. Wi-Fi Security protocols•3.1 Security Protocols•3.2 Symmetric- Key Algorithms V.S Asymmetric- Key Algorithms•3.3 Encryption Algorithms
4. A hybrid crypto scheme
5. Conclusion
Abstract
Motivation: : Looking for a stronger encryption has been on the hunt!
Protocols: Protocols:
•WEP: A security algorithm for wireless networks, recognizable by using a 40-bit or 104-bit encryption key that must be manually entered on wireless access points and devices and does not change. (Static)•WPA: A protocol adopt Temporal Key Integrity Protocol (TKIP), which employs a per-packet key. It dynamically generates a new 128-bit key for each packet. (Dynamic)•WPA2: An advanced version of WPA using an AES-based encryption mode with strong security. Two versions: WPA2-Personal, and WPA2-Enterprise. (Dynamic and better encryption )
Encryption Method: Encryption Method:
•Many encryption algorithm exist which vary in complexity and ability to resist cracking•Two types in Ciphers: symmetric and asymmetric•Symmetric- Key Algorithms: AES, DES/Triple DES, RS4, RC4•Asymmetric- Key Algorithms: RSA, DSA, ECC
Wi-Fi Security Protocols and Encryption algorithm
Introduction
Potentially large number of cryptography solutions to attain security is widely known and recognize.
Currently, many encryption algorithm exist to help keep information secure and these algorithms vary in complexity and ability to resist cracking.
In this project, I introduced the basic background knowledge of Wi-Fi Security Protocols and corresponding encryption algorithms. Afterward, I will present a hybrid crypto scheme that combines the acclaimed effective in symmetric type of algorithm, AES and the Elliptic Curve Cryptography in Asymmetric algorithm. I also implemented such algorithm in C programming.
Wi-Fi Security ProtocolsWi-Fi Security Protocols
Types of Security
WEP : Wired Equivalent privacy X
• Was broken years ago and takes 15 min to break in
• Uses 40bit RC4 encryption
• Very week and not recommended
• Accepts only hexadecimal password
TKIP : A suite of algorithms wrapping WEP X
• Achieve best security given hardware constraints
• A cryptographic message integrity code, or MIC, called Michael, to defeat forgeries
• A per-packet key mixing function, to de-correlate the public IVs from weak keys
• A rekeying mechanism, to provide fresh encryption and integrity keys, undoing the threat of attacks from key reuse
Types of SecurityWPA: Wi-Fi Protected Access
• Much better than WEP
• Accept long password and with all possible combinations
• Easy to setup, as easy as WEP
• Available in all the common Wi-Fi routers
• A must for all home users
• Will take a long time to break in
WPA2: Advance Wi-Fi Protected Access
• Better than WPA
• Takes little more pain to setup
• Advised in corporate environments
• Strong encryption and authentication support
Encryption AlgorithmsEncryption Algorithms
•A stream cipher
•Generate key stream byte at a step
•Efficient in software
•Used lots of places: SSL, WEP, etc.
•Most popular stream cipher in existence
Rivest Cipher 4 (RC4)
- Array key contains N bytes of key, used-defined between 40-bits and 256-bits
- Array S always has a permutation of 0,1,…,255
RC4 math Definitions
RC4 ImplementationRC4 consists of two parts:
1.KSA – Turns a random key into an initial Permutation S of { 0,1,…..,N-1}. Each of the 256 entries in S are then swapped with the J th entry in S, which is computed to be j = [(j + S(i) + key[i mod key length]) mod 256]
for i = 0 to 255S[i] = iK[i] = key[i (mod N)]
next i j = 0 for i = 0 to 255
j = (j + S[i] + K[i]) (mod 256)swap(S[i],S[j])
next i i = j = 0
2. PRGA uses this permutation to generate a pseudo-random out sequence exchange the two values of S pointed to by i and j, and output the value of S pointed to by S[i] + S[j]. For each key stream byte, swap elements of array S and select a byte from the array.
i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(S[i], S[j]) t = (S[i] + S[j]) (mod 256) Key Stream Byte = S[t]
RC4 Attach and weakness Proof
Proof?
RC4/WEP Conclusions
1. This attack is practical!
2. This attack has been used to recover keys from real WEP traffic
3. This attack on RC4 is just one of many security flaws in WEP
(Temporal Key Integrity Protocol) TKIP
A set of algorithms to give the best possible solution
A cryptographic message integrity code (MIC), called Michael: to defeat forgeries A secret authentication key K , A tagging function, A verification predicate
A new IV sequencing discipline: to remove replay attacks from the attacker’s arsenal Reuse the WEP IV field as a packet sequence number
A per-packet key mixing function: Going through 2 key mixing phases and to de-correlate the public IVs from weak keys WEP constructs a per-packet key by simply concatenating a base-key and the IV
A re-keying mechanism: to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse.
Michael• 64-bit Michael key: represented as two 32-bit words (K0,K1).
• The tagging function first pads a message with the hex value 0x5a and enough zero pad to bring the total message length to a multiple of 32-bits, then partitions the result into a sequence of 32-bit words M1 M2 … Mn . (b is a function built up from rotates)
(L,R) ← (K0,K1) do i from 1 to n
L ← L ^ Mi
(L,R) ← b (L,R)
return (L,R) as the tag
If a TKIP implementation detects two failed forgeries in a second, assume under active attack.
The station deletes its keys, disassociates, waits for a minute, and then re-associates.
Per-Packet Key Mixing: PhasesPhase 1
i.XORs the MAC address of the station and the temporal key to produce an intermediate key
ii.Mixing MAC and the temporary key in this way causes different stations and APs to generate different intermediate keys, even if they have the same temporal key
iii.Intermediate key is computed only when the temporal key is changed
Phase 2
i.Takes the packet sequence number and encrypts it (intermediate key) ,producing finally a 128-bit per-packet key
ii.The first 3 bytes (24 bits) of Phase 2 output corresponds exactly to the WEP IV, and the last 13 bytes to the WEP base key.
iii.Use the existing WEP hardware to do the encryption using the per-packet key
Re-Key Mechanism
TKIP uses three distinct keys
TKIP Encryption/Decryption Process
Phase 2Key
Mixing
Michael Fragment(s)
WEPEncapsulation
TKIP Sequence Counter(s)
MIC Key
SA + DA +PlainText
MSDUPlaintextMPDU(s)
PlaintextMSDU + MIC
CiphertextMPDU(s)
WEP seed(s)Represented
as WEP IV + RC4 KeyPhase 1
KeyMixingMAC
Address
Temporal Key
Intermediate Key
Phase IIKey
MixingMichael
WEPDecapsulation
TKIP Sequence Counter
MIC KeyCiphertext
PlaintextMPDU
WEP seedPhase 1
KeyMixing
MACAddress
Intermediate Key
Unmix IV
Reassemble
MPDU
WEP IV
Out of Sequence
MPDU
In Sequence
MPDU
SA + DA + Plaintext MSDU
MSDU with failed TKIP MIC
MIC =MIC’?
MIC
Counter Measures
MIC’
PlaintextMSDU
Temporal Key
(Temporal Key Integrity Protocol) TKIP
A set of algorithms to give the best possible solution
A cryptographic message integrity code (MIC), called Michael: to defeat forgeries A secret authentication key K , A tagging function, A verification predicate
A new IV sequencing discipline: to remove replay attacks from the attacker’s arsenal Reuse the WEP IV field as a packet sequence number
A per-packet key mixing function: Going through 2 key mixing phases and to de-correlate the public IVs from weak keys WEP constructs a per-packet key by simply concatenating a base-key and the IV
A re-keying mechanism: to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse.
(Temporal Key Integrity Protocol) TKIP
A set of algorithms to give the best possible solution
A cryptographic message integrity code (MIC), called Michael: to defeat forgeries A secret authentication key K , A tagging function, A verification predicate
A new IV sequencing discipline: to remove replay attacks from the attacker’s arsenal Reuse the WEP IV field as a packet sequence number
A per-packet key mixing function: Going through 2 key mixing phases and to de-correlate the public IVs from weak keys WEP constructs a per-packet key by simply concatenating a base-key and the IV
A re-keying mechanism: to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse.
(Temporal Key Integrity Protocol) TKIP
A set of algorithms to give the best possible solution
A cryptographic message integrity code (MIC), called Michael: to defeat forgeries A secret authentication key K , A tagging function, A verification predicate
A new IV sequencing discipline: to remove replay attacks from the attacker’s arsenal Reuse the WEP IV field as a packet sequence number
A per-packet key mixing function: Going through 2 key mixing phases and to de-correlate the public IVs from weak keys WEP constructs a per-packet key by simply concatenating a base-key and the IV
A re-keying mechanism: to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse.
(Temporal Key Integrity Protocol) TKIP
A set of algorithms to give the best possible solution
A cryptographic message integrity code (MIC), called Michael: to defeat forgeries A secret authentication key K , A tagging function, A verification predicate
A new IV sequencing discipline: to remove replay attacks from the attacker’s arsenal Reuse the WEP IV field as a packet sequence number
A per-packet key mixing function: Going through 2 key mixing phases and to de-correlate the public IVs from weak keys WEP constructs a per-packet key by simply concatenating a base-key and the IV
A re-keying mechanism: to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse.
The AES Cipher Has 128/192/256 bit keys, 128 bit data
Processes data as block of 4 columns of 4 bytes, operates on entire data block in every round
Resistance against known attacks
Speed and code compactness on many CPUs
1. Uses a number of rounds
2. Each of which includes both linear and non-linear transformations
3. Convert plain text to a cipher
Round Step 1 - Substitute Bytes
Uses one table of 16x16 bytes containing a permutation of all 256 8-bit values each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits)
eg. byte {95} is replaced by byte in row 9 column 5 which has value {2A} S-box constructed using defined transformation of values in GF(28)
Round Step 2 / 3 – Shift Rows & Mix Columns
Each column is processed separately Each byte is replaced by a value dependent on all 4 bytes in the column Effectively a matrix multiplication in the finite field GF(28) using prime poly m(x) = x8 + x4 + x3 + x + 1
Decryption requires use of inverse matrix with larger coefficients - harder
Mix Columns
Round Step 4 - Add Round Key XOR state with 128-bits of the round key Again processed by column (though effectively a series of byte operations) Inverse for decryption identical
since XOR own inverse, with reversed keys
Symmetric /Asymmetric Algorithms Algorithms
Symmetric- Key Algorithms V.S Asymmetric- Key Algorithms
Asymmetric Encryption Symmetric Encryption
• Employs a public key and a private key
• Used in asymmetric encryption – RSA ECC
• Involved two parties who share a joint secret or key
• Enables private and secure communications between the two parties
• The same key is used for encryption and decryption.
Asymmetric = More functionality
Asymmetric = Lower Speed and expensive hardware
Symmetric = Cost-effective and efficient
Symmetric = No compromising security
What Is Elliptic Curve Cryptography (ECC)?
A public-key cryptosystem just like RSA
Every user has a public and a private key.
Public/Private key is used for encryption/signature verification.
Elliptic curves are used as an extension to other current cryptosystems.
Elliptic Curve Hellman Key Exchange
Elliptic Curve Digital Signature Algorithm
Linear scalability, small software footprint
Low hardware implementation costs, low bandwidth requirements, and high device performance
A hybrid crypto schemeIn this project, I present a new hybrid cryptosystem in the form of crossed cryptosystem capable of providing implicit authentication for the sender’s identity.
The algorithm presented here combines the best features of both the symmetric and asymmetric encryption techniques.
The plain text data is to be transmitted in encrypted using the AES algorithm while the AES key which is used to encrypt the data is encrypted using ECC
A hybrid crypto scheme
The cipher text of the message and the cipher text of the key are then sent to the receiver.
The message digest by this process would also be encrypted / decrypted using ECC techniques.
It uses ECC decryption to obtain the message digest sent by the sender. This value is compared with the computed message digest.
If both of them are equal, the message is accepted otherwise it is rejected.
Ultimately using ECC, the benefits of ECC are many:
A hybrid crypto scheme
This algorithm is presented to be implemented in a wireless device application through which recent technologies are more inclined.
This experience can be leveraged to refine the assessment implementation process and provide better options of algorithm.
Conclusion
Thank You !Thank You !
Questions?Questions?