Wireless Network Security: WEP And Beyond - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Wireless Network Security: WEP And Beyond

Description:

Two facts about ARP requests help us: They're always the same fixed length. ... establish AES encryption keys to encrypt data exchanged between client and AP ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 23
Provided by: jasond81
Learn more at: http://cs.uccs.edu
Category:

less

Transcript and Presenter's Notes

Title: Wireless Network Security: WEP And Beyond


1
Wireless Network SecurityWEP And Beyond
  • Heidi Parsaye
  • Jason DeVries
  • Roxanne Ilse

2
Outline
  • Wireless networking basics
  • Attempts at making wireless networking secure
  • Wired Equivalent Privacy
  • Why its no longer private
  • Brief overview of how to crack
  • Beyond WEP WiFi Protected Access (WPA)

3
Wireless Broadband
  • How Does Wireless Broadband Work?
  • Benefits of Wireless Broadband
  • Disadvantage of Wireless Broadband

4
Wireless Network Security
  • IEEE 802.11 WI-FI
  • Wired Equivalent Privacy (WEP)
  • TKIP (Temporal Key Integrity Protocol)
  • MAC address filtering
  • Wi-Fi Protected Access (WPA and WPA2)

5
Encryption Of WEP Data
6
Decryption Of WEP Data
7
Important Details About WEP Frames
  • All 802.11 WEP frames contain a plaintext header
    followed by encrypted data.
  • The Initialization Vector is included in the
    plaintext.
  • There is no CRC on the plaintext header. We can
    easily spoof the BSSID to get around MAC address
    filtering.
  • No attempt is made to hide packet lengths.

8
Important Details About WEP Frames
  • The RC4 Initialization Vector must be sent in
    plaintext. The recipient needs to be combine it
    with the secret key to re-create the state array
    used for decryption.

9
The Problem With WEP
  • Its actually a problem with RSA RC4 which was
    designed in 1987 by Ron Rivest (the R in RSA).
  • In 2001, Scott Fluhrer, Itsik Mantin, and Adi
    Shamir (the S in RSA) discovered that the first
    few bytes of the RC4 data are non-random and leak
    information about the key.

10
The Problem With RC4
  • The Secret Key used by KSA is actually the
    Initialization Vector (3 bytes) plus the Secret
    Key (5 or 13 bytes).
  • Since we know the first three values, we know the
    output for the first three iterations of KSA.

11
The Problem With RC4
  • If we can get the state array, we can now start
    plugging data into PRGA. More specifically, we
    can start running it in reverse to give us a hint
    about the secret key.

12
Another Weakness
  • The 3-byte LLC Header is always the same on every
    frame, starting with 0xAA, indicating that SNAP
    is next.
  • In fact, with a certain message well cover
    later, we know the values for 16 of the encrypted
    bytes.
  • Knowing some of the encrypted plaintext makes the
    job even easier.

13
Getting The Secret Key
  • What we really need to see is the exact same
    plaintext message encrypted thousands of times
    using different Initialization Vectors.
  • If we get enough unique Initialization Vectors,
    we can crack the secret key.
  • But how do we get a WEP network to encrypt and
    transmit the exact same message thousands of
    times?
  • The answer Ask the network the same question
    get the same answer thousands of times!

14
We Have Ways Of Making You Talk
  • Ok, so what question can we ask the network
    thousands of times and get the same answer?
  • Hey network whats my IP address? This is known
    as an ARP request.
  • Since we dont have the secret key, we cant
    encrypt our own ARP request.
  • That means we need to steal a legitimate ARP
    request from the network. Once we get one, well
    replay it thousands of times. Well force the
    network to talk to us as it replies to these
    requests generating messages for us.

15
ARP Requests
  • But if the data is encrypted, how could we find
    and read an ARP request?
  • The answer We dont need to read it or decrypt
    its content. We just need to recognize it as
    what we need.
  • Two facts about ARP requests help us
  • Theyre always the same fixed length. We can
    look for that.
  • It will be sent to a broadcast address.
    Remember, the destination MAC address is sent as
    plaintext in the 802.11 header so we can read
    that part.

16
Retransmitting ARP Requests
  • Look at the 802.11 frame again. Once we steal a
    legitimate ARP request, theres absolutely
    nothing to keep us from spoofing our BSSID and
    retransmitting the exact same request as many
    times as we want.
  • We dont know the values of the encrypted bytes
    were transmitting, but thats ok. We dont
    care.
  • We also wont be able to read the ARP reply sent
    by the network. We dont care about the
    contents. The important part is that they are
    the same every time.

17
Recent Work
  • In 2005, Andreas Klein extended the 2001 work of
    Fluhrer, Mantin, and Shamir. He found additional
    correlations between the encrypted data and the
    secret key. However, his method still relied on
    educated guesses to compute all bytes of the
    secret key sequentially.
  • If while computing the 10th byte it turns out you
    made an incorrect guess on the 4th byte, you have
    to throw out all computations done from the 4th
    byte onward and start again.

18
Recent Work
  • In 2007, Erik Tews, Ralf-Philipp Weinmann, and
    Andrei Pyshkin optimized Kleins 2005 attack for
    usage against WEP.
  • Most notably, they modified the attack such that
    it is possible to compute the secret key bytes
    independently, instead of sequentially much more
    efficient, less wasted computations.
  • Working at 802.11g data rates, they showed they
    could crack 128-bit WEP with just 85,000 packets,
    a success rate of 95... in less than 60 seconds.

19
Using AirCrack
20
Beyond WEP WPA2
  • Implements mandatory elements of 802.11i
  • Available in personal (SOHO) and enterprise mode
  • Uses AES (Advanced Encryption Standards)

21
WPA2 Components
  • WPA2 Wi-Fi certified client devices may require
    software/hardware upgrades
  • Client supplicant, such as Microsoft or Funk
    Odyssey
  • EAP Authentication Types
  • WPA2-Enterprise Wi-Fi Certified APs may require
    firmware or hardware upgrade
  • Authentication Server (RADIUS)/Database (SQL,
    LDAP or AD)

22
How WPA2 Works
  • Initiated when user associates with an AP
  • User must authenticate first before AP will allow
    access to network
  • Authentication process enabled by IEEE 802.1X/EAP
    framework
  • Client authentication server mutually
    authenticate with each other via the AP
  • Once authenticated, the authentication server
    client simultaneously generate a Pairwise Master
    Key (PMK)
  • 4-way handshake between client and AP to complete
    authentication and establish AES encryption keys
    to encrypt data exchanged between client and AP
Write a Comment
User Comments (0)
About PowerShow.com