802.11b Security

1
802.11b Security

• CSEP 590 TU
• Osama Mazahir

2
Introduction

• Packets are sent out into the air for anyone to
  receive
• Eavesdropping is a much larger concern in
  wireless compared to wired network
• This requires data encryption mechanisms

3
Wired Equivalent Protocol (WEP)

• Single key is shared by all machines in network
• Shared key is used to encrypt packets
• RC4 stream cipher
• 40-bit key 24-bit initialization vector (IV)
• IV sent in plaintext
• To send plaintext packet P, you send IV, P ?
  RC4(K, IV)

4
WEP issues

• Optional deployment
• IV changes in simply and predictably from one
  packet to the next
• 24-bits is too small of a space
• IV repeating allows for plaintext discovery
• Checksum is not keyed
• Attacker can create ciphertext and adjust
  checksum so that receiver accepts packet
• Attacker can inject forged packets

5
Wi-Fi Protected Access (WPA)

• Created as an interim solution while waiting for
  802.11i
• Subset of 802.11i
• 128-bit key 48-bit IV
• Still uses RC4 stream cipher
• 802.1X Authentication Server can be used to
  distribute different keys to each user

6
WPA (continued)

• Temporal Key Integrity Protocol (TKIP) to thwart
  WEP key recovery attacks
• Per-packet key mixing
• Message integrity check
• Hashed RC4 traffic key (re-keying)
• Message Authentication Code (MAC) to prevent
  packet forgery
• Frame Counter to prevent basic replay attacks

7
802.11i (WPA2)

• Similar to WPA in many respects
• AES block cipher
• Robust Security Network (RSN) mechanism for
  algorithm/encryption selection
• After authentication/association, a 4-way
  handshake is done in which a new Pairwise
  Transient Key (PTK) is established
• PTK is used to for data packet transmission

8
Virtual Private Networks

• Allows establishing a secure point-to-point
  channel across an untrusted/shared network
• Nodes not in trusted LAN can VPN into trusted LAN
• Requires end-user configuration
• Not good for end-user roaming scenarios

9
Questions?