Intercepting Mobile Communications: The Insecurity of 802.11 - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

Intercepting Mobile Communications: The Insecurity of 802.11

Description:

* Introduction This presentation will discuss the inadequacies of WEP encryption We ll discuss the ... Use WPA or WPA2 with a strong key Change the default ... – PowerPoint PPT presentation

Number of Views:118
Avg rating:3.0/5.0
Slides: 29
Provided by: odu72
Learn more at: http://www.cs.odu.edu
Category:

less

Transcript and Presenter's Notes

Title: Intercepting Mobile Communications: The Insecurity of 802.11


1
Intercepting Mobile Communications The
Insecurity of 802.11
  • or Why WEP Stinks
  • Dustin Christmann

2
Introduction
  • This presentation will discuss the inadequacies
    of WEP encryption
  • Well discuss the theoretical weaknesses of the
    WEP standard
  • Well discuss the types of attacks that can
    exploit those weaknesses
  • Well discuss the speed of real world attacks
    on WEP

3
Agenda
  • Whats on your network?
  • What is WEP?
  • Theoretical weaknesses of WEP
  • Types of attacks on WEP
  • How well do these attacks work in the real
    world?
  • Countermeasures

4
Whats on your wireless network?
  • 802.11 (Wi-Fi) networks are ubiquitous today
  • Types of encryption
  • Open (No encryption)
  • WEP
  • WPA/WPA2

5
So what is WEP?
  • WEP is Wired Equivalent Privacy
  • Link-layer encryption
  • Defined in the IEEE 802.11 standard
  • Least common denominator Wi-Fi encryption
  • Goals of WEP
  • Confidentiality
  • Access control
  • Data integrity

6
So how does WEP work?
7
First, lets introduce the players
  • Message What youre encrypting
  • CRC To verify the integrity of the message
  • Plaintext The message CRC
  • Initialization vector (IV) A 24-bit number which
    plays two roles that well meet in a moment
  • Key A 40 or 104-bit number which is used to
    build the keystream
  • Keystream What is used to encrypt the plaintext
  • Ciphertext What we end up post-encryption

Message
CRC
IV
Key
Keystream
Ciphertext
8
WEP encryption step-by-step
Message
CRC
  • Step 1 Compute CRC for the message
  • CRC-32 polynomial is used

9
WEP encryption step-by-step
Key
IV
Keystream
  • Step 2 Compute the keystream
  • IV is concatenated with the key
  • RC4 encryption algorithm is used on the 64 or 128
    bit concatenation

10
WEP encryption step-by-step
Ciphertext
IV
Keystream
  • Step 3 Encrypt the plaintext
  • The plaintext is XORed with the keystream to form
    the ciphertext
  • The IV is prepended to the ciphertext

11
WEP decryption step-by-step
Ciphertext
IV
Keystream
Key
  • Step 1 Build the keystream
  • Extract the IV from the incoming frame
  • Prepend the IV to the key
  • Use RC4 to build the keystream

12
WEP decryption step-by-step
Ciphertext
Message
CRC
Keystream
  • Step 2 Decrypt the plaintext and verify
  • XOR the keystream with the ciphertext
  • Verify the extracted message with the CRC

13
What are the main weaknesses of WEP?
14
Initialization vector (IV)
  • Its carried in plaintext in the encrypted
    message!
  • Its only 24 bits!
  • There are no restrictions on IV reuse!
  • The IV forms a significant portion of the seed
    for the RC4 algorithm!

15
CRC algorithm
  • The CRC is a linear function
  • First-order polynomial ymxb
  • Key property when b is 0 f(xy) f(x) f(y)
  • The CRC is an unkeyed function

16
RC4 cipher
  • Some seeds are weaker than others
  • By extension, some IV values are weaker than
    others
  • Weak seeds more easily calculated keystreams

17
Defragmentation
  • Not necessarily a weakness
  • Part of 802.11 standard
  • Affects WPA and WPA2 encryption as well

18
What are some potential attacks on a WEP network?
19
First, you know more about the plaintext than you
think you know
  • With 802.11, you know the first eight bytes of a
    packet
  • Many IP services have packets of fixed lengths
  • Most WLAN IP addresses follow common conventions.
  • Many IP behaviors have predictable responses

20
Message modification
  • Takes advantage of CRCs linearity and unkeyed
    nature.
  • C is the original cybertext
  • c is the CRC-32 function
  • ? is the change in the message
  • Need to know some of the plaintext, but not all!

21
Message injection
  • Takes advantage of CRCs unkeyed nature and IV
    reuse.
  • C is the original cybertext
  • P is the original plaintext
  • RC4(v,k) is the keystream for IV v
  • M is the new message
  • c is the CRC-32 function
  • Need to know all of the plaintext

22
Authentication spoofing
  • Takes advantage of IV reuse
  • Takes advantage of WEP challenge mechanism for
    new mobile stations
  • Access point sends unencrypted 128-bit value
  • Mobile station returns the same value encrypted
  • Monitor the exchange and
  • Learn an IV-keystream pair
  • Authenticate on the mobile network

23
Fragmentation attack
  • Takes advantage of defragmentation and IV reuse
  • Takes advantage of knowledge of plaintext of at
    least first eight bytes of 802.11 data
  • Each data includes 4 bytes of checksum
  • An 802.11 frame can be divided into 16 segments
  • The access point will defragment the frame before
    forwarding, allowing the transmission of 16
    (known bytes of keystream 4 bytes) of data

24
Full keystream recovery using fragmentation
  • Send a 64-byte frame to a broadcast address in 16
    segments
  • Eavesdrop the defragmented 68-byte frame
  • Send a 1024-byte frame to a broadcast address in
    16 segments
  • Eavesdrop the defragmented 1028-byte frame
  • Send a 1496-byte frame to a broadcast address in
    2 segments
  • Eavesdrop the defragmented 1500-byte frame

25
IP redirection
  • Takes advantage of defragmentation
  • Eavesdrop encrypted frame
  • Build encrypted IP header with the desired
    destination IP address
  • Configure the 802.11 headers for segmented
    transmission
  • Send frames
  • Receive unencrypted data at Internet-connected
    computer

26
So how easy do these techniques make a WEP
network to compromise?
27
Answer Darn easy
  • Attacks greatly aided by automated tools
  • Authors of The Final Nail in WEPs Coffin broke
    40-bit key in under 15 minutes and 104-bit key in
    under 80 minutes
  • FBI agents demonstrated it in 3 minutes in 2005
  • http//www.informationweek.com/management/complian
    ce/160502612
  • Usually it takes five to ten minutes

28
Countermeasures
  • DONT USE WEP!
  • Use WPA or WPA2 with a strong key
  • Change the default settings on your wireless
    router
  • Use VPN
Write a Comment
User Comments (0)
About PowerShow.com