CSC-682 Advanced Computer Security - PowerPoint PPT Presentation

About This Presentation
Title:

CSC-682 Advanced Computer Security

Description:

CSC-682 Advanced Computer Security Attacks on wireless networks using WEP encryption presented by : Pompi Rotaru Wireless technology IEEE 802 ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 20
Provided by: nku99
Category:

less

Transcript and Presenter's Notes

Title: CSC-682 Advanced Computer Security


1
CSC-682 Advanced
Computer Security
  • Attacks
  • on wireless networks
  • using WEP encryption

presented by Pompi Rotaru
2
Wireless technology
  • IEEE 802.11 a/b/g/n is the set of standards for
    W-LAN
  • Wireless technology has been on the rise in
    recent years
  • An individual can sit outside the building and
    connect to an unprotected wireless network
  • Preserving privacy and integrity of wireless
    communications becomes an important objective of
    the network security team
  • Basic service set
  • infrastructure mode
    independent (ad-hoc) mode

3
WEP
  • Wired Equivalent Privacy (WEP) is most common
    mechanism for protection
  • Encryption with 40-bit key (aka 64-bit
    encryption)
  • Encryption with 104-bit key (aka "128-bit
    encryption)
  • Uses as the most common encryption algorithm the
    RC4 algorithm.

4
History of WEP
  • 1997 Release of the first final version of IEEE
    802.11
  • 2001 WEP broken by Fluhrer, Mantin, and Shamir
  • 2004 WEP broken again by KoreK
  • 2005 WEP broken again by KoreK again (chopchop
    attack)
  • 2005 WEP broken again by Bittau, fragmentation
    attack
  • 2007 WEP broken again by Pyshkin, Tews, Weinmann,
    with the help of Klein

5
RC4 algorithm description
  • Stream cipher designed by Ron Rivest in 1987
  • It works as a variable key-size stream cipher
    with byte-oriented operations
  • Key Scheduling Algorithm (KSA) - which turns a
    random key into a permutation by scrambling the
    bits
  • Pseudo-Random Generator Algorithm (PRGA) using
    swap operations for the previously permutation it
    generates pseudo-random numbers
  • X RC4(K)

6
How WEP encryption works
  • A 3 bytes initialization vector (IV) is chosen
  • A key stream X RC4(K) is generated from secret
    key K
  • A 32 bit long checksum called Integrity Check
    Value (ICV) is appended to the message to
    protect the integrity
  • The resulting plain text is encrypted making an
    XOR operation with the generated key stream
  • The unencrypted IV and the cipher-text are sent
    over the air

7
(No Transcript)
8
(No Transcript)
9
Types of WEP attacks
  • Depending on key
  • without recovering the WEP key
  • recovering the key
  • Depending on communication
  • static (no communication with AP)
  • dynamic (involves communication with AP)

10
General steps for attack
  • Setup equipment (laptop, directional antenna)
  • Find the target (airdump-ng, Kismet, NetStumbler)
  • Capture data from air (airmon-ng, airodump-ng)
  • Wait or make the target network busy
    (aireplay-ng)
  • Start cracking from captured data (aircrack-ng)

11
The brute force / dictionary attack
  • Power of the WEP relies in the difficulty of
    discovery of the secret key through a brute-force
    attack
  • Dictionary attack uses dictionary of keys, not
    all possible keys
  • Such attack requires less then a month for all
    keys
  • Steps
  • capture 2 WEP encrypted packets
  • try to decrypt it using the captured IV and a
    potential key
  • verify decrypted ICV (the CRC)
  • (optional) verify the key on the 2nd packet

12
The FMS attack
  • 2001 - Scott Fluhrer, Itsik Mantin and Adi Shamir
  • Static - with key recovery
  • RC4 weaknesses
  • The Invariance Weakness - existence of large
    classes of weak keys
  • The IV Weakness using IV attacker can
    rederive the secret part by analyzing the initial
    word
  • Finding the key ? use key-output correlation
    propagation of a weak key pattern into the
    outputs combined with biased distribution of bits
    in English text
  • Decision tree
  • Requires 9 millions packets (listen to traffic
    for 12 hours)

13
The KoreK attack
  • 2004 internet hacker KoreK
  • Static - with key recovery
  • Does not need weak IV
  • Uses 16 additional correlations between the first
    1 byte of an RC4 key, the first 2 bytes of the
    generated key stream, and the next keybyte
  • Same decision-tree based approach same as FMS
    attack
  • Requires 700000 packets

14
The KoreK chop-chop attack
  • 2005 same KoreK
  • Does not recover the key, it just reveals the
    message
  • Exploits an ICV vulnerability
  • Process of truncation of packets while keeping
    them still valid
  • Steps
  • capture one packet
  • truncate the last byte and try to guess one
    value for plaintext
  • correct the checksum and send packet to AP
  • if guess is correct the AP will reply
  • repeat until all bytes are decrypted

15
The Bittau attack
  • 2005 - Andrea Bittau, Mark Handley and Joshua
    Lackey
  • Fragmentation
  • Possible to send multiple fragments (16) using
    the same key stream
  • Each packet is encrypted independently at MAC
    layer
  • Steps
  • listen to traffic, eavesdrop one packet then
    recover 8 bytes of key stream
  • prepend an IP header to the eavesdropped packet
    and send to AP
  • AP will sent the clear text to a controlled
    internet host
  • Fragmentation is used to break 802.11s
    cryptography

16
The PTW attack
  • 2007 - Andrei Pyshkin, Erik Tews Ralf-Philipp
    Weinmann
  • They found a multibyte correlation between the
    first l bytes of an RC4 key, the generated
    keystream, and the next i bytes of the key.
  • Steps
  • captures packets and recovers their keystreams
    (FMS, KoreK)
  • evaluate the multibyte correlation function
    (Klein)
  • create decision tree for key and start voting
    (Rk0, Rk1, Rk2)
  • Requires 35000 . 40000 packets
  • Less then 60 seconds to crack a 104 bit WEP key

17
Protecting WEP
  • Increase the number of bytes used for encryption
    (protects against FMS attack)
  • Remove the weak IV - keystream re-use
    vulnerabilities
  • Prevent key re-use
  • Extensible Authentication Protocol (EAP) change
    often the WEP-key (not enough against Bittau
    attack)
  • Deploy Intrusion Detection Systems (IDS) to
    protect against injected traffic (really protects
    against PTW attack)
  • Companies sell hardware using modified versions
    of the WEP protocol claiming to be secure

18
Conclusions
  • WEP has a long history of vulnerabilities and
    fixes
  • WEP is a good example of how attacks evolve and
    mature over time
  • Attacks that a few years ago took days, now take
    minutes if the right tools are used
  • 2005 WEP is officially declared deprecated by
    IEEE 802.11 committee
  • 2008 WEP used by 30 of users in a US university
  • Today too many old networks, some using WEP
  • WEP must be abandoned once and for all, rather
    than patch it yet again !!!

19
Bibliography
  • http//www.drizzle.com/aboba/IEEE/rc4_ksaproc.pdf
  • http//dl.aircrack-ng.org/breakingwepandwpa.pdf
  • http//eprint.iacr.org/2007/120.pdf
  • http//tapir.cs.ucl.ac.uk/bittau-wep.pdf
  • http//www.netstumbler.org/showthread.php?t12489
  • http//www.netstumbler.org/showpost.php?p93942po
    stcount35
  •  
  • http//www.pisa.org.hk/event/live-wifi-attack-defe
    nse/WEP_cracking_demo.pdf
  • http//en.wikipedia.org/wiki/Fluhrer,_Mantin,_and_
    Shamir_attack
  • http//www.cc.gatech.edu/traynor/cs8803-f08/slide
    s/lecture13-wep2.pdf
  • http//www.rossbuffington.com/WEP_Insecurity.pdf
  • http//www.franken.de/uploads/media/WEP-Cracking.p
    df
  • http//www.quequero.org/How_To_Attack_a_WEP/WPA_Pr
    otected_Wireless_Network_(eng)
  • http//yawcu.sourceforge.net/documentation.pdf
  • http//eprint.iacr.org/2007/471.pdf
Write a Comment
User Comments (0)
About PowerShow.com