無線網路安全WEP

Requirements of Network Security

Information Security Confidentiality Integrity Availability Non-repudiation

Attack defense Passive Attack Active Attack

Passive Attack

Release of message contents, Traffic analysis

Active Attack(1/4)

Masquerade

Active Attack(2/4)

Replay

Active Attack(3/4)

Modification of Messages

Active Attack(4/4)

Denial of Service

The Defense

Cryptography system Symmetry key (shared key) Asymmetric key (public key)

Issue: Key distribution

Plaintex

t

Plaintex

t

Encryption

Algorithm

Encryption

Algorithm

Ciphertext

Ciphertext

Decryption

Algorithm

Decryption

Algorithm

Plaintex

t

Plaintex

t

(original)

Encryption key Decryption key

(open) (open)

(secret) (secret)

Symmetric-Key Systems

DES (Data Encryption Standard)

•A block cipher with a 56-bit key.•Has been one of the most widely used encryption algorithms•Too weak today because of the computing power of current CPU.

Triple-DES (or 3DES) A enhanced version of DES with increased key length.

IDEA(International Data Encryption Algorithm)

Encrypting data faster and more secure than DES. (128-bit)

BlowfishA compact and simple block cipher with a variable-length key of up to 448 bits.

RC2 (Rivest cipher no. 2)

A block cipher with a variable-length key of up to 2048 bits. The details of the algorithm used have not been officially published.

RC4 (Rivest cipher no. 4)

A stream cipher with a variable-length key of up to 2048 bits.

AES (Advanced Encryption Standard)

One of the most popular algorithms used in symmetric-key system

Asymmetric-Key Systems

RSA (named after its creators–Rivest, Shamir and Adleman)

•Based on the problem of factoring large integers•Advances in the mathematical methods will affect the algorithm's vulnerability.

DSS (Digital Signature Standard)

Developed by the US National Security Agency (NSA). Can be used only for digital signatures and not for encryption or key distribution.

The Attack - Cryptanalysis

Ciphertext only Brute-force

Known plaintext has a sample of plaintext and a corresponding

sample of ciphertext deduce the encryption key for decrypt other portion

of ciphertext Chosen text

select particular blocks of plaintext to yield more information about the key

The Defense - Integrity Modification attack may occur in a series of related

cipher blocks Data integrity is broken

Message Digest Fixed-length hash value dependent on original data Requirement: difficulty to deduce the original data

(one-way hash)

MD5Takes any arbitrary length input string and produces a fixed 128-bit value.

SHA (secure hash algorithm)

Similar to MD5 but produces a 160-bit hash value so is more resistant to brute force attacks1.

The Defense - Freshness

For replay attack Timestamp

the message and the time stamp need to be bound together in some way

Sequence number Useless in connectionless packet-switched network

Nonce an unpredictable value in a challenge–response

sequence

The Defense - Freshness

The Defense - Authentication

To provide some assurance about the source of a message

Challenge–Response protocol using public key on message digest Digital Signature

To assure that the public key is really belong to its owner Digital Certificate Third-party certification authority is required

Digital Certificate

Subject’s identity (e.g. name, address, …)

Subject’s public key

Serial number of certificate

Validity dates(e.g. issue date, expiry date)

Certification authority’s identity

Certificationauthority’s digital signature

Typical Digital Signature

Attacks on Wireless Networks

Eavesdropping Communication Jamming Denial of Service, DoS Man-In-The-Middle attack

Attacks on Wireless Networks

Network attacks

Passive attack Active attack

Wiretapping Communication analysis

Camouflage Replay Message tampering

Service denial

Attacks on Wireless Networks

Eavesdropping In wireless network,

attacker can easily capture packet from air-interface.

For packets with no encryption or weak encryption, attacker can analyze and crack them.

Cracker

Client Eavesdropping AP

Analyze and CrackData

Attacks on Wireless Networks

Communication Jamming In wireless network, the

signal could be interfered by others.

Use high power signal generator can interrupt the communication between MNs and AP

Attacks on Wireless Networks

Denial of service (DoS) Attacker use lots of packets to paralyze AP or

server Methods include:

ARP packet SYN flooding attack ICMP/UDP flooding attack Smurf ….

Attacks on Wireless Networks

SYN flooding attack ICMP flooding

attack UDP flooding attack

Attacker(Client)

SYN

Server

Attacker(Client)

SYN/ACK

Server

ACK

Attacker(Client)

B

Send “ping”message with B's destination

Echo Reply

Server

Attacker(Client)

B

Send UDP packet with B's destination

Echo Reply

A

Attacks on Wireless Networks

Smurf flood attack

Attacker(Client)

Send ICMP message with 192.168.1.255

Echo Reply

Server

Echo Reply Echo ReplyEcho Reply

192.168.1.1~192.168.1.254 computers

Attacks on Wireless Networks

Man In The Middle attack In 802.11 network, Man-in-the-Middle attack could be

the forgery AP.The AP attempts lead user to give him private information.

Client

Service AP

Forgery AP

Wire Equivalent Privacy

Properties

WWired EEquivalent PPrivacy Data encryption using shared WEP keys Original goal – Providing privacy similar to a wired

network Using RC4 cipher (stream cipher) Shared Key Authentication

Single key is shared by all users and access points Challenge-response

Manual key distribution

RC4 Cipher

00111011...

11100010...

00111011...

11100010...

11011001...

傳送端 接收端

加密過的資料原始資料 加密字串 加密字串 原始資料

XORXOR

WEP Data Processing40-bit

WEP Key訊框資料內容(Frame Body)

CRC

檢查碼(ICV)

RC4加密字串(Keystream)

Frame BodyIV header(4 bytes)

Frame header

FCS

未加密 已加密 未加密

ICV(4 bytes)

24-bit IV

64-bit RC4 Key

RC4 Algorithm

訊框資料內容(Frame Body)

XOR

WEP Data Processing

40-bit WEP key must be manually prepared Setup manually in the configuration of the AP and

the stations Totally, 4 keys can be setup but only one of them can

be selected for encryption Key is shared among all members

24-bit Initial Vector (IV) is randomly generated Transmitted in plaintext

32-bit ICV = 32-bit CRC of the frame body

RC4 Algorithm

stream cipher symmetric key

Use two array, state and key

1. 256-byte state table.State[256]=[ 0 .. 255 ]

2. It has the capability of using keys between 1

and 2048 bits.Key[1..2048] = [ ……. ]

Hint. WEP use 40 bits

RC4 Algorithm

* Two phases Key Setup

1. f = ( f + Si + Kg ) mod 2562. Swapping Si with Sf

Ciphering ( XOR)1. i = ( i + 1 ) mod 4 , and f = ( f + Si ) mod 2562. Swaping Si with Sf

3. t = ( Si + Sf ) mod 256Random byte St

Key Setup Example

Iteration 1:i=0, f=0, g=0S[ ]=[ S0, S1, S2, S3 ] = [ 0, 1, 2, 3 ]K[ ]=[ K0, K1 ] = [ 2, 5 ]

Because f=(f + S0 + K0)mod 4=2, then swap S0 with S2

New array S[ ]=[ S0, S1, S2, S3 ] = [ 2, 1, 0, 3 ]i= i +1 = 1g =(g+1)mod 2 = 1

Key Setup Example

Iteration 2:i=1, f=2, g=1S[ ]=[ S0, S1, S2, S3 ] = [ 2, 1, 0, 3 ]K[ ]=[ K0, K1 ] = [ 2, 5 ]

Because f=(f + S1 + K1)mod 4=0, then swap S1 with S0

New array S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 0, 3 ]i = i +1 = 2g =(g+1)mod 2 = 0

Key Setup Example

Iteration 3:i=2, f=0, g=0S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 0, 3 ]K[ ]=[ K0, K1 ] = [ 2, 5 ]

Because f=(f + S2 + K0)mod 4=2, then swap S2 with S2

New array S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 0, 3 ]i = i +1 = 3g =(g+1)mod 2 = 1

Key Setup Example

Iteration 4:i=3, f=2, g=1

S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 0, 3 ]

K[ ]=[ K0, K1 ] = [ 2, 5 ]

Because f=(f + S3 + K1)mod 4=2, then swap S3 with S2

New array S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 3, 0 ]

Ciphering Example

“H” :i=0, f=0S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 3, 0 ]

Because i = ( i + 1 )mod 4 = 1f =( f + S1)mod 4 = 2, then swap S1 with S2

New array S[ ]=[ S0, S1, S2, S3 ] = [ 1, 3, 2, 0 ]

t = ( S1 + S2 )mod 4 = 1S1 = 3 ( 0000 0011 )

H0100 1000

XOR 0000 00110100 1011

Ciphering Example

“I” :i=1, f=2

S[ ]=[ S0, S1, S2, S3 ] = [ 1, 3, 2, 0 ]

Because i = ( i + 1 )mod 4 = 2f =( f + S2)mod 4 = 0, then swap S2 with S0

New array S[ ]=[ S0, S1, S2, S3 ] = [ 2, 3, 1, 0 ]

t = ( S2 + S0 )mod 4 = 3

S3 = 0 ( 0000 0000 )

I

0100 1001

XOR 0000 0000

0100 1001

Ciphering Example

Result Plaintext : 0100 1000 0100 1001

Cipher : 0100 1011 0100 1001

Weakness Key Management

WEP uses static (keys are not changed dynamically)master keys easy to crack.

Since all users use same WEP key, difficult to change the key.

The IV value is too short. IV+WEP key Weak key attacks (FMS attack).

Reconstruct the key from a number of collected encrypted messages

Weak keys in RC4 algorithm No effective detection of message integrity

Modifying the contents of a frame without changing the ICV

no protection against message replay.