Upload
buddy-wright
View
231
Download
0
Embed Size (px)
Citation preview
無線網路安全WEP
Requirements of Network Security
Information Security Confidentiality Integrity Availability Non-repudiation
Attack defense Passive Attack Active Attack
Passive Attack
Release of message contents, Traffic analysis
Active Attack(1/4)
Masquerade
Active Attack(2/4)
Replay
Active Attack(3/4)
Modification of Messages
Active Attack(4/4)
Denial of Service
The Defense
Cryptography system Symmetry key (shared key) Asymmetric key (public key)
Issue: Key distribution
Plaintex
t
Plaintex
t
Encryption
Algorithm
Encryption
Algorithm
Ciphertext
Ciphertext
Decryption
Algorithm
Decryption
Algorithm
Plaintex
t
Plaintex
t
(original)
Encryption key Decryption key
(open) (open)
(secret) (secret)
Symmetric-Key Systems
DES (Data Encryption Standard)
•A block cipher with a 56-bit key.•Has been one of the most widely used encryption algorithms•Too weak today because of the computing power of current CPU.
Triple-DES (or 3DES) A enhanced version of DES with increased key length.
IDEA(International Data Encryption Algorithm)
Encrypting data faster and more secure than DES. (128-bit)
BlowfishA compact and simple block cipher with a variable-length key of up to 448 bits.
RC2 (Rivest cipher no. 2)
A block cipher with a variable-length key of up to 2048 bits. The details of the algorithm used have not been officially published.
RC4 (Rivest cipher no. 4)
A stream cipher with a variable-length key of up to 2048 bits.
AES (Advanced Encryption Standard)
One of the most popular algorithms used in symmetric-key system
Asymmetric-Key Systems
RSA (named after its creators–Rivest, Shamir and Adleman)
•Based on the problem of factoring large integers•Advances in the mathematical methods will affect the algorithm's vulnerability.
DSS (Digital Signature Standard)
Developed by the US National Security Agency (NSA). Can be used only for digital signatures and not for encryption or key distribution.
The Attack - Cryptanalysis
Ciphertext only Brute-force
Known plaintext has a sample of plaintext and a corresponding
sample of ciphertext deduce the encryption key for decrypt other portion
of ciphertext Chosen text
select particular blocks of plaintext to yield more information about the key
The Defense - Integrity Modification attack may occur in a series of related
cipher blocks Data integrity is broken
Message Digest Fixed-length hash value dependent on original data Requirement: difficulty to deduce the original data
(one-way hash)
MD5Takes any arbitrary length input string and produces a fixed 128-bit value.
SHA (secure hash algorithm)
Similar to MD5 but produces a 160-bit hash value so is more resistant to brute force attacks1.
The Defense - Freshness
For replay attack Timestamp
the message and the time stamp need to be bound together in some way
Sequence number Useless in connectionless packet-switched network
Nonce an unpredictable value in a challenge–response
sequence
The Defense - Freshness
The Defense - Authentication
To provide some assurance about the source of a message
Challenge–Response protocol using public key on message digest Digital Signature
To assure that the public key is really belong to its owner Digital Certificate Third-party certification authority is required
Digital Certificate
Subject’s identity (e.g. name, address, …)
Subject’s public key
Serial number of certificate
Validity dates(e.g. issue date, expiry date)
Certification authority’s identity
Certificationauthority’s digital signature
Typical Digital Signature
Attacks on Wireless Networks
Eavesdropping Communication Jamming Denial of Service, DoS Man-In-The-Middle attack
Attacks on Wireless Networks
Network attacks
Passive attack Active attack
Wiretapping Communication analysis
Camouflage Replay Message tampering
Service denial
Attacks on Wireless Networks
Eavesdropping In wireless network,
attacker can easily capture packet from air-interface.
For packets with no encryption or weak encryption, attacker can analyze and crack them.
Cracker
Client Eavesdropping AP
Analyze and CrackData
Attacks on Wireless Networks
Communication Jamming In wireless network, the
signal could be interfered by others.
Use high power signal generator can interrupt the communication between MNs and AP
Attacks on Wireless Networks
Denial of service (DoS) Attacker use lots of packets to paralyze AP or
server Methods include:
ARP packet SYN flooding attack ICMP/UDP flooding attack Smurf ….
Attacks on Wireless Networks
SYN flooding attack ICMP flooding
attack UDP flooding attack
Attacker(Client)
SYN
Server
Attacker(Client)
SYN/ACK
Server
ACK
Attacker(Client)
B
Send “ping”message with B's destination
Echo Reply
Server
Attacker(Client)
B
Send UDP packet with B's destination
Echo Reply
A
Attacks on Wireless Networks
Smurf flood attack
Attacker(Client)
Send ICMP message with 192.168.1.255
Echo Reply
Server
Echo Reply Echo ReplyEcho Reply
192.168.1.1~192.168.1.254 computers
Attacks on Wireless Networks
Man In The Middle attack In 802.11 network, Man-in-the-Middle attack could be
the forgery AP.The AP attempts lead user to give him private information.
Client
Service AP
Forgery AP
Wire Equivalent Privacy
Properties
WWired EEquivalent PPrivacy Data encryption using shared WEP keys Original goal – Providing privacy similar to a wired
network Using RC4 cipher (stream cipher) Shared Key Authentication
Single key is shared by all users and access points Challenge-response
Manual key distribution
RC4 Cipher
00111011...
11100010...
00111011...
11100010...
11011001...
傳送端 接收端
加密過的資料原始資料 加密字串 加密字串 原始資料
XORXOR
WEP Data Processing40-bit
WEP Key訊框資料內容(Frame Body)
CRC
檢查碼(ICV)
RC4加密字串(Keystream)
Frame BodyIV header(4 bytes)
Frame header
FCS
未加密 已加密 未加密
ICV(4 bytes)
24-bit IV
64-bit RC4 Key
RC4 Algorithm
訊框資料內容(Frame Body)
XOR
WEP Data Processing
40-bit WEP key must be manually prepared Setup manually in the configuration of the AP and
the stations Totally, 4 keys can be setup but only one of them can
be selected for encryption Key is shared among all members
24-bit Initial Vector (IV) is randomly generated Transmitted in plaintext
32-bit ICV = 32-bit CRC of the frame body
RC4 Algorithm
stream cipher symmetric key
Use two array, state and key
1. 256-byte state table.State[256]=[ 0 .. 255 ]
2. It has the capability of using keys between 1
and 2048 bits.Key[1..2048] = [ ……. ]
Hint. WEP use 40 bits
RC4 Algorithm
* Two phases Key Setup
1. f = ( f + Si + Kg ) mod 2562. Swapping Si with Sf
Ciphering ( XOR)1. i = ( i + 1 ) mod 4 , and f = ( f + Si ) mod 2562. Swaping Si with Sf
3. t = ( Si + Sf ) mod 256Random byte St
Key Setup Example
Iteration 1:i=0, f=0, g=0S[ ]=[ S0, S1, S2, S3 ] = [ 0, 1, 2, 3 ]K[ ]=[ K0, K1 ] = [ 2, 5 ]
Because f=(f + S0 + K0)mod 4=2, then swap S0 with S2
New array S[ ]=[ S0, S1, S2, S3 ] = [ 2, 1, 0, 3 ]i= i +1 = 1g =(g+1)mod 2 = 1
Key Setup Example
Iteration 2:i=1, f=2, g=1S[ ]=[ S0, S1, S2, S3 ] = [ 2, 1, 0, 3 ]K[ ]=[ K0, K1 ] = [ 2, 5 ]
Because f=(f + S1 + K1)mod 4=0, then swap S1 with S0
New array S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 0, 3 ]i = i +1 = 2g =(g+1)mod 2 = 0
Key Setup Example
Iteration 3:i=2, f=0, g=0S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 0, 3 ]K[ ]=[ K0, K1 ] = [ 2, 5 ]
Because f=(f + S2 + K0)mod 4=2, then swap S2 with S2
New array S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 0, 3 ]i = i +1 = 3g =(g+1)mod 2 = 1
Key Setup Example
Iteration 4:i=3, f=2, g=1
S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 0, 3 ]
K[ ]=[ K0, K1 ] = [ 2, 5 ]
Because f=(f + S3 + K1)mod 4=2, then swap S3 with S2
New array S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 3, 0 ]
Ciphering Example
“H” :i=0, f=0S[ ]=[ S0, S1, S2, S3 ] = [ 1, 2, 3, 0 ]
Because i = ( i + 1 )mod 4 = 1f =( f + S1)mod 4 = 2, then swap S1 with S2
New array S[ ]=[ S0, S1, S2, S3 ] = [ 1, 3, 2, 0 ]
t = ( S1 + S2 )mod 4 = 1S1 = 3 ( 0000 0011 )
H0100 1000
XOR 0000 00110100 1011
Ciphering Example
“I” :i=1, f=2
S[ ]=[ S0, S1, S2, S3 ] = [ 1, 3, 2, 0 ]
Because i = ( i + 1 )mod 4 = 2f =( f + S2)mod 4 = 0, then swap S2 with S0
New array S[ ]=[ S0, S1, S2, S3 ] = [ 2, 3, 1, 0 ]
t = ( S2 + S0 )mod 4 = 3
S3 = 0 ( 0000 0000 )
I
0100 1001
XOR 0000 0000
0100 1001
Ciphering Example
Result Plaintext : 0100 1000 0100 1001
Cipher : 0100 1011 0100 1001
Weakness Key Management
WEP uses static (keys are not changed dynamically)master keys easy to crack.
Since all users use same WEP key, difficult to change the key.
The IV value is too short. IV+WEP key Weak key attacks (FMS attack).
Reconstruct the key from a number of collected encrypted messages
Weak keys in RC4 algorithm No effective detection of message integrity
Modifying the contents of a frame without changing the ICV
no protection against message replay.