CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1
Notice This lecture note (Cryptography and Network Security) is prepared by Xiang-Yang Li. This lecture note has benefited from numerous textbooks and online materials. Especially the Cryptography and Network Security 2 nd edition by William Stallings and the Cryptography: Theory and Practice by Douglas Stinson. You may not modify, publish, or sell, reproduce, create derivative works from, distribute, perform, display, or in any way exploit any of the content, in whole or in part, except as otherwise expressly permitted by the author. The author has used his best efforts in preparing this lecture note. The author makes no warranty of any kind, expressed or implied, with regard to the programs, protocols contained in this lecture note. The author shall not be liable in any event for incidental or consequential damages in connection with, or arising out of, the furnishing, performance, or use of these. Cryptography and Network Security 2
Cryptography & Network Security Wireless LAN Security Road to 802.11i Xiangyang Li Cryptography and Network Security 3
Contents Introduction Problem: 802.11b Not Secure! Wired Equivalent Privacy WEP Types of Attacks 802.11b Proposed Solutions 802.1X Wi-Fi Protected Access (WPA) 802.11i: The Solution Conclusion Cryptography and Network Security 4
Introduction Popular in offices, homes and public spaces (airport, coffee shop) Most popular: 802.11b Example: Yahoo! DSL Wireless Kit Theoretical max @ 11Mbps Operate at 2.4GHz band DSSS/FSSS modulation similar to CDMA phones Cryptography and Network Security 5
Introduction Standards: IEEE 802.11 Series 802.11b 11Mbps @ 2.4GHz 802.11a 54Mbps @ 5.7GHz band 802.11g 54Mbps @ 2.4GHz band 802.1X security add-on 802.11i high security Cryptography and Network Security 6
Problem: 802.11b Not Secure! No inherent security Wired Wireless media change was the objective Wired Equivalent Privacy (WEP) The only security built into 802.11 Uses RC4 Stream Cipher in a bad way Vulnerable to several types of attacks Sometimes not even turned ON Cryptography and Network Security 7
Wired Equivalent Privacy WEP RC4 stream cipher Designed by Ron Rivest for RSA Security Very simple Initialization Vector (IV) Shared Key The issue is in the way RC4 is used IV (24 bits) reuse and fixed key Early versions used 40-bit key 128-bit mode effectively uses 104 bits Cryptography and Network Security 8
Wired Equivalent Privacy WEP RC4 Key Stream Encryption (source: http://mason.gmu.edu/~gharm/wireless.html) Cryptography and Network Security 9
Types of Attacks Attacks Confidentiality Integrity Availability Cryptography and Network Security 10
Types of Attacks Attacks on Confidentiality Traffic Analysis Passive Eavesdropping Very easy to do Active Eavesdropping Unauthorized Access Cryptography and Network Security 11
Types of Attacks Attacks on Confidentiality and/or Integrity Man-In-The-Middle Attacks on Integrity Session Hijacking Replay Attacks on Availability Denial of Service Cryptography and Network Security 12
802.11b Proposed Solutions Virtual Private Network Closed Network Through the use of SSID Ethernet MAC address control lists Replace RC4 with block cipher Don t reuse IV Automatic Key Assignment Cryptography and Network Security 13
802.1X: Interim Solution Port-based authentication Not specific to wireless networks Authentication servers RADIUS Client authentication EAP Cryptography and Network Security 14
802.1X Problems 802.1X still has problems Extensible Authentication Protocol (EAP) One-way authentication Attacks Man-in-Middle Session Hijacking Cryptography and Network Security 15
802.1X Proposed Solutions Per-packet authenticity and integrity Lots of overhead Authenticity and integrity of EAPOL messages Two-way authentication Cryptography and Network Security 16
Wi-Fi Protected Access (WPA) Addresses issues with WEP Key management TKIP Key expansion Message Integrity Check Software upgrade only Compatible with 802.1X Compatible with 802.11i Cryptography and Network Security 17
802.11i Finalized: June, 2004 Robust Security Network Wi-Fi Alliance: WPA2 Improvements made Authentication enhanced Key Management created Data Transfer security enhanced Cryptography and Network Security 18
802.11i - Authentication Authentication Server Two-way authentication Prevents man-in-the-middle attacks Master Key (MK) Pairwise Master Key (PMK) Cryptography and Network Security 19
802.11i Key Management Key Types Pairwise Transient Key Key Confirmation Key Key Encryption Key Group Transient Key Temporal Key Cryptography and Network Security 20
802.11i Key Management Source: http://csrc.nist.gov/wireless/s10_802.11i%20overview-jw1.pdf Cryptography and Network Security 21
802.11i Data Transfer CCMP Long term solution mandatory for 802.11i compliance WRAP TKIP Latest AES encryption Requires hardware upgrades Provided for early vendor support Carried over from WPA Cryptography and Network Security 22
802.11i Additional Enhancements Pre-authentication Roaming clients Client Validation Password-to-key mappings Random number generation Cryptography and Network Security 23
Conclusion Basic 802.11b (with WEP) Massive security holes Easily attacked 802.1X Good interim solution Allows use of existing hardware Can still be attacked Cryptography and Network Security 24
Conclusion Wi-Fi Protected Access Allows use of existing hardware Compatible with 802.1X Compatible with 802.11i 802.11i May require hardware upgrades Very secure Nothing is ever guaranteed Cryptography and Network Security 25