Vulnerabilities in WEP Christopher Hoffman Cryptography 2 2011-3

Similar documents
Wireless Security. Jason Bonde ABSTRACT. 2. BACKGROUND In this section we will define the key concepts used later in the paper.

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Wired Equivalent Privacy (WEP) versus Wi-Fi Protected Access (WPA)

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)

WI-FI SECURITY: A LITERATURE REVIEW OF SECURITY IN WIRELESS NETWORK

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

Chapter 6 CDMA/802.11i

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

2. WLAN SECURITY MECHANISMS AND PROTOCOLS 1. INTRODUCTION

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks

Cryptanalysis of IEEE i TKIP

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

CS549: Cryptography and Network Security

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Wireless security. Any station within range of the RF receives data Two security mechanism

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

WPA Migration Mode: WEP is back to haunt you...

CSC574: Computer and Network Security

CS 356 Lecture 29 Wireless Security. Spring 2013

Advanced Security Issues in Wireless Networks

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

Self Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis:

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

UNIK4250 Security in Distributed Systems University of Oslo Spring Part 7 Wireless Network Security

SSI. Commons Wireless Protocols WEP and WPA2. Bertil Maria Pires Marques. Dez Dez

New Avatars of Honeypot Attacks on WiFi Networks

Security in IEEE WLANs

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

How To Secure Wireless Networks

A New Secure Strategy for Small-Scale IEEE Wireless Local Area Networ

WLAN Authentication and Data Privacy

Tutorial 3. June 8, 2015

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Attacks against the WiFi protocols WEP and WPA

The Importance of Wireless Security

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.

Applying of Security Mechanisms to Low Layers of OSI/ISO Network Model

WIRELESS NETWORKING SECURITY

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

Wireless Networks. Welcome to Wireless

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Recommended Wireless Local Area Network Architecture

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Network Access Security. Lesson 10

Wireless Encryption Protection

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

Wireless LAN Security Mechanisms

A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES

The Misuse of RC4 in Microsoft Word and Excel

Basic Security. Security Service. Authentication. Privacy. Authentication. Data privacy & Data integrity

Chapter 2 Wireless Networking Basics

Configure WorkGroup Bridge on the WAP131 Access Point

Authentication in WLAN

How To Secure A Wireless Network With A Wireless Device (Mb8000)

CCMP known-plain-text attack

Lecture 2 Secure Wireless LAN

The next generation of knowledge and expertise Wireless Security Basics

CCMP Advanced Encryption Standard Cipher For Wireless Local Area Network (IEEE i): A Comparison with DES and RSA

chap18.wireless Network Security

Security in Wireless and Mobile Networks

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN

Topics in Network Security

WiFi Security Assessments

Huawei WLAN Authentication and Encryption

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Internetwork Security

How To Get A Power Station To Work With A Power Generator Without A Substation

Wireless LAN Security I: WEP Overview and Tools

ALL Mbits Powerline WLAN N Access Point. User s Manual

Virtual Private Networks

WIRELESS SECURITY IN (WI-FI ) NETWORKS

Wireless Security for Mobile Computers

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

A Literature Review of Security Threats to Wireless Networks

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Wireless Security with Cyberoam

Transcription:

Vulnerabilities in WEP Christopher Hoffman Cryptography 2 2011-3 1. Abstract Wired Equivalent Privacy (WEP) was the first encryption scheme used for protecting wireless traffic. It consisted of a private key algorithm that used an initialization vector and RC4 stream cipher. WEP has since been proven inadequate to protect traffic due to the ease of breaking the key. Key breaking attacks are possible due to the short IV used and given in plaintext, insecurities in the RC4 stream cipher, and predictable nature of the CRC32 check sum. In addition to the attacks outlined by Alex Blank[1], there are three others, each building off the previous. These are Klein's algorithm, PTW, and a process developed by Beck and Tews. 2. Introduction Since the advent of wireless networking, security has been a concern, the nature of the communication allowed it to be received by many without WiFi did not have a built in security protocol leaving traffic open to any attacker. This vulnerability was of great concern so IEEE started implementing security protocols for 802.11 traffic. The initial security protocol was called wired equivalent privacy(wep) which appeared in 1999 [2,3]. When this was found insecure, WPA was implemented to improve the WEP standard by providing a software wrapper. Since this protocol worked off the WEP protocol, it was still vulnerable to the same types of attacks. To address the vulnerabilities, WPA-2 was built with security in mind. 3. Wireless Security 3.1 WEP Wired equivalent privacy was the first security implementation from IEEE which appeared in 1999 [2,3]. The original protocol used a 40 bit root key which was expanded to 104 bit for a higher level of security. Each packet had an initialization vector (IV) which was a 3 byte value which was used in two places. It was mainly used as a sequence number for the packet which was in plain text. It was also used as the first 3 bytes of the key to create either a 64 or 128 bit key. This is dangerous because part of the key for the RC4 cipher is known.

Figure 1: WEP encryption process[8]. WEP also used a CRC32 hash for data integrity. This algorithm has also been proven insecure and is used for some other types of attacks. 3.2 WPA In 2003, IEEE released WiFi protected access (WPA) encryption, also called Temporal Key Integrity Protocol (TKIP) because it improved the new integrity code using Michael and a rekeying mechanism [2,3]. The rekeying mechanism created a more secure protocol because the key was changed on a regular basis. Using this method, less information can be obtained because there is less collision of keys which could be exploited. WPA also included counter measures to prevent replay and forgery attacks. If these attacks were detected, it would shut the channel down for a certain amount of time and require a new key to reactivate communication. 3.3 WPA-2 Shortly after, WPA-2 was released in 2004 [2,3]. Its security was greatly improved using AES encryption instead of the RC4 cipher the previous implementations used. It can have two different modes of operation, home and corporate. In home use there is one key for all users, this is also called Pre-Shared Key(PSK). In corporate mode, each user will have a unique set of credentials and requires an authentication server. 4. Vulnerabilities 4.1 RC4 Cipher WEP uses an RC4 cipher for the encryption keystream[4,5]. The RC4 algorithm has two steps to get to the keystream, the key scheduling algorithm then the pseudo-random number generator. The two algorithms are shown below.

Figure 2: Key scheduling algorithm of RC4[4]. 4.2 Klein s Algorithm Klein s algorithm attempts to exploit vulnerabilities of RC4 [4,5]. This is largely possible since the first 3 bytes of the RC4 key are known because it is the IV which is plaintext in the packet. To break the key, many packets are needed. It is easier if there is a WEP oracle that takes plain text and returns cipher text. This can then be XORed to obtain the keystream which is used to break the key. The main algorithm used is: Figure 3: Pseudo-random number generator of RC4[4]. This will generate the i th value of the key with 1.36/256 0.5% accuracy. After running the algorithm on many packets, some guessed values will appear more frequently. The more frequent values have a higher probability of being the correct key value although not always. If a value is determined to be incorrect, the algorithm needs to be re-run for all index > i using the new key value. To be 50% certain that the correct key is found, 43,000 packets are needed. To be 95% certain the correct key is found, 70,000 packets are needed. 4.3 PTW PTW, developed by Pishkyn, Tews, and Weinmann, used the core of Klein s algorithm but voted on keys independently using an alternate key voting technique [4,6,7]. Instead of voting on a specific K[i], voting is on σ i which is. Although this gives up the simplicity of Klein s algorithm, it is more efficient when key bytes need to be recalculated. In Klein s there was potential for thousands of recalculations while in PTW, at most 12 subtractions need to take place to rebuild the new key guess.

The equations used for PTW are: The first line is the relation of j values, an internal variable in the cipher. The second line is when the line 1 is inserted into the equation from Klein s. Line 3 is the generation of σ i instead of the root key value. The last line is how the key gets calculated from the σ values. For a 50% success rate, 35,000 packets are needed. For at 95% success rate, 55,000 packets are needed. 4.4 Advanced PTW Beck and Tews developed a more efficient key breaking algorithm[6]. It takes steps from both the PTW attack and the KoreK attack. KoreK is an efficient algorithm that makes many correlations in the keystream but has the disadvantage that it cannot use all the packets it receives, they need to be configured a certain way. When PTW and KoreK are used together a much more efficient method is created. In this case, they altered the correlations in KoreK to vote for σ i instead of Rk[i]. This allows a 50% certainty after only 24,200 packets 5. Conclusion WEP is a very insecure protocol due to vulnerabilities in the RC4 cipher, CRC32 integrity check, and the IV which is reusable after a short time span. This paper outlined three attacks based on the RC4 cipher. They use the plaintext IV to run the first few rounds of the cipher algorithm. Once the first few rounds are generated, the rest of the key can be built using the packet keystream. Even though each packet provides a guess value with very low certainty, using many packets, values can be voted on to gain a higher probability. These attacks show the importance of updating to more secure standards to ensure wireless privacy. 6. References [1] Blank, Alex. WEP Vulnerabilities and Attacks. http://www.cs.rit.edu/~adb3160/crypto2/ [2] Bulbul, Halil Ibrahim; Batmaz, Ihsan; Ozel, Mesut. 2008. Wireless Network Security: Somparison of WEP (Wired Equivalent Privacy) Mechanism, WPA (Wi-Fi Protected Access) and RSN (Robust Security Network) security protocols. In Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications,

information, and multimedia and workshop (e-forensics '08). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), ICST, Brussels, Belgium, Belgium,, Article 9, 6 pages. [3] Lashkari, A.H.; Danesh, M.M.S.; Samadi, B.;, "A Survey on Wireless Security Protocols (WEP, WPA and WPA2/802.11i)," Computer Science and Information Technology, 2009. ICCSIT 2009. 2nd IEEE International Conference on, vol., no., pp.48-52, 8-11 Aug. 2009 [4] Stolbunov, Anton. Klein s and PTW Attacks on WEP. NTNU, Department of Telematics. Sept 7, 2009. [5] Tews, Erik. Attacks on the WEP Protocol. Cryptology eprint Archive, Report 2007/471, 2007. http://eprint.iacr.org/. [6] Tews, Erik; Beck, Martin. 2009. Practical Attacks Against WEP and WPA. In Proceedings of the second ACM conference on Wireless network security (WiSec '09). ACM, New York, NY, USA, 79-86. DOI=10.1145/1514274.1514286 http://doi.acm.org/10.1145/1514274.1514286 [7] Tews, Erik; Weinmann, Ralf-Philipp; Pyshkin, Andrei. Breaking 104 bit WEP in Less than 60 Seconds. Cryptology eprint Archive, Report 2007/120, 2007. http://eprint.iacr.org/. [8] Wired Equivalent Privacy (WEP). VOCAL Technologies, Ltd. 2012. http://www.vocal.com/security/wep.html

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information