Tài liệu Lecture-07-security in 802.11-wep

Security in 802.11 – WEP Dr. Nguyen Tuan Nam [email protected] Why Is Security Important for a WLAN? Nguyen Tuan Nam/WNC 2010 2 Perimeter Perimeter of University Block illegal access/attack University AP Firewall Computer Server Computer Computer INTERNET Attacker Wireless Access Firewall Nguyen Tuan Nam/WNC 2010 3 Security of Wireless Networks •  All vulnerabilities exist in conventional wired network apply to wireless technologies •  Malicious entities may gain unauthorized access to an agency’s computer network through wireless connections, bypassing any firewall protections •  Airwave, the underlying communication medium, is open to intruders (vs. wired network) •  Sensitive information that is not encrypted may be intercepted and disclosed (shared medium) Nguyen Tuan Nam/WNC 2010 4 Security of Wireless Networks •  DoS attacks may be directed at wireless connections or devices (shared medium) •  Malicious entities may be able to violate the privacy of legitimate users –  Tracking movement Nguyen Tuan Nam/WNC 2010 5 Maintaining a Secure Wireless Network •  Maintain full understanding of the topology of wireless network •  Create backups of data frequently •  Perform periodic security testing and assessment of the wireless network •  Apply patches and security enhancements Nguyen Tuan Nam/WNC 2010 6 WEP (Wired Equivalent Privacy) •  Encryption used in access point mode •  Data Link Layer & Physical Layer •  64 bits to 128 bits (including 24 bit IVs) •  Supposed to be secured and encrypted all traffic between AP and wireless devices •  However, not secured •  Provide end-end security? Nguyen Tuan Nam/WNC 2010 7 Quiz – WEP Node D Node A FTP to Server C: Node D and B can see the password??? Account: root Node A TCP header IP header Password: p@sswd Node B FTP connection p@sswd TCP header Server C p@sswd MAC hdr IP header TCP header p@sswd MAC hdr IP header TCP header encrypted Nguyen Tuan Nam/WNC 2010 8 Basic Encryption •  Ceasar’s cipher •  XOR Nguyen Tuan Nam/WNC 2010 9 WEP •  Authentication –  Are only authorized persons allowed to gain access to my network? •  Confidentiality –  Are only authorized persons allowed to view my data? •  Integrity –  Is the data coming into or exiting the network trustworthy—has it been tampered with? Nguyen Tuan Nam/WNC 2010 10 Authentication •  Two means to validate wireless users –  Open system authentication –  Shared-key authentication Nguyen Tuan Nam/WNC 2010 11 Shared Key Authentication Node A Shared key Authen tication AP REQ Generate random numbers Encrypt Challenge Using shared key Challeng Send encryp e ted te x t Decrypt the answer cess c u S m r i Conf Nguyen Tuan Nam/WNC 2010 Authenticate whom? 12 Privacy of 802.11 •  Use of cryptographic techniques for wireless interface •  Use RC4 symmetric-key, stream cipher algorithm to generate a pseudo-random data sequence Nguyen Tuan Nam/WNC 2010 13 RC4 •  A long random (or pseudo-random) string used to encrypt a •  •  ⊕ message with a simple (XOR) operation à one-time pad A stream cipher generates a one-time pad and applies it to a stream of plaintext with RC 4 ⊕ –  Stream cipher designed by Ron Rivest –  Was a trade secret until 1994 •  A description of it anonymously posted to the Cypherpunks mailing list –  Considered secure as long as discarding the first few (256) octets of the generated pad –  Extremely simple and fast generator of pseudo-random streams of octets –  Passes all usual randomness tests Nguyen Tuan Nam/WNC 2010 14 Privacy of 802.11 – Stream cipher What is the problem with this mechanism? Nguyen Tuan Nam/WNC 2010 15 Same Key •  Key K, Plaintext P1, P2: –  C1 = P1 XOR RC4(K) –  C2 = P2 XOR RC4(K) à C1 XOR C2 = P1 XOR P2 •  Frequency analysis techniques: –  Can decrypt information about P1, P2 –  If P1 is known à RC4(K) can be calculated à P2 can be calculated Nguyen Tuan Nam/WNC 2010 16 Encryption with IVs Changed per packet (3 bytes) Nguyen Tuan Nam/WNC 2010 17 Confidentiality IVs Shared Key Per Packet Key (Initialization Vector) 001 1001111110 0011001111110 010 1001111110 0101001111110 011 1001111110 0111001111110 100 1001111110 1001001111110 101 1001111110 1011001111110 Nguyen Tuan Nam/WNC 2010 18 WEP Privacy Using RC4 Algorithm Nguyen Tuan Nam/WNC 2010 19 Integrity •  Provide data integrity for message transmitted between wireless clients and access points •  Reject any messages that had been changed by an active adversary in the middle •  Use simple encrypted CRC approach –  CRC is computed and appended to the payload –  Integrity-sealed packet is encrypted using RC4 –  After received packet, receiver decrypts packet –  Compute the CRC and compare with the original Nguyen Tuan Nam/WNC 2010 20