Wireless Network Security IssuesIntroductionIntroduction (Cont.)Standard Security MechanismsShared Key AuthenticationShared Key Authentication (Cont.)Weaknesses in Shared Key Auth.Shared Key Auth. (Cont)Shared Key Flaw (Cont.)Shared Key AttackConclusions & Future WorkQuestion & CommentsWireless Network Security IssuesBy Advait KothareSJSU CS265 Fall 2004SJSU CS265 Fall 2004IntroductionA presentation of the paper “Your 802.11 Wireless Network has No Clothes” by –William A. Arbaugh,Narendra Shankar,Y.C. Justin Wan at Univ. Maryland at College ParkExplosive growth in wireless networks.But many security issues initially left open by 802.11 standards committee.Result : weak or non-existent security solutions for current deployments.Introduction (Cont.)In the Wired World emphasis on protection from external compromise. (Firewalls)Wireless Networks provide an access point for any adversary beyond physical controls.A “back door” is opened for an attacker, which can be exploited. (Parking lot attacks)And a simple eavesdropping attack against 802.11 shared key authentication.Standard Security MechanismsWired Equivalent Privacy protocol (WEP)–For confidentiality of network traffic–Demostrated to be vulnerableOpen Systems Authentication–Authenticates anyone who requests authentication–Management frames sent in clear even with WEPShared Key Authentication–Uses a standard challenge and response protocolShared Key AuthenticationInitiator ResponderAuthentication RequestSeq # 1Authentication ChallengeSeq # 2Authentication ResponseSeq # 3Authentication ResultSeq # 4Shared Key Authentication (Cont.)Initator sends an authentication req. management frameResponder replies by sending mgmt. Frame with 128 octets of challenge text.–Text Generated using WEP PRNG with shared secret and a random initialization vector (IV)Initiator copies the text into a new frame, encrypts with WEP using shared secret and a new IVResponder verifies text and 32-bit CRC (ICV)Weaknesses in Shared Key Auth.Passive attack, eavesdropping 1 leg of auth.Works because fixed structure of protocolRandom challenge is the only diffrence between two Authentication messages.Also because of weakeness in WEPWEP = Pseudo Random Number GeneratorK = Shared keyIV = Initialization Vector (Sent in clear)P = Plain text challenge textC = Cipher textR = Challenge textShared Key Auth. (Cont)•Messages based on sequence numbersSequence #Status CodeChallenge TextWEP Used1 Reserved Not PresentNO2 Status Present NO3 Reserved Present YES4 Status Not PresentNOShared Key Flaw (Cont.)Attacker captures 2nd & 3rd frames.–2nd Frame => Random challenge in clear (P)–3rd Frame => Encrypted challenge (C)PRNG stream–WEPK,IVP R = C P–Stream can be derived from above without knowing the shared Key (K)Shared Key AttackAttacker requests authentication from an APAP responds with challenge text (R) in clearAttacker takes R and PRNG to get valid authentication response by XOR-ing the 2Attacker computes a new integrity check value (ICV)Valid response allows Attacker to join the network.Conclusions & Future WorkAll deployed 802.11 networks are at riskWEP can make it harder but vulnerable as keys are static and hard to changeVendors have used un-authenticated Diffie-Hellman for key exchange.Worse solution as Man In The Middle attack can give the Key to the attacker.Question &
View Full Document