Security in Wireless LAN 802.115 basic threats to WLANIEEE 802.11 Authentication – Open KeyShared key AuthenticationIdentity ProblemsShared key vulnerabilities (cont…)IEEE 802.11 Wired Equivalent Privacy (WEP) ProtocolWEP EncryptionWEP DecryptionSlide 10ICV WeaknessWEP Problems-with RC4WEP Problems-with IVCisco enhancements to 802.11 WEP to increase securityToday & future controlToday & future control (cont.)The EndSecurity in Wireless LAN 802.11Layla PezeshkmehrCS 265Fall 2003-SJSUDr.Mark Stamp5 basic threats to WLANSniffing - eavesdroppingInvasion – steal valid STA’s access to gain access to networkTraffic redirection – change in ARP tableDenial of service (DOS)–Flood the network–Disrupt connection between machines–Prevent a STA from connecting to WLANRogue networks and station redirection – Man- in- the- middle attacks.IEEE 802.11 Authentication – Open KeyUses null authentication, SimpleIs the default authentication 2 steps:A sends a request authentication to BB sends the result back to A If dot11 Authentication Type at B is set to "Open System" Returns "success" A is mutually authenticated; Otherwise A is not authenticatedAuthentication Request(Open SystemAuthentication)Authentication ResponeseSDAccess pointShared key AuthenticationProvides a better degree of authentication.Station must implements WEP(Wired Equivalent Privacy)4 steps:1. Request sends an Authentication frame to AP.2. AP replies with a random challenge text generated by the WEP engine( 128 bit).3. STA copy the challenge text, encrypt it with a shared key then send the frame to the AP.4. AP decrypt the received frame, then verifies the 32- bits CRC “ICV”, and that the challenge text matches the one it sends earlier to the station.5. Successful/negative authentication if match/mismatchAuthentication Request (Shared key Authentication)"Challenge" text string"Challenge" text stringencrypted with shared keyPositive or Negative resultbased on decryption resultWEP encryption ofchallenge textWEP decryption ofencrypted textSDAccess pointIdentity ProblemsOpen System authenticationNull authentication.Messages sent in clear.Any one can impersonate either the station or the access point.Shared key authenticationOnly station authenticates itself.No mechanism for AP to prove its identity to the station therefore malicious AP. Only the station is authenticated not the user of the station.Shared key vulnerabilities (cont…)Exchanging both challenge and response occurs over the wireless link and is vulnerable to a man-in-the-middle attack.IEEE 802.11 Wired Equivalent Privacy (WEP) ProtocolThe goal is to provide data privacy to the level of a wired network.(WEP) algorithm is used to prevent eavesdropping.An encapsulation of 802.11 data frame.64- bits key (40-bit secret key,24-bit "init" vector).Symmetric algorithm because the same key is used for cipher and decipher.Data integrity checked with CRC-32.WEP EncryptionA key shared among members of the BSS.Sender calculates CRC of the frame's data.WEP appends a new generated 24-bit initialization vector (IV) to the shared key.WEP PRNG (RC4) is used to generate a key stream.XORs key stream against (payload + CRC) to produce ciphertext.The sender also inserts the IV into frame header, and sets the WEP encrypted packet bit indicator.WEP DecryptionReceiver extracts IV from the frameappends IV to the BSS shared key, and generates the "per- packet" RC4 key sequenceciphertext is XORed against the key steam to extract plaintext.Verification: performs integrity check on plaintext Compares ICV1 result with the ICV transmitted.WEP DecryptionICV WeaknessHow is the attacker able to modify ICV to match the bit-flipped changes to the frame?WEP Problems-with RC4flip a bit in the ciphertext (C) the corresponding bit in the plaintext will be flipped.Eavesdropper intercepts 2 ciphertext encrypted with the same key stream possible to obtain the XOR of the 2 plaintexts. c1 = p1 b c2 = p2 b c1 c2 = (p1 b) (p2 b) = p1 p2WEP Problems-with IVIV is 24 bits cleartext, part of a message.A small space of initialization vectors guarantees the reuse of the same key stream. AP constantly send 1500 byte pkt at 11 Mbps will exhaust the space of IV after 1500 * 8/(11 * 10 ^ 6 ) * 2 ^ 24 = 18000s = 5hWhen the same key is used by all mobile stations more chances of IV collision.Cisco enhancements to 802.11 WEP to increase securityMutual authentication instead of one-way authenticationSecure key derivation using one way hash functionDynamic WEP keys instead of static WEP keysInitialization Vector changesToday & future control Service Set Identifier (SSID)Each AP has an SSID of the AP to identify itself. STA have to know the SSID of the AP to which it wants to connect. SSID keeps a STA from accidentally connecting to neighboring AP.This does not solve other security issues and does not keep an attacker from setting up a "rogue" AP that uses the same SSID as the valid APToday & future control (cont.)MAC filtersAP check MAC addresses of STAs before being connected to the network –AP keep a list of MAC addresses in long- term memory.–AP may send a RADIUS request with the MAC address as the userID (and a null password ) to a central RADIUS server to check the list for an address.The
View Full Document