Encryption Protocols used in Wireless Networks Derrick Grooms

  • Slides: 12
Download presentation
Encryption Protocols used in Wireless Networks Derrick Grooms

Encryption Protocols used in Wireless Networks Derrick Grooms

Introduction Ú WEP Ú WPA Ú WP 2

Introduction Ú WEP Ú WPA Ú WP 2

History - WEP Ú Wired Equivalent Privacy (WEP) – WEP was part of the

History - WEP Ú Wired Equivalent Privacy (WEP) – WEP was part of the IEEE 802. 11 standard ratified in September 1999 – Initially used a 40 bit key (for 64 bit protocol), later increased to 104 bit (for 128 bit protocol) when initial restraints on cryptography were lessened by congress Ú Susceptible to eavesdropping, related-key, and key guessing attacks

WEP - implementation Ú WEP uses the stream cipher RC 4 for confidentiality and

WEP - implementation Ú WEP uses the stream cipher RC 4 for confidentiality and the CRC-32 checksum for integrity. – RC 4 – user provides a key, the key is used to create a pseudo-random string of bits that are then XOR’d with plaintext for the cipher text – CRC-32 (cyclic redundancy check ) – same system used for DVDs and CDs • In general terms, a mathematical formula is created for a specific stream of text and appended to the string, after the text arrives the append is compared to a second calculation based on the text that arrived

WEP – implementation (cont. ) Ú WEP is sound in theory but fails due

WEP – implementation (cont. ) Ú WEP is sound in theory but fails due to implementation – WEP fails because it uses IVs (initialization vectors) to generate uniquely different streams using the same RC 4 encryption key – WEP’s IVs were not long enough to generate unique streams so every 5000 transmissions the same IV was used and with enough collected IV’s the RC 4 key could be determined – IV is only 48 bits

WEP – implementation (cont. ) Ú Cracking process – Once you have 2 messages

WEP – implementation (cont. ) Ú Cracking process – Once you have 2 messages that use the same IV you then have 2 cipher texts that can be XOR’d together to produce the same result that you would get by XORing the two plaintexts

WEP – implementation (cont. ) Ú Cracking process – By providing your own plaintext

WEP – implementation (cont. ) Ú Cracking process – By providing your own plaintext and using the XOR’d result of the two cipher text’s you can then derive the unknown plain text

WEP – implementation (cont. ) Ú Cracking process – brute force – Once the

WEP – implementation (cont. ) Ú Cracking process – brute force – Once the stream key is known it’s just a matter of sending stream key encrypted messages to an access point using different WEP keys until the access acknowledges you’ve used a successful WEP key

WEP – implementation (cont. ) Ú Cracking process – Since it’s not possible to

WEP – implementation (cont. ) Ú Cracking process – Since it’s not possible to provide your own plaintext and receive a cipher text version without having access to the host computer, most programs use a slightly modified process to achieve the same result – RFC 1042 (SNAP headers), all IP and ARP packets always start with 0 x. AA, so the first few bytes of plaintext are almost always known, by collecting enough cipher text derived from the known plaintext, the stream key can eventually be determined (airsnort, WEPcrack, etc. use this method)

WPA - implementation Ú WPA was created as a temporary fix for WEP until

WPA - implementation Ú WPA was created as a temporary fix for WEP until WPA 2 Ú Ú Ú was fully developed Uses 128 bit RC 4 encryption key, and 48 bit IV, like WEP Unlike WEP it addressed repeating IV’s by only a portion of the IV key to be sent Also implemented a packet counter to insure the same packet could not be sent an unreasonable amount of times Dynamic keying – WPA encryption keys update once in about every 10, 000 packets Not always compatible with older technology

WPA 2 - implementation Ú Wi-Fi Protected Access (WPA) – Implements full IEEE 802.

WPA 2 - implementation Ú Wi-Fi Protected Access (WPA) – Implements full IEEE 802. 11 i standard – Standard in wi-fi certified devices as of March 13, 2006 – Not compatible with older technology, but the new standard – Currently believed to be un-crackable

Questions?

Questions?