Slide 1

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527

Slide 2

Agenda Brief background on Wireless LAN Basic security mechanisms in 802.11 WEP Vulnerabilities Enhancing wireless security with WPA Comparing WEP and WPA Conclusion

Slide 3

Brief Background A local area network (LAN) with no wires Several Wireless LAN (WLAN) standards 802.11 - 1-2 Mbps speed, 2.4Ghz band 802.11b (Wi-Fi) 11 Mbps speed, 2.4Ghz band 802.11a (Wi-Fi) - 54 Mbps speed, 5Ghz band 802.11g (Wi-Fi) 54 Mbps speed, 2.4Ghz band

Slide 4

Wireless network components

Slide 5

Security Challenges and Solutions Challenges Beyond any physical boundaries Encryption, Authentication and Integrity Basic Security Mechanisms in 802.11 Service Set ID (SSID) Acts like a shared secret, but sent in clear. MAC Address Lists Modifiable and also sent in clear. The WEP Algorithm

Slide 6

More on WEP Stands for Wired Equivalent Privacy Designed to encrypt data over radio waves Provides 3 critical pieces of security Confidentiality (Encryption) Authentication Integrity Uses RC4 encryption algorithm Symmetric key stream cipher 64-bit shared RC4 keys, 40-bit WEP key, 24-bit plaintext Initialization Vector (IV)

Slide 7

WEP Encryption and Integrity IV Secret Key SeedPRNG XOR IV Ciphertext Plaintext CRC-32 Algorithm Integrity Check value Plaintext Key Sequence Message PRNG RC4 Pseudorandom number generation algorithm Data payload

Slide 8

WEP Authentication 2 levels of authentication Open : No authentication Shared secret : Station A Station B Nonce N E(N, K A-B ) Request for shared key auth. Authentication response

Slide 9

WEP The flawed Solution Weakness in key management Single key for all access points and client radios Static unless manually changed Authentication and encryption keys are the same Shared key authentication failure No knowledge of secret to gain network access WEP PR =C P (where C, P are passively recorded) Attacker AP Authentication request Challenge R WEP PR R Success

Slide 10

WEP The flawed Solution (contd.) Weakness in Encryption Short 24-bit IV, reuse mandatory Weak per-packet key derivation - exposes RC4 protocol to weak key attacks. Given c 1 and c 2 with same IV, c 1 c 2 = p 1 p 2 [p 1 S p 2 S], leading to statistical attacks to recover plaintexts Short 40-bit encryption scheme No forgery protection Using CRC-32 checksum possible to recompute matching ICV for changed data bits Given C= RC4(IV, key) , can find C that decrypts to M=M+ such that C= RC4(IV, key)

Slide 11

WEP The flawed Solution (contd.) No protection against replays Optional, mostly not turned on by users

Slide 12

Design Constraints WEP patches will rely entirely on software upgrade Access points have little spare CPU capacity for new functions Encryption functions are hard-wired in the access points

Slide 13

Enhancing WLAN Security with WPA WPA - Wireless Protected Access Strong, standards based, interoperable security for Wi-Fi Addresses all known weaknesses of WEP Subset of forthcoming IEEE 802.11i standard Designed to run as a software upgrade on most Wi-Fi certified products.

Slide 14

Security Mechanisms in WPA - TKIP Uses TKIP (Temporal Key Integrity Protocol) Encryption. Suite of algorithms wrapping WEP Adds 4 new algorithms to WEP: 1. New cryptographic message integrity code (MIC) called Michael - to defeat forgeries 2. New IV sequencing discipline - to remove replay attacks 3. A re-keying mechanism to provide fresh encryption and integrity keys

Slide 15

More on TKIP 4. A per-packet key mixing function Phase 1 (Eliminates same key use by all links) - Combines MAC address and temporal key. Input to S- box to produce intermediate key Phase 2 (De-correlates IVs and per-packet keys) - Packet sequence number encrypted under the intermediate key using a fiestel cipher to produce 128- bit per packet key. TKIP leverages 802.1X/EAP framework for key management

Slide 16

802.1X/EAP Architecture Supplicant (wireless client) Authenticator (AP) Authentication Server (RADIUS) EAP-start EAP-identity request EAP-identity response EAP success/reject

Slide 17

WPA Modes of Operation - Pre-shared key vs. Enterprise Pre-shared Key Mode for home/SOHO users Does not require authentication server Shared Secret or password entered manually in the AP and wireless client. WPA takes over automatically. Only the clients with matching passwords are allowed to join the network. The password automatically kicks off the TKIP encryption process. Enterprise Mode for corporate users Requires an authentication server like RADIUS Centralized management of user credentials

Slide 18

WPA modes of operation Enterprise Mode Wired Network Services Internet Authentication server Access Point

Slide 19

WEP vs. WPA WEPWPA EncryptionFlawedFixes all WEP flaws 40-bit keys128-bit keys Static-same keys used by everyone on network Dynamic session keys. Per-user, per-session, per-packet keys Manual distributionAutomatic Distribution AuthenticationFlawed, uses WEP key itself Strong user authentication using 802.1X and EAP

Slide 20

Comparing WPA and 802.11i 802.11i 802.1X Key management Cipher & Authentication negotiation TKIP AES WPA

Slide 21

Conclusion WPA is not an ideal security protocol design However, it is a dramatic improvement in Wi- Fi security. Has not been broken (yet). Protects the original hardware investment. If hardware constraint removed, a more robust security solution possible. Such a solution is being developed based on a even stronger cryptographic cipher - Advanced Encryption Standard (AES).

Slide 22

References [1] Bruce Potter & Bob Fleck, 802.11 Security, O-Reilly, December 2002 [2]James larocca & Ruth larocca, 802.11 Demystified, McGraw-Hill Telecom, 2002 [3]Whitepaper on Wireless LAN Security on http://www.wi-fi.orgwww.wi-fi.org [4]http://www.ieee802.org/1/pages/802.1 x.html