Post on 07-Mar-2018
transcript
Cryptography and Network Security 1
CS549:Cryptography and Network Security
© by Xiang-Yang Li
Department of Computer Science, IIT
Cryptography and Network Security 2
Notice©This lecture note (Cryptography and Network Security) is prepared by
Xiang-Yang Li. This lecture note has benefited from numerous textbooks and online materials. Especially the “Cryptography and Network Security” 2nd edition by William Stallings and the “Cryptography: Theory and Practice” by Douglas Stinson.
You may not modify, publish, or sell, reproduce, create derivative works from, distribute, perform, display, or in any way exploit any of the content, in whole or in part, except as otherwise expressly permitted by the author.
The author has used his best efforts in preparing this lecture note. The author makes no warranty of any kind, expressed or implied, with regard to the programs, protocols contained in this lecture note. The author shall not be liable in any event for incidental or consequential damages in connection with, or arising out of, the furnishing, performance, or use of these.
Cryptography and Network Security 3
Cryptography & Network Security
Wireless LAN SecurityRoad to 802.11i
Xiangyang Li
Cryptography and Network Security 4
ContentsIntroductionProblem: 802.11b Not Secure!Wired Equivalent Privacy – WEPTypes of Attacks802.11b Proposed Solutions802.1XWi-Fi Protected Access (WPA)802.11i: The SolutionConclusion
Cryptography and Network Security 5
Introduction
Popular in offices, homes and public spaces (airport, coffee shop)Most popular: 802.11b
Example: Yahoo! DSL Wireless KitTheoretical max @ 11MbpsOperate at 2.4GHz bandDSSS/FSSS modulation – similar to CDMA phones
Cryptography and Network Security 6
Introduction
Standards: IEEE 802.11 Series802.11b – 11Mbps @ 2.4GHz802.11a – 54Mbps @ 5.7GHz band802.11g – 54Mbps @ 2.4GHz band802.1X – security add-on802.11i – high security
Cryptography and Network Security 7
Problem: 802.11b Not Secure!
“No inherent security”Wired Wireless media change was the objective
Wired Equivalent Privacy (WEP)The only “security” built into 802.11Uses RC4 Stream Cipher – in a bad wayVulnerable to several types of attacks
Sometimes not even turned ON
Cryptography and Network Security 8
Wired Equivalent Privacy – WEP
RC4 stream cipherDesigned by Ron Rivest for RSA SecurityVery simple
Initialization Vector (IV)Shared Key
The issue is in the way RC4 is usedIV (24 bits) reuse and fixed keyEarly versions used 40-bit key128-bit mode effectively uses 104 bits
Cryptography and Network Security 9
Wired Equivalent Privacy – WEP
RC4 Key Stream Encryption (source: http://mason.gmu.edu/~gharm/wireless.html)
Cryptography and Network Security 10
Types of Attacks
AttacksConfidentialityIntegrityAvailability
Cryptography and Network Security 11
Types of Attacks
Attacks on ConfidentialityTraffic AnalysisPassive Eavesdropping
Very easy to doActive EavesdroppingUnauthorized Access
Cryptography and Network Security 12
Types of Attacks
Attacks on Confidentiality and/or Integrity
Man-In-The-MiddleAttacks on Integrity
Session HijackingReplay
Attacks on AvailabilityDenial of Service
Cryptography and Network Security 13
802.11b Proposed Solutions
Virtual Private NetworkClosed Network
Through the use of SSIDEthernet MAC address control listsReplace RC4 with block cipherDon’t reuse IVAutomatic Key Assignment
Cryptography and Network Security 14
802.1X: Interim Solution
Port-based authenticationNot specific to wireless networks
Authentication serversRADIUS
Client authenticationEAP
Cryptography and Network Security 15
802.1X Problems
802.1X still has problemsExtensible Authentication Protocol (EAP)
One-way authenticationAttacks
Man-in-MiddleSession Hijacking
Cryptography and Network Security 16
802.1X Proposed Solutions
Per-packet authenticity and integrityLots of overhead
Authenticity and integrity of EAPOL messagesTwo-way authentication
Cryptography and Network Security 17
Wi-Fi Protected Access (WPA)
Addresses issues with WEPKey management
TKIPKey expansion
Message Integrity CheckSoftware upgrade onlyCompatible with 802.1XCompatible with 802.11i
Cryptography and Network Security 18
802.11i
Finalized: June, 2004Robust Security NetworkWi-Fi Alliance: WPA2Improvements made
Authentication enhancedKey Management createdData Transfer security enhanced
Cryptography and Network Security 19
802.11i - Authentication
Authentication ServerTwo-way authentication
Prevents man-in-the-middle attacksMaster Key (MK)Pairwise Master Key (PMK)
Cryptography and Network Security 20
802.11i – Key Management
Key TypesPairwise Transient KeyKey Confirmation KeyKey Encryption KeyGroup Transient KeyTemporal Key
Cryptography and Network Security 21
802.11i – Key Management
Source: http://csrc.nist.gov/wireless/S10_802.11i%20Overview-jw1.pdf
Cryptography and Network Security 22
802.11i – Data Transfer
CCMPLong term solution – mandatory for 802.11i complianceLatest AES encryptionRequires hardware upgrades
WRAPProvided for early vendor support
TKIPCarried over from WPA
Cryptography and Network Security 23
802.11i – Additional Enhancements
Pre-authenticationRoaming clients
Client ValidationPassword-to-key mappingsRandom number generation
Cryptography and Network Security 24
Conclusion
Basic 802.11b (with WEP)Massive security holesEasily attacked
802.1XGood interim solutionAllows use of existing hardwareCan still be attacked
Cryptography and Network Security 25
Conclusion
Wi-Fi Protected AccessAllows use of existing hardwareCompatible with 802.1XCompatible with 802.11i
802.11iMay require hardware upgradesVery secureNothing is ever guaranteed