ImageVerifierCode 换一换
格式:PPT , 页数:30 ,大小:89.50KB ,
资源ID:376427      下载积分:2000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-376427.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(IEEE 802.11 Network Security.ppt)为本站会员(吴艺期)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

IEEE 802.11 Network Security.ppt

1、1,IEEE 802.11 Network Security,Rohit Tripathi Graduate Student. University of Southern California.,2,Presentation Overview,IEEE 802.11 Network Security 802.11 Basics 802.11 Architecture 802.11 Security (WEP) WEP Vulnerabilities. Practical Implementation of Attacks. Recent security advancements for W

2、i-Fi Networks. Summary,3,What is IEEE 802.11?,IEEE Standard for Wireless LANs. Ethernet(networking) capability over radio waves. Increased Mobility and Flexibility. Sometimes even more economical. More practical.(e.g. Large halls, atriums,etc.) 802.11b 11 Mbps, 802.11g up to 54Mbps, 802.11a up to 54

3、Mbps. .11b/g at 2.4GHz radio frequencies. .11a at 5-6GHz. Uses CSMA/CA (MAC protocol for shared Media). Different Modulation schemes provides different data speeds. Range 100 -150 feet (approx.),4,Terminology,WLAN - Wireless Local Area Network. AP Access Point. Station Any device on wireless network

4、. SSID Service Set Identifier(identifies a network name.). MAC Address Wireless LAN card address, 6 octets (xx.xx.xx.xx.xx.xx),5,Picture from http:/www.cse.ohio-state.edu/jain/,Infrastructure Network Mode,6,802.11 Architecture (cont.),Frame Types. Data Frames: Used for Data Transmission. Control Fra

5、mes: Used for Media Access Control (RTS, CTS, ACK) Management Frames: Used to exchange Management Information. (Beacon, Probe, Association, Authentication.),7,802.11 Standard Security Goals,Create Privacy as achieved by a wired network (WEP Wired Equivalent Privacy). Parking Lot Attack!. Should Prov

6、ide Confidentiality: No eavesdropping. Access Control: Deny access to unauthenticated stations. Data Integrity: Prevent tampering with transmitted messages.Research shows that none of the goals are achieved!,8,WEP Protocol,Wired Equivalent Privacy. Link Layer Protocol. Two subsystems. WEP Authentica

7、tion Technique. Provides Access Control. WEP Data Encapsulation Technique. Data Integrity and confidentiality.,9,WEP Authentication,STA,AP,Decrypted nonce?,From IEEE: Overview of 802.11 Security.,10,WEP Data Encryption,Message,CRC,Key stream = RC4(IV,K),Ciphertext,IV,XOR,Transmitted Data,Compute Int

8、egrity Checksum c(M) and append to original message M.P = Key-stream generated using RC4 encryption algorithm on a 24 bit IV concatenated to a pre-shared key (40-bit or 104-bit).XOR “P” with Key-stream to produce ciphertext.C = P RC4(IV,K)Transmit IV and Ciphertext.,11,WEP Data Decryption,Decryption

9、 (Reverse Process) Extract IV P = C RC4(IV, K) = (P RC4(IV,K) RC4(IV,K) = P Split P into and re-compute the checksum c(M) to see if it matches c. Establishes message integrity.,12,Attacks on WEP,WEP allows IV to be reused with any frame Same IV produces same key stream (RC4(IV,K). Risks of Key-strea

10、m Reuse. Now If C1 = P1 RC4(IV, K)and C2 = P2 RC4(IV, K)then C1 C2 = (P1 RC4(IV, K) (P2 RC4(IV, K)= P1 P2 (i.e. XOR of two plain texts) Key-stream reuse to read encrypted traffic. Known techniques to find out P1 and P2 given P1 P2. Becomes easier with more intercepted packets using same IV value.,13

11、,Key-stream reuse (continued),Decryption Dictionaries Over time attacker can build a table of key-stream corresponding to each IV (Need known plaintext). Helped by well defined protocol structures(IP headers, login sequence,etc.) Attacker can transmit known plaintext (e.g. email spam) and intercept

12、the cipher text to gain the key-stream. Table size depends only on the IV length and not the key size. Standard fixes IV size as 24 bits. Gives a modest space requirement. E.g. 1500 bytes for each of the 224 possible IVs needs 24GB. Even first few thousands IVs table can be effective in most cases b

13、ecause of most PMCIA cards reset IV value to 0 when reinitialized.,14,Attacks on WEP (continued),Message Modification CRC is insufficient to detect message tampering (not a cryptographically secure authentication code). Controlled modification of cipher-text possible without disrupting the checksum.

14、 CRC is linear function i.e. c(x y) = c(x) c(y). Original Cipher-text C = RC4(IV, K) Possible to find C that decrypts to a modified message M = M C = C = RC4(IV, K) = RC4(IV, K) = RC4(IV, K) = RC4(IV, K) C decrypts to P , but with right checksum!,15,Authentication Spoofing,A challenge-response pair

15、gives the key-stream.,STA,AP,Decrypted nonce OK?,This key-stream can be used to encrypt any subsequent challenge.,16,IP Redirection,For decrypting a ciphertext without knowing the key. Trick the AP into decrypting ciphertext for the attacker. Sniff an encrypted packet. Modify the encrypted message s

16、o that the destination address is that of the attacker.(already shown that message modification is possible without any alarm.),17,Practical Implementation of Attacks,Till now we talked about retrieving the Key-stream. But is it possible to recover the secret key(Ultimate Break)? Fluhrer, Mantin and

17、 Shamir Attack. RC4 Key Scheduling Algorithm, Output Generator (PRGA). Knowledge of IV and and first output byte gives information about the key bytes (called Resolved Cases). Practical Implementation: AT&T Labs Tech Report. Passive Attack. Eased by the clear text transfer of IV. Coding for the simu

18、lated Attack 2 hours. Full key recovered with 256 probable resolved cases. Off the shelf hardware and software to capture packets.,18,Practical Attacks (continued),Mounting the Attack P C = P (P RC4(IV,K) = RC4(IV,K) i.e. Key-stream. Got “P” from 802.2 Encapsulation header added to IP/ARP traffic. 5

19、/6 *106 packets to recover 128 bit key.(Very practical on a busy network.) Improving the Attack User Memorable pass-phrase used as key. Check if the decoded key byte is an ASCII, number or punctuation. Key recovered in reasonable time - Ultimate Break of WEP!,19,Conclusions,Assume that the 802.11 li

20、nk layer WEP offers no security. Use E2E higher-level security mechanisms (IPSec, SSH). Anyone within the physical range can access the network as a valid user. Other kinds of Attacks: MAC spoofing, Jamming(DoS), Insertion Attacks(Rogue APs).This paved the way for further research to create more sec

21、ure WLANs.,20,Wi-Fi Protected Access(WPA),Specification from Wi-Fi Alliance(2003) Strong, standards-based, interoperable security for todays Wi-Fi networks. What needs to be addressed ( flaws in WEP). Weak User Authentication. Weak Key Management. Weak IV selection. CRC is good for detecting random

22、errors and not message tampering. Additionally the new system should be backward compatible.,21,Security Mechanisms in WPA,Authentication (and Key Management). Encryption.,22,Authentication and Key Management,Based on Extensible Authentication Protocol (EAP). Supports many flavors of EAP. Uses exist

23、ing key (temporary keys) distribution methods such as KDC, Kerberos, Needham-Shroeder. Can handle any form of user credentials. Digital certificates, username and passwords, secure IDs,etc. Creates a framework where client workstations mutually authenticates with the Authentication Server (4 way han

24、dshake).,23,Authentication Process,STA,AP,Authentication Server,From IEEE: Overview of 802.11 Security.,24,Session Key Distribution,C (Kc),AP s(Ks),Authentication Server (KDC),c,s,n,Kcs,s,nKc AND Kcs,c,nKs,Kc and Ks: Long term Keys.(Only used once!) Kcs : Session Key. (Temporary),Kcs,c,nKs AND dataK

25、cs,25,Encryption,WPA uses Temporal Key Integrity Protocol (TKIP) Dynamic Key (against static WEP key) distributed by Authentication Server. Key size increased to 128 bits. Change in WEP key requires manual work. Already shown that intruder who collects enough encrypted data (with static WEP key) can

26、 exploit the system. Sets up an hierarchy to generate more data encryption keys using the pair-wise key.(per packet key construction) Uses Message Integrity Check(MIC) against CRC. Provides strong mathematical function to check msg integrity.,26,WPA Deployment.,Can be installed as software upgrade o

27、n most Wi-Fi devices. Clients require software upgrade to the NIC. Enterprise would require an authentication server. Typically Remote Authentication Dial-In-User Service (RADIUS) Small Office and Home Office (SOHO) can use pre-shared key. But still use strong TKIP encryption, per packet key constru

28、ction. All the upgrades (transition) can happen in steps. Allows mixed mode.(though not recommended),27,The Future: WPA-2,Existing WPA features. TKIP encryption. EAP authentication Additionally use Advanced Encryption Standard(AES) for encryption. Currently considered to be a very strong encryption

29、algorithm. Variable Key size of 128, 192 or 256 bits. Drawback: Requires hardware upgrade.,28,Summary,802.11 security does not meet any of its objectives. Current Work to replace. Authentication Scheme using 802.1X (EAP) and Kerberos. Encryption scheme using AES. Key management using established mec

30、hanisms. Wi-Fi Alliance working on WPA2.,29,References,Nikita Borisov, Ian Goldberg, David Wagner, Intercepting Mobile Communications: The Insecurity of 802.11, ACM Mobicom 2001. Adam Stubblefield, John Ioannidis, Aviel D Rubin, Using the Fluhrer, Mantin, and Shamir Attack to Break WEP, AT&T Labs Technical Report TD-4ZCPZZ, 2001. Wi-Fi Alliance, Wi-Fi Protected Access, 2003. http:/grouper.ieee.org/groups/802/11/Tutorial/,30,Questions,?,

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1