wireless security issues
DESCRIPTION
Wireless Security Issues. Cheyenne Hollow Horn SFS Presentation 2004. Presentation Outline. WEP WPA TKIP Optical Wireless Solution. WEP. Wired Equivalency Protocol First WLAN security protocol. Four major categories of flaws: No forgery protection. No protection against replays. - PowerPoint PPT PresentationTRANSCRIPT
15 November 2004 1
Wireless Security Issues
Cheyenne Hollow Horn
SFS Presentation 2004
15 November 2004 2
Presentation Outline
• WEP
• WPA
• TKIP
• Optical Wireless Solution
15 November 2004 3
WEP
• Wired Equivalency Protocol• First WLAN security protocol.• Four major categories of flaws:
– No forgery protection.
– No protection against replays.
– RC4 encryption exposes protocol to weak key attacks.
– Encrypted data can be decrypted with out learning encryption key.
15 November 2004 4
WEP Encryption
• Each packet is encrypted with a RC4 cipher stream.
• The key uses an initialization vector and 40 – bit WEP key.
• The data is bitwise XOR-ed with the key.
• IV chosen by sender and sent with each packet.
15 November 2004 5
WEP Encryption Flaws
• Key management and size
• IV is too small
• Authentication messages can be easily forged.
15 November 2004 6
WPA
• Wi-Fi Protected Access
• Wi-Fi Alliance created early 2003
• Based on IEEE 802.11i
• WPA specifies user authentication, better encryption, and data validation.
15 November 2004 7
WPA
• Authentication:– Uses 802.1x protocol– 802.1x based on EAP– Alternate PSK
• Data encryption:– TKIP
• Data validity:– MIC
15 November 2004 8
TKIP
• Cryptographic message integrity code, MIC
• New IV sequencing discipline
• Pre-packet key mixing function
• Rekeying mechanism
15 November 2004 9
MIC
• Three components:– Authentication key K– Tagging function– Verification predicate
• The tagging function takes key and message and generates tag.
• Receiver uses K, M, and T.
15 November 2004 10
IV Sequence Enforcement
• When transmission begins sender and receiver initialize to zero
• The IV field used as packet sequence number.
• Receiver is required to increment sequence number
• If out of order packet is discarded
15 November 2004 11
Key Mixing
• Two phases
• Phase I:– Temporal key and MAC address of local
wireless interface used.
• Phase II:– Uses tiny cipher to “encrypt” each packet.
15 November 2004 12
Rekeying
• Delivers fresh keys consumed by the various TKIP algorithms
• Eliminates attacks by guessing static keys.
15 November 2004 13
Optical Wireless Communications
• Layer 1 advantage
• LIGHTPOINTE
• Works near infrared wavelengths
• Information relayed at several hundred THz
• Narrow beam, hard to intercept signal
15 November 2004 14
More on Optical Wireless
• Military organizations use this
• Blocking the beam stops transmission
• Utilizes WPA to have a stronger system
15 November 2004 15
Questions?