Security flaws of the WEP-Protocol - PowerPoint PPT Presentation

About This Presentation
Title:

Security flaws of the WEP-Protocol

Description:

Title: PowerPoint Presentation Last modified by: B Created Date: 1/1/1601 12:00:00 AM Document presentation format: On-screen Show Other titles: Times New Roman ... – PowerPoint PPT presentation

Number of Views:101
Avg rating:3.0/5.0
Slides: 29
Provided by: cosecBit9
Category:
Tags: wep | flaws | protocol | security

less

Transcript and Presenter's Notes

Title: Security flaws of the WEP-Protocol


1
Security flaws of the WEP-Protocol
by Bastian Sopora, Seminar Computer Security 2006
2
Agenda
  • Introduction
  • Basics of the WEP-Protocol
  • Weaknesses of WEP
  • Breaking WEP
  • Alternatives Outlook
  • Summary Discussion

3
Wireless Networking
  • ALOHAnet
  • 1997 IEEE 802.11 (IR)
  • 1999 IEEE 802.11b (11Mbps)
  • 2003 IEEE 802.11g (54Mbps)
  • 2007 IEEE 802.11n (540Mbps)

4
The need for security
  • Why do we need the WEP-Protocoll?
  • Wi-Fi networks use radio transmissions
  • prone to eavesdropping
  • Mechanism to prevent outsiders from
  • accessing network data traffic
  • using network resources

5
IEEE reactions
  • 1999 Wired Equivalent Privacy (WEP)
  • 2003 WiFi Protected Access (WPA)

6
Agenda
  • Introduction
  • Basics of the WEP-Protocol
  • Weaknesses of WEP
  • Breaking WEP
  • Alternatives Outlook
  • Summary Discussion

7
WEP the basic idea
  • WEP Wired Equivalent Privacy
  • As secure as a wired network
  • Part of the IEEE 802.11 standard

8
WEP how it works
  • Encrypt all network packages using
  • a stream-cipher (RC4) for confidentiality
  • a checksum (CRC) for integrity

9
WEP different flavors
  • Originally (1999) 64 bit
  • Legal limits
  • 24 bit Initialization Vector (IV)
  • 40 bit key
  • 128 bit
  • 104 bit (26 Hex-Characters) key
  • 256 bit
  • 232 bit key
  • Available, but not common

10
Small steps?
  • Evolution of WEP to WEP128 to WEP256
  • Initialization Vector remains at 24 bit
  • Encryption key size increases

11
Agenda
  • Introduction
  • Basics of the WEP-Protocol
  • Weaknesses of WEP
  • Breaking WEP
  • Alternatives Outlook
  • Summary Discussion

12
The major flaw
  • A Stream-Cipher should never use the same key
    twice

13
The Stream-Cipher-Breakdown
  • E(A) A xor C C is the key
  • E(B) B xor C
  • Compute E(A) xor E(B)
  • xor is commutative, hence
  • E(A) xor E(B) A xor C xor B xor C
  • A xor B xor C xor C
  • A xor B

14
The major flaw
  • A Stream-Cipher should never use the same key
    twice...
  • ...or else we know A xor B, which is relatively
    easy to break
  • if both messages are in a natural language.
  • or
  • if we know one of the messages.

15
The WEP-repetition
  • For a 24 bit Initialization Vector, there is a
    50 chance of repetition after 5000 packets...

16
The Theory
  • Fluhrer, Mantin, and Shamir wrote a paper on the
    WEP weakness in the RC4 implementation...
  • Cornell University
  • Weaknesses in the Key Scheduling Algorithm of
    RC4

17
Agenda
  • Introduction
  • Basics of the WEP-Protocol
  • Weaknesses of WEP
  • Breaking WEP
  • Alternatives Outlook
  • Summary Discussion

18
Feasibility of attack
  • Practical
  • Cheap
  • Easy
  • Fast

19
Feasibility of attack
  • Practical
  • Cheap
  • Easy
  • Fast
  • WEP Users time to panic!

20
How to do it...
  • Stubblefield, Ioannidis, and Rubin wrote a paper
    about the implementation in 2001
  • Rice University ATT
  • Using the Fluhrer, Mantin, and Shamir Attack to
    Break WEP
  • Only six pages!

21
How to do it...
  • Collect packets (about 6m for WEP128)
  • Only observe the first byte
  • Depends on only 3 values
  • (S1, SS1, SS1SS1)
  • May be known plaintext (0xAA)
  • Try guessing the key, byte by byte
  • chance of 1/20 per byte

22
How WE do it...
  • Aircrack-ng
  • Available freely for Linux, Windows and certain
    PDAs
  • Only requires about 1m packets for WEP128

23
Agenda
  • Introduction
  • Basics of the WEP-Protocol
  • Weaknesses of WEP
  • Breaking WEP
  • Alternatives Outlook
  • Summary Discussion

24
Outlook for WEP
  • WEP2
  • Enlarged IV
  • enforced 128-bit encryption
  • WEP
  • Only use strong IVs
  • has to be used on both ends
  • ...a dead end...

25
Outlook for WEP
  • WEP2
  • No change in concept, just more packets needed
  • WEP
  • How does one enforce the client side?
  • ...a dead end...

26
Alternatives
  • WPA, WPA2, 802.1X
  • 48 bit IV, mutate key after certain time
  • Depend on an authentication server
  • IPsec, VPN
  • Tunneling and secure wrapping of packets

27
Agenda
  • Introduction
  • Basics of the WEP-Protocol
  • Weaknesses of WEP
  • Breaking WEP
  • Alternatives Outlook
  • Summary Discussion

28
Summary WEP
  • WEP is not secure!
  • Faulty implementation of RC4
  • Developing an attack was easy
  • A successful attack only needs
  • Off-the-shelf hardware (Laptop, Prism2)
  • Free software
  • A very short time (a few days at most)
Write a Comment
User Comments (0)
About PowerShow.com