Abstract image of a woman sitting on books and studying on a laptop

WiFi Security Explained

Somenath Mukhopadhyay, profile picture
Somenath Mukhopadhyay

The document discusses WiFi security standards and protocols including WEP, WPA, and WPA2. It provides details on: - The need for WiFi security due to broadcasting of network secrets. - The two phases of 802.11 security - authentication and encryption. - Weaknesses of WEP including key reuse and lack of key management. - TKIP as an interim solution to address WEP weaknesses while allowing legacy hardware. - AES-CCMP, the strongest method defined in 802.11i, using AES encryption.

TechnologyEducation
1 of 61
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
WiFi Security Standard Somenath Mukhopadhyay [email_address]
Why WiFi Security is needed 802.11 wireless network has no clothes Wireless LANs are broadcasting secrets of enterprises that have spent millions on internet security The insecurity of WLAN has given rise to War-Driving
802.11 Security Two Phases - Authentication & Encryption Open System Authentication(OSA)‏ NIL protection Shared Key Authentication – WEP Authentication
OSA and Shared Key Authentication
WEP Authentication Frame Format Algorithm Number – 0 OSA, 1 WEP Transaction Sequence – First Message 0, Second Message 1, etc Status Code – Sent in the Final Message – SUCCESS/FAILURE Challenge Text – 128 bit random number sent by the AP
WEP Encryption Stream Ciphering – byte wise ciphering RC4 encryption technology
RC4 Encryption Technology Two Phases – Initialization and Encryption IV – Initialization Vector – 24 bit value Secret Key - 104 bit value IV changes for every data packet IV is sent along with the packet
WEP Checksumming
WEP Encryption
WEP Decryption
RC4 algorithm in details Key scheduling algorithm generation using RC4 First step – generating an array with 256 8 bit values Second step – scrambling the array Initialization: For i = 0 ... N - 1 S[i] = i j = 0 Scrambling: For i = 0 ... N - 1 j = j + S[i] + K[i mod l] Swap(S[i], S[j])
RC4 algorithm in details Generating the streaming key This part of the algorithm is responsible for creating the streaming values used to encrypt the plaintext Initialization: i = 0 j = 0 Generation Loop: i = i + 1 j = (j + S[i]) mod l Swap(S[i], S[j]) Output z = S[S[i] + S[j]]
Example of a simple RC4 using 2 bits RC4 Assumptions I = 0 J = 0 Pass = “6152” Pass length = 4 Index N = 4 Initialization Logic: For i = 0 .... N-1 S[i] = i Next S[0] = 0, S[1] = 1, S[2] = 2, S[3] = 3
Example of a simple RC4 using 2 bits RC4 Scrambling Logic: For i = 0 ... N - 1 j = j + S[i] + K[i mod l] Swap(S[i], S[j])‏ Initial values S[0] = 0, S[1] = 1, S[2] = 2, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 i = 0, j = 0, pass(K) = “6152”, pass length(l) = 4, Index(N) = 4
Example of a simple RC4 using 2 bits RC4 Equations: j = j + S[i] + K[i mod l] Swap(S[i], S[j]) j=(0 + S[0] + K[0]) mod 4 j=(0+0+6) mod 4 j=6 mod 4 j=2 Swap (S[0] , S[2]) S[0]=0 , S[2]=2 => S[0]=2 , S[2]=0
Example of a simple RC4 using 2 bits RC4 Calculation for the second loop Initial values before the iteration S[0] = 2, S[1] = 1, S[2] = 0, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 1, j = 2 Equations: j = j + S[i] + K[i mod l] =>j = (2+S[1]+k[1]) mod 4 = (2+1+1)mod 4 = 0 Swap(S[i], S[j]) =>Swap(S[1],S[0]) =>S[0] =1 & S[1] = 2
Example of a simple RC4 using 2 bits RC4 After second loop the values are S[0] = 1, s[1] = 2, S[2] = 0, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 2 , j = 0
Example of a simple RC4 using 2 bits RC4 Calculation for the third loop Initial values before the loop starts S[0] = 1, s[1] = 2, S[2] = 0, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 2 , j = 0 Equation j = j + S[i] + K[i mod l] =>j = (0+S[2]+k[2]) mod 4 = (0+0+5)mod 4 = 1 Swap(S[i], S[j]) =>Swap(S[2],S[1]) =>S[1] =0 & S[2] = 2
Example of a simple RC4 using 2 bits RC4 Final values after third loop S[0] = 1, s[1] = 0, S[2] =2, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 3 , j = 1
Example of a simple RC4 using 2 bits RC4 Calculation for the fourth loop Initial values before the loop starts S[0] = 1, s[1] = 0, S[2] =2, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 3 , j = 1 Equation j = j + S[i] + K[i mod l] =>j = (1+S[3]+k[3]) mod 4 = (1+3+2)mod 4 = 2 Swap(S[i], S[j]) =>Swap(S[3],S[2]) =>S[2] =3 & S[3] = 2
Example of a simple RC4 using 2 bits RC4 Final values after fourth loop (final loop)‏ S[0] = 1, s[1] = 0, S[2] =3, S[3] = 2 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 4 , j = 2
Example of a simple RC4 using 2 bits RC4 Logic of PRGA i = 0 j = 0 Generation Loop: i = i + 1 j = (j + S[i]) mod l Swap(S[i], S[j]) Output z = S[S[i] + S[j]] After first loop i=0+1=1 j=(0+S[1])mod 4=(0+0)mod 4=0 Swap (S[1] , S[0]) S[1]=0 , S[0]=1 ==> S[1]=1 , S[0]=0 z1=S[S[1]+S[0]]=S[0+1]=S[1]=1 Z1=0000 0001
Example of a simple RC4 using 2 bits RC4 Similarly z2 = 0000 0001 Assume the plaintext to be “HI” After Xoring the plaintext with the RC4 keystream we get H(0100 1000) XOR Z1(0000 0001) = 0100 1001 ==> I and I(0100 1001) XOR Z2(0000 0001) = 0100 1000 ==>H After RC4 “HI” becomes “IH”
RC4 Encryption Technology Integrity Checksum – Calculated on the message M to yield the plaintext P = <M,c(M)> Encryption - RC4 stream cipher with secret key k Initialization vector iv Keystrem is generated based on iv & k (RC4(iv,k))‏ Ciphertext C = P XOR RC4(iv,k)‏
Weakness of WEP Key should not be reused One Way Authentication No key management protocol
Weakness of WEP Key should not at all be reused C = KI XOR P Intruder can get C and if he knows part of P he can obtain KI (as KI = P XOR C)‏ Next time any packet encrypted with this KI can easily be decrypted.
Weakness of WEP For a 11 mbps base station the key has to be reused in approximately 5 hrs. There is 50% chance that a key will be reused after every 4823 packets Moreover, the specification has made the changing of IV value with each packet as optional
Weakness of WEP Pre-Shared Key – the absence of any key management protocol It requires manual key configuration in all the mobile devices that want to communicate with the AP
Weakness of WEP One way authentication The AP does not authenticate itself to the mobile device A rouge node imitating as the AP can have access to everything the mobile device sends
802.11i Goals Develop 802.11i through a process open to all Anyone must be able to implement the entire standard or any part of it – no secret algorithm Market driven feature development Addresses all perceived security problems of WEP Deliver as rapidly as possible
802.11i Facilities Authentication TKIP AES-CCMP Discovery & Negotiation Key Management
External components used by 802.11i 802.1x – an external standard used to provide an authentication framework, coordinate authentication and key management 802.1x Authenticator/Supplicant – local protocol entity to coordinate authentication and and key management with remote entity Authentication server(AS) – a logical construction that centralizes authentication and access control decision making
Operating an 802.11i Link Data protection: TKIP and CCMP Authentication 802.11i key management Session Key distribution Security capabilities discovery Authentication Server Access Point Station Security negotiation
802.1X
TKIP Identification and Goals TKIP: T emporal K ey I ntegrity P rotocol Deploy as a software patch in already deployed equipment Short term only, to permit migration from existing equipment to more capable equipment without violating security constraints Patch old equipment from WEP to TKIP first Interoperate between patched and unpatched first generation equipment until all have been patched Finally deploy new equipment Security Goals: Address all known WEP problems Prevent Frame Forgeries Prevent Replay Correct WEP’s mis-use of encryption Never reuse keys
TKIP Overview TKIP: T emporal K ey I ntegrity P rotocol Features New Message Integrity Code (MIC) called Michael to prevent tampering that can be implemented on a low-power microprocessor Supplement Michael with Counter-measures, to increase forgery deterrence Increase the size of IV to avoid ever reusing the same IV Change the encryption key for every frame Under WEP it was infeasible to detect when you were under attack
Message Integrity The simplest method is to create a “checksum” by adding all the bytes of the message together Send this checksum along with the message The receiver will recalculate this checksum from the received msg and then test it against the checksum value sent with the message.
Message Integrity Attacker can recompute the checksum after he makes any changes in the message Idea is to generate a checksum after combining together all the bytes and producing MIC MIC is produced using a special nonreversible process and combining a secret key Attacker cannot produce the MIC unless he knows the secret key
Message Integrity There are several well tested methods to produce the MIC However, for a small microprocessor these methods are not feasible One solution for TKIP is Michael
IV Length WEP uses 24 bit IV TKIP has added 32 more bits Total = 24 + 32 = 56 Practically 48 bits are used
Per Packet Key Mixing It solves few things The value of the key used for RC4 encryption is different for every IV value 24 bit “old” IV value and 104 bit secret key
WPA2-AES-CCMP AES- CCMP is the strongest security in 802.11i AES stands for Advanced Encryption Standard CCMP stands for Counter Mode – CBC MAC Protocol TKIP was designed to accommodate the older hardware AES-CCMP was designed from ground up. Requires new hardware
WPA2-AES-CCMP Security goals – addresses all known WEP problems Prevent frame forgeries Prevent Replay No key reuse
AES Encryption process The encryption process uses a set of specially derived keys called round keys These are applied, along with other operations, on an array of data, that exactly holds one block of data, called state array
AES Encryption process Following are the steps to encrypt a block of data Derive the set of round keys from cipher key Initialize the state array with block data (plaintext)‏ Add the initial round key to the starting state array Perform nine rounds of state manipulation Perform the 10 th /final round of state manipulation Copy the final state array out as the encrypted data
AES Encryption Process The 128 bit block of data is stored in a two dimensional (4 x 4) array as shown below D0 D4 D8 D12 D1 D5 D9 D13 D2 D6 D10 D14 D3 D7 D11 D15
Derivation of the Round Keys Cipher key is 128 bit long We derive eleven 128 bit round keys ( Rkey0 to Rkey10) from this cipher key These keys can be represented as follows 32 bits 32 bits 32 bits 32 bits Rkey0 W0 W1 W2 W3 Rkey1 W0 W1 W2 W3 Rkey2 W0 W1 W2 W3 Rkey3 W0 W1 W2 W3 Rkey4 W0 W1 W2 W3 Rkey5 W0 W1 W2 W3 Rkey6 W0 W1 W2 W3 Rkey7 W0 W1 W2 W3 Rkey8 W0 W1 W2 W3 Rkey9 W0 W1 W2 W3 Rkey10 W0 W1 W2 W3
Derivation of the Round keys To start with the Round keys Rkey0 is simply the cipher key For each of the round keys Rkey1 to Rkey10 words W1, W2 and W3 are computed as the XOR of the previous word in the same row and the same word of the previous row For example: Rkey5:W1 = Rkey5:W0 XOR Rkey4:W1 Rkey8:W3 = Rkey8:W2 XOR Rkey7:W3
Derivation of the Round Keys The calculation of W0 for each key is the Xor of three 32 bit values The value of W0 from the previous row The value of W3 from the previous row rotated by 8 bits A special value from a table called Rcon Thus we write Rkey(i):W0 = Rkey(i-1):W0 XOR Rkey(i- 1):W3>>>8 XOR RCon(i)‏
Derivation of the Round Keys The values of Rcon(i) are as follows: i Rcon(i)‏ 1 2 2 4 3 8 4 16 5 32 6 64 7 128 8 27 9 54 10 108
AES Encryption Process Total 10 rounds of operation are performed to alter the state array These rounds involve four types of operations SubBytes ShiftRows MixColumns XorRoundKeys
AES Encryption Process All of these four operations are applied in the order mentioned in the first nine rounds In the 10 th round Mix Columns round is mot performed
AES Encryption Process- SubBytes SubBytes Operation Create a substitution table of total 16 bytes using a mathematical formula Substitute each byte from the state table by the value from the substitution table Original values can be restored in the reverse operation Substitution table is stored in memory as part of the design
AES Encryption Process-ShiftRows Each row is rotated to right by a certain number of bytes 1 st Row is rotated by 0 bytes 2 nd Row is rotated by 1 byte 3 rd Row is rotated by 2 bytes 4 th Row is rotated by 3 bytes
AES Encryption Process - MixColumn The columns are changed according to the following formula Left hand side is the new column produced
AES Encryption Process - XOrRoundKey In this operation the round keys are Xor-ed with the existing state array This is done once before the beginning of the rounds and then once for each round
AES Decryption Process Initial decryption round XorRoundKey InvShiftRows InvSubBytes Nine Full Decryption rounds XorRoundKey InvMixColumn InvShiftRows InvSubBytes Perform final XorRoundKey
CCMP CCMP works on MPDU MPDU consists of MAC header and unencrypted data First we construct the CCMP header Then MIC is calculated The combination of Data and MIC is encrypted using AES The MAC header and the CCMP header are added in the beginning of the encrypted data The block is then transmitted
Conclusion Large number of Wi-Fi systems have been deployed using RC4 algorithm WPA-TKIP was introduced to upgrade the existing system without changing the hardware However, for better security implemented from ground up, we need AES-CCMP
Not Covered This presentation has not covered the different authentication methods used in Wi-Fi. These include EAP, PEAP, EAP-TLS, EAP-TTLS and EAP-SIM
Thank You

More Related Content

PDF
IJEIR_1615
Gaurav pal
 
PDF
Crack Wep Wifi Under100seconds
mvde3000
 
PDF
Computer security module 1
Deepak John
 
PDF
Logic Design
Partha_bappa
 
PPTX
Public Key Cryptography
Gopal Sakarkar
 
PDF
Computer security module 2
Deepak John
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PDF
SHA 1 Algorithm
Shiva RamDam
 
IJEIR_1615
Gaurav pal
 
Crack Wep Wifi Under100seconds
mvde3000
 
Computer security module 1
Deepak John
 
Logic Design
Partha_bappa
 
Public Key Cryptography
Gopal Sakarkar
 
Computer security module 2
Deepak John
 
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
SHA 1 Algorithm
Shiva RamDam
 

What's hot (18)

PDF
Public key cryptography
rinnocente
 
PPT
Hash& mac algorithms
Harry Potter
 
PPTX
Rc6 algorithm
Chethan Chetu
 
PPTX
SHA- Secure hashing algorithm
Ruchi Maurya
 
PDF
Design And Implementation Of Tiny Encryption Algorithm
IJERA Editor
 
PDF
SHA-1 backdooring & exploitation
Ange Albertini
 
PDF
D44091720
IJERA Editor
 
PPTX
Secure Hash Algorithm
Vishakha Agarwal
 
PDF
Cs8792 cns - Public key cryptosystem (Unit III)
ArthyR3
 
PDF
Nearest Prime Cipher for Data Confidentiality and Integrity
Eswar Publications
 
PDF
PKC&RSA
Anver S R
 
PDF
icwet1097
Sapna Agarwal
 
PDF
Lecture 01 dld 2018
Tanveer Hussain
 
PDF
RSA without Integrity Checks
Dharmalingam Ganesan
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
Public key algorithm
Prateek Pandey
 
PPTX
Cryptography & Network Security By, Er. Swapnil Kaware
Prof. Swapnil V. Kaware
 
PPT
Kaizen cso002 l1
asslang
 
Public key cryptography
rinnocente
 
Hash& mac algorithms
Harry Potter
 
Rc6 algorithm
Chethan Chetu
 
SHA- Secure hashing algorithm
Ruchi Maurya
 
Design And Implementation Of Tiny Encryption Algorithm
IJERA Editor
 
SHA-1 backdooring & exploitation
Ange Albertini
 
D44091720
IJERA Editor
 
Secure Hash Algorithm
Vishakha Agarwal
 
Cs8792 cns - Public key cryptosystem (Unit III)
ArthyR3
 
Nearest Prime Cipher for Data Confidentiality and Integrity
Eswar Publications
 
PKC&RSA
Anver S R
 
icwet1097
Sapna Agarwal
 
Lecture 01 dld 2018
Tanveer Hussain
 
RSA without Integrity Checks
Dharmalingam Ganesan
 
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Public key algorithm
Prateek Pandey
 
Cryptography & Network Security By, Er. Swapnil Kaware
Prof. Swapnil V. Kaware
 
Kaizen cso002 l1
asslang
 
Ad

Viewers also liked (14)

ODP
Wifi Security, or Descending into Depression and Drink
SecurityTube.Net
 
PDF
WiFi (In)Security
Mauro Foti
 
PDF
Wi Fi Security
n|u - The Open Security Community
 
PPTX
Wifi Security
Shital Kat
 
PDF
Understanding WiFi Security Vulnerabilities and Solutions
AirTight Networks
 
PPT
Wireless Fidelity
JAI MCA-STUDENT
 
PPT
Wifi Security
Agris Ameriks
 
PPTX
Wi Fi Security
yousef emami
 
PPT
Lecture 11 wifi security
rajakhurram
 
PDF
Wi-Fi Evolution
Qualcomm Research
 
PDF
802.11ac WIFI Fundamentals
criterion123
 
PPT
Wireless security presentation
Muhammad Zia
 
PDF
50 Incredible Wi-Fi Tech Statistics That Businesses Must Know
Vala Afshar
 
PDF
Build Features, Not Apps
Natasha Murashev
 
Wifi Security, or Descending into Depression and Drink
SecurityTube.Net
 
WiFi (In)Security
Mauro Foti
 
Wi Fi Security
n|u - The Open Security Community
 
Wifi Security
Shital Kat
 
Understanding WiFi Security Vulnerabilities and Solutions
AirTight Networks
 
Wireless Fidelity
JAI MCA-STUDENT
 
Wifi Security
Agris Ameriks
 
Wi Fi Security
yousef emami
 
Lecture 11 wifi security
rajakhurram
 
Wi-Fi Evolution
Qualcomm Research
 
802.11ac WIFI Fundamentals
criterion123
 
Wireless security presentation
Muhammad Zia
 
50 Incredible Wi-Fi Tech Statistics That Businesses Must Know
Vala Afshar
 
Build Features, Not Apps
Natasha Murashev
 
Ad

Similar to WiFi Security Explained (20)

PPT
Ron Rivest 4, Information and Network Security
xavege4205
 
PDF
Crack wep-wifi-under100seconds (copied)
Pedro Mateus
 
PPTX
Rc4 Research 2013
Ahmed Yousify
 
PPT
Wepwhacker !
Cricket Match
 
PPTX
Cryptography
SubashiniRathinavel
 
PDF
Computer network (3)
NYversity
 
PPT
Stream ciphers presentation
degarden
 
PPTX
Topic20 The RC4 Algorithm.pptx
UrjaDhabarde
 
PDF
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
IDES Editor
 
PPT
Mobile Security - Wireless hacking
phanleson
 
PDF
Compact High Speed Reconfigurable Hardware Implementation of RC4 Stream Cipher
iosrjce
 
PDF
Informal Presentation on WPA-TKIP
vanhoefm
 
PPTX
Wired equivalent privacy (wep)
akruthi k
 
PPT
Wireless hacking and security
Adel Zalok
 
PPTX
RC4 Algorithm4 information security pptx
badboiOP
 
PPT
Ch06
Joe Christensen
 
PDF
334 recitation3-sdes
Benny SmKr
 
PPT
Wireless security837
mark scott
 
PPTX
Overview on Cryptography and Network Security
Dr. Rupa Ch
 
DOCX
Block Encryption Algorithm Project.docx
UsamaAliLone3
 
Ron Rivest 4, Information and Network Security
xavege4205
 
Crack wep-wifi-under100seconds (copied)
Pedro Mateus
 
Rc4 Research 2013
Ahmed Yousify
 
Wepwhacker !
Cricket Match
 
Cryptography
SubashiniRathinavel
 
Computer network (3)
NYversity
 
Stream ciphers presentation
degarden
 
Topic20 The RC4 Algorithm.pptx
UrjaDhabarde
 
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
IDES Editor
 
Mobile Security - Wireless hacking
phanleson
 
Compact High Speed Reconfigurable Hardware Implementation of RC4 Stream Cipher
iosrjce
 
Informal Presentation on WPA-TKIP
vanhoefm
 
Wired equivalent privacy (wep)
akruthi k
 
Wireless hacking and security
Adel Zalok
 
RC4 Algorithm4 information security pptx
badboiOP
 
Ch06
Joe Christensen
 
334 recitation3-sdes
Benny SmKr
 
Wireless security837
mark scott
 
Overview on Cryptography and Network Security
Dr. Rupa Ch
 
Block Encryption Algorithm Project.docx
UsamaAliLone3
 

More from Somenath Mukhopadhyay (20)

PDF
Significance of private inheritance in C++...
Somenath Mukhopadhyay
 
PDF
Arranging the words of a text lexicographically trie
Somenath Mukhopadhyay
 
PDF
Generic asynchronous HTTP utility for android
Somenath Mukhopadhyay
 
PDF
Copy on write
Somenath Mukhopadhyay
 
PDF
Java concurrency model - The Future Task
Somenath Mukhopadhyay
 
PDF
Memory layout in C++ vis a-vis polymorphism and padding bits
Somenath Mukhopadhyay
 
PDF
Developing an Android REST client to determine POI using asynctask and integr...
Somenath Mukhopadhyay
 
PDF
Observer pattern
Somenath Mukhopadhyay
 
PDF
Uml training
Somenath Mukhopadhyay
 
PDF
How to create your own background for google docs
Somenath Mukhopadhyay
 
PDF
The Designing of a Software System from scratch with the help of OOAD & UML -...
Somenath Mukhopadhyay
 
PDF
Structural Relationship between Content Resolver and Content Provider of Andr...
Somenath Mukhopadhyay
 
PDF
Flow of events during Media Player creation in Android
Somenath Mukhopadhyay
 
PDF
Implementation of a state machine for a longrunning background task in androi...
Somenath Mukhopadhyay
 
PDF
Tackling circular dependency in Java
Somenath Mukhopadhyay
 
PDF
Implementation of composite design pattern in android view and widgets
Somenath Mukhopadhyay
 
PDF
Exception Handling in the C++ Constructor
Somenath Mukhopadhyay
 
PDF
Active object of Symbian in the lights of client server architecture
Somenath Mukhopadhyay
 
PDF
Android services internals
Somenath Mukhopadhyay
 
PDF
Android Asynctask Internals vis-a-vis half-sync half-async design pattern
Somenath Mukhopadhyay
 
Significance of private inheritance in C++...
Somenath Mukhopadhyay
 
Arranging the words of a text lexicographically trie
Somenath Mukhopadhyay
 
Generic asynchronous HTTP utility for android
Somenath Mukhopadhyay
 
Copy on write
Somenath Mukhopadhyay
 
Java concurrency model - The Future Task
Somenath Mukhopadhyay
 
Memory layout in C++ vis a-vis polymorphism and padding bits
Somenath Mukhopadhyay
 
Developing an Android REST client to determine POI using asynctask and integr...
Somenath Mukhopadhyay
 
Observer pattern
Somenath Mukhopadhyay
 
Uml training
Somenath Mukhopadhyay
 
How to create your own background for google docs
Somenath Mukhopadhyay
 
The Designing of a Software System from scratch with the help of OOAD & UML -...
Somenath Mukhopadhyay
 
Structural Relationship between Content Resolver and Content Provider of Andr...
Somenath Mukhopadhyay
 
Flow of events during Media Player creation in Android
Somenath Mukhopadhyay
 
Implementation of a state machine for a longrunning background task in androi...
Somenath Mukhopadhyay
 
Tackling circular dependency in Java
Somenath Mukhopadhyay
 
Implementation of composite design pattern in android view and widgets
Somenath Mukhopadhyay
 
Exception Handling in the C++ Constructor
Somenath Mukhopadhyay
 
Active object of Symbian in the lights of client server architecture
Somenath Mukhopadhyay
 
Android services internals
Somenath Mukhopadhyay
 
Android Asynctask Internals vis-a-vis half-sync half-async design pattern
Somenath Mukhopadhyay
 

Recently uploaded (20)

PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PDF
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PPTX
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PDF
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
TEXTILE technology diploma scope and career opportunities
kriti38
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Five Habits of High-Impact Board Members
OnBoard
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
TEXTILE technology diploma scope and career opportunities
kriti38
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 

WiFi Security Explained

  • 1. WiFi Security Standard Somenath Mukhopadhyay [email_address]
  • 2. Why WiFi Security is needed 802.11 wireless network has no clothes Wireless LANs are broadcasting secrets of enterprises that have spent millions on internet security The insecurity of WLAN has given rise to War-Driving
  • 3. 802.11 Security Two Phases - Authentication & Encryption Open System Authentication(OSA)‏ NIL protection Shared Key Authentication – WEP Authentication
  • 4. OSA and Shared Key Authentication
  • 5. WEP Authentication Frame Format Algorithm Number – 0 OSA, 1 WEP Transaction Sequence – First Message 0, Second Message 1, etc Status Code – Sent in the Final Message – SUCCESS/FAILURE Challenge Text – 128 bit random number sent by the AP
  • 6. WEP Encryption Stream Ciphering – byte wise ciphering RC4 encryption technology
  • 7. RC4 Encryption Technology Two Phases – Initialization and Encryption IV – Initialization Vector – 24 bit value Secret Key - 104 bit value IV changes for every data packet IV is sent along with the packet
  • 11. RC4 algorithm in details Key scheduling algorithm generation using RC4 First step – generating an array with 256 8 bit values Second step – scrambling the array Initialization: For i = 0 ... N - 1 S[i] = i j = 0 Scrambling: For i = 0 ... N - 1 j = j + S[i] + K[i mod l] Swap(S[i], S[j])
  • 12. RC4 algorithm in details Generating the streaming key This part of the algorithm is responsible for creating the streaming values used to encrypt the plaintext Initialization: i = 0 j = 0 Generation Loop: i = i + 1 j = (j + S[i]) mod l Swap(S[i], S[j]) Output z = S[S[i] + S[j]]
  • 13. Example of a simple RC4 using 2 bits RC4 Assumptions I = 0 J = 0 Pass = “6152” Pass length = 4 Index N = 4 Initialization Logic: For i = 0 .... N-1 S[i] = i Next S[0] = 0, S[1] = 1, S[2] = 2, S[3] = 3
  • 14. Example of a simple RC4 using 2 bits RC4 Scrambling Logic: For i = 0 ... N - 1 j = j + S[i] + K[i mod l] Swap(S[i], S[j])‏ Initial values S[0] = 0, S[1] = 1, S[2] = 2, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 i = 0, j = 0, pass(K) = “6152”, pass length(l) = 4, Index(N) = 4
  • 15. Example of a simple RC4 using 2 bits RC4 Equations: j = j + S[i] + K[i mod l] Swap(S[i], S[j]) j=(0 + S[0] + K[0]) mod 4 j=(0+0+6) mod 4 j=6 mod 4 j=2 Swap (S[0] , S[2]) S[0]=0 , S[2]=2 => S[0]=2 , S[2]=0
  • 16. Example of a simple RC4 using 2 bits RC4 Calculation for the second loop Initial values before the iteration S[0] = 2, S[1] = 1, S[2] = 0, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 1, j = 2 Equations: j = j + S[i] + K[i mod l] =>j = (2+S[1]+k[1]) mod 4 = (2+1+1)mod 4 = 0 Swap(S[i], S[j]) =>Swap(S[1],S[0]) =>S[0] =1 & S[1] = 2
  • 17. Example of a simple RC4 using 2 bits RC4 After second loop the values are S[0] = 1, s[1] = 2, S[2] = 0, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 2 , j = 0
  • 18. Example of a simple RC4 using 2 bits RC4 Calculation for the third loop Initial values before the loop starts S[0] = 1, s[1] = 2, S[2] = 0, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 2 , j = 0 Equation j = j + S[i] + K[i mod l] =>j = (0+S[2]+k[2]) mod 4 = (0+0+5)mod 4 = 1 Swap(S[i], S[j]) =>Swap(S[2],S[1]) =>S[1] =0 & S[2] = 2
  • 19. Example of a simple RC4 using 2 bits RC4 Final values after third loop S[0] = 1, s[1] = 0, S[2] =2, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 3 , j = 1
  • 20. Example of a simple RC4 using 2 bits RC4 Calculation for the fourth loop Initial values before the loop starts S[0] = 1, s[1] = 0, S[2] =2, S[3] = 3 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 3 , j = 1 Equation j = j + S[i] + K[i mod l] =>j = (1+S[3]+k[3]) mod 4 = (1+3+2)mod 4 = 2 Swap(S[i], S[j]) =>Swap(S[3],S[2]) =>S[2] =3 & S[3] = 2
  • 21. Example of a simple RC4 using 2 bits RC4 Final values after fourth loop (final loop)‏ S[0] = 1, s[1] = 0, S[2] =3, S[3] = 2 K[0] = 6, K[1] = 1, K[2] = 5, K[3] = 2 pass length (l) = 4, Index(N) = 4, i = 4 , j = 2
  • 22. Example of a simple RC4 using 2 bits RC4 Logic of PRGA i = 0 j = 0 Generation Loop: i = i + 1 j = (j + S[i]) mod l Swap(S[i], S[j]) Output z = S[S[i] + S[j]] After first loop i=0+1=1 j=(0+S[1])mod 4=(0+0)mod 4=0 Swap (S[1] , S[0]) S[1]=0 , S[0]=1 ==> S[1]=1 , S[0]=0 z1=S[S[1]+S[0]]=S[0+1]=S[1]=1 Z1=0000 0001
  • 23. Example of a simple RC4 using 2 bits RC4 Similarly z2 = 0000 0001 Assume the plaintext to be “HI” After Xoring the plaintext with the RC4 keystream we get H(0100 1000) XOR Z1(0000 0001) = 0100 1001 ==> I and I(0100 1001) XOR Z2(0000 0001) = 0100 1000 ==>H After RC4 “HI” becomes “IH”
  • 24. RC4 Encryption Technology Integrity Checksum – Calculated on the message M to yield the plaintext P = <M,c(M)> Encryption - RC4 stream cipher with secret key k Initialization vector iv Keystrem is generated based on iv & k (RC4(iv,k))‏ Ciphertext C = P XOR RC4(iv,k)‏
  • 25. Weakness of WEP Key should not be reused One Way Authentication No key management protocol
  • 26. Weakness of WEP Key should not at all be reused C = KI XOR P Intruder can get C and if he knows part of P he can obtain KI (as KI = P XOR C)‏ Next time any packet encrypted with this KI can easily be decrypted.
  • 27. Weakness of WEP For a 11 mbps base station the key has to be reused in approximately 5 hrs. There is 50% chance that a key will be reused after every 4823 packets Moreover, the specification has made the changing of IV value with each packet as optional
  • 28. Weakness of WEP Pre-Shared Key – the absence of any key management protocol It requires manual key configuration in all the mobile devices that want to communicate with the AP
  • 29. Weakness of WEP One way authentication The AP does not authenticate itself to the mobile device A rouge node imitating as the AP can have access to everything the mobile device sends
  • 30. 802.11i Goals Develop 802.11i through a process open to all Anyone must be able to implement the entire standard or any part of it – no secret algorithm Market driven feature development Addresses all perceived security problems of WEP Deliver as rapidly as possible
  • 31. 802.11i Facilities Authentication TKIP AES-CCMP Discovery & Negotiation Key Management
  • 32. External components used by 802.11i 802.1x – an external standard used to provide an authentication framework, coordinate authentication and key management 802.1x Authenticator/Supplicant – local protocol entity to coordinate authentication and and key management with remote entity Authentication server(AS) – a logical construction that centralizes authentication and access control decision making
  • 33. Operating an 802.11i Link Data protection: TKIP and CCMP Authentication 802.11i key management Session Key distribution Security capabilities discovery Authentication Server Access Point Station Security negotiation
  • 35. TKIP Identification and Goals TKIP: T emporal K ey I ntegrity P rotocol Deploy as a software patch in already deployed equipment Short term only, to permit migration from existing equipment to more capable equipment without violating security constraints Patch old equipment from WEP to TKIP first Interoperate between patched and unpatched first generation equipment until all have been patched Finally deploy new equipment Security Goals: Address all known WEP problems Prevent Frame Forgeries Prevent Replay Correct WEP’s mis-use of encryption Never reuse keys
  • 36. TKIP Overview TKIP: T emporal K ey I ntegrity P rotocol Features New Message Integrity Code (MIC) called Michael to prevent tampering that can be implemented on a low-power microprocessor Supplement Michael with Counter-measures, to increase forgery deterrence Increase the size of IV to avoid ever reusing the same IV Change the encryption key for every frame Under WEP it was infeasible to detect when you were under attack
  • 37. Message Integrity The simplest method is to create a “checksum” by adding all the bytes of the message together Send this checksum along with the message The receiver will recalculate this checksum from the received msg and then test it against the checksum value sent with the message.
  • 38. Message Integrity Attacker can recompute the checksum after he makes any changes in the message Idea is to generate a checksum after combining together all the bytes and producing MIC MIC is produced using a special nonreversible process and combining a secret key Attacker cannot produce the MIC unless he knows the secret key
  • 39. Message Integrity There are several well tested methods to produce the MIC However, for a small microprocessor these methods are not feasible One solution for TKIP is Michael
  • 40. IV Length WEP uses 24 bit IV TKIP has added 32 more bits Total = 24 + 32 = 56 Practically 48 bits are used
  • 41. Per Packet Key Mixing It solves few things The value of the key used for RC4 encryption is different for every IV value 24 bit “old” IV value and 104 bit secret key
  • 42. WPA2-AES-CCMP AES- CCMP is the strongest security in 802.11i AES stands for Advanced Encryption Standard CCMP stands for Counter Mode – CBC MAC Protocol TKIP was designed to accommodate the older hardware AES-CCMP was designed from ground up. Requires new hardware
  • 43. WPA2-AES-CCMP Security goals – addresses all known WEP problems Prevent frame forgeries Prevent Replay No key reuse
  • 44. AES Encryption process The encryption process uses a set of specially derived keys called round keys These are applied, along with other operations, on an array of data, that exactly holds one block of data, called state array
  • 45. AES Encryption process Following are the steps to encrypt a block of data Derive the set of round keys from cipher key Initialize the state array with block data (plaintext)‏ Add the initial round key to the starting state array Perform nine rounds of state manipulation Perform the 10 th /final round of state manipulation Copy the final state array out as the encrypted data
  • 46. AES Encryption Process The 128 bit block of data is stored in a two dimensional (4 x 4) array as shown below D0 D4 D8 D12 D1 D5 D9 D13 D2 D6 D10 D14 D3 D7 D11 D15
  • 47. Derivation of the Round Keys Cipher key is 128 bit long We derive eleven 128 bit round keys ( Rkey0 to Rkey10) from this cipher key These keys can be represented as follows 32 bits 32 bits 32 bits 32 bits Rkey0 W0 W1 W2 W3 Rkey1 W0 W1 W2 W3 Rkey2 W0 W1 W2 W3 Rkey3 W0 W1 W2 W3 Rkey4 W0 W1 W2 W3 Rkey5 W0 W1 W2 W3 Rkey6 W0 W1 W2 W3 Rkey7 W0 W1 W2 W3 Rkey8 W0 W1 W2 W3 Rkey9 W0 W1 W2 W3 Rkey10 W0 W1 W2 W3
  • 48. Derivation of the Round keys To start with the Round keys Rkey0 is simply the cipher key For each of the round keys Rkey1 to Rkey10 words W1, W2 and W3 are computed as the XOR of the previous word in the same row and the same word of the previous row For example: Rkey5:W1 = Rkey5:W0 XOR Rkey4:W1 Rkey8:W3 = Rkey8:W2 XOR Rkey7:W3
  • 49. Derivation of the Round Keys The calculation of W0 for each key is the Xor of three 32 bit values The value of W0 from the previous row The value of W3 from the previous row rotated by 8 bits A special value from a table called Rcon Thus we write Rkey(i):W0 = Rkey(i-1):W0 XOR Rkey(i- 1):W3>>>8 XOR RCon(i)‏
  • 50. Derivation of the Round Keys The values of Rcon(i) are as follows: i Rcon(i)‏ 1 2 2 4 3 8 4 16 5 32 6 64 7 128 8 27 9 54 10 108
  • 51. AES Encryption Process Total 10 rounds of operation are performed to alter the state array These rounds involve four types of operations SubBytes ShiftRows MixColumns XorRoundKeys
  • 52. AES Encryption Process All of these four operations are applied in the order mentioned in the first nine rounds In the 10 th round Mix Columns round is mot performed
  • 53. AES Encryption Process- SubBytes SubBytes Operation Create a substitution table of total 16 bytes using a mathematical formula Substitute each byte from the state table by the value from the substitution table Original values can be restored in the reverse operation Substitution table is stored in memory as part of the design
  • 54. AES Encryption Process-ShiftRows Each row is rotated to right by a certain number of bytes 1 st Row is rotated by 0 bytes 2 nd Row is rotated by 1 byte 3 rd Row is rotated by 2 bytes 4 th Row is rotated by 3 bytes
  • 55. AES Encryption Process - MixColumn The columns are changed according to the following formula Left hand side is the new column produced
  • 56. AES Encryption Process - XOrRoundKey In this operation the round keys are Xor-ed with the existing state array This is done once before the beginning of the rounds and then once for each round
  • 57. AES Decryption Process Initial decryption round XorRoundKey InvShiftRows InvSubBytes Nine Full Decryption rounds XorRoundKey InvMixColumn InvShiftRows InvSubBytes Perform final XorRoundKey
  • 58. CCMP CCMP works on MPDU MPDU consists of MAC header and unencrypted data First we construct the CCMP header Then MIC is calculated The combination of Data and MIC is encrypted using AES The MAC header and the CCMP header are added in the beginning of the encrypted data The block is then transmitted
  • 59. Conclusion Large number of Wi-Fi systems have been deployed using RC4 algorithm WPA-TKIP was introduced to upgrade the existing system without changing the hardware However, for better security implemented from ground up, we need AES-CCMP
  • 60. Not Covered This presentation has not covered the different authentication methods used in Wi-Fi. These include EAP, PEAP, EAP-TLS, EAP-TTLS and EAP-SIM