Академический Документы
Профессиональный Документы
Культура Документы
Submission
Slide 1
May 2001
Goals
To (briefly) summarize security weaknesses discovered in WEP v1.0 To analyze security vulnerabilities of WEP2 To recommend potential improvements
Submission
Slide 2
May 2001
May 2001
Denial of service
Disassociate, reassociate messages not authenticated
Dictionary attack
Possible where WEP keys derived from passwords
Submission
Slide 4
May 2001
WEP2
Increases size of IV space to 128 bits Key may be changed periodically via IEEE 802.1X reauthentication to avoid staleness No keyed MIC No authentication for reassociate, disassociate No IV replay protection Use of Kerberos for authentication within IEEE 802.1X
Submission
Slide 5
May 2001
Dictionary attack
New vulnerabilities introduced by mandatory KerberosV authentication
Realtime decryption
Much more difficult due to larger IV
2^128 * 1500 octets = 5.1E32 GB
Submission Slide 6 Bernard Aboba, Microsoft
May 2001
Scenario
Attacker snoops AS_REQ/AS_REP exchange, recovers passwords offline In popular 802.11 networks (hot spots), may be possible to collect many such exchanges in a single attempt
Vulnerabilities
PADATA or TGT encrypted with client Key derived from password via STRING-TO-KEY(P)
Submission
Slide 7
May 2001
Solutions
Machine versus user authentication
Machine keys typically have full entropy
Submission
Slide 8
May 2001
Proposal
Add an authenticator to reassociate and disassociate messages Replay counter, HMAC-SHA1 (replay counter || SourceMAC || destMAC || transmit key) On disassociate: ignore if HMAC is not valid On reassociate: validate authenticator via move-request to old AP; if invalid, old AP ignores move-request
Beacon security
Currently, beacon messages are not authenticated Enables station to roam to a rogue AP Proposal: validate beacon before reassociating
Replay Counter, HMAC-SHA1 (replay counter || sourceMAC || multicast key) Any station can forge this, but better than nothing
Submission
Slide 9
May 2001
w/fix
Submission
Slide 10
May 2001
Conclusions
WEP2 not significantly more secure than WEPv1.0
Small IV only part of the problem; absence of a keyed MIC remains a major deficiency Denial of service attacks not addressed WEP2 should not be treated as a significant security enhancement (should state this explicitly in security considerations section)
Submission
Slide 11
May 2001
Recommendations
Examine feasibility of adding keyed MIC to WEP2 Without keyed MIC, downplay security value of WEP2
Make this clear up front
Submission
Slide 12