cisc 210 - class today
DESCRIPTION
CISC 210 - Class Today. Wireless LANs - recap Link Encryption – book style Link encryption – LAN style WEP WPA. 802 Protocol in general. Traditionally evolved from Ethernet Unreliable ( unACKed , unchecksummed ) Broadcast between nearby stations As fast and cheap as possible - PowerPoint PPT PresentationTRANSCRIPT
March 2005 1R. Smith - University of St Thomas - Minnesota
CISC 210 - Class Today CISC 210 - Class Today
• Wireless LANs - recapWireless LANs - recap• Link Encryption – book styleLink Encryption – book style• Link encryption – LAN styleLink encryption – LAN style• WEPWEP• WPAWPA
March 2005 2R. Smith - University of St Thomas - Minnesota
802 Protocol in general802 Protocol in general
• Traditionally evolved from EthernetTraditionally evolved from Ethernet– Unreliable (unACKed, unchecksummed)Unreliable (unACKed, unchecksummed)– Broadcast between nearby stationsBroadcast between nearby stations– As fast and cheap as possibleAs fast and cheap as possible
• Ethernet: CSMA/CDEthernet: CSMA/CD– Detect ‘free’ channel; detect collisionsDetect ‘free’ channel; detect collisions– Exponential backoffExponential backoff
• Wireless (802.11): CSMA/CAWireless (802.11): CSMA/CA– All stations can’t always hear each other; CD isn’t practicalAll stations can’t always hear each other; CD isn’t practical– Wireless is noisier than Ethernet; more dropped packetsWireless is noisier than Ethernet; more dropped packets– Impractical to completely ignore reliability Impractical to completely ignore reliability
March 2005 3R. Smith - University of St Thomas - Minnesota
802.11 Protocol802.11 Protocol
• Virtual Carrier SenseVirtual Carrier Sense– Send “RTS” to ask for permission to sendSend “RTS” to ask for permission to send
• Gives source, destination, and duration of “real” Gives source, destination, and duration of “real” transmissiontransmission
– If no other traffic, recipient sends back CTSIf no other traffic, recipient sends back CTS– Then sender sends the actual dataThen sender sends the actual data– Recipient sends an ACKRecipient sends an ACK
• Collisions most likely during RTSCollisions most likely during RTS– They’re very short messages, reduce collision riskThey’re very short messages, reduce collision risk– Other stations see the RTS/CTS, wait to transmit till doneOther stations see the RTS/CTS, wait to transmit till done
• Packets are smaller on 802.11 than EthernetPackets are smaller on 802.11 than Ethernet– Big packets are more likely to be corrupted by noiseBig packets are more likely to be corrupted by noise
March 2005 4R. Smith - University of St Thomas - Minnesota
Hooking UpHooking Up
• Base StationsBase Stations– May serve as ‘Access Point’ (AP) - Provide a link to a May serve as ‘Access Point’ (AP) - Provide a link to a
‘backbone’ – i.e. Internet access‘backbone’ – i.e. Internet access
• ““Service Sets”Service Sets”– ““Basic Service Set” (BSS) – Environment where everyone is Basic Service Set” (BSS) – Environment where everyone is
within range of a single base stationwithin range of a single base station– ““Extended Service Set” (ESS) – where two or more base Extended Service Set” (ESS) – where two or more base
stations are connected via a common backbone to provide stations are connected via a common backbone to provide more coverage (I do this at home)more coverage (I do this at home)
• Service Set ID (“SSID”)Service Set ID (“SSID”)– That magic text string that pops up from a base station and That magic text string that pops up from a base station and
identifies the service set you’re in (default ‘linksys’ on many)identifies the service set you’re in (default ‘linksys’ on many)
Link Encryption ObjectivesLink Encryption Objectives
• Confidentiality on isolated set of computersConfidentiality on isolated set of computers– Computers only talk to one anotherComputers only talk to one another– They do not talk to other computersThey do not talk to other computers
• No communication with outsidersNo communication with outsiders– Avoid both intentional and accidental data disclosureAvoid both intentional and accidental data disclosure
• Hide traffic as much as possibleHide traffic as much as possible– Don’t disclose traffic patterns; don’t disclose dataDon’t disclose traffic patterns; don’t disclose data
• Safety and familiarity paramountSafety and familiarity paramount– Shouldn’t interfere with computer or network operationShouldn’t interfere with computer or network operation– Should always work with minimum of fussShould always work with minimum of fuss– Extra cost is acceptableExtra cost is acceptable
March 2005 5R. Smith - University of St Thomas - Minnesota
March 2005 6R. Smith - University of St Thomas - Minnesota
Link Level encryption: properties/featuresLink Level encryption: properties/features
• Red/Black separationRed/Black separation– Everything that goes out is encryptedEverything that goes out is encrypted– Everything inside is cleartextEverything inside is cleartext
• Good algorithm; good keysGood algorithm; good keys– A problem with older wireless (we’ll see later)A problem with older wireless (we’ll see later)– Good keys = over 100 bitsGood keys = over 100 bits– Good algorithm = AES, maybe triple DES (slower)Good algorithm = AES, maybe triple DES (slower)
• Protect against replay & rewrite attacksProtect against replay & rewrite attacks– Duplicates must be detectable: packet serial numbers, etc.Duplicates must be detectable: packet serial numbers, etc.– Cryptographic checksum that outsiders can’t forgeCryptographic checksum that outsiders can’t forge– Good stream cipher or block modeGood stream cipher or block mode– Random data to confound “known plaintext” attacksRandom data to confound “known plaintext” attacks
Routing and LAN EncryptionRouting and LAN Encryption
• Point to Point EncryptionPoint to Point Encryption– Kind of a dead horse todayKind of a dead horse today
• Everyone uses multipoint LANs, like EthernetEveryone uses multipoint LANs, like Ethernet
• Is Is everythingeverything encrypted that goes out? encrypted that goes out?– What about MAC addresses?What about MAC addresses?– If we need an address it If we need an address it mustmust be in plaintext be in plaintext
• A wireless routerA wireless router– All All datadata on the wireless is encrypted on the wireless is encrypted
• Including IP addressesIncluding IP addresses– We strip off the wireless encryption when it leaves the wireless We strip off the wireless encryption when it leaves the wireless
LANLAN
March 2005 7R. Smith - University of St Thomas - Minnesota
Wireless CryptoWireless Crypto
• WEP, WPA – what do they encrypt?WEP, WPA – what do they encrypt?• What objectives do we achieve?What objectives do we achieve?
• Link Encryption ObjectivesLink Encryption Objectives– Confidentiality on isolated set of computersConfidentiality on isolated set of computers– No communication with outsidersNo communication with outsiders– Hide traffic as much as possibleHide traffic as much as possible– Safety and familiarity paramountSafety and familiarity paramount
March 2005 8R. Smith - University of St Thomas - Minnesota
WEP versionsWEP versions
• ““Wired Equivalent Privacy”Wired Equivalent Privacy”– Describes the hope, not the achievementDescribes the hope, not the achievement
• Shared key encryption protocolShared key encryption protocol– 64-bit keys (original WEP)64-bit keys (original WEP)– 128-bit keys (WEP 2)128-bit keys (WEP 2)– Uses RC-4 stream cipher (hard to use safely)Uses RC-4 stream cipher (hard to use safely)
• Poorly constructed encryptionPoorly constructed encryption– 64-bit keys broken in 40-bit time64-bit keys broken in 40-bit time– 128-bit keys broken in 64-bit time128-bit keys broken in 64-bit time
March 2005 9R. Smith - University of St Thomas - Minnesota
March 2005 10R. Smith - University of St Thomas - Minnesota
WEP CryptoWEP Crypto
• WEP Encryption (diagram)WEP Encryption (diagram)– Pick an IV (Initialization Vector, Nonce), 24 bitsPick an IV (Initialization Vector, Nonce), 24 bits– Concatenate to ‘root key’ -> k | IVConcatenate to ‘root key’ -> k | IV
• This is the packet key (up to 128 bits)This is the packet key (up to 128 bits)– Calculate CRC32 over the data (the “ICV”)Calculate CRC32 over the data (the “ICV”)– Encrypt data and ICV using the packet keyEncrypt data and ICV using the packet key– Transmit IV and encrypted dataTransmit IV and encrypted data
WEP WeaknessesWEP Weaknesses
• ICV only protects against random errorsICV only protects against random errors– Possible to modify a packet's contents and CRC without Possible to modify a packet's contents and CRC without
knowing the crypto key (think of the bit flip example)knowing the crypto key (think of the bit flip example)
• ““Related Key” attacksRelated Key” attacks– Attacker knows part but not all of the keyAttacker knows part but not all of the key– Algorithm is vulnerable ifAlgorithm is vulnerable if
• Knowing info about crypto with one key…Knowing info about crypto with one key…• Yields info about encryption with a “similar” keyYields info about encryption with a “similar” key
– RC-4 is vulnerable.RC-4 is vulnerable.– Lots of ‘crib’ available (ARP)Lots of ‘crib’ available (ARP)
• ““Chop chop” attackChop chop” attack– Intercept and retransmit a packetIntercept and retransmit a packet
• Change the last byte of data through trial and errorChange the last byte of data through trial and error
March 2005 11R. Smith - University of St Thomas - Minnesota
March 2005 12R. Smith - University of St Thomas - Minnesota
WPAWPA
• WPA – a stopgap to replace WEP ASAPWPA – a stopgap to replace WEP ASAP– 128-bit keys using RC-4128-bit keys using RC-4
• Used existing hardwareUsed existing hardware• Better integrity protection – MIC using ‘Michael’Better integrity protection – MIC using ‘Michael’• Still uses ICV function as wellStill uses ICV function as well• Larger effective keysLarger effective keys
– TKIP TKIP • Similar to WEP, but ‘mixes’ the IV and keySimilar to WEP, but ‘mixes’ the IV and key
WPA2 – WPA2 –
• Implements 802.11i enhancementsImplements 802.11i enhancements– Use AES instead of RC-4Use AES instead of RC-4– Permanent keys to authenticate; temporary for dataPermanent keys to authenticate; temporary for data– Can use RADIUS authentication serverCan use RADIUS authentication server
• Counter Mode with CBC MACCounter Mode with CBC MAC– Integrates encryption, integrity checking, and key variationIntegrates encryption, integrity checking, and key variation
• Key update protocolKey update protocol– Each packet has a unique keyEach packet has a unique key– Derived from packet serial #, shared secret, MAC addrDerived from packet serial #, shared secret, MAC addr
March 2005 13R. Smith - University of St Thomas - Minnesota
Projects
• Find a project and get started!• The ‘final date due’ for your proposal is LATE
Escrowed EncryptionEscrowed Encryption
March 2005 15R. Smith - University of St Thomas - Minnesota
• Obsolete but interesting technologyObsolete but interesting technology– Security implications?Security implications?– Political implications?Political implications?
• All packets include LEAFAll packets include LEAF– Encrypted with a special shared secret key. ContainsEncrypted with a special shared secret key. Contains
• Device IDDevice ID• Session key used to encrypt this messageSession key used to encrypt this message• Checksum on the LEAFChecksum on the LEAF
– There’s a special decryption systemThere’s a special decryption system• Has a database of DeviceID/Decryption keyHas a database of DeviceID/Decryption key
Protocols and LayersProtocols and Layers
• We use layering for several thingsWe use layering for several things– Organize the softwareOrganize the software– Format the packetsFormat the packets
• What it What it reallyreally does: does:
Establish a relationship between software Establish a relationship between software components on different computerscomponents on different computers
– Layers communicate with each other at same layerLayers communicate with each other at same layer• IP – IP or TCP – TCP or HTTP – HTTP IP – IP or TCP – TCP or HTTP – HTTP
– They ‘use’ the lower layers to carry their messagesThey ‘use’ the lower layers to carry their messages
March 2005 16R. Smith - University of St Thomas - Minnesota
Protocol Layering ExamplesProtocol Layering Examples
• Network class – Network class – bear with mebear with me
• Pizza delivery Pizza delivery exampleexample– How do we order How do we order
pizza at a party?pizza at a party?
March 2005 17R. Smith - University of St Thomas - Minnesota
Network Protocol LayeringNetwork Protocol Layering
Usually a ‘funnel’ shapeUsually a ‘funnel’ shape• Top level = ApplicationsTop level = Applications
– Lots of choices: e-mail, web, file exchange,Lots of choices: e-mail, web, file exchange,– Uses ‘socket interface’ to talk to networksUses ‘socket interface’ to talk to networks
• Mid levels = “The Protocol Stack”Mid levels = “The Protocol Stack”– Transport layer: UDP/TCPTransport layer: UDP/TCP– Internet layer: IPInternet layer: IP– Link layer: LAN protocolsLink layer: LAN protocols
• Bottom level = device driver connectionsBottom level = device driver connections– Hardware-specific software, configurationHardware-specific software, configuration– Uses device driver interface to link to the protocol stackUses device driver interface to link to the protocol stack– Uses a cable or antenna to link to the networkUses a cable or antenna to link to the network
March 2005 18R. Smith - University of St Thomas - Minnesota
Packets follow the layersPackets follow the layers
• Upper layer data = innermoustUpper layer data = innermoust• Lower layer data = outermostLower layer data = outermost
• Innermost data usually travels the network Innermost data usually travels the network unchangedunchanged
• Outermost data gets swapped with each hop Outermost data gets swapped with each hop through a routerthrough a router
March 2005 19R. Smith - University of St Thomas - Minnesota
March 2005 20R. Smith - University of St Thomas - Minnesota
Diagramming the CryptoDiagramming the Crypto
• ElementsElements– Protocol stack elementsProtocol stack elements– Where the crypto goesWhere the crypto goes– What is encryptedWhat is encrypted– What is plaintextWhat is plaintext
March 2005 21R. Smith - University of St Thomas - Minnesota
That’s itThat’s it
• Questions?Questions?
Creative Commons LicenseCreative Commons License
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit States License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.