Your 802.11 Wireless Network has No Clothes*

William A. Arbaugh, Narendar ShankarY.C. Justin Wan

University of Maryland

• Presentation by Eddy Purnomo,

email: epur008@ec.auckland.ac.nz

Outline

Introduction overview of the 802.11 802.11 Standard Security Mechanisms Shared Key Authentication Flaw Conclusion Question

Introduction 802.11 standard provides only limited support for

confidentially. 802.11 has many security issues such as key

management and robust authentication mechanism Deployment of a wireless network opens a “back door”

into the internal network. Use of encryption prevents an adversary from gaining

immediate access, but the weaknesses found in WEP will provides such access.

802.11 wireless standard

Ad-hoc network Infrastructure networkIndependent Basic Service Set (IBSS) Basic Service Set (BSS)

802.11 wireless standard(cont) wireless clients and access points must

establish a relationship, or an association Only after an association is established can the

two wireless stations exchange data. The association process is a two step process

involving – 1. Unauthenticated and unassociated,– 2. Authenticated and unassociated, and– 3. Authenticated and associated

Transition between the states, the communicating parties exchange messages called management frames.

802.11 Standard Security Mechanisms Wired Equivalent Privacy protocol(WEP)

– provide confidentiality for network traffic using the wireless protocol.

Open System Authentication– Authenticates anyone who requests authentication

Access Control Lists– Each access point can limit the clients of the network

to those using a listed MAC address. Key Management

– window of four keys

– key mappings table

Shared key Authentication

1. Share key

3. Challenge text

2. Authenticate requestAuthentication request management frame

Authentication management frame

WEP pseudo-random number generator +Shared secret & random initialization vector(IV)

4. Challenge text copy into management frame

Encrypted with WEP using ‘shared secret’ And new IV

5. Encrypted management frame

6. Decrypts andAnd verify.

Match Challenge text

OK!

Shared Key Authentication Flaw Fixed structure protocol By capturing the 2nd & 3rd management

message:• Authentication management frame• Encrypted management frame

Attacker can derive pseudo-random streamand use it to authenticate.

Conclusion

These paper demonstrates serious flaws in the security mechanisms used by the vast majority of access points supporting the IEEE 802.11 wireless standard

ALL of the deployed 802.11 wireless networks are at risk.

Question: Are there any such thing as a perfect security in wireless communication?