Crypto U12, WLAN

jjanesko
Mind Map by , created over 6 years ago

IYM002 (Unit 12 - Crypto Systems) Mind Map on Crypto U12, WLAN, created by jjanesko on 04/28/2013.

75
10
0
Tags
jjanesko
Created by jjanesko over 6 years ago
Crypto U1, Basic Principles
jjanesko
Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
jjanesko
Crypto U3, Theoretical vs. Practical Security
jjanesko
Know the principles of electricity
brightsparky79
Acids, Bases and Salts
asramanathan
Crypto U12, SSL
jjanesko
Crypto U12 (part 2), crypto for mobile telecom
jjanesko
Crypto U12 (part 1), crypto for mobile telecom
jjanesko
Crypto U12 GSM,UTMS Hierarchy Diagram
jjanesko
Crypto U4, Block Cipher, Cipher Feedback Mode (CFB)
jjanesko
Crypto U12, WLAN
1 background
1.1 3 standards
1.1.1 WEP
1.1.1.1 original standard
1.1.1.2 wired equivalent privacy
1.1.1.3 designed to provide security at data link layer
1.1.1.4 replaced by WPA
1.1.2 WPA
1.1.2.1 designed as stop gap for WEP insecurity
1.1.2.2 WiFi Protected Access
1.1.2.3 2002
1.1.2.4 designed to work with legacy hardware
1.1.3 WPA2
1.1.3.1 IEEE 802.11
1.1.3.2 2004
2 design
2.1 originally designed to provide security equivalent as a cabled network and no more
2.2 support open standards to assure support for all connecting devices
2.3 does not need to be as flexible as SSL so fewer supported algorithms can be selected
2.4 symmetric crypto used
2.4.1 because speed is desired
2.4.2 because it is a closed environment and easier to control
2.5 only as flexible as needed, but not more
2.6 need to be able to provide quick updates
3 security requirements
3.1 confidentiality
3.2 mutual entity authenticaton
3.3 data origin authentication
4 WPA
4.1 differences from WEP
4.1.1 uses stronger authntication and key establishment
4.1.1.1 key hierarchy used
4.1.1.1.1 uses master key, key ecrypting keys and data keys
4.1.1.2 mutual entity authentication
4.1.1.3 mutual data origin authentication
4.1.1.4 mutual key establishment
4.1.1.5 key confidentiality
4.1.1.6 key freshness
4.1.1.7 mutual key confirmation
4.1.1.8 unbiased control
4.1.1.9 2 methods to establish Pre-Master-Key (PMK)
4.1.1.9.1 Extensible Authentication Protocol (EAP)
4.1.1.9.2 Established as a preshared key
4.2 WPA
4.2.1 uses Rc4
4.2.2 mixes data encrypting key with IV (rather than appending)
4.2.3 for each package, a new IV sent
4.3 WPA2
4.3.1 uses AES
4.3.2 provides confidentiality and data origin authentication with CCMP
4.3.2.1 CBC - MAC protocol
4.3.2.1.1 1. create MAC using CBC
4.3.2.1.2 2. encrypt using counter mode
5 WEP
5.1 implementation
5.1.1 RC4 Stream Cipher
5.1.1.1 40 bit key
5.1.1.2 stream cipher desirable since transmission prone to errors
5.1.1.3 @ the time, cipher was well respected
5.1.2 CRC checksum for integrity
5.1.3 simple challenge and response for authentication
5.1.4 use shared, fixed symmetric key for each WLAN
5.1.4.1 If one device on network compromised, they are all compromised.
5.1.5 RC4 required synchronization
5.1.5.1 this means each packet must be encrypted separately, so this runs the risk of keystream being used repeatedly
5.1.5.1.1 to provide variation, used an initialization vecor of 24 bits and appends it to key
5.1.5.1.1.1 PROBLEM: RC4 does not originally support initialization vectors
5.2 security issues and design flaws
5.2.1 single, shared key is a single point of failure
5.2.2 since WEP key is used for every encryption, it is continuously exposed
5.2.3 abuses principle of key separation
5.2.4 key length not future proof (40 bits)
5.2.5 nonstandard use of crypto algorithm
5.2.6 lack of origin authentication
5.2.7 weak entity authentication mechanism
5.3 attacks
5.3.1 man-in-the-middle
5.3.1.1 because only supports unilateral entity auth (Alice to access point)
5.3.2 replay attack
5.3.3 CRC manipulation attack
5.3.4 birthday attack on IVs
5.3.5 key recovery attack

Media attachments