Crypto U12, WLAN

Mind Map by , created over 6 years ago

IYM002 (Unit 12 - Crypto Systems) Mind Map on Crypto U12, WLAN, created by jjanesko on 04/28/2013.

Created by jjanesko over 6 years ago
Crypto U1, Basic Principles
Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
Crypto U3, Theoretical vs. Practical Security
Know the principles of electricity
Acids, Bases and Salts
Crypto U12, SSL
Crypto U12 (part 2), crypto for mobile telecom
Crypto U12 (part 1), crypto for mobile telecom
Crypto U12 GSM,UTMS Hierarchy Diagram
Crypto U4, Block Cipher, Cipher Feedback Mode (CFB)
Crypto U12, WLAN
1 background
1.1 3 standards
1.1.1 WEP original standard wired equivalent privacy designed to provide security at data link layer replaced by WPA
1.1.2 WPA designed as stop gap for WEP insecurity WiFi Protected Access 2002 designed to work with legacy hardware
1.1.3 WPA2 IEEE 802.11 2004
2 design
2.1 originally designed to provide security equivalent as a cabled network and no more
2.2 support open standards to assure support for all connecting devices
2.3 does not need to be as flexible as SSL so fewer supported algorithms can be selected
2.4 symmetric crypto used
2.4.1 because speed is desired
2.4.2 because it is a closed environment and easier to control
2.5 only as flexible as needed, but not more
2.6 need to be able to provide quick updates
3 security requirements
3.1 confidentiality
3.2 mutual entity authenticaton
3.3 data origin authentication
4.1 differences from WEP
4.1.1 uses stronger authntication and key establishment key hierarchy used uses master key, key ecrypting keys and data keys mutual entity authentication mutual data origin authentication mutual key establishment key confidentiality key freshness mutual key confirmation unbiased control 2 methods to establish Pre-Master-Key (PMK) Extensible Authentication Protocol (EAP) Established as a preshared key
4.2 WPA
4.2.1 uses Rc4
4.2.2 mixes data encrypting key with IV (rather than appending)
4.2.3 for each package, a new IV sent
4.3 WPA2
4.3.1 uses AES
4.3.2 provides confidentiality and data origin authentication with CCMP CBC - MAC protocol 1. create MAC using CBC 2. encrypt using counter mode
5.1 implementation
5.1.1 RC4 Stream Cipher 40 bit key stream cipher desirable since transmission prone to errors @ the time, cipher was well respected
5.1.2 CRC checksum for integrity
5.1.3 simple challenge and response for authentication
5.1.4 use shared, fixed symmetric key for each WLAN If one device on network compromised, they are all compromised.
5.1.5 RC4 required synchronization this means each packet must be encrypted separately, so this runs the risk of keystream being used repeatedly to provide variation, used an initialization vecor of 24 bits and appends it to key PROBLEM: RC4 does not originally support initialization vectors
5.2 security issues and design flaws
5.2.1 single, shared key is a single point of failure
5.2.2 since WEP key is used for every encryption, it is continuously exposed
5.2.3 abuses principle of key separation
5.2.4 key length not future proof (40 bits)
5.2.5 nonstandard use of crypto algorithm
5.2.6 lack of origin authentication
5.2.7 weak entity authentication mechanism
5.3 attacks
5.3.1 man-in-the-middle because only supports unilateral entity auth (Alice to access point)
5.3.2 replay attack
5.3.3 CRC manipulation attack
5.3.4 birthday attack on IVs
5.3.5 key recovery attack

Media attachments