the final nail in wep s coffin
play

The Final Nail in WEPs Coffin Andrea Bittau 1 Mark Handley 1 Joshua - PowerPoint PPT Presentation

Dec 08, 2022 •276 likes •587 views

Introduction Fragmentation Attack Implementation Conclusion 1/19 The Final Nail in WEPs Coffin Andrea Bittau 1 Mark Handley 1 Joshua Lackey 2 May 24, 2006 1 University College London. 2 Microsoft. Wired Equivalent Privacy Introduction

  1. Introduction Fragmentation Attack Implementation Conclusion 1/19 The Final Nail in WEP’s Coffin Andrea Bittau 1 Mark Handley 1 Joshua Lackey 2 May 24, 2006 1 University College London. 2 Microsoft.

  2. Wired Equivalent Privacy Introduction Fragmentation Attack Implementation Conclusion 2/19 WEP is the 802.11 standard for encryption. Pre-shared key for whole network. Protects data privacy since data is encrypted. Access control: need key to transmit. In practice, only half of the networks are encrypted. In the subset of encrypted networks, WEP is most adopted. Popularity (%) of WEP and its alternatives based on our survey Region WEP WPA 802.11i London 76 20 4 Seattle region 85 14 1

  3. Goals when attacking WEP Introduction Fragmentation Attack Implementation Conclusion 3/19 Decrypt data in packets. Obtain access to the network by being able to transmit data. Recover the WEP key.

  4. Contribution Introduction Fragmentation Attack Implementation Conclusion 4/19 Today, millions of packets are required to break a WEP key. Our fragmentation attack allows: 1 Transmitting arbitrary data after eavesdropping a single data packet on an 802.11 WEP protected network. 2 Real-time decryption given that network is connected to Internet.

  5. Outline Introduction Fragmentation Attack Implementation Conclusion 5/19 Introduction 1 WEP Description WEP Attacks Fragmentation Attack 2 Transmission Decryption Implementation 3 Performance Evaluation Conclusion 4

  6. WEP operation Introduction Fragmentation Attack Implementation Conclusion 6/19 Data frame format Frame Body 802.11 Header CRC IV User Data ICV { { Initialization Vector CRC32 of user data Encryption keystream { IV + key RC4 0 1 0 1 { ⊕ seed Plain text 1 1 0 0 = 1 0 0 1 Cipher text

  7. History of WEP attacks Introduction Fragmentation Attack Implementation . . . and how the real problem was ignored Conclusion 7/19 Year 2000. Keystream attacks (independent of WEP key): Design flaw: WEP allows keystream reuse. Attacks were thought impractical: Need plain-text to recover keystream. Need 2 24 keystreams to decrypt all possible packets. Year 2001. Weak IV attacks (recover WEP key): Need millions of packets. Could take hours, and usually, days. Use EAP-based solutions to re-key, say, every ten minutes. Year 2006. Our contribution: fragmentation attack. Keystream attack which may be performed within minutes.

  8. History of WEP attacks Introduction Fragmentation Attack Implementation . . . and how the real problem was ignored Conclusion 7/19 Year 2000. Keystream attacks (independent of WEP key): Design flaw: WEP allows keystream reuse. Attacks were thought impractical: Need plain-text to recover keystream. Need 2 24 keystreams to decrypt all possible packets. Year 2001. Weak IV attacks (recover WEP key): Need millions of packets. Could take hours, and usually, days. Use EAP-based solutions to re-key, say, every ten minutes. Year 2006. Our contribution: fragmentation attack. Keystream attack which may be performed within minutes.

  9. History of WEP attacks Introduction Fragmentation Attack Implementation . . . and how the real problem was ignored Conclusion 7/19 Year 2000. Keystream attacks (independent of WEP key): Design flaw: WEP allows keystream reuse. Attacks were thought impractical: Need plain-text to recover keystream. Need 2 24 keystreams to decrypt all possible packets. Year 2001. Weak IV attacks (recover WEP key): Need millions of packets. Could take hours, and usually, days. Use EAP-based solutions to re-key, say, every ten minutes. Year 2006. Our contribution: fragmentation attack. Keystream attack which may be performed within minutes.

  10. Fragmentation attack Introduction Fragmentation Attack Implementation Outline Conclusion 8/19 Transmission 1 Recover a keystream. 2 Reuse the keystream to send arbitrary data. ❍❍❍❍❍❍❍❍ � � � ✠ ❥ Keystream-based decryption WEP key recovery Resend data through the AP to a Use transmission ability for buddy on the Internet. speeding up weak IV Recover the keystream used for attacks. encrypting the packet.

  11. Transmission Introduction Fragmentation Attack Implementation Recovering a short keystream Conclusion 9/19 If cipher-text & plain-text pair is known, their XOR is a keystream. Known plain-text (LLC/SNAP headers) in IP packets: 802.11 header 0xAA 0xAA 0x03 0x00 0x00 0x00 0x08 0x00

  12. Transmission Introduction Fragmentation Attack Implementation Recovering a short keystream Conclusion 9/19 If cipher-text & plain-text pair is known, their XOR is a keystream. Known plain-text (LLC/SNAP headers) in IP packets: 802.11 header 0xAA 0xAA 0x03 0x00 0x00 0x00 0x08 0x00 ⊕ Cipher-text 802.11 header = 8 bytes of keystream Can recover 8 bytes of keystream by eavesdropping a packet. Can encrypt (and transmit) 8 bytes of arbitrary data.

  13. Transmission Introduction Fragmentation Attack Implementation Sending arbitrarily long data Conclusion 10/19 802.11 supports MAC layer fragmentation. Transmit arbitrary data in 8 byte chunks. Fragmentation Data CRC32 } } Original plain-text & CRC. abcd efgh 1234 Fragments & CRC. efgh abcd 1983 1914 ⊕ ⊕ Keystream (IV x ). 1234 5678 1234 5678 = IV = } Encrypted frags. 2911 8305 1337 6667 x x

  14. Transmission Introduction Fragmentation Attack Implementation Sending arbitrarily long data Conclusion 10/19 802.11 supports MAC layer fragmentation. Transmit arbitrary data in 8 byte chunks. Fragmentation Data CRC32 } } Original plain-text & CRC. abcd efgh 1234 Fragments & CRC. efgh abcd 1983 1914 ⊕ ⊕ Keystream (IV x ). 1234 5678 1234 5678 = IV = } Encrypted frags. 2911 8305 1337 6667 x x

  15. Transmission Introduction Fragmentation Attack Implementation Sending arbitrarily long data Conclusion 10/19 802.11 supports MAC layer fragmentation. Transmit arbitrary data in 8 byte chunks. Fragmentation Data CRC32 } } Original plain-text & CRC. abcd efgh 1234 Fragments & CRC. efgh abcd 1983 1914 ⊕ ⊕ Keystream (IV x ). 1234 5678 1234 5678 = IV = } Encrypted frags. 2911 8305 1337 6667 x x

  16. Transmission Introduction Fragmentation Attack Implementation Sending arbitrarily long data Conclusion 10/19 802.11 supports MAC layer fragmentation. Transmit arbitrary data in 8 byte chunks. Fragmentation Data CRC32 } } Original plain-text & CRC. abcd efgh 1234 Fragments & CRC. efgh abcd 1983 1914 ⊕ ⊕ Keystream (IV x ). 1234 5678 1234 5678 = IV = } Encrypted frags. 2911 8305 1337 6667 x x

  17. Transmission Introduction Fragmentation Attack Implementation Sending arbitrarily long data Conclusion 10/19 802.11 supports MAC layer fragmentation. Transmit arbitrary data in 8 byte chunks. Fragmentation Data CRC32 } } Original plain-text & CRC. abcd efgh 1234 Fragments & CRC. efgh abcd 1983 1914 ⊕ ⊕ Keystream (IV x ). 1234 5678 1234 5678 = IV = } Encrypted frags. 2911 8305 1337 6667 x x

  18. Transmission Introduction Fragmentation Attack Implementation Recovering a longer keystream Conclusion 11/19 Discover a longer keystream to avoid sending many tiny packets: Send a long broadcast frame via multiple smaller fragments. AP relays it as a single packet. (New cipher & plain-text pair.) Keystream discovery IV Data CRC } } } Encrypted frags. 2911 8305 1337 6667 x x De-crypt & reassemble. abcd efgh 1234 Calculate entire CRC. ⊕ Keystream for IV y . 3141 5926 5358 = Relayed payload. y 2718 2818 2845

  19. Transmission Introduction Fragmentation Attack Implementation Recovering a longer keystream Conclusion 11/19 Discover a longer keystream to avoid sending many tiny packets: Send a long broadcast frame via multiple smaller fragments. AP relays it as a single packet. (New cipher & plain-text pair.) Keystream discovery IV Data CRC } } } Encrypted frags. 2911 8305 1337 6667 x x De-crypt & reassemble. abcd efgh 1234 Calculate entire CRC. ⊕ Keystream for IV y . 3141 5926 5358 = Relayed payload. y 2718 2818 2845

  20. Transmission Introduction Fragmentation Attack Implementation Recovering a longer keystream Conclusion 11/19 Discover a longer keystream to avoid sending many tiny packets: Send a long broadcast frame via multiple smaller fragments. AP relays it as a single packet. (New cipher & plain-text pair.) Keystream discovery IV Data CRC } } } Encrypted frags. 2911 8305 1337 6667 x x De-crypt & reassemble. abcd efgh 1234 Calculate entire CRC. ⊕ Keystream for IV y . 3141 5926 5358 = Relayed payload. y 2718 2818 2845

  21. Transmission Introduction Fragmentation Attack Implementation Recovering a longer keystream Conclusion 11/19 Discover a longer keystream to avoid sending many tiny packets: Send a long broadcast frame via multiple smaller fragments. AP relays it as a single packet. (New cipher & plain-text pair.) Keystream discovery IV Data CRC } } } Encrypted frags. 2911 8305 1337 6667 x x De-crypt & reassemble. abcd efgh 1234 Calculate entire CRC. ⊕ Keystream for IV y . 3141 5926 5358 = Relayed payload. y 2718 2818 2845

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Brexit The Final Nail In London Propertys Coffin WWW.MERCURYHOMESEARCH.COM 2000

Brexit The Final Nail In London Propertys Coffin WWW.MERCURYHOMESEARCH.COM 2000

Brexit The Final Nail In London Propertys Coffin WWW.MERCURYHOMESEARCH.COM 2000 Housing-market experts, from estate agents on the ground to analysts in the high-rise city banks, are agreed on one thing: this is more than the annual

297 views • 10 slides
dePSFrag, the final nail in the coffin Paulo Ney de Souza pauloney@gmail.com , Vadim Ponomarev

dePSFrag, the final nail in the coffin Paulo Ney de Souza pauloney@gmail.com , Vadim Ponomarev

Introduction dePSFrag, the final nail in the coffin Paulo Ney de Souza pauloney@gmail.com , Vadim Ponomarev vadim@cs.petrsu.ru , The 41 st Annual Conference of the TeX Users Group, 24-26 July 2020 Paulo Ney de Souza dePSFrag, the final nail in

343 views • 16 slides
NAIL GUN SAFETY NAIL GUN SAFETY Nail Guns Safety Nail Guns Safety A nail gun is an aptly

NAIL GUN SAFETY NAIL GUN SAFETY Nail Guns Safety Nail Guns Safety A nail gun is an aptly

NAIL GUN SAFETY NAIL GUN SAFETY Nail Guns Safety Nail Guns Safety A nail gun is an aptly named tool it operates like a hand gun, but shoots nails instead of bullets. Some Nail gun Facts: Powerful tools can fire up to nine

657 views • 36 slides
line Nail Ba Nail Bar Presen Presentat tation O ion Out utline Welcome / Introductio ns

line Nail Ba Nail Bar Presen Presentat tation O ion Out utline Welcome / Introductio ns

line Nail Ba Nail Bar Presen Presentat tation O ion Out utline Welcome / Introductio ns Thank your Host and give your Hostess her Host Gift for holding the Nail Bar on the original booking date. THRE THREE OPP E OPPOR ORTU TUNI

191 views • 3 slides
Coffin and Casket Collection www.keeganfuneraldirectors.co.uk Modern Funerals - Traditional

Coffin and Casket Collection www.keeganfuneraldirectors.co.uk Modern Funerals - Traditional

Modern Funerals - Traditional Values Coffin and Casket Collection www.keeganfuneraldirectors.co.uk Modern Funerals - Traditional Values Simple Cherry Coffin Cherry Veneer coffin, satin finish with flat lid and sides *Suitable for either

286 views • 14 slides
HEALTH AND SAFETY OF SOUTHEAST MICHIGAN NAIL SALONS Global problem, local lens Nail salon

HEALTH AND SAFETY OF SOUTHEAST MICHIGAN NAIL SALONS Global problem, local lens Nail salon

HEALTH AND SAFETY OF SOUTHEAST MICHIGAN NAIL SALONS Global problem, local lens Nail salon workers in the US are exposed to a large amount of cosmetic products on a daily basis that are often unregulated. 1 Exposures can lead to adverse

410 views • 7 slides
Nail Care for the Elderly by Emily Guerra Design for Aging Pratt Institute 2020 Nail Care for

Nail Care for the Elderly by Emily Guerra Design for Aging Pratt Institute 2020 Nail Care for

Nail Care for the Elderly by Emily Guerra Design for Aging Pratt Institute 2020 Nail Care for the Elderly Emily Guerra How can nail care be done safely? Nail care is very important, especially as we age because it afgects our overall health.

393 views • 15 slides
"T "To a man with a hammer, ith h everything looks like a nail everything looks like

"T "To a man with a hammer, ith h everything looks like a nail everything looks like

Topic 9 Introduction to Recursion I t d ti t R i Underneath the Hood. "T "To a man with a hammer, ith h everything looks like a nail everything looks like a nail" -Mark Twain Mark Twain CS 307 Fundamentals of CS 307

369 views • 14 slides
"To a man with a hammer, "T ith h everything looks like a nail" everything

"To a man with a hammer, "T ith h everything looks like a nail" everything

Topic 9 Introduction to Recursion I t d ti t R i "To a man with a hammer, "T ith h everything looks like a nail" everything looks like a nail -Mark Twain Mark Twain CS 307 Fundamentals of 1 Computer Science

664 views • 55 slides
the fingertip "Thumbnail1" by Kommissar - Own work. Licensed under CC0 via Commons -

the fingertip "Thumbnail1" by Kommissar - Own work. Licensed under CC0 via Commons -

the fingertip "Thumbnail1" by Kommissar - Own work. Licensed under CC0 via Commons - https://commons.wikimedia.org/wiki/ File:Thumbnail1.jpg#/media/File:Thumbnail1.jpg nail fold cuticle/eponychium nail fold lunula nail fold nail

903 views • 11 slides
HAIR AND NAIL CUP FINLAND 2019 18-19 OCTOBER 2019 MESSUKESKUS HELSINKI FIRST CMC FINLAND CUP OPEN

HAIR AND NAIL CUP FINLAND 2019 18-19 OCTOBER 2019 MESSUKESKUS HELSINKI FIRST CMC FINLAND CUP OPEN

HAIR AND NAIL CUP FINLAND 2019 18-19 OCTOBER 2019 MESSUKESKUS HELSINKI FIRST CMC FINLAND CUP OPEN INTERNATIONAL FOR HAIR, NAIL ART CHAMPIONSHIPS 2019 (DIRECTED BY CONFEDERATION MONDIALE COIFFURE, CMC) 2 WELCOME We are happy to announce the

422 views • 16 slides
Welcome Laurie Coffin Percona Be Social! Download the App! App features include: Up-to-date

Welcome Laurie Coffin Percona Be Social! Download the App! App features include: Up-to-date

Welcome Laurie Coffin Percona Be Social! Download the App! App features include: Up-to-date conference guide: all information about sessions, speakers and sponsors Create your personalized schedule with alarms Internal social

507 views • 9 slides
Nail 1 to ai solve if Sof can we IP with I Tri O ti the M C recurrent is positive

Nail 1 to ai solve if Sof can we IP with I Tri O ti the M C recurrent is positive

Birth death chain Problem Markov chain Consider with Xn a State space with 91,2 fi i if j ki i qi else 0 where Pit Kiyo Wifi Qi 70 e Positive recurrent Find a chain Is the a Justify b the chain Is reversible pi Po Nail

370 views • 7 slides
The Buncombe Turnpike As Presented by Dianne Janis of the Mary Coffin Starbuck Chapter

The Buncombe Turnpike As Presented by Dianne Janis of the Mary Coffin Starbuck Chapter

The Buncombe Turnpike As Presented by Dianne Janis of the Mary Coffin Starbuck Chapter Colonial Dames xvii Century At the Dunroy on Rutledge Homeowners Association Annual Meeting 6 December 2017

562 views • 6 slides
Pilbara..munu jarngu Juli Coffin CUCRH ACKNOWLEDGE Traditional owners/custodians

Pilbara..munu jarngu Juli Coffin CUCRH ACKNOWLEDGE Traditional owners/custodians

Smoke Free Kids in the Pilbara..munu jarngu Juli Coffin CUCRH ACKNOWLEDGE Traditional owners/custodians Community values, trust, stories and traditions that we carry with us on our journey Symposium committee Research team

816 views • 42 slides
Trusts & Mortgaging Property held in Trust Gary A. Coffin, Director of Client Education

Trusts & Mortgaging Property held in Trust Gary A. Coffin, Director of Client Education

Trusts & Mortgaging Property held in Trust Gary A. Coffin, Director of Client Education Market Street Settlement Group, LLC Horizon Settlement Services Accredited Real Estate Academy Proprietary information, do not distribute or use

532 views • 17 slides
Data Assimila*on of Satellite Ac*ve Fire Detec*on in Coupled

Data Assimila*on of Satellite Ac*ve Fire Detec*on in Coupled

Data Assimila*on of Satellite Ac*ve Fire Detec*on in Coupled Atmosphere-Fire Simula*ons Jan Mandel University of Colorado Denver and Czech Academy of Sciences Joint work with Adam

515 views • 23 slides
Ionosphere from the ISS from the LITES instrument Susanna Finn Lowell Center For Space Science

Ionosphere from the ISS from the LITES instrument Susanna Finn Lowell Center For Space Science

UV Observations of the Ionosphere from the ISS from the LITES instrument Susanna Finn Lowell Center For Space Science And Technology (LoCSST) University of Massachusetts Lowell (UMass Lowell) Lowell, Massachusetts, United States May 21, 2019

687 views • 37 slides
21 Advanced Topics 3: Sub-word MT Up until this point, we have treated words as the atomic unit

21 Advanced Topics 3: Sub-word MT Up until this point, we have treated words as the atomic unit

21 Advanced Topics 3: Sub-word MT Up until this point, we have treated words as the atomic unit that we are interested in training on. However, this has the problem of being less robust to low-frequency words, which is particularly a problem

317 views • 9 slides
Operational Space-Based Imaging Systems REMOTE SENSING & GEOSPATIAL ANALYSIS LAB DOI: 20

Operational Space-Based Imaging Systems REMOTE SENSING & GEOSPATIAL ANALYSIS LAB DOI: 20

Operational Space-Based Imaging Systems REMOTE SENSING & GEOSPATIAL ANALYSIS LAB DOI: 20 AUGUST, 2016 Earth Observation Systems U.S. or foreign government systems with image processing pipelines and distribution channels allowing for

287 views • 26 slides
MeanSum : A Neural Model for Unsupervised Multi-Document Abstractive Summarization Eric Chu *

MeanSum : A Neural Model for Unsupervised Multi-Document Abstractive Summarization Eric Chu *

MeanSum : A Neural Model for Unsupervised Multi-Document Abstractive Summarization Eric Chu * Peter J. Liu * MIT Media Lab Google Brain ICML 2019 Text summarization overview Extractive Abstractive Non-neural Human Supervised Neural

317 views • 14 slides
"To a man with a hammer, everything looks like a nail" -Mark Twain Underneath the

"To a man with a hammer, everything looks like a nail" -Mark Twain Underneath the

Topic 12 Introduction to Recursion "To a man with a hammer, everything looks like a nail" -Mark Twain Underneath the Hood. CS314 Recursion 2 The Program Stack When you invoke a method in your code what happens when that

728 views • 50 slides
Vector Semantics and Embeddings CSE354 - Spring 2020 Natural Language Processing Tasks

Vector Semantics and Embeddings CSE354 - Spring 2020 Natural Language Processing Tasks

Vector Semantics and Embeddings CSE354 - Spring 2020 Natural Language Processing Tasks Dimensionality Reduction Vectors which represent words Recurrent Neural Network and how? or sequences Sequence Models Objective To

1.15k views • 76 slides
Introduction to embodiment Language has function Language is situated Interpreting

Introduction to embodiment Language has function Language is situated Interpreting

Language and Conceptualization Introduction to embodiment Language has function Language is situated Interpreting language requires experiential, embodied understanding of the world linguistic capabilities are created as humans

601 views • 24 slides

More recommend