28-01-2011, 03:30 PM
[attachment=8515]
Daniel Reichle
Threats against WLANS
Same threats as against wired LANs (eavesdropping, message modification, unauthorized access, denial of service)
Access to shared medium is easy
Dangerous configuration of WLANS
Threats against WLANS (2)
Finding WLANs is easy
Wardriving: search for access points and publishing unprotected WLANs
IEEE 802.11
Actual version 802.11b
Layer 2 standard
Peer-to-peer / via access point
Similar to 802.3 (Ethernet)
Open System Authentication
Shared Key Authentication
Wired Equivalent Privacy
Wired Equivalent Privacy (WEP)
Should provide an equivalent level of access control and protection of data on the WLAN as in wired networks
Main security goals: confidentiality, access control, data integrity
Encryption with WEP
RC4 used with 40-bit key
„128-bit“ implementation
Per-packet 24-bit IV
WEP allows re-use of IV
32-bit CRC is a linear function of the message and does not depend on the key
The risk of keystream reuse (2)
WEP uses per-packet IV to prevent these attacks
Change of IV after every packet recommended (not required!)
24-bit IV nearly guaranteeing the same IV to be reused for multiple messages
Bad handling of IV selection in some implementations
Exploiting keystream reuse
Find two packets, encrypted with same IV (Birthday paradoxon: 50% chance of a collision after only 4823 packets)
Plaintext of one of the messages has to be known
Provoke known plaintext to be transmitted
Decryption dictionaries
Weaknesses in the key scheduling algorithm of RC4
Certain IVs sets the RC4 pseudorandom-generator to a state, in which the first word of output reveals one byte of the key.
Improperly use of RC4 (as in WEP) allows an attacker to recover the secret key by observation of traffic
This attack is implemented in publicly available tools as AirSnort or WEPCrack