by sean fisk. not a new technology inherently insecure in recent years, increased popularity

Wireless Encryption SchemesBy Sean Fisk

Wireless Communication Not a new technology Inherently insecure In recent years, increased popularity

Encryption Symmetric key Public key

Symmetric Key Cryptography

Only known type until 1976 Shared secret Secure exchange

Symmetric Key Ciphers Block cipher

• Fixed length• Joining protocols

Stream cipher• Variable length

Asymmetric Key Public key

• Diffie and Hellman in 1976• Message is encrypted with public key• Can only be decrypted with private key

Public Key Security Computational complexity of

mathematical problems Diffie-Hellman

• Discrete logarithm problem Rivest, Shamir, and Adleman (RSA)

• Integer factorization problem

Combined Use Public key encryption is much slower

than symmetric key encryption Diffie-Hellman Key Exchange protocol

Wired Equivalent Privacy “The main intention of the WEP was

not to provide a level of security superior to or higher than that of a wired LAN, but equivalent to it.” (Bulbul, Batmaz and Ozel)

WEP Encryption Rivest’s Cipher 4 (RC4)

• 64-bit 40-bit WEP key 24-bit Initialization Vector

Cyclic Redundancy Code (CRC)

WEP Weaknesses CRC not intended for message

integrity Key too short Key as direct input to cipher Initialization vector

• Interesting values

Wi-Fi Protected Access Run on same hardware Temporal Key Integrity Protocol (TKIP) Still uses RC4 cipher

• 128-bit key Message Integrity Code replaces CRC Exstensible Authentication Protocol

• Uses public key encryption

WPA Weaknesses Continuation of RC4 cipher

• First few bytes are strongly non-random (Fluhrer, Mantin, Shamir)

Robust Security Networks Also known as WPA2 Advanced Encryption Standard

• Joined with CCMP Continues use of EAP

Encryption Standards Data Encryption Standard Advanced Encryption Standard Standardized by National Institute of

Standards and Technology (NIST)

Data Encryption Standard Symmetric, block cipher 56-bit key Feistel function “In 1999, the Electronic Frontier

Foundation’s ‘Deep Crack’ machine, in combination with distributed.net, successfully solved RSA’s DES Challenge III in 22 hours and 15 minutes.” (RSA Labs)

Triple DES

Advanced Encryption Standard

Public competition• 5 year process• 15 ciphers• Winner: Rijndael by Daemen and Rijmen

Symmetric, block cipher 128, 192, or 256-bit key

Virutal Private Networking End-to-end encryption Trusted endpoints Wireless hotspots

References Bulbul, Halil Ibrahim, Ihsan Batmaz and Mesut Ozel.

"Wireless network security: comparison of WEP (Wired Equivalent Privacy) mechanism, WPA (Wi-Fi Protected Access) and RSN (Robust Security Network) security protocols

dlaverty. WPA vs WPA2 (802.11i): How your Choice Affects your Wireless Network Security.

Fluhrer, Scott, Adi Shami and Itsik Mantin. Weaknesses in the Key Scheduling Algorithm of RC4.

Masadeh, S.R., et al. "A comparison of data encryption algorithms with the proposed algorithm: Wireless security.“

National Institute of Standards and Technology. "FIPS 197 - Advanced Encryption Standard.“

RSA Labs. 2010. 31 January 2011 <http://www.rsa.com/rsalabs/node.asp?id=2100>.