IEEE 802.11Security

IEEE 802.11Architecture

IEEE 802.11 is the standard

for wireless LAN system

Introduction

• Motorola developed one of the first commercial wireless localarea network (WLAN) systems with its Altair product.

• Altair was designed mostly to proprietary RF (radio frequency)technologies, provided low data rates and was prone to radiointerference.

• In 1990, the Institute of Electrical and Electronics Engineers(IEEE) initiated the 802.11 project with a scope to develop amedium access control (MAC) and physical layer (PHY)specification for wireless connectivity for fixed, portable, andmoving stations within an area.

Introduction  Contd…

• IEEE 802.11 standard uses 2.4 GHz ISM (industrial, scientific,and medical) radio band and provides a mandatory 1Mbpsand an optional 2Mbps data transfer rate.

• IEEE ratified the 802.11a and the 802.11bwireless networkingcommunication standards.

• IEEE 802.11b standard operates in the 2.4 ~2.5 GHz ISM bandand permits transmission speed up to 11 Mbps.

• The 802.11a standard is a high‐speed interface definition thatcan produce data at up to 54 Mbps and operates in the 5‐GHzfrequency spectrum.

IEEE802.11 Architecture

• Mobile nodes connect to the fixed network through the fixedaccess point (AP) on a wired network, allowing theestablishment of a peer‐to‐peer connection.

• The standard defines two types of wireless network topologies:

*infrastructure mode, which IEEE standard

defines as basic service set (BSS)

*ad hoc mode defined as independent basic service set(IBSS).

Infrastructure mode

BSS Topology

• The 802.11 standard recognizes the followingmobility types:

• No‐transition.stations that do not move and those

that are moving within a local BSS.• BSS‐transition.

stations that move from one BSS in oneESS to another BSS within the same ESS.

• ESS‐transition.stations that move from a BSS in one

ESS to a BSS in a different ESS.

Contd…….

ESS TopologyContd…….

• Within the ESS, the 802.11 standard accommodates the following physical configuration of BSSs:

• BSSs partially overlapped. contiguous coverage within a defined area, which 

is best if the application cannot tolerate a disruption of network service.

• BSSs physically disjointed. Not provide contiguous coverage. The 802.11 

standard does not specify a limit to the distance between BSSs.

• BSSs are physically collocated.it may be necessary to provide a redundant or 

higher‐performing network.

Contd…….

Adhoc Network

• No Access Point to interlink withthe wired network.

• Only the client stations withinthe transmission range (withinthe same cell) of each other cancommunicate.

• If a client in an ad hoc networkwishes to communicate outsidethe cell, a member of the cellmust operate as a gateway andperform routing.

Adhoc Network        Contd….

• Prior to communicating data, wireless clientsand APs have to establish a relationship calledassociation. Only after an association isestablished, can two clients communicate.

• The association process has three states:

1. Unauthenticated and unassociated

2. Authenticated and unassociated

3. Authenticated and associated

Contd……

• All APs transmit a beacon management frame at a fixed interval. 

• If the client station is within the range of an AP (i.e., within a BSS), it can pay attention to the beacon. 

• If it is within the range of multiple APs overlapping coverage area, then it listens to all the beacon messages transmitted by different APs. The client can then select the BSS to join in a vendor independent manner. 

AP

Clients

Clients

Clients

Clients

Contd……….• For instance, on the Apple Macintosh, all of the network

names (or the service set identifiers (SSID)) which are usuallycontained in the beacon frame are presented to the users sothat they may select the network they wish to join.

• A client may also send a probe request management frame to

find an access point affiliated with a desired SSID. Afteridentifying an AP, the client and the AP perform a mutualauthentication by exchanging several management frames.

• After successful authentication, the client moves into thesecond state, authenticated and unassociated.

• The client then sends an association request and AP respondswith an association response frame. The client is now in thethird stage, the authenticated and associated. The client nowbecomes a peer on the wireless network and cancommunicate with the network.

AP

Clients

Clients

Clients

Clients

IEEE 802.11 Layers

IEEE 802.11 MAC Layer

• Provide access controlfunctions for shared‐mediumPHY‐layers.

• Performs the addressing andrecognition of frames.

• uses carrier sense multipleaccess with collisionavoidance (CSMA/CA)

IEEE 802.11 PHY‐Layer

• Specifies the modulation scheme used and signaling characteristics for the transmission through the radio frequencies.

• PHY‐layer, which actually handles the transmission of data between nodes, can use either

• Direct sequence spread spectrum (DSSS) ‐ DBPSK and DQPSK). 

• Frequency hopping spread spectrum (FSSS) ‐ 2‐4 level GFSK

• Infrared (IR) ‐ PPM

Security of IEEE802.11

•The security services are providedlargely by the Wired EquivalentPrivacy (WEP) protocol.• WEP was part of the original IEEE802.11 wireless standard. (built insecurity)•WEP protocol is used only toprotect link level data duringwireless transmission betweenclients and the access points.•WEP provides security for thewireless portion of the connection,but does not provide end‐to‐endsecurity.

Basic Security Services provided by IEEE802.11b

• Authentication. 

The primary goal of WEP is to provide access to the legitimate clients. 

• Data confidentiality

The goal is to prevent data compromise by  eavesdropping     (passive attack). Data is protected  by enciphering them and allowing decryption only  by clients  who have the correct WEP key. 

• Data integrity. 

Another goal is to ensure that data is not modified in transit between the wireless clients and the access point

in an active attack.

• Both open and closed system authentication schemes simply provide identification, as practically, there is no true authentication.

• Both open and closed authentication schemes are highly vulnerable to attacks against even the most novice adversaries.

Shared Key Authentication

• Shared key authentication is a cryptographicauthentication which uses a simple challenge‐response scheme based on whether a clienthas the knowledge of a shared secret, such asa key.

• The initiator, the wireless client wishing toauthenticate, sends an authentication requestmanagement frame indicating that it wishesto use shared key authentication.

Shared Key Authentication

128 octets of 

challenge textPRNG

Shared secret key and IV

32‐bit CRC integrity check value (ICV) is valid

Client AP / BSS

Challenge text (encrypted ‐ shared 

key +new IV )

Authentication Management Frame

• Status Code : set zero if successful or error  value if unsuccessful.

• Element Identifier : confirms if the challenge text is included.

• Length field : identifies the length of the challenge text and is fixed at 128. 

• The challenge text includes the random challenge string. 

• Table  shows the possible values and when the challenge text is included based on the message sequence number

Table shows the possible values and when thechallenge text is included based on the messagesequence number

DATA CONFIDENTIALITY

• WEP is intended to provide functionality for the wireless LAN;

equivalent to that provided by the physical security attributesinherent to a wired medium.

• WEP uses RC4 symmetric key stream cipher algorithm togenerate encrypted data.

• Through the use of WEP technique, data can be protectedfrom disclosure during transmission over the wireless link.

• WEP is applied to all data above the 802.11 WLAN layers toprotect traffic such as Transmission Control Protocol/

Internet Protocol (TCP/IP), Internet Packet Exchange (IPX), and

Hypertext Transfer Protocol (HTTP).

• WEP is a symmetric key.

• The encrypted packet is generated with a bitwiseexclusive OR (XOR) of the original plaintext with apseudorandom key sequence of equal length.

• WEP supports cryptographic keys sizes from 40to 104 bits.

• However in practice most WLAN deploymentsrely on 40‐bit key.

WEP Enciphering Process

WEP Deciphering Process

• WEP deciphering starts with the arrival of the message.

• The IV of the incoming message is concatenated withthe shared secret key to generate the key sequence todecipher the incoming message.

• Produced key sequence is then bitwise XORed with thereceived ciphertext, resulting in the plaintext output.

• The plain text output contains the ICV and the outputtext.

• The output ICV is used to check the validity of thereceived message.

Data Integrity

• IEEE 802.11 also offers a means to provide data integrity for messages transmitted between wireless client and access points. 

• This security service was designed to reject any message that has been modified by an active adversary “in the middle.” 

• WEP uses simple cyclic redundancy check (CRC) approach to provide data integrity.

• A 32‐bit ICV is computed on each payload and ciphertext is generatedby XORing RC4 key stream with the concatenated ICV and payload.

• On the receiving end, decryption is performed.

• Output of the decryption process is the concatenated ICV

and text output.

• The output text is then passed through the CRC generation algorithmand the computed ICV´ is then compared with

the deciphered ICV.

• If the ICVs do not match, then this would indicate an integrityviolation and the received message would be discarded.

• Unfortunately, IEEE 802.11 integrity is vulnerable to certain attacks regardless of key size.

Key Management• The 802.11 standard, however, provides two methods for

using WEP keys.• An array of four keys. A wireless station or an AP can decrypt

packets enciphered with any one of the four keys.Transmission, however, is limited to the default key, one ofthe four manually entered keys.

• Key mapping table. In this method, each unique MAC addresscan have a separate key. The size of a key mapping tableshould be at least ten entries according to the IEEE 802.11specification.

• The maximum size, however, is likely chip‐set dependent.

• The use of a separate key for each user mitigates thecryptographic attacks, but enforcing a reasonable key periodremains a problem as the keys can only be changed manually.

Weakness of WEP

• WEP has defenses against data integrity and confidentiality.

• It uses an integrity check value (ICV) to ensure that the datahas not been modified during transmission.

• An initialization vector (IV) is used to augment the shared keyand produce a different RC4 key stream for each packet.

• Unfortunately, both of these critical measures areimplemented incorrectly, resulting in serious securityvulnerabilities in WEP.

• The use of static WEP keys. 

• Many users in a wireless network potentially sharing theidentical key for long periods of time is a well‐known securityvulnerability.

• This is in part due to the lack of any key management provisionsin the WEP protocol.

• If a computer such as a laptop were to be lost or stolen, the keycould become compromised along with all the other computerssharing that key.

• if every station uses the same key, a large amount of traffic maybe rapidly available to an eavesdropper for analytic attacks.

• The IV in WEP is only 24 bits long, which guarantees the reuseof the same IV, and thus, reuse of the same key stream.

• The IV is sent in the clear text portion of a message.

• As a result, the attacker can actually ascertain that twopackets are encrypted with the same key stream.

• If an attacker flips a bit in the ciphertext the correspondingplain text also gets flipped.

• By doing statistical analysis on two cipher texts encryptedwith the same key stream, the attacker can recover the plaintext, including the key stream that was used to encrypt thedata