the dangers of mitigating security design flaws: a wireless case study nick petroni jr., william...
Post on 19-Dec-2015
216 views
TRANSCRIPT
The Dangers of Mitigating Security Design Flaws:
A Wireless Case Study
Nick Petroni Jr., William Arbaugh
University of Maryland
Presented by: Abe Murray
CS577: Advanced Computer Networks
Outline• Abstract / Intro• WEP Overview• Attacks
– Dictionary– Inductive– Authors’ Implementation
• Implementation Results• “Mitigation” Angle• Closing
CS577: Advanced Computer Networks
Abstract• Mitigating system flaws is hard to do right
– But vendors do this all the time…
• Design flaws are hard to patch– Often best approach is to re-architect system…
• WLAN Security (WEP)– Shows the FUNDAMENTAL PREMISE that adding
security after the fact is near impossible…
CS577: Advanced Computer Networks
Introduction• The authors present a case study showing:
– Mitigating one flaw worsens another flaw– Overall security remains the same
• The authors develop an “inductive” attack against WEP:– 1st synchronous attack against WEP– Example of mitigation problem– Does not rely on knowledge of target network
CS577: Advanced Computer Networks
Introduction• The authors present a case study showing:
– Mitigating one flaw worsens another flaw– Overall security remains the same
• The authors develop an “inductive” attack against WEP:– 1st synchronous attack against WEP– Example of mitigation problem– Does not rely on knowledge of target network
CS577: Advanced Computer Networks
Outline• Abstract / Intro• WEP Overview• Attacks
– Dictionary– Inductive– Authors’ Implementation
• Implementation Results• “Mitigation” Angle• Closing
CS577: Advanced Computer Networks
WEP Overview• IEEE 802.11 specification calls for
“reasonably strong” protection– WEP - “Wired Equivalent Privacy” - fails to deliver– Protects at the Data Link Layer– Symmetric Stream RC4 cipher
• Shared secret “k”• Secret used to generate stream of pseudorandom bytes
equal in length to target plaintext
– Encryption:– Decryption:
CS577: Advanced Computer Networks
PkRCC )(4
PPkRCkRCCkRCP )(4)(4)(4'
Outline• Abstract / Intro• WEP Overview• Attacks
– Dictionary– Inductive– Authors’ Implementation
• Implementation Results• “Mitigation” Angle• Closing
CS577: Advanced Computer Networks
Dictionary Attacks• Definition:
Any brute-force attack in which a large table is used or generated
• Relevance:RC4 – each key has unique associated pseudorandom stream used for encryption & decryption
• Build dictionary of all streams (1 per IV)Don’t need key to participate in network!
• IV size → 224 possible key streams,• WLAN MTU 2312 Bytes
→ ~40 GB Dictionary!
CS577: Advanced Computer Networks
Inductive Attacks• Approach:
Obtain full network access without knowing the key with minimal knowledge of target
• HOW?Use known network protocols (redundantly encrypted
data) to intelligently guess an initial number of encrypted bytes
CS577: Advanced Computer Networks
Step 1: Guess the first byte(s):
CS577: Advanced Computer Networks
Table by Petroni and Arbaugh
Graphic by Petroni and Arbaugh
The Author’s Attack
CS577: Advanced Computer Networks
• Attack System:– WLAN card operating in promiscuous
mode (Intersil Prism 2 chipset)– Ability to directly manipulate transmitted
bytes (OpenBSD 3.1 with modified drivers)
• Attack Approach:– Choice between ICMP and SNAP/ARP– Choose ARP so at Layer 2, though both
work
Outline• Abstract / Intro• WEP Overview• Attacks
– Dictionary– Inductive– Authors’ Implementation
• Implementation Results• “Mitigation” Angle• Closing
CS577: Advanced Computer Networks
Outline• Abstract / Intro• WEP Overview• Attacks
– Dictionary– Inductive– Authors’ Implementation
• Implementation Results• “Mitigation” Angle• Closing
CS577: Advanced Computer Networks
Outline• Abstract / Intro• WEP Overview• Attacks
– Dictionary– Inductive– Authors’ Implementation
• Implementation Results• “Mitigation” Angle• Closing
CS577: Advanced Computer Networks
Closing Remarks• Authors showed how to mitigate their attack
– Stop forwarding packets with bad data– Detect attack activity– Packet Filtering (though effectively cripples
network)– Dynamic Rekeying
• Neat attack all by itself• Interesting example of how patching bad
security rarely works• Questions?
CS577: Advanced Computer Networks