the dangers of mitigating security design flaws: a wireless case study

The Dangers of Mitigating Security Design Flaws:

A Wireless Case Study

Nick Petroni Jr., William Arbaugh

University of Maryland

Presented by: Abe Murray

CS577: Advanced Computer Networks

Outline• Abstract / Intro• WEP Overview• Attacks

– Dictionary– Inductive– Authors’ Implementation

• Implementation Results• “Mitigation” Angle• Closing


Abstract• Mitigating system flaws is hard to do right

– But vendors do this all the time…

• Design flaws are hard to patch– Often best approach is to re-architect system…

• WLAN Security (WEP)– Shows the FUNDAMENTAL PREMISE that adding

security after the fact is near impossible…


Introduction• The authors present a case study showing:

– Mitigating one flaw worsens another flaw– Overall security remains the same

• The authors develop an “inductive” attack against WEP:– 1st synchronous attack against WEP– Example of mitigation problem– Does not rely on knowledge of target network


WEP Overview• IEEE 802.11 specification calls for

“reasonably strong” protection– WEP - “Wired Equivalent Privacy” - fails to deliver– Protects at the Data Link Layer– Symmetric Stream RC4 cipher

• Shared secret “k”• Secret used to generate stream of pseudorandom bytes

equal in length to target plaintext

– Encryption:– Decryption:


PkRCC )(4

PPkRCkRCCkRCP )(4)(4)(4'

WEP Overview


Graphic by Petroni and Arbaugh

Dictionary Attacks• Definition:

Any brute-force attack in which a large table is used or generated

• Relevance:RC4 – each key has unique associated pseudorandom stream used for encryption & decryption

• Build dictionary of all streams (1 per IV)Don’t need key to participate in network!

• IV size → 224 possible key streams,• WLAN MTU 2312 Bytes

→ ~40 GB Dictionary!


Inductive Attacks• Approach:

Obtain full network access without knowing the key with minimal knowledge of target

• HOW?Use known network protocols (redundantly encrypted

data) to intelligently guess an initial number of encrypted bytes


Step 1: Guess the first byte(s):


Table by Petroni and Arbaugh


Step 2: Guess the next byte:



The Author’s Attack


• Attack System:– WLAN card operating in promiscuous

mode (Intersil Prism 2 chipset)– Ability to directly manipulate transmitted

bytes (OpenBSD 3.1 with modified drivers)

• Attack Approach:– Choice between ICMP and SNAP/ARP– Choose ARP so at Layer 2, though both

work

Implementation Results



“Mitigation” Angle



Closing Remarks• Authors showed how to mitigate their attack

– Stop forwarding packets with bad data– Detect attack activity– Packet Filtering (though effectively cripples

network)– Dynamic Rekeying

• Neat attack all by itself• Interesting example of how patching bad

security rarely works• Questions?


the dangers of mitigating security design flaws: a wireless case study

Documents