Wireless Security.pdf - PDF Archive

More documents

Recommendations

Info

$C:\Documents and Settings\dave\Desktop\Godel, Escher, Bach ...$

418 Chapter 18 is fixed in length and the IV is only 24 bits long, the effective key length of WEP is 24 bits. Therefore, the key space for the RC4 is 2 N where N is the length of the IV. 802.11 specified the IV length as 24. To put things in perspective, realize that if we have a 24 bit IV ( → 2 24 keys in the keyspace), a busy base station which is sending 1500 byte-packets at 11 Mbps will exhaust all keys in the key space in (1500*8)/(11*10 6 *2 24 ) seconds or about five hours. On the other hand, RC4 in SSL would use the same key space for 2 24 ( 10 7 ) sessions. Even if the application has 10,000 sessions per day, the key space would last for three years. In other words, an 802.11 BS using RC4 has to reuse the same key in about five hours whereas an application using SSL RC4 can avoid key reuse for about three years. This shows clearly that the fault lies not in the cipher but in the way it is being used. Going beyond an example, analysis of WEP has shown that there is a 50% chance of key reuse after 4823 packets, and there is 99% chance of collision after 12,430 packets. These are dangerous numbers for a cryptographic algorithm. Believe it or not, it gets worse. 802.11 specifies no rules for IV selection. This in turn means that changing the IV with each packet is optional. This effectively means that 802.11 implementations may use the same key to encrypt all packets without violating the 802.11 specifications. Most implementations, however, vary from randomly generating the IV on a per-packet basis to using a counter for IV generation. WEP does specify that the IV be changed “ frequently. ” Since this is vague, it means that an implementation which generates per-packet keys (more precisely the per-MPDU key) is 802.11-compliant and so is an implementation which re-uses the same key across MPDUs. 18.6 Data Integrity in 802.11 To ensure that a packet has not been modified in transit, 802.11 uses an Integrity Check Value (ICV) field in the packet. ICV is another name for message integrity check (MIC). The idea behind the ICV/MIC is that the receiver should be able to detect data modifications or forgeries by calculating the ICV over the received data and comparing it with the ICV attached in the message. Figure 18.7 shows the complete picture of how WEP and CRC32 work together to create the MPDU for transmission. The underlying assumption is that if Eve modifies the data in transit, she should not be able to modify the ICV appropriately to force the receiver into accepting the packet. In www.newnespress.com
<strong>Wireless</strong> LAN <strong>Security</strong> 419 Frame header 40-bit WEP key 24-bit IV IV header IV Pad Key ID RC4 algorithm Encrypted Frame body RC4 key stream ICV Figure 18.7 : Data integrity in WEP X Data ICV Data CRC-32 WEP, ICV is implemented as a Cyclic Redundancy Check-32 bits (CRC-32) checksum which breaks this assumption. The reason for this is that CRC-32 is linear and is not cryptographically computed, i.e., the calculation of the CRC-32 checksum does not use a key/shared secret. Also, this means that the CRC32 has the following interesting property: CRC(X ⊕ Y) CRC(X) ⊕ CRC(Y) Now, if X represents the payload of the 802.11 packet over which the ICV is calculated, the ICV is CRC(X) which is appended to the packet. Consider an intruder who wishes to change the value of X to Z. To do this, they calculate Y X Z. Then she captures the packet from the air-interface, XORs X with Y and then XORs the ICV with CRC(Y). Therefore, the packet changes from { X, CRC(X) } to { X Y, CRC(X) CRC(Y) } or simply { X Y, CRC(X Y) } . If the intruder now re-transmits the packets to the receiver, the receiver would have no way of telling that the packet was modified in transit. This means that we can change bits in the payload of the packet while preserving the integrity of the packet if we also change the corresponding bits in the ICV of the packet. Note that an attack like the one described above works because flipping bit x in the message results in a deterministic set of bits in the CRC that must be flipped to produce the correct checksum of the modified message. This property stems from the linearity of the CRC32 algorithm. Realize that even though the ICV is encrypted (cryptographically protected) along with the rest of the payload in the packet, it is not cryptographically computed; that is, calculating the ICV does not involve keys and cryptographic operations. Simply encrypting the ICV does not prevent an attack like the one discussed above. This is so www.newnespress.com
Page 2 and 3:
Newnes is an imprint of Elsevier 30
Page 4 and 5:
vi Contents 4.8 Diversity Technique
Page 6 and 7:
viii Contents Chapter 13: Managing
Page 8 and 9:
x Contents 20.8 Summary ...........
Page 10 and 11:
About the Authors Steven Arms (Chap
Page 12 and 13:
About the Authors xv Timothy Stapko
Page 14 and 15:
Part 1 Wireless Technology
Page 16:
4 Chapter 1 Probably the most promi
Page 21:
Wireless Fundamentals 9 standards a
Page 24 and 25:
12 Chapter 1 classroom, provided th
Page 26 and 27:
14 Chapter 1 for multimedia applica
Page 28 and 29:
16 Chapter 1 is installed on their
Page 30 and 31:
18 Chapter 1 ● Switching off the
Page 32 and 33:
20 Chapter 1 Power Consumption The
Page 34:
22 Chapter 2 Table 2.1 : The seven
Page 37 and 38:
Wireless Network Logical Architectu
Page 39 and 40:
Page 41 and 42:
Page 44 and 45:
32 Chapter 2 Layer 2 Data link laye
Page 47 and 48:
Page 49:
Page 52 and 53:
40 Chapter 2 guidelines for impleme
Page 56 and 57:
44 Chapter 2 while asynchronous tra
Page 58:
46 Chapter 2 networks running other
Page 68 and 69:
56 Chapter 3 3.3.2 Access Points Th
Page 71 and 72:
Wireless Network Physical Architect
Page 75 and 76:
Page 81 and 82:
Page 83 and 84:
Page 85:
Table 3.9 : Wireless MAN devices an
Page 88 and 89:
CHAPTER 4 Radio Communication Basic
Page 90 and 91:
Radio Communication Basics 79 In th
Page 92:
Radio Communication Basics 81 Also
Page 95 and 96:
84 Chapter 4 sight, diffraction gai
Page 97 and 98:
86 Chapter 4 40 Path gain vs. Dista
Page 99 and 100:
88 Chapter 4 environment, we distin
Page 101 and 102:
90 Chapter 4 100 10 Percent error 1
Page 103 and 104:
92 Chapter 4 It isn’t necessary t
Page 105 and 106:
94 Chapter 4 Thus, a minimum of cir
Page 107 and 108:
Urban 96 Chapter 4 Noise and its so
Page 110 and 111:
Radio Communication Basics 99 1 0 1
Page 112 and 113:
Radio Communication Basics 101 Tabl
Page 114 and 115:
Radio Communication Basics 103 As l
Page 116 and 117:
Radio Communication Basics 105 ●
Page 118 and 119:
Radio Communication Basics 107 Thes
Page 120 and 121:
Radio Communication Basics 109 cons
Page 122 and 123:
Radio Communication Basics 111 Prea
Page 124 and 125:
Radio Communication Basics 113 thes
Page 126 and 127:
Radio Communication Basics 115 maxi
Page 128 and 129:
Radio Communication Basics 117 Phas
Page 130 and 131:
Radio Communication Basics 119 Sign
Page 132 and 133:
Radio Communication Basics 121 freq
Page 134 and 135:
Radio Communication Basics 123 Mixe
Page 136 and 137:
Radio Communication Basics 125 show
Page 138 and 139:
Radio Communication Basics 127 4.10
Page 140 and 141:
Radio Communication Basics 129 In c
Page 142 and 143:
Radio Communication Basics 131 Freq
Page 144 and 145:
Radio Communication Basics 133 Ther
Page 146 and 147:
Radio Communication Basics 135 4.11
Page 148 and 149:
CHAPTER 5 Infrared Communication Ba
Page 150:
Infrared Communication Basics 139 R
Page 154 and 155:
CHAPTER 6 Wireless LAN Standards St
Page 156:
Wireless LAN Standards 145 Standard
Page 162 and 163:
Wireless LAN Standards 151 In passi
Page 164 and 165:
Wireless LAN Standards 153 6.3 802.
Page 166 and 167:
Wireless LAN Standards 155 Modulati
Page 168 and 169:
Wireless LAN Standards 157 Table 6.
Page 170:
Wireless LAN Standards 159 short da
Page 174 and 175:
Wireless LAN Standards 163 6.4.2 Sp
Page 176 and 177:
Wireless LAN Standards 165 Table 6.
Page 178 and 179:
Wireless LAN Standards 167 6.4.3.2
Page 180:
Wireless LAN Standards 169 Modulati
Page 184 and 185:
Wireless LAN Standards 173 formed i
Page 186 and 187:
CHAPTER 7 Wireless Sensor Networks
Page 188 and 189:
Wireless Sensor Networks 177 wirele
Page 190:
Wireless Sensor Networks 179 Figure
Page 193:
182 Chapter 7 It is expected that o
Page 196 and 197:
Wireless Sensor Networks 185 Additi
Page 198 and 199:
Wireless Sensor Networks 187 a trai
Page 200 and 201:
Wireless Sensor Networks 189 7. Mor
Page 202 and 203:
CHAPTER 8 Attacks and Risks John Ri
Page 204 and 205:
Attacks and Risks 195 In addition t
Page 206 and 207:
Attacks and Risks 197 total complai
Page 208 and 209:
Attacks and Risks 199 attributed to
Page 210 and 211:
Attacks and Risks 201 3. receives,
Page 212 and 213:
Attacks and Risks 203 undetected an
Page 214 and 215:
Attacks and Risks 205 Step 3 : Iden
Page 216 and 217:
Attacks and Risks 207 14. U.S. Depa
Page 218 and 219:
210 Chapter 9 9.1 What Is Security?
Page 220 and 221:
212 Chapter 9 Alice (manager) Bob (
Page 222:
214 Chapter 9 the security policy s
Page 226 and 227:
218 Chapter 9 Figure 9.4 : Enigma M
Page 231 and 232:
Security Defined 223 form of authen
Page 235 and 236:
Security Defined 227 to provide sec
Page 238:
230 Chapter 9 key hidden from the p
Page 241 and 242:
234 Chapter 10 Before we get starte
Page 243 and 244:
236 Chapter 10 cryptography, using
Page 245 and 246:
238 Chapter 10 A lot of cryptograph
Page 247 and 248:
240 Chapter 10 suspicious involveme
Page 249 and 250:
242 Chapter 10 to ensure that the p
Page 251 and 252:
244 Chapter 10 that we may discover
Page 253 and 254:
246 Chapter 10 10.5.1 SSH Sharing m
Page 256 and 257:
Standardizing Security 249 is estab
Page 258 and 259:
252 Chapter 11 was an internal proj
Page 260:
254 Chapter 11 authentication, so j
Page 264:
258 Chapter 11 SSL Session record H
Page 268:
262 Chapter 11 The client uses the
Page 274 and 275:
268 Chapter 11 11.6 SSL in Practice
Page 276 and 277:
270 Chapter 12 at some specific alg
Page 278 and 279:
272 Chapter 12 ● ● ● ● ●
Page 280 and 281:
274 Chapter 12 The reason the mecha
Page 282 and 283:
276 Chapter 12 // Finally, finalize
Page 284 and 285:
278 Chapter 12 technology for at le
Page 286 and 287:
280 Chapter 12 asymmetric) are much
Page 288 and 289:
282 Chapter 12 and time. Once they
Page 290 and 291:
284 Chapter 12 optimizations we wil
Page 292 and 293:
286 Chapter 12 The trick works beca
Page 294:
288 Chapter 12 The other common sym
Page 297 and 298:
Cryptography 291 in RSA is less sim
Page 299 and 300:
CHAPTER 13 Managing Access John Rit
Page 301 and 302:
Managing Access 295 13.1.3.2 Accoun
Page 303 and 304:
Managing Access 297 of the session
Page 305 and 306:
Managing Access 299 process of look
Page 307 and 308:
Managing Access 301 3. Deterrent, t
Page 309 and 310:
Managing Access 303 administration
Page 311 and 312:
Managing Access 305 Example of Elem
Page 313 and 314:
Managing Access 307 the system bein
Page 315 and 316:
Managing Access 309 13.2 Password M
Page 317 and 318:
Managing Access 311 13.2.4 Password
Page 319 and 320:
Managing Access 313 password is “
Page 321 and 322:
Managing Access 315 2. U.S. Departm
Page 323 and 324:
318 Chapter 14 The new legislation
Page 325 and 326:
320 Chapter 14 of law enforcement a
Page 327 and 328:
322 Chapter 14 Title IX, “ Improv
Page 329 and 330:
324 Chapter 14 14.5.2 Obtaining Voi
Page 331 and 332:
326 Chapter 14 [6] one applying to
Page 333 and 334:
328 Chapter 14 computer networks; (
Page 335 and 336:
330 Chapter 14 14.5.10 Deterrence a
Page 337 and 338:
332 Chapter 14 now aggregate “ lo
Page 339 and 340:
334 Chapter 14 computer forensic la
Page 341 and 342:
336 Chapter 14 7. Known as the wire
Page 343 and 344:
338 Chapter 15 and share enumerator
Page 345 and 346:
340 Chapter 15 Because this individ
Page 347 and 348:
342 Chapter 15 so on. Most of the s
Page 349 and 350:
344 Chapter 15 15.4.1.4 AiroPeek NX
Page 351 and 352:
346 Chapter 15 modify its content (
Page 353 and 354:
348 Chapter 15 this data, the hacke
Page 355 and 356:
350 Chapter 15 requesting access wi
Page 357 and 358:
352 Chapter 15 corporate network fr
Page 359 and 360:
354 Chapter 15 computer, especially
Page 361 and 362:
356 Chapter 15 pigtail cables and v
Page 363 and 364:
358 Chapter 15 One might think it w
Page 365 and 366:
360 Chapter 15 Few WLAN discovery t
Page 367 and 368:
CHAPTER 16 Security Policy George L
Page 369 and 370: Security Policy 365 Define a policy
Page 371 and 372: Part 3 Wireless Network Security
Page 374 and 375: Security in Traditional Wireless Ne
Page 377 and 378: 374 Chapter 17 network. On the othe
Page 379 and 380: 376 Chapter 17 Ki (128 bit), RAND (
Page 381 and 382: 378 Chapter 17 protection. The abse
Page 383 and 384: 380 Chapter 17 SRES to these challe
Page 386: Security in Traditional Wireless Ne
Page 389 and 390: 386 Chapter 17 From a client’s (M
Page 391 and 392: 388 Chapter 17 17.4.3 Authenticatio
Page 393 and 394: 390 Chapter 17 Generate SQN Generat
Page 395 and 396: 392 Chapter 17 Count-c Direction Co
Page 397 and 398: 394 Chapter 17 Count-i Direction Co
Page 399 and 400: 396 Chapter 17 MS SRNC VLR/SGSN 1.
Page 401: 398 Chapter 17 provide confidential
Page 405 and 406: CHAPTER 18 Wireless LAN Security Pr
Page 407 and 408: Wireless LAN Security 405 retrospec
Page 410 and 411: 408 Chapter 18 the former case, it
Page 412: 410 Chapter 18 1 2 3 4 Station Acce
Page 415 and 416: Wireless LAN Security 413 18.4.5 Ps
Page 417 and 418: Wireless LAN Security 415 RC4 encry
Page 419: Wireless LAN Security 417 key-strea
Page 423 and 424: Wireless LAN Security 421 with (or
Page 425 and 426: Wireless LAN Security 423 The Wi-Fi
Page 427 and 428: Wireless LAN Security 425 WEP WPA (
Page 429 and 430: Wireless LAN Security 427 TSC/IV hi
Page 434 and 435: 432 Chapter 18 a common theme in mo
Page 436: 434 Chapter 18 Therefore, TKIP uses
Page 439 and 440: Wireless LAN Security 437 designing
Page 441: Wireless LAN Security 439 To summar
Page 445 and 446: Wireless LAN Security 443 more than
Page 447: CHAPTER 19 Security in Wireless Ad
Page 450 and 451: 448 Chapter 19 ● ● ● ● Conc
Page 454 and 455: 452 Chapter 19 is optional. However
Page 456 and 457: 454 Chapter 19 HigherLayer_KeyEst.
Page 458 and 459: 456 Chapter 19 Device A: Verifier D
Page 460 and 461: 458 Chapter 19 The process of gener
Page 462 and 463: 460 Chapter 19 less than 128 bits.
Page 464 and 465: 462 Chapter 19 identity it is clami
Page 466 and 467: 464 Chapter 19 Device A: Master Dev
Page 468 and 469: 466 Chapter 19 Initialize key strea
Page 470 and 471:
468 Chapter 20 Figure 20.1 : The Li
Page 472 and 473:
470 Chapter 20 Figure 20.3 : The ad
Page 474 and 475:
472 Chapter 20 Figure 20.6 : The WE
Page 479 and 480:
Implementing Basic Wireless Securit
Page 481 and 482:
Page 483 and 484:
Page 485 and 486:
Page 487 and 488:
Page 489 and 490:
Page 491 and 492:
Page 493 and 494:
Page 495 and 496:
Page 497 and 498:
Page 499 and 500:
Page 501 and 502:
Page 503 and 504:
Page 505 and 506:
CHAPTER 21 Implementing Advanced Wi
Page 507 and 508:
Implementing Advanced Wireless Secu
Page 509 and 510:
Page 511 and 512:
Page 513 and 514:
Page 515 and 516:
Page 517 and 518:
Page 519 and 520:
Page 521 and 522:
Page 523 and 524:
Page 525 and 526:
Page 527 and 528:
Page 529 and 530:
Page 531 and 532:
Page 533 and 534:
Page 535 and 536:
Page 537 and 538:
Page 539 and 540:
Page 541 and 542:
Page 543 and 544:
Page 545 and 546:
Page 547 and 548:
Page 549 and 550:
Page 551 and 552:
Page 553 and 554:
Page 555 and 556:
Page 557 and 558:
Page 559 and 560:
Page 561 and 562:
Page 563 and 564:
Page 565 and 566:
Page 567 and 568:
Page 569 and 570:
Page 571 and 572:
Page 573 and 574:
Page 575 and 576:
Page 577 and 578:
Page 579 and 580:
Page 581 and 582:
Page 583 and 584:
Page 585 and 586:
Part 4 Other Wireless Technology
Page 587 and 588:
586 Chapter 22 22.2 The Basics of W
Page 589 and 590:
588 Chapter 22 coming in a distant
Page 591 and 592:
590 Chapter 22 Figure 22.1 : The Ad
Page 593 and 594:
592 Chapter 22 Figure 22.2 : Config
Page 595 and 596:
594 Chapter 22 security as long as
Page 597 and 598:
596 Chapter 22 you protect these fi
Page 599 and 600:
598 Chapter 22 22.4.3 Use Encryptio
Page 601 and 602:
600 Chapter 22 22.6 Additional Reso
Page 603:
602 Chapter 23 by modern networked
Page 606 and 607:
Wireless Embedded System Security 6
Page 608 and 609:
Page 610 and 611:
Page 614 and 615:
Page 616 and 617:
CHAPTER 24 RFID Security Frank Thor
Page 618 and 619:
RFID Security 617 encryption in 197
Page 620 and 621:
RFID Security 619 Figure 24.2 : RFI
Page 622 and 623:
RFID Security 621 Figure 24.3 : Two
Page 624:
RFID Security 623 24.5.1 Tag/Label
Page 627 and 628:
626 Chapter 24 The reader retrieves
Page 630 and 631:
RFID Security 629 Table 24.2 : RFID
Page 632 and 633:
RFID Security 631 Figure 24.7 : Fak
Page 634 and 635:
RFID Security 633 ExxonMobil has ex
Page 636 and 637:
RFID Security 635 database was not
Page 638 and 639:
RFID Security 637 can obtain a dram
Page 640 and 641:
RFID Security 639 At any point in t
Page 642 and 643:
RFID Security 641 lost? Will it be
Page 644 and 645:
RFID Security 643 possibility of St
Page 646 and 647:
RFID Security 645 building and to e
Page 648 and 649:
RFID Security 647 If we make three
Page 650 and 651:
APPENDIX A Wireless Policy Essentia
Page 652 and 653:
Wireless Policy Essentials 651 netw
Page 654 and 655:
Wireless Policy Essentials 653 Ins
Page 656 and 657:
Wireless Policy Essentials 655 ●
Page 658 and 659:
Wireless Policy Essentials 657 prop
Page 660 and 661:
Page 662 and 663:
Wireless Policy Essentials 661 wher
Page 664 and 665:
Wireless Policy Essentials 663 appr
Page 666 and 667:
Wireless Policy Essentials 665 Netw
Page 668 and 669:
Wireless Policy Essentials 667 3. C
Page 670 and 671:
Wireless Policy Essentials 669 14.
Page 672 and 673:
Wireless Policy Essentials 671 3. D
Page 674 and 675:
Wireless Policy Essentials 673 3.0
Page 676 and 677:
Wireless Policy Essentials 675 been
Page 678 and 679:
Wireless Policy Essentials 677 and
Page 680 and 681:
Wireless Policy Essentials 679 comp
Page 682 and 683:
Wireless Policy Essentials 681 appr
Page 684 and 685:
Page 686 and 687:
Page 688 and 689:
Page 690 and 691:
Page 692 and 693:
Page 694 and 695:
Page 696 and 697:
Page 698 and 699:
Wireless Policy Essentials 697 The
Page 700 and 701:
Page 702 and 703:
APPENDIX B Glossary Tony Bradley Ac
Page 704 and 705:
Glossary 703 Broadband: Technically
Page 706 and 707:
Glossary 705 Encryption: Encryption
Page 708 and 709:
Glossary 707 to “ chat ” in rea
Page 710 and 711:
Glossary 709 NAT: Network Address T
Page 712 and 713:
Glossary 711 French and one German,
Page 714 and 715:
Glossary 713 Trojan: A Trojan horse
Page 716 and 717:
716 Index Access control (continued
Page 718 and 719:
718 Index Cyberterrorism, deterrenc
Page 720 and 721:
720 Index Linksys WRV54G VPN broadb
Page 722 and 723:
722 Index Secure Sockets Layer (SSS
Page 724 and 725:
724 Index Wireless embedded system
Page 726:
726 Index Wireless security impleme
show all

Wireless Security.pdf - PDF Archive

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?