Crypto U12, WLAN

Descripción

(Unit 12 - Crypto Systems) IYM002 Mapa Mental sobre Crypto U12, WLAN, creado por jjanesko el 28/04/2013.
jjanesko
Mapa Mental por jjanesko, actualizado hace más de 1 año
jjanesko
Creado por jjanesko hace más de 11 años
90
10

Resumen del Recurso

Crypto U12, WLAN
  1. background
    1. 3 standards
      1. WEP
        1. original standard
          1. wired equivalent privacy
            1. designed to provide security at data link layer
              1. replaced by WPA
              2. WPA
                1. designed as stop gap for WEP insecurity
                  1. WiFi Protected Access
                    1. 2002
                      1. designed to work with legacy hardware
                      2. WPA2
                        1. IEEE 802.11
                          1. 2004
                      3. design
                        1. originally designed to provide security equivalent as a cabled network and no more
                          1. support open standards to assure support for all connecting devices
                            1. does not need to be as flexible as SSL so fewer supported algorithms can be selected
                              1. symmetric crypto used
                                1. because speed is desired
                                  1. because it is a closed environment and easier to control
                                  2. only as flexible as needed, but not more
                                    1. need to be able to provide quick updates
                                    2. security requirements
                                      1. confidentiality
                                        1. mutual entity authenticaton
                                          1. data origin authentication
                                          2. WPA
                                            1. differences from WEP
                                              1. uses stronger authntication and key establishment
                                                1. key hierarchy used
                                                  1. uses master key, key ecrypting keys and data keys
                                                  2. mutual entity authentication
                                                    1. mutual data origin authentication
                                                      1. mutual key establishment
                                                        1. key confidentiality
                                                          1. key freshness
                                                            1. mutual key confirmation
                                                              1. unbiased control
                                                                1. 2 methods to establish Pre-Master-Key (PMK)
                                                                  1. Extensible Authentication Protocol (EAP)
                                                                    1. Established as a preshared key
                                                                2. WPA
                                                                  1. uses Rc4
                                                                    1. mixes data encrypting key with IV (rather than appending)
                                                                      1. for each package, a new IV sent
                                                                      2. WPA2
                                                                        1. uses AES
                                                                          1. provides confidentiality and data origin authentication with CCMP
                                                                            1. CBC - MAC protocol
                                                                              1. 1. create MAC using CBC
                                                                                1. 2. encrypt using counter mode
                                                                          2. WEP
                                                                            1. implementation
                                                                              1. RC4 Stream Cipher
                                                                                1. 40 bit key
                                                                                  1. stream cipher desirable since transmission prone to errors
                                                                                    1. @ the time, cipher was well respected
                                                                                    2. CRC checksum for integrity
                                                                                      1. simple challenge and response for authentication
                                                                                        1. use shared, fixed symmetric key for each WLAN
                                                                                          1. If one device on network compromised, they are all compromised.
                                                                                          2. RC4 required synchronization
                                                                                            1. this means each packet must be encrypted separately, so this runs the risk of keystream being used repeatedly
                                                                                              1. to provide variation, used an initialization vecor of 24 bits and appends it to key
                                                                                                1. PROBLEM: RC4 does not originally support initialization vectors
                                                                                          3. security issues and design flaws
                                                                                            1. single, shared key is a single point of failure
                                                                                              1. since WEP key is used for every encryption, it is continuously exposed
                                                                                                1. abuses principle of key separation
                                                                                                  1. key length not future proof (40 bits)
                                                                                                    1. nonstandard use of crypto algorithm
                                                                                                      1. lack of origin authentication
                                                                                                        1. weak entity authentication mechanism
                                                                                                        2. attacks
                                                                                                          1. man-in-the-middle
                                                                                                            1. because only supports unilateral entity auth (Alice to access point)
                                                                                                            2. replay attack
                                                                                                              1. CRC manipulation attack
                                                                                                                1. birthday attack on IVs
                                                                                                                  1. key recovery attack
                                                                                                                Mostrar resumen completo Ocultar resumen completo

                                                                                                                Similar

                                                                                                                Crypto U12 (part 1), crypto for mobile telecom
                                                                                                                jjanesko
                                                                                                                Crypto U12 (part 2), crypto for mobile telecom
                                                                                                                jjanesko
                                                                                                                Crypto U12, SSL
                                                                                                                jjanesko
                                                                                                                Crypto U12 GSM,UTMS Hierarchy Diagram
                                                                                                                jjanesko
                                                                                                                Crypto U4, Block Cipher, Cipher Feedback Mode (CFB)
                                                                                                                jjanesko
                                                                                                                Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
                                                                                                                jjanesko
                                                                                                                Crypto U3, Theoretical vs. Practical Security
                                                                                                                jjanesko
                                                                                                                Crypto U1, Basic Principles
                                                                                                                jjanesko
                                                                                                                Crypto U4, Stream Cipher
                                                                                                                jjanesko
                                                                                                                Crypto U4, Block Cipher, Counter Mode
                                                                                                                jjanesko
                                                                                                                Crypto U4, Block Cipher, Electronic Codebook Mode (ECB)
                                                                                                                jjanesko