What's Wrong with WEP?
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Cryptanalysis of IEEE 802.11I TKIP
Cryptanalysis of IEEE 802.11i TKIP Finn Michael Halvorsen Olav Haugen Master of Science in Communication Technology Submission date: June 2009 Supervisor: Stig Frode Mjølsnes, ITEM Co-supervisor: Martin Eian, ITEM Norwegian University of Science and Technology Department of Telematics Problem Description A new vulnerability in the Temporal Key Integrity Protocol (TKIP) defined in 802.11i [1] was recently discovered and published in [2]. Verification and further analysis on this vulnerability is needed. The students will give a detailed explanation of the attack, followed by experimental verification via various tools. The severeness of the attack and application areas should be discussed. If it is possible and if time permits, the students will also look for other weaknesses in the TKIP protocol that may lead to other attacks. [1] http://standards.ieee.org/getieee802/download/802.11i-2004.pdf [2] http://dl.aircrack-ng.org/breakingwepandwpa.pdf Assignment given: 14. January 2009 Supervisor: Stig Frode Mjølsnes, ITEM Abstract The Temporal Key Integrity Protocol (TKIP) was created to fix the weak- nesses of Wired Equivalent Privacy (WEP). Up until November 2008, TKIP was believed to be a secure alternative to WEP, although some weak points were known. In November 2008, the German researchers Martin Beck and Erik Tews released a paper titled Practical Attacks Against WEP and WPA [10]. This paper introduced the first practical cryptographic attack on TKIP. This thesis continues the work of Beck and Tews, and presents an im- proved attack as an advancement of their original attack. The thesis starts by giving a comprehensive study of the current state of wireless network and security protocols. -
Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, Newdes, RC2, and TEA
Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, NewDES, RC2, and TEA John Kelsey Bruce Schneier David Wagner Counterpane Systems U.C. Berkeley kelsey,schneier @counterpane.com [email protected] f g Abstract. We present new related-key attacks on the block ciphers 3- WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Differen- tial related-key attacks allow both keys and plaintexts to be chosen with specific differences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack to deal with the difficulties of the individual algorithms. We also give specific design principles to protect against these attacks. 1 Introduction Related-key cryptanalysis assumes that the attacker learns the encryption of certain plaintexts not only under the original (unknown) key K, but also under some derived keys K0 = f(K). In a chosen-related-key attack, the attacker specifies how the key is to be changed; known-related-key attacks are those where the key difference is known, but cannot be chosen by the attacker. We emphasize that the attacker knows or chooses the relationship between keys, not the actual key values. These techniques have been developed in [Knu93b, Bih94, KSW96]. Related-key cryptanalysis is a practical attack on key-exchange protocols that do not guarantee key-integrity|an attacker may be able to flip bits in the key without knowing the key|and key-update protocols that update keys using a known function: e.g., K, K + 1, K + 2, etc. Related-key attacks were also used against rotor machines: operators sometimes set rotors incorrectly. -
GCM) for Confidentiality And
NIST Special Publication 800-38D Recommendation for Block DRAFT (April, 2006) Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication Morris Dworkin C O M P U T E R S E C U R I T Y Abstract This Recommendation specifies the Galois/Counter Mode (GCM), an authenticated encryption mode of operation for a symmetric key block cipher. KEY WORDS: authentication; block cipher; cryptography; information security; integrity; message authentication code; mode of operation. i Table of Contents 1 PURPOSE...........................................................................................................................................................1 2 AUTHORITY.....................................................................................................................................................1 3 INTRODUCTION..............................................................................................................................................1 4 DEFINITIONS, ABBREVIATIONS, AND SYMBOLS.................................................................................2 4.1 DEFINITIONS AND ABBREVIATIONS .............................................................................................................2 4.2 SYMBOLS ....................................................................................................................................................4 4.2.1 Variables................................................................................................................................................4 -
CIT 380: Securing Computer Systems
CIT 380: Securing Computer Systems Symmetric Cryptography Topics 1. Modular Arithmetic 2. What is Cryptography? 3. Transposition Ciphers 4. Substitution Ciphers 1. Cæsar cipher 2. Vigènere cipher 5. Cryptanalysis: frequency analysis 6. Block Ciphers 7. AES and DES 8. Stream Ciphers Modular Arithmetic Congruence – a = b (mod N) iff a = b + kN – ex: 37=27 mod 10 b is the residue of a, modulo N – Integers 0..N-1 are the set of residues mod N Modulo 12 number system What is Cryptography? Cryptography: The art and science of keeping messages secure. Cryptanalysis: the art and science of decrypting messages. Cryptology: cryptography + cryptanalysis Terminology Plaintext: message P to be encrypted. Also called Plaintext cleartext. Encryption: altering a Encryption message to keep its Procedure contents secret. Ciphertext: encrypted message C. Ciphertext Cæsar cipher Plaintext is HELLO WORLD Change each letter to the third letter following it (X goes to A, Y to B, Z to C) – Key is 3, usually written as letter ‘D’ Ciphertext is KHOOR ZRUOG ROT 13 Cæsar cipher with key of 13 13 chosen since encryption and decryption are same operation Used to hide spoilers, punchlines, and offensive material online. Kerckhoff’s Principle Security of cryptosystem should only depend on 1. Quality of shared encryption algorithm E 2. Secrecy of key K Security through obscurity tends to fail ex: DVD Content Scrambling System Cryptanalysis Goals 1. Decrypt a given message. 2. Recover encryption key. Threat models vary based on 1. Type of information available to adversary 2. Interaction with cryptosystem. Cryptanalysis Threat Models ciphertext only: adversary has only ciphertext; goal is to find plaintext, possibly key. -
A Comparative Study Between WEP, WPA and WPA2 Security Algorithms
International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2013): 6.14 | Impact Factor (2013): 4.438 A Comparative Study between WEP, WPA and WPA2 Security Algorithms Tagwa Ahmed Bakri Gali1, Amin Babiker A/Nabi Mustafa2 Department of Communication Al–Neelain University Abstract: This paper is a review study of the different security techniques that used to protect wireless networks from hackers. The main goal of this is to understand the concept of security techniques in the network and knowledge of the strengths and weakness points of these techniques in this field. Keywords: Wireless LAN, security technique, Wired Equivalent Privacy, Wi-Fi Protected Access, Wi-Fi Protected Access 2. 1. Introduction 2.3WPA2 (Wi-Fi Protected Access 2) A wireless network is a type of computer networks that uses The recommended solution to WEP security problems is to wireless data connections for connecting nodes. Wireless switch to WPA2. The WPA was an intermediate solution for networking is a method used by homes, telecommunications hardware that could not support WPA2. Both WPA and networks and enterprise (business) to ward off the pricey WPA2 are much more secure than WEP. [6] To add support procedure of introducing cables into a building, or to a for WPA or WPA2, some old Wi-Fi access points might connection between various equipment locations [1]. need to be replaced or have their firmware upgraded [7]. Wireless telecommunications networks are broadly put WPA was designed as an interim software-implementable through and administered using radio communication. This solution for WEP that could forestall immediate deployment implementation takes place in the physical layer (layer) of of new hardware. -
Recommendation for Block Cipher Modes of Operation Methods
NIST Special Publication 800-38A Recommendation for Block 2001 Edition Cipher Modes of Operation Methods and Techniques Morris Dworkin C O M P U T E R S E C U R I T Y ii C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2001 U.S. Department of Commerce Donald L. Evans, Secretary Technology Administration Phillip J. Bond, Under Secretary of Commerce for Technology National Institute of Standards and Technology Arden L. Bement, Jr., Director iii Reports on Information Security Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. -
Implementation of Symmetric Encryption Algorithms
Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.8, No.4, 2017 Implementation of Symmetric Encryption Algorithms Haider Noori Hussain *1 Waleed Noori Hussein *2 1.Department of Computer science , College of Education for Pure Science, University of Basra, Iraq 2.Department of Mathematics , College of Education for Pure Science, University of Basra, Iraq Abstract Cryptography considered being the most vital component in information security because it is responsible for securing all information passed through networked computers. The discussions in this paper include an overview of cryptography and symmetric encryption. This paper also discusses some of the algorithms used in our research. This paper aims to design an application that consist of some symmetric encryption algorithms which allow users to encrypt and decrypt different size of files, also the application can be used as a test field to compare between different symmetric algorithms. Keywords: Cryptography, symmetric, encryption 1. Introduction In today's technology, every second data are generated on the internet due to the online transaction. Cryptography is a necessary part of network security which allows the virtual world to be more secure. In many applications of our daily life information security plays a key role (Kumar and Munjal 2011). This applies even stronger for ubiquitous computing applications where a multitude of sensors and actuators observe and control our physical environment (Kumar and Munjal 2011). When developing such applications a software engineer usually relies on well-known cryptographic mechanisms like encryption or hashing. However, due to the multitude of existing cryptographic algorithms, it can be challenging to select an adequate and secure one (Masram, Shahare et al. -
Block Ciphers
BLOCK CIPHERS MTH 440 Block ciphers • Plaintext is divided into blocks of a given length and turned into output ciphertext blocks of the same length • Suppose you had a block cipher, E(x,k) where the input plaintext blocks,x, were of size 5-bits and a 4-bit key, k. • PT = 10100010101100101 (17 bits), “Pad” the PT so that its length is a multiple of 5 (we will just pad with 0’s – it doesn’t really matter) • PT = 10100010101100101000 • Break the PT into blocks of 5-bits each (x=x1x2x3x4) where each xi is 5 bits) • x1=10100, x2= 01010, x3=11001, x4=01000 • Ciphertext: c1c2c3c4 where • c1=E(x1,k1), c2=E(x2,k2), c3=E(x3,k3), c4=E(x4,k4) • (when I write the blocks next to each other I just mean concatentate them (not multiply) – we’ll do this instead of using the || notation when it is not confusing) • Note the keys might all be the same or all different What do the E’s look like? • If y = E(x,k) then we’ll assume that we can decipher to a unique output so there is some function, we’ll call it D, so that x = D(y,k) • We might define our cipher to be repeated applications of some function E either with the same or different keys, we call each of these applications “round” • For example we might have a “3 round” cipher: y Fk x E((() E E x, k1 , k 2)), k 3 • We would then decipher via 1 x Fk (,, y) D((() D D y, k3 k 2) k 1) S-boxes (Substitution boxes) • Sometimes the “functions” used in the ciphers are just defined by a look up table that are often referred to “S- boxes” •x1 x 2 x 3 S(x 1 x 2 x 3 ) Define a 4-bit function with a 3-bit key 000 -
Nist Sp 800-77 Rev. 1 Guide to Ipsec Vpns
NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel Karen Scarfone Paul Wouters This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 C O M P U T E R S E C U R I T Y NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel* Computer Security Division Information Technology Laboratory Karen Scarfone Scarfone Cybersecurity Clifton, VA Paul Wouters Red Hat Toronto, ON, Canada *Former employee; all work for this publication was done while at NIST This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 June 2020 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. -
Chapter 4 Symmetric Encryption
Chapter 4 Symmetric Encryption The symmetric setting considers two parties who share a key and will use this key to imbue communicated data with various security attributes. The main security goals are privacy and authenticity of the communicated data. The present chapter looks at privacy, Chapter ?? looks at authenticity, and Chapter ?? looks at providing both together. Chapters ?? and ?? describe tools we shall use here. 4.1 Symmetric encryption schemes The primitive we will consider is called an encryption scheme. Such a scheme speci¯es an encryption algorithm, which tells the sender how to process the plaintext using the key, thereby producing the ciphertext that is actually transmitted. An encryption scheme also speci¯es a decryption algorithm, which tells the receiver how to retrieve the original plaintext from the transmission while possibly performing some veri¯cation, too. Finally, there is a key-generation algorithm, which produces a key that the parties need to share. The formal description follows. De¯nition 4.1 A symmetric encryption scheme SE = (K; E; D) consists of three algorithms, as follows: ² The randomized key generation algorithm K returns a string K. We let Keys(SE) denote the set of all strings that have non-zero probability of be- ing output by K. The members of this set are called keys. We write K Ã$ K for the operation of executing K and letting K denote the key returned. ² The encryption algorithm E takes a key K 2 Keys(SE) and a plaintext M 2 f0; 1g¤ to return a ciphertext C 2 f0; 1g¤ [ f?g. -
Weak Keys for AEZ, and the External Key Padding Attack
Weak Keys for AEZ, and the External Key Padding Attack Bart Mennink1;2 1 Dept. Electrical Engineering, ESAT/COSIC, KU Leuven, and iMinds, Belgium [email protected] 2 Digital Security Group, Radboud University, Nijmegen, The Netherlands [email protected] Abstract. AEZ is one of the third round candidates in the CAESAR competition. We observe that the tweakable blockcipher used in AEZ suffers from structural design issues in case one of the three 128-bit sub- keys is zero. Calling these keys \weak," we show that a distinguishing attack on AEZ with weak key can be performed in at most five queries. Although the fraction of weak keys, around 3 out of every 2128, seems to be too small to violate the security claims of AEZ in general, they do reveal unexpected behavior of the scheme in certain use cases. We derive a potential scenario, the \external key padding," where a user of the authenticated encryption scheme pads the key externally before it is fed to the scheme. While for most authenticated encryption schemes this would affect the security only marginally, AEZ turns out to be com- pletely insecure in this scenario due to its weak keys. These observations open a discussion on the significance of the \robustness" stamp, and on what it encompasses. Keywords. AEZ, tweakable blockcipher, weak keys, attack, external key padding, robustness. 1 Introduction Authenticated encryption aims to offer both privacy and authenticity of data. The ongoing CAESAR competition [8] targets the development of a portfolio of new, solid, authenticated encryption schemes. It received 57 submissions, 30 candidates advanced to the second round, and recently, 16 of those advanced to the third round. -
Multiplicative Differentials
Multiplicative Differentials Nikita Borisov, Monica Chew, Rob Johnson, and David Wagner University of California at Berkeley Abstract. We present a new type of differential that is particularly suited to an- alyzing ciphers that use modular multiplication as a primitive operation. These differentials are partially inspired by the differential used to break Nimbus, and we generalize that result. We use these differentials to break the MultiSwap ci- pher that is part of the Microsoft Digital Rights Management subsystem, to derive a complementation property in the xmx cipher using the recommended modulus, and to mount a weak key attack on the xmx cipher for many other moduli. We also present weak key attacks on several variants of IDEA. We conclude that cipher designers may have placed too much faith in multiplication as a mixing operator, and that it should be combined with at least two other incompatible group opera- ¡ tions. 1 Introduction Modular multiplication is a popular primitive for ciphers targeted at software because many CPUs have built-in multiply instructions. In memory-constrained environments, multiplication is an attractive alternative to S-boxes, which are often implemented us- ing large tables. Multiplication has also been quite successful at foiling traditional dif- ¢ ¥ ¦ § ferential cryptanalysis, which considers pairs of messages of the form £ ¤ £ or ¢ ¨ ¦ § £ ¤ £ . These differentials behave well in ciphers that use xors, additions, or bit permutations, but they fall apart in the face of modular multiplication. Thus, we con- ¢ sider differential pairs of the form £ ¤ © £ § , which clearly commute with multiplication. The task of the cryptanalyst applying multiplicative differentials is to find values for © that allow the differential to pass through the other operations in a cipher.