DOCSLIB.ORG

Intercepting Mobile Communications: the Insecurity of 802.11 —DRAFT—

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Intercepting Mobile Communications: The Insecurity of 802.11 —DRAFT— Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Systems UC Berkeley Abstract to that of wired ones. The primary goal of WEP is to protect the confidentiality of user data from eavesdrop- ping. WEP is part of an international standard; it has The 802.11 standard for wireless networks includes a been integrated by manufacturers into their 802.11 hard- Wired Equivalent Privacy (WEP) protocol, used to pro- ware and is currently in widespread use. tect link-layer communications from eavesdropping and other attacks. We have discovered several serious secu- Unfortunately, WEP falls short of accomplishing its se- rity flaws in the protocol, stemming from misapplication curity goals. Despite employing the well-known and of cryptographic primitives. The flaws lead to a number believed-secure RC4 [12] cipher, WEP contains several of practical attacks that demonstrate that WEP fails to major security flaws. The flaws give rise to a number of achieve its security goals. In this paper, we discuss in attacks, both passive and active, that allow eavesdrop- detail each of the flaws, the underlying security princi- ping on, and tampering with, wireless transmissions. In ple violations, and the ensuing attacks. this paper, we discuss the flaws that we identified and describe the attacks that ensue. The following section is devoted to an overview of WEP 1 Introduction and the threat models that it is trying to address. Sec- tions 3 and 4 identify particular flaws and the corre- sponding attacks, and also discuss the security principles In recent years, the proliferation of laptop computers that were violated. Section 5 describes potential coun- and PDA’s has caused an increase in the range of places termeasures. Section 6 suggest some general lessons people perform computing. At the same time, network that can be derived from the WEP insecurities. Finally, connectivity is becoming an increasingly integral part Section 7 offers some conclusions. of computing environments. As a result, wireless net- works of various kinds have gained much popularity. But with the added convenience of wireless access come new problems, not the least of which are heightened se- 2 The WEP Protocol curity concerns. When transmissions are broadcast over radio waves, interception and masquerading becomes trivial to anyone with a radio, and so there is a need to The Wired Equivalent Privacy protocol is used in 802.11 employ additional mechanisms to protect the communi- networks to protect link-level data during wireless trans- cations. mission. It is described in detail in the 802.11 standard [11]; we reproduce a brief description to enable the fol- The 802.11 standard [11] for wireless LAN communi- lowing discussion of its properties. cations introduced the Wired Equivalent Privacy (WEP) protocol in an attempt to address these new problems WEP relies on a secret key shared between the com- and bring the security level of wireless systems closer municating parties to protect the body of a transmitted 1 RC4 encryption algorithm, and the term ciphertext ( # ) £ Plaintext to refer to the encryption of the plaintext as it is trans- ¢ ¡ Message CRC mitted over the radio link. ¤ XOR To decrypt a frame protected by WEP, the recipient sim- Keystream = RC4(v,k) ply reverses the encryption process. First, he regenerates the keystream '§(' and XORs it against the cipher- ¢ text to recover the initial plaintext: ¥ v Ciphertext # "7§(' Transmitted Data 546 §( 8"&9'§ ! :"7!§ ! Figure 1: Encrypted WEP Frame. ;) Next, the recipient verifies the checksum on the de- frame of data. Encryption of a frame proceeds as fol- © 3¦ 4 4 crypted plaintext 4 by splitting it into the form , lows: ¦¨§ © re-computing the checksum 4 , and checking that ¦ it matches the received checksum 4 . This ensures that Checksumming: First, we compute an integrity check- only frames with a valid checksum will be accepted by © sum ¦¨§ © on the message . We concatenate the the receiver. two to obtain a plaintext ©¦§© , which will be used as input to the second stage. Note that ¦§© , and thus , does not depend on the key . 2.1 Security Goals Encryption: In the second stage, we encrypt the plain- text derived above using RC4. We choose an ini- The WEP protocol is intended to enforce three main se- tialization vector (IV) . The RC4 algorithm gen- curity goals [11]: erates a keystream—i.e., a long sequence of pseu- dorandom bytes—as a function of the IV and the key . This keystream is denoted by § ! . Confidentiality: The fundamental goal of WEP is to Then, we exclusive-or (XOR, denoted by " ) the prevent casual eavesdropping. plaintext with the keystream to obtain the cipher- Access control: A second goal of the protocol is to text: protect access to a wireless network infrastructure. # The 802.11 standard includes an optional feature to $ %"&'§(' *) discard all packets that are not properly encrypted Transmission: Finally, we transmit the IV and the ci- using WEP, and manufacturers advertise the ability phertext over the radio link. of WEP to provide access control. Data integrity: A related goal is to prevent tampering Symbolically, this may be represented as follows: with transmitted messages; the integrity checksum field is included for this purpose. +$,-/. 12 ©3¦§ © *) !0§ %"&'§ ! where The format of the encrypted frame is also shown picto- In all three cases, the claimed security of the protocol rially in Figure 1. “relies on the difficulty of discovering the secret key through a brute-force attack” [11]. We will consistently use the term message (symboli- cally, © ) to refer to the initial frame of data to be pro- There are actually two classes of WEP implementation: tected, the term plaintext ( ) to refer to the concatena- classic WEP, as documented in the standard, and an ex- tion of message and checksum as it is presented to the tended version developed by some vendors to provide 2 larger keys. The WEP standard specifies the use of 40- dustry. However, such a position is dangerous. First, bit keys, so chosen because of US Government restric- it does not safeguard against highly resourceful attack- tions on the export of technology containing cryptogra- ers who have the ability to incur significant time and phy, which were in effect at the time the protocol was equipment costs to gain access to data. This limitation is drafted. This key length is short enough to make brute- especially dangerous when securing a company’s inter- force attacks practical to individuals and organizations nal wireless network, since corporate espionage can be with fairly modest computing resources [1, 5]. How- a highly profitable business. ever, it is straightforward to extend the protocol to use larger keys, and several equipment manufacturers of- Second, the necessary hardware to monitor and inject fer a so-called “128-bit” version (which actually uses 802.11 traffic is readily available to consumers in the 104-bit keys, despite its misleading name). This ex- form of wireless Ethernet interfaces. All that is needed tension renders brute-force attacks impossible for even is to subvert it to monitor and transmit encrypted traffic. the most resourceful of adversaries given today’s tech- We were successfully able to carry out passive attacks nology. Nonetheless, we will demonstrate that there are using off-the-shelf equipment by modifying driver set- shortcut attacks on the system that do not require a brute- tings. Active attacks appear to be more difficult, but force attack on the key, and thus even the 128-bit ver- not beyond reach. The PCMCIA Orinoco cards pro- sions of WEP are not secure. duced by Lucent allow their firmware to be upgraded; a concerted reverse-engineering effort should be able to In the remainder of this paper, we will argue that none of produce a modified version that allows injecting arbi- the three security goals are attained. First, we show prac- trary traffic. The time investment required is non-trivial; tical attacks that allow eavesdropping. Then, we show however, it is a one-time effort—the rogue firmware can that it is possible to subvert the integrity checksum field then be posted on a web site or distributed amongst un- and to modify the contents of a transmitted message, vi- derground circles. Therefore, we believe that it would olating data integrity. Finally, we demonstrate that our be prudent to assume that motivated attackers will have attacks can be extended to inject completely new traffic full access to the link layer for passive and even active into the network. attacks. Further supporting our position are the WEP documents themselves. They state: “Eavesdropping is a familiar problem to users of other types of wireless tech- 2.2 Attack Practicality nology” [11, p.61]. We will not discuss the difficulties of link layer access further, and focus on cryptographic properties of the attacks. Before describing the attacks, we would like to discuss the feasibility of mounting them in practice. In addi- tion to the cryptographic considerations discussed in the sections to follow, a common barrier to attacks on com- 3 The Risks of Keystream Reuse munication subsystems is access to the transmitted data. Despite being transmitted over open radio waves, 802.11 traffic requires significant infrastructure to intercept. An WEP provides data confidentiality using a stream cipher attacker needs equipment capable of monitoring 2.4GHz called RC4. Stream ciphers operate by expanding a se- frequencies and understanding the physical layer of the cret key (or, as in the case of WEP, a public IV and a 802.11 protocol; for active attacks, it is also necessary to secret key) into an arbitrarily long “keystream” of pseu- transmit at the same frequencies. A significant develop- dorandom bits. Encryption is performed by XORing the ment cost for equipment manufacturers lies in creating generated keystream with the plaintext.
Recommended publications
  • Cryptanalysis of IEEE 802.11I TKIP

    Cryptanalysis of IEEE 802.11I TKIP

    Cryptanalysis of IEEE 802.11i TKIP Finn Michael Halvorsen Olav Haugen Master of Science in Communication Technology Submission date: June 2009 Supervisor: Stig Frode Mjølsnes, ITEM Co-supervisor: Martin Eian, ITEM Norwegian University of Science and Technology Department of Telematics Problem Description A new vulnerability in the Temporal Key Integrity Protocol (TKIP) defined in 802.11i [1] was recently discovered and published in [2]. Verification and further analysis on this vulnerability is needed. The students will give a detailed explanation of the attack, followed by experimental verification via various tools. The severeness of the attack and application areas should be discussed. If it is possible and if time permits, the students will also look for other weaknesses in the TKIP protocol that may lead to other attacks. [1] http://standards.ieee.org/getieee802/download/802.11i-2004.pdf [2] http://dl.aircrack-ng.org/breakingwepandwpa.pdf Assignment given: 14. January 2009 Supervisor: Stig Frode Mjølsnes, ITEM Abstract The Temporal Key Integrity Protocol (TKIP) was created to fix the weak- nesses of Wired Equivalent Privacy (WEP). Up until November 2008, TKIP was believed to be a secure alternative to WEP, although some weak points were known. In November 2008, the German researchers Martin Beck and Erik Tews released a paper titled Practical Attacks Against WEP and WPA [10]. This paper introduced the first practical cryptographic attack on TKIP. This thesis continues the work of Beck and Tews, and presents an im- proved attack as an advancement of their original attack. The thesis starts by giving a comprehensive study of the current state of wireless network and security protocols.
  • Middleware in Action 2007

    Middleware in Action 2007

    Technology Assessment from Ken North Computing, LLC Middleware in Action Industrial Strength Data Access May 2007 Middleware in Action: Industrial Strength Data Access Table of Contents 1.0 Introduction ............................................................................................................. 2 Mature Technology .........................................................................................................3 Scalability, Interoperability, High Availability ...................................................................5 Components, XML and Services-Oriented Architecture..................................................6 Best-of-Breed Middleware...............................................................................................7 Pay Now or Pay Later .....................................................................................................7 2.0 Architectures for Distributed Computing.................................................................. 8 2.1 Leveraging Infrastructure ........................................................................................ 8 2.2 Multi-Tier, N-Tier Architecture ................................................................................. 9 2.3 Persistence, Client-Server Databases, Distributed Data ....................................... 10 Client-Server SQL Processing ......................................................................................10 Client Libraries ..............................................................................................................
  • A Practical Attack on Broadcast RC4

    A Practical Attack on Broadcast RC4

    A Practical Attack on Broadcast RC4 Itsik Mantin and Adi Shamir Computer Science Department, The Weizmann Institute, Rehovot 76100, Israel. {itsik,shamir}@wisdom.weizmann.ac.il Abstract. RC4is the most widely deployed stream cipher in software applications. In this paper we describe a major statistical weakness in RC4, which makes it trivial to distinguish between short outputs of RC4 and random strings by analyzing their second bytes. This weakness can be used to mount a practical ciphertext-only attack on RC4in some broadcast applications, in which the same plaintext is sent to multiple recipients under different keys. 1 Introduction A large number of stream ciphers were proposed and implemented over the last twenty years. Most of these ciphers were based on various combinations of linear feedback shift registers, which were easy to implement in hardware, but relatively slow in software. In 1987Ron Rivest designed the RC4 stream cipher, which was based on a different and more software friendly paradigm. It was integrated into Microsoft Windows, Lotus Notes, Apple AOCE, Oracle Secure SQL, and many other applications, and has thus become the most widely used software- based stream cipher. In addition, it was chosen to be part of the Cellular Digital Packet Data specification. Its design was kept a trade secret until 1994, when someone anonymously posted its source code to the Cypherpunks mailing list. The correctness of this unofficial description was confirmed by comparing its outputs to those produced by licensed implementations. RC4 has a secret internal state which is a permutation of all the N =2n possible n bits words.
  • A Comparative Study Between WEP, WPA and WPA2 Security Algorithms

    A Comparative Study Between WEP, WPA and WPA2 Security Algorithms

    International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2013): 6.14 | Impact Factor (2013): 4.438 A Comparative Study between WEP, WPA and WPA2 Security Algorithms Tagwa Ahmed Bakri Gali1, Amin Babiker A/Nabi Mustafa2 Department of Communication Al–Neelain University Abstract: This paper is a review study of the different security techniques that used to protect wireless networks from hackers. The main goal of this is to understand the concept of security techniques in the network and knowledge of the strengths and weakness points of these techniques in this field. Keywords: Wireless LAN, security technique, Wired Equivalent Privacy, Wi-Fi Protected Access, Wi-Fi Protected Access 2. 1. Introduction 2.3WPA2 (Wi-Fi Protected Access 2) A wireless network is a type of computer networks that uses The recommended solution to WEP security problems is to wireless data connections for connecting nodes. Wireless switch to WPA2. The WPA was an intermediate solution for networking is a method used by homes, telecommunications hardware that could not support WPA2. Both WPA and networks and enterprise (business) to ward off the pricey WPA2 are much more secure than WEP. [6] To add support procedure of introducing cables into a building, or to a for WPA or WPA2, some old Wi-Fi access points might connection between various equipment locations [1]. need to be replaced or have their firmware upgraded [7]. Wireless telecommunications networks are broadly put WPA was designed as an interim software-implementable through and administered using radio communication. This solution for WEP that could forestall immediate deployment implementation takes place in the physical layer (layer) of of new hardware.
  • In the United States Bankruptcy Court for the District of Delaware

    In the United States Bankruptcy Court for the District of Delaware

    Case 21-10527-JTD Doc 285 Filed 04/14/21 Page 1 of 68 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE ) In re: ) Chapter 11 ) CARBONLITE HOLDINGS LLC, et al.,1 ) Case No. 21-10527 (JTD) ) Debtors. ) (Jointly Administered) ) AFFIDAVIT OF SERVICE I, Victoria X. Tran, depose and say that I am employed by Stretto, the claims and noticing agent for the Debtors in the above-captioned case. On April 10, 2021, at my direction and under my supervision, employees of Stretto caused the following documents to be served via first-class mail on the service list attached hereto as Exhibit A, and via electronic mail on the service list attached hereto as Exhibit B: Notice of Proposed Sale or Sales of Substantially All of the Debtors’ Assets, Free and Clear of All Encumbrances, Other Than Assumed Liabilities, and Scheduling Final Sale Hearing Related Thereto (Docket No. 268) Notice of Proposed Assumption and Assignment of Designated Executory Contracts and Unexpired Leases (Docket No. 269) Furthermore, on April 10, 2021, at my direction and under my supervision, employees of Stretto caused the following documents to be served via first-class mail on the service list attached hereto as Exhibit C, and via electronic mail on the service list attached hereto as Exhibit D: Notice of Proposed Sale or Sales of Substantially All of the Debtors’ Assets, Free and Clear of All Encumbrances, Other Than Assumed Liabilities, and Scheduling Final Sale Hearing Related Thereto (Docket No. 268, Pages 1-4) Notice of Proposed Assumption and Assignment of Designated Executory Contracts and Unexpired Leases (Docket No.
  • Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition

    Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition

    KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT INGENIEURSWETENSCHAPPEN DEPARTEMENT ELEKTROTECHNIEK{ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition Promotor: Proefschrift voorgedragen tot Prof. Dr. ir. Bart Preneel het behalen van het doctoraat in de ingenieurswetenschappen door Souradyuti Paul November 2006 KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT INGENIEURSWETENSCHAPPEN DEPARTEMENT ELEKTROTECHNIEK{ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition Jury: Proefschrift voorgedragen tot Prof. Dr. ir. Etienne Aernoudt, voorzitter het behalen van het doctoraat Prof. Dr. ir. Bart Preneel, promotor in de ingenieurswetenschappen Prof. Dr. ir. Andr´eBarb´e door Prof. Dr. ir. Marc Van Barel Prof. Dr. ir. Joos Vandewalle Souradyuti Paul Prof. Dr. Lars Knudsen (Technical University, Denmark) U.D.C. 681.3*D46 November 2006 ⃝c Katholieke Universiteit Leuven { Faculteit Ingenieurswetenschappen Arenbergkasteel, B-3001 Heverlee (Belgium) Alle rechten voorbehouden. Niets uit deze uitgave mag vermenigvuldigd en/of openbaar gemaakt worden door middel van druk, fotocopie, microfilm, elektron- isch of op welke andere wijze ook zonder voorafgaande schriftelijke toestemming van de uitgever. All rights reserved. No part of the publication may be reproduced in any form by print, photoprint, microfilm or any other means without written permission from the publisher. D/2006/7515/88 ISBN 978-90-5682-754-0 To my parents for their unyielding ambition to see me educated and Prof. Bimal Roy for making cryptology possible in my life ... My Gratitude It feels awkward to claim the thesis to be singularly mine as a great number of people, directly or indirectly, participated in the process to make it see the light of day.
  • *UPDATED Canadian Values 07-04 201 7/26/2016 4:42:21 PM *UPDATED Canadian Values 07-04 202 COIN VALUES: CANADA 02 .0 .0 12

    *UPDATED Canadian Values 07-04 201 7/26/2016 4:42:21 PM *UPDATED Canadian Values 07-04 202 COIN VALUES: CANADA 02 .0 .0 12

    CANADIAN VALUES By Michael Findlay Large Cents VG-8 F-12 VF-20 EF-40 MS-60 MS-63R 1917 1.00 1.25 1.50 2.50 13. 45. CANADA COIN VALUES: 1918 1.00 1.25 1.50 2.50 13. 45. 1919 1.00 1.25 1.50 2.50 13. 45. 1920 1.00 1.25 1.50 3.00 18. 70. CANADIAN COIN VALUES Small Cents PRICE GUIDE VG-8 F-12 VF-20 EF-40 MS-60 MS-63R GEORGE V All prices are in U.S. dollars LargeL Cents C t 1920 0.20 0.35 0.75 1.50 12. 45. Canadian Coin Values is a comprehensive retail value VG-8 F-12 VF-20 EF-40 MS-60 MS-63R 1921 0.50 0.75 1.50 4.00 30. 250. guide of Canadian coins published online regularly at Coin VICTORIA 1922 20. 23. 28. 40. 200. 1200. World’s website. Canadian Coin Values is provided as a 1858 70. 90. 120. 200. 475. 1800. 1923 30. 33. 42. 55. 250. 2000. reader service to collectors desiring independent informa- 1858 Coin Turn NI NI 2500. 5000. BNE BNE 1924 6.00 8.00 11. 16. 120. 800. tion about a coin’s potential retail value. 1859 4.00 5.00 6.00 10. 50. 200. 1925 25. 28. 35. 45. 200. 900. Sources for pricing include actual transactions, public auc- 1859 Brass 16000. 22000. 30000. BNE BNE BNE 1926 3.50 4.50 7.00 12. 90. 650. tions, fi xed-price lists and any additional information acquired 1859 Dbl P 9 #1 225.
  • An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext

    An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext

    An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext By Isaac Quinn DuPont A thesis submitted in conformity with the requirements for the degree of Doctor of Philosophy Faculty of Information University of Toronto © Copyright by Isaac Quinn DuPont 2017 ii An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext Isaac Quinn DuPont Doctor of Philosophy Faculty of Information University of Toronto 2017 Abstract Tis dissertation is an archeological study of cryptography. It questions the validity of thinking about cryptography in familiar, instrumentalist terms, and instead reveals the ways that cryptography can been understood as writing, media, and computation. In this dissertation, I ofer a critique of the prevailing views of cryptography by tracing a number of long overlooked themes in its history, including the development of artifcial languages, machine translation, media, code, notation, silence, and order. Using an archeological method, I detail historical conditions of possibility and the technical a priori of cryptography. Te conditions of possibility are explored in three parts, where I rhetorically rewrite the conventional terms of art, namely, plaintext, encryption, and ciphertext. I argue that plaintext has historically been understood as kind of inscription or form of writing, and has been associated with the development of artifcial languages, and used to analyze and investigate the natural world. I argue that the technical a priori of plaintext, encryption, and ciphertext is constitutive of the syntactic iii and semantic properties detailed in Nelson Goodman’s theory of notation, as described in his Languages of Art. I argue that encryption (and its reverse, decryption) are deterministic modes of transcription, which have historically been thought of as the medium between plaintext and ciphertext.
  • Data Extraction Tool

    Data Extraction Tool

    ANALYSIS OF COMMUNICATION PROTOCOLS FOR HOME AREA NETWORKS FOR SMART GRID Mayur Anand B.E, Visveswaraiah Technological University, Karnataka, India, 2007 PROJECT Submitted in partial satisfaction of the requirements for the degree of MASTER OF SCIENCE in COMPUTER SCIENCE at CALIFORNIA STATE UNIVERSITY, SACRAMENTO SPRING 2011 ANALYSIS OF COMMUNICATION PROTOCOLS FOR HOME AREA NETWORKS FOR SMART GRID A Project by Mayur Anand Approved by: __________________________________, Committee Chair Isaac Ghansah, Ph.D. __________________________________, Second Reader Chung-E-Wang, Ph.D. ____________________________ Date ii Student: Mayur Anand I certify that this student has met the requirements for format contained in the University format manual, and that this project is suitable for shelving in the Library and credit is to be awarded for the Project. __________________________, Graduate Coordinator ________________ Nikrouz Faroughi, Ph.D. Date Department of Computer Science iii Abstract of ANALYSIS OF COMMUNICATION PROTOCOLS FOR HOME AREA NETWORKS FOR SMART GRID by Mayur Anand This project discusses home area networks in Smart Grid. A Home Area Network plays a very important role in communication among various devices in a home. There are multiple technologies that are in contention to be used to implement home area networks. This project analyses various communication protocols in Home Area Networks and their corressponding underlying standards in detail. The protocols and standards covered in this project are ZigBee, Z-Wave, IEEE 802.15.4 and IEEE 802.11. Only wireless protocols have been discussed and evaluated. Various security threats present in the protocols mentioned above along with the counter measures to most of the threats have been discussed as well.
  • Nist Sp 800-77 Rev. 1 Guide to Ipsec Vpns

    Nist Sp 800-77 Rev. 1 Guide to Ipsec Vpns

    NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel Karen Scarfone Paul Wouters This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 C O M P U T E R S E C U R I T Y NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel* Computer Security Division Information Technology Laboratory Karen Scarfone Scarfone Cybersecurity Clifton, VA Paul Wouters Red Hat Toronto, ON, Canada *Former employee; all work for this publication was done while at NIST This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 June 2020 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority.
  • Security Problems in 802.11 Wireless Networks Standard Due to the Inefficiency of Wired Equivalent Privacy Protocol. Master of Science

    Security Problems in 802.11 Wireless Networks Standard Due to the Inefficiency of Wired Equivalent Privacy Protocol. Master of Science

    SECURITY PROBLEMS IN 802.11 WIRELESS NETWORKS STANDARD DUE TO THE INEFFECIENCY OF WIRED EQUI VALENT PRIVACY PROTOCOL Varma Samanthapudi, B.E. Problem in Lieu of Thesis Prepared for the Degree of MASTER OF SCIENCE UNIVERSITY OF NORTH TEXAS May 2003 APPROVED: Roy Tom Jacob, Major Professor Steve Tate, Committee Member Robert Brazile, Committee Member Krishna Kavi, Chair of the Department of Computer Science C. Neal Tate, Dean of the Robert B. Toulouse School of Graduate Studies Samanthapudi, Varma, Security problems in 802.11 wireless networks standard due to the inefficiency of wired equivalent privacy protocol. Master of Science (Computer Science), May 2003, 41 pp., 1 table, 5 figures, references, 25 titles. Due to the rapid growth of wireless networking, the fallible security issues of the 802.11 standard have come under close scrutiny. Nowadays most of the organizations are eager to set up wireless local area networks to reduce the hassles of limited mobility provided by conventional wired network. There are serious security issues that need to be sorted out before everyone is willing to transmit valuable corporate information on a wireless network. This report documents the inherent flaws in wired equivalent privacy protocol used by the 802.11 standard and the ensuing security breaches that can occur to a wireless network due to these flaws. The solutions suggested in this report might not actually make the 802.11 standard secure, but will surely help in the lead up to a secure wireless network standard. TABLE OF CONTENTS Page LIST OF FIGURES AND TABLES …………………………………………………………...iii Chapter 1. INTRODUCTION……………………………………………………...…………………….1 Organization of the Problem in Lieu of Thesis 2.
  • A History of Syntax Isaac Quinn Dupont Facult

    A History of Syntax Isaac Quinn Dupont Facult

    Proceedings of the 2011 Great Lakes Connections Conference—Full Papers Email: A History of Syntax Isaac Quinn DuPont Faculty of Information University of Toronto [email protected] Abstract the arrangement of word tokens in an appropriate Email is important. Email has been and remains a (orderly) manner for processing by computers. Per- “killer app” for personal and corporate correspond- haps “computers” refers to syntactical processing, ence. To date, no academic or exhaustive history of making my definition circular. So be it, I will hide email exists, and likewise, very few authors have behind the engineer’s keystone of pragmatism. Email attempted to understand critical issues of email. This systems work (usually), because syntax is arranged paper explores the history of email syntax: from its such that messages can be passed. origins in time-sharing computers through Request This paper demonstrates the centrality of for Comments (RFCs) standardization. In this histori- syntax to the history of email, and investigates inter- cal capacity, this paper addresses several prevalent esting socio–technical issues that arise from the par- historical mistakes, but does not attempt an exhaus- ticular development of email syntax. Syntax is an tive historiography. Further, as part of the rejection important constraint for contemporary computers, of “mainstream” historiographical methodologies this perhaps even a definitional quality. Additionally, as paper explores a critical theory of email syntax. It is machines, computers are physically constructed. argued that the ontology of email syntax is material, Thus, email syntax is material. This is a radical view but contingent and obligatory—and in a techno– for the academy, but (I believe), unproblematic for social assemblage.