Academic Affairs PPG Institute of Technology
Coimbatore 641 035 Tamil Nadu,INDIA ABSTRACT
Due to the rapid growth of wireless networking, the fallible security issues of the 802.11 standard have come under close scrutiny. There are serious security issues that need to be sorted out before everyone is willing to transmit valuable corporate information on a wireless network. This report focuses on inherent flaws in wired equivalent privacy protocol (WEP)used by the 802.11 standard, Temporal key Integrity protocol(TKIP)which is considered an interim solution to legacy 802.11 equipment. Counter Mode /CBC-MAC protocol which is based on Advanced Encryption Standard (AES) will not work on many of the current shipping cards which are based on 802.11b/g.This paper proposes an enhancement to TKIP in accordance with transmission rate supported by physical Layer Convergence Protocol(PCLP) and shows enhanced pattern of key streams generated from TKIP in order to avoid key reuse during the time of encryption and decryption of pay load.
KEY WORDS:WEP,TKIP,IV SEQEUNCING, PHY,PLCP,PMD,PPDU,MPDU,STA,CCMP
1.Basis of 802.11 security
The original version of the IEEE 802.11 specification defines several security mechanisms. The first is WEP protocol, which was designed to provide users with the same level of confidentiality protection as that of a wired network. The confidentiality is implemented through the WEP protocol, which uses RC4 for encryption.
1.1 Initialization Vector (IV): WEP uses a 24-bit IV in an attempt to ensure that RC4’s pseudorandom byte stream is not reused. The sender uses a unique key with every packet that is derived by appending the shared secret key, k , to the publicly known IV.[Stanley .D]
Figure : 1.1 WEP Encapsulation.
The problems with the design of WEP are as follows: • 24-bit IVs are too short, and this puts confidentiality at risk.
• The CRC checksum, called the Integrity Check Value (ICV), used by WEP for integrity protection, is insecure, and does not prevent adversarial modification of intercepted packets.[Fluher et al]
• WEP combines the IV with the key in a way that enables cryptanalytic attacks. As a result, passive eavesdroppers can learn the key after observing a few million encrypted packets. [Jon Edney, et al] • Integrity protection for source and destination addresses is not provided.
2. Temporal Key Integrity Protocol (TKIP )
TKIP is a suite of algorithms wrapping WEP, to achieve the best security to support the problem design constraints. TKIP is developed to address the vulnerabilities associated with WEPand developed to provide backwards compatibility with WEP to prevent the need to replace all hardware that only supported WEP at the time. TKIP adds four new algorithms to WEP:
A cryptographic message integrity code, or MIC, called Michael, to defeat forgeries; A new IV sequencing discipline, to remove replay attacks from the attacker’s arsenal; A per-packet key mixing function, to de-correlate the public IVs from weak keys; and A re keying mechanism, to provide fresh encryption and integrity keys, undoing the threat of
attacks stemming from key reuse. [Jesse Walker]
Figure 2-1 . TKIP Frame
2.2 IV Sequencing :TKIP also addresses replay attacks by adding a TKIP Sequence Counter (TSC) which prevents reuse of an IV. This algorithm also helps prevent denial of service (DoS) attacks by ensuring that the receiver does not update the TSC until the MIC has been verified after each packet. The final key mixing algorithm protects the Temporal Encryption Key (TEK).
Figure 2-3. TKIP Encapsulation
3. IEEE 802.11 i
IEEE 802.11i incorporates authentication, data integrity and data encryption mechanism to address security concerns for legacy ((TKIP)and new wireless LANs(CCMP). TKIP targets at legacy equipment. To be backward compatible with WEP, TKIP uses RC4 stream cipher. CCMP is based on advanced encryption standard [Alireza et al] which requires new 802.11 hardware with great processing power.[Akashi et al]
4. IEEE 802.11b Physical Layer(PHY)
The IEEE 802.11 PHYs (physical layers) provide multiple transmission rates by employing different modulation and channel coding schemes. For example, the 802.11b PHY provides 4 PHY rates from 1 to 11 Mbps at the 2.4 GHz band and most 802.11 devices available today in the market are based on this PHY.[Holland et al]. A PHY convergence function, which adapts the capabilities of the physical medium dependent (PMD) system to the PHY service. This function is supported by the PHY convergence procedure(PLCP), which defines a method for mapping the MAC sub layer protocol data units (MPDU) into a framing format suitable for sending and receiving user data and management information between two or more stations (STAs) using the associated PMD system.[Nancy et al]
Figure 4.1 Long PLCP PPDU Format
4.2 Short PLCP PPDU format (optional)
The short PLCP preamble and header (HR/DSSS/short) is defined as optional. The Short Preamble and header may be used to minimize overhead and, thus, maximize the network data throughput. A transmitter using the short PLCP will only be interoperable with another receiver that is also capable of receiving this short PLCP.
4.3 PLCP PPDU field definitions:Long PLCP SYNC field :The SYNC field shall consist of 128 bits of scrambled “1” bits. This field is provided so the receiver can perform the necessary synchronization operations.
4.4 Long PLCP SFD: The Start Frame Delimiter(SFD) shall be provided to indicate the start of PHY-dependent parameters within the PLCP preamble.
4.5 Long PLCP SIGNAL field :The 8-bit SIGNAL field indicates to the PHY the modulation that shall be used for transmission (and reception) of the PSDU. The data rate shall be equal to the SIGNAL field value multiplied by 100 kbit/s. The High Rate PHY supports four mandatory rates given by the following 8-bit words, which represent the rate in units of 100 kbit/s, where the lsb shall be transmitted first in time:
Figure 5.1 TKIP frame updation through PLCP PPDU frame
The Key mixing function in TKIP operates in two-phases and substitutes a temporal key(PLCP signal field) for the base key and constructs per-packet key. Each phase compensates for a particular design flaw in WEP[Housley et al ]. In this proposal intermediate key is created by initializing PLCP signal field with S-boxes . The simulated system uses key update mechanism using special re-key enhancement from PLCP signal bit rates that distributes keying material deriving the next set of temporal keys between the station and access point.
6.Performance Evaluation
Computer simulation is used to evaluate the performance of the proposed architecture. In this section, we present the simulation results implemented in NETGEAR prosafe 802.11g wireless AP WG 102.
6.1 Simulation Scenario
Figure 6.1 Key stream patterns generated when signal rate is 2.
key stream pattern
0 20 40 60 80 100 120 140
1 5 9 13 17 21 25 29 33 37 41 45 49 53 57 61 65
sequence of keys
ra
nge
of
k
e
y
v
a
lue
s
0 20 40
1 6 11 16 21 26 31 36 41 46 51 56 61
sequence of keys
ran
8. References
[1] Akashi Satoh, Sumio Morioka, Kohji Takano, Seiji Munetoh(2001): A Compact Rijndael Hardware Architecture with S-Box Optimization. Proc. ASIACRYPT 2001, LNCS 2248, pp.239–254.
[2] Alireza Hodjat, Ingrid Verbauwhede( 2004): A 21.54 Gbit/s Fully Pipelined AES Processor on FPGA. IEEE Symposium on Field Programmable Custom Computing Machines
[3] Borisov, N., Goldberg, I., and Wagner, D(2001):Intercepting mobile communications: The insecurity of 802.11, International Conference on Mobilecomputing and Networking , 180–189.
[4] Fluhrer, S., Mantin, I., and Shamir, A,(2001):Weaknesses in the key schedule algorithm of RC4, 4th Annual Workshop on Selected Areas of Cryptography.
[5] Housley, R. and Arbaugh,W,(2003):Security problems in 802.11-based Networks,Communication. ACM 46, 5
[6] Holland G, Vaidya N.H, and Bahl P,(2001):A rate-adaptive MAC protocol for multi-hop wireless networks, ACM International Conference on Mobile Computingand Networking (MobiCom ’01), pp. 236–251, Rome, Italy
[7] Jesse Walker ,(2002): 802.11 securing series, Part II: The Temporal Key Integrity protocol(TKIP) , Intel Corporation . [8] Jon Edney and William Arbaugh,(2004):Real 802.11 security,Addision-wesley.
[9] Nancy Cam-Winget,Russell Housley,Dvid Wagner,Jesse Walker,(2003):Securing Flaws in 802.11 Data Link Protocols, Communications of ACM,Vol 46,Numer 6,35-39..
[10] Stanley, D.,(2002):IV Sequencing Requirements Summary, IEEE 802.11 doc 02-006r2, Available at http://grouper.ieee.org/groups/802/11/
.
Authors bio-data.
Mrs.R.Buvaneswari received her B.Sc degree in Computer Science ,MCA at Bharathiar University, Coimbatore ,Tamil Nadu,INDIA. She completed M.Phil in computer Science at Mother Tesesa Women’s University,Kodaikanal currenly pursuing her doctoral programme and She has 15 years Teaching and Research Experience and currently working as Head and Professor ,Department of Information Technology and Computer Technology, Hindusthan college of Arts and Science, Coimbatore, Tamil Nadu, India.
