1.1 Initialization Vector (IV): WEP uses a 24-bit IV in an attempt to ensure that RC4's pseudorandom byte stream is not reused. The sender uses a unique key ...
R.Buvaneswari et. al. / International Journal of Engineering Science and Technology Vol. 2(12), 2010, 7118-7126
Generating Key Streams in infrastructure WLAN using bit rate R.Buvaneswari Departments of IT &CT, Hindusthan college of Arts & Science Coimbatore 641 028 Tamil Nadu,INDIA
Dr.R.Balasubramanian Dean , Academic Affairs PPG Institute of Technology Coimbatore 641 035 Tamil Nadu,INDIA ABSTRACT Due to the rapid growth of wireless networking, the fallible security issues of the 802.11 standard have come under close scrutiny. There are serious security issues that need to be sorted out before everyone is willing to transmit valuable corporate information on a wireless network. This report focuses on inherent flaws in wired equivalent privacy protocol (WEP)used by the 802.11 standard, Temporal key Integrity protocol(TKIP)which is considered an interim solution to legacy 802.11 equipment. Counter Mode /CBCMAC protocol which is based on Advanced Encryption Standard (AES) will not work on many of the current shipping cards which are based on 802.11b/g.This paper proposes an enhancement to TKIP in accordance with transmission rate supported by physical Layer Convergence Protocol(PCLP) and shows enhanced pattern of key streams generated from TKIP in order to avoid key reuse during the time of encryption and decryption of pay load. KEY WORDS:WEP,TKIP,IV SEQEUNCING, PHY,PLCP,PMD,PPDU,MPDU,STA,CCMP
1.Basis of 802.11 security The original version of the IEEE 802.11 specification defines several security mechanisms. The first is WEP protocol, which was designed to provide users with the same level of confidentiality protection as that of a wired network. The confidentiality is implemented through the WEP protocol, which uses RC4 for encryption. 1.1 Initialization Vector (IV): WEP uses a 24-bit IV in an attempt to ensure that RC4’s pseudorandom byte stream is not reused. The sender uses a unique key with every packet that is derived by appending the shared secret key, k , to the publicly known IV.[Stanley .D] 1.2 Integrity Check Value (ICV): WEP uses a 32-bit cyclic redundancy check (CRC) as an ICV. The ICV detects any changes (malicious or inadvertent) in the transmitted message’s underlying plaintext. Unfortunately, while a CRC easily detects most inadvertent changes, it does not provide integrity or message authenticity capabilities against malicious changes.
ISSN: 0975-5462
7118
R.Buvaneswari et. al. / International Journal of Engineering Science and Technology Vol. 2(12), 2010, 7118-7126
Figure : 1.1
WEP Encapsulation.
The problems with the design of WEP are as follows: • 24-bit IVs are too short, and this puts confidentiality at risk. • The CRC checksum, called the Integrity Check Value (ICV), used by WEP for integrity protection, is insecure, and does not prevent adversarial modification of intercepted packets.[Fluher et al] • WEP combines the IV with the key in a way that enables cryptanalytic attacks. As a result, passive eavesdroppers can learn the key after observing a few million encrypted packets. [Jon Edney, et al] • Integrity protection for source and destination addresses is not provided. 2. Temporal Key Integrity Protocol (TKIP ) TKIP is a suite of algorithms wrapping WEP, to achieve the best security to support the problem design constraints. TKIP is developed to address the vulnerabilities associated with WEPand developed to provide backwards compatibility with WEP to prevent the need to replace all hardware that only supported WEP at the time. TKIP adds four new algorithms to WEP:
A cryptographic message integrity code, or MIC, called Michael, to defeat forgeries; A new IV sequencing discipline, to remove replay attacks from the attacker’s arsenal; A per-packet key mixing function, to de-correlate the public IVs from weak keys; and A re keying mechanism, to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse. [Jesse Walker]
2.1 TKIP Frame:There are a total of 20 octets associated with TKIP in an IEEE 802.11 frame. This is more than twice the amount of overhead associated with a WEP frame, and is due to the extended IVs and the MIC that are used within the TKIP protocol .
ISSN: 0975-5462
7119
R.Buvaneswari et. al. / International Journal of Engineering Science and Technology Vol. 2(12), 2010, 7118-7126
Figure 2-1 . TKIP Frame
2.2 IV Sequencing :TKIP also addresses replay attacks by adding a TKIP Sequence Counter (TSC) which prevents reuse of an IV. This algorithm also helps prevent denial of service (DoS) attacks by ensuring that the receiver does not update the TSC until the MIC has been verified after each packet. The final key mixing algorithm protects the Temporal Encryption Key (TEK). 2.3 TKIP Key Mixing: The TEK is used by the key mixing algorithm to combine the TEK, TSC, and transmitter address (TA) into a 128-bit WEP seed that is unique for each packet. As shown in Figure 2-2, the key mixing algorithm is broken down into two parts. During phase 1 the TKIP mixed Transmit Address and Key (TTAK) are generated by the combination of the TSC, TA, and TEK components. The process was intended to have a low computational overhead; however, it still takes some time to complete because of the multiple processes occurring simultaneously. During phase 2 the TTAK is combined with a full TEK and TSC to generate the 128-bit WEP seed .
Figure 2-2. TKIP Key Mixing
Once the WEP seed is generated the data to be sent is run through the Michael algorithm to create the MIC key. This combination of data is combined with the CRC-32 algorithm to create the ICV which is appended to the data. As the WEP seed is run through the RC4 algorithm and the key stream is generated it is combined with the data to create the final packet .
ISSN: 0975-5462
7120
R.Buvaneswari et. al. / International Journal of Engineering Science and Technology Vol. 2(12), 2010, 7118-7126
Figure 2-3. TKIP Encapsulation
3. IEEE 802.11 i IEEE 802.11i incorporates authentication, data integrity and data encryption mechanism to address security concerns for legacy ((TKIP)and new wireless LANs(CCMP). TKIP targets at legacy equipment. To be backward compatible with WEP, TKIP uses RC4 stream cipher. CCMP is based on advanced encryption standard [Alireza et al] which requires new 802.11 hardware with great processing power.[Akashi et al] 4. IEEE 802.11b Physical Layer(PHY) The IEEE 802.11 PHYs (physical layers) provide multiple transmission rates by employing different modulation and channel coding schemes. For example, the 802.11b PHY provides 4 PHY rates from 1 to 11 Mbps at the 2.4 GHz band and most 802.11 devices available today in the market are based on this PHY.[Holland et al]. A PHY convergence function, which adapts the capabilities of the physical medium dependent (PMD) system to the PHY service. This function is supported by the PHY convergence procedure(PLCP), which defines a method for mapping the MAC sub layer protocol data units (MPDU) into a framing format suitable for sending and receiving user data and management information between two or more stations (STAs) using the associated PMD system.[Nancy et al] 4.1 Long PLCP PPDU Format : The PLCP preamble contains the following fields: synchronization (Sync) and start frame delimiter (SFD). The PLCP header contains the following fields: signaling (SIGNAL), service (SERVICE), length (LENGTH), and CRC-16.
ISSN: 0975-5462
7121
R.Buvaneswari et. al. / International Journal of Engineering Science and Technology Vol. 2(12), 2010, 7118-7126
Figure 4.1 Long PLCP PPDU Format
4.2 Short PLCP PPDU format (optional) The short PLCP preamble and header (HR/DSSS/short) is defined as optional. The Short Preamble and header may be used to minimize overhead and, thus, maximize the network data throughput. A transmitter using the short PLCP will only be interoperable with another receiver that is also capable of receiving this short PLCP. 4.3 PLCP PPDU field definitions:Long PLCP SYNC field :The SYNC field shall consist of 128 bits of scrambled “1” bits. This field is provided so the receiver can perform the necessary synchronization operations.
4.4 Long PLCP SFD: The Start Frame Delimiter(SFD) shall be provided to indicate the start of PHYdependent parameters within the PLCP preamble.
4.5 Long PLCP SIGNAL field :The 8-bit SIGNAL field indicates to the PHY the modulation that shall be used for transmission (and reception) of the PSDU. The data rate shall be equal to the SIGNAL field value multiplied by 100 kbit/s. The High Rate PHY supports four mandatory rates given by the following 8-bit words, which represent the rate in units of 100 kbit/s, where the lsb shall be transmitted first in time:
a) b) c) d)
X’0A’ (msb to lsb) for 1 Mbit/s; X’14’ (msb to lsb) for 2 Mbit/s; X’37’ (msb to lsb) for 5.5 Mbit/s; X’6E’ (msb to lsb) for 11 Mbit/s.
ISSN: 0975-5462
7122
R.Buvaneswari et. al. / International Journal of Engineering Science and Technology Vol. 2(12), 2010, 7118-7126 5.Proposed architecture
Figure 5.1 TKIP frame updation through PLCP PPDU frame
The Key mixing function in TKIP operates in two-phases and substitutes a temporal key(PLCP signal field) for the base key and constructs per-packet key. Each phase compensates for a particular design flaw in WEP[Housley et al ]. In this proposal intermediate key is created by initializing PLCP signal field with S-boxes . The simulated system uses key update mechanism using special re-key enhancement from PLCP signal bit rates that distributes keying material deriving the next set of temporal keys between the station and access point.
6.Performance Evaluation Computer simulation is used to evaluate the performance of the proposed architecture. In this section, we present the simulation results implemented in NETGEAR prosafe 802.11g wireless AP WG 102.
6.1 Simulation Scenario For the simulation, the we use a scenario composed of an infrastructure BSS,with fixed AP WG102 and one mobile station(STA). The proposed architecture for WLAN security mechanism generates a stream of keys at each varying signal rate as shown in the following figures 6.1 and 6.2
ISSN: 0975-5462
7123
R.Buvaneswari et. al. / International Journal of Engineering Science and Technology Vol. 2(12), 2010, 7118-7126 6.2 Pattern of key streams:
key stream pattern 140 range of key values
120 100 80 60 40 20 0 1
6 11 16 21 26 31 36 41 46 51 56 61 sequence of keys
Figure 6.1 Key stream patterns generated
when signal rate is 2.
key stream pattern
range of key values
140 120 100 80 60 40 20 0 1 5 9 13 17 21 25 29 33 37 41 45 49 53 57 61 65 sequence of keys
Figure 6.2 key stream patterns generated
ISSN: 0975-5462
when signal rate is 5.5.
7124
R.Buvaneswari et. al. / International Journal of Engineering Science and Technology Vol. 2(12), 2010, 7118-7126 7.Conclusion The proposed algorithm reveals that WEP key reuse can be avoided. For every frame, the TKIP algorithm is initialized with the key value prior to the start of the pseudorandom key stream generation. But if the keys were to remain fixed, the algorithm would be initialized to the same state every time. Therefore the key stream produced would be the same sequence of bytes for every frame. This is disastrous because, if the attacker can figure out what that key stream . This paper reveals that new key streams are created by initializing PLCP signal field with S-boxes . The simulated system uses key update mechanism using special re-key enhancement from PLCP signal bit rates which forces the encryption mechanism to generate different key streams for every frame .This proposal is more suitable to existing legacy 802.11 equipments based on 802.11 b/g. AES-CCMP which needs extra hardware will not work on many of the current shipping standard. 8. References [1]
Akashi Satoh, Sumio Morioka, Kohji Takano, Seiji Munetoh(2001): A Compact Rijndael Hardware Architecture with S-Box Optimization. Proc. ASIACRYPT 2001, LNCS 2248, pp.239–254. [2] Alireza Hodjat, Ingrid Verbauwhede( 2004): A 21.54 Gbit/s Fully Pipelined AES Processor on FPGA. IEEE Symposium on Field Programmable Custom Computing Machines [3] Borisov, N., Goldberg, I., and Wagner, D(2001):Intercepting mobile communications: The insecurity of 802.11, International Conference on Mobile computing and Networking , 180–189. [4] Fluhrer, S., Mantin, I., and Shamir, A,(2001):Weaknesses in the key schedule algorithm of RC4, 4th Annual Workshop on Selected Areas of Cryptography. [5] Housley, R. and Arbaugh,W,(2003):Security problems in 802.11-based Networks,Communication. ACM 46, 5 [6] Holland G, Vaidya N.H, and Bahl P,(2001):A rate-adaptive MAC protocol for multi-hop wireless networks, ACM International Conference on Mobile Computing and Networking (MobiCom ’01), pp. 236–251, Rome, Italy [7] Jesse Walker ,(2002): 802.11 securing series, Part II: The Temporal Key Integrity protocol(TKIP) , Intel Corporation . [8] Jon Edney and William Arbaugh,(2004):Real 802.11 security,Addision-wesley. [9] Nancy Cam-Winget,Russell Housley,Dvid Wagner,Jesse Walker,(2003):Securing Flaws in 802.11 Data Link Protocols, Communications of ACM,Vol 46,Numer 6,35-39.. [10] Stanley, D.,(2002):IV Sequencing Requirements Summary, IEEE 802.11 doc 02-006r2, Available at http://grouper.ieee.org/groups/802/11/
. Authors bio-data. Mrs.R.Buvaneswari received her B.Sc degree in Computer Science ,MCA at Bharathiar University, Coimbatore ,Tamil Nadu,INDIA. She completed M.Phil in computer Science at Mother Tesesa Women’s University,Kodaikanal currenly pursuing her doctoral programme and She has 15 years Teaching and Research Experience and currently working as Head and Professor ,Department of Information Technology and Computer Technology, Hindusthan college of Arts and Science, Coimbatore, Tamil Nadu, India.
Dr. R. Balasubramanian was born in 1947 in India. He obtained his B.Sc., and M.Sc., degree in Mathematics from Government Arts College, Coimbatore, TamilNadu, in 1967 and PSG Arts College, Coimbatore, TamilNadu, in 1969 respectively. He received his Ph.D., from PSG College of Technology, Coimbatore, TamilNadu, in the year 1990. He has published more than 15 research papers in national and international journals. He has been serving engineering educational service for the past four decades. He was formerly in PSG College of Technology, Coimbatore as Assistant Professor in the Department of Mathematics and Computer Applications. He served as Associate Dean of the Department of Computer Applications of Sri Krishna College of Engineering and Technology, Coimbatore. Currently taken charge as Dean Academic Affairs at PPG Institute of Technology, Coimbatore, before which he was a Dean Basic Sciences at Velammal Engineering College, Chennai. He has supervised one PhD thesis in Mathematics and supervising four doctoral works in Computer Applications. His mission is to impart quality, concept oriented education and mould younger generation.
ISSN: 0975-5462
7125
R.Buvaneswari et. al. / International Journal of Engineering Science and Technology Vol. 2(12), 2010, 7118-7126 He is member of the board of studies of many autonomous institutions and universities. He was the principal investigator of UGC sponsored research project. He is a referee of an international journal on mathematical modeling. He has authored a series of books on Engineering Mathematics and Computer Science. He is a life member of many professional bodies like ISTE, ISTAM and CSI.
ISSN: 0975-5462
7126
