Detail publikace

Reasoning about Security Issues in Wireless Devices based on the IEEE 802.11

Originální název

Reasoning about Security Issues in Wireless Devices based on the IEEE 802.11

Anglický název

Reasoning about Security Issues in Wireless Devices based on the IEEE 802.11

Jazyk

en

Originální abstrakt

This papers deals with a security provided by the Wireless Networks based on the IEEE 802.11 standard. This standard specifies the Wired Equivalent Privacy (WEP) encapsulation of 802.11 data frames to provide confidentiality, access control, and data integrity. WEP appends a 32-bit CRC checksum to each outgoing frame, and then encrypts it with RC4 using 40- or 104-bit message-key plus a 24-bit random initialization vector. WEP also decrypts each incoming frame with the message-key, and validates the CRC checksum. In this protocol, RC4 and the shared message-key are used for confidentiality and access control, and CRC checksum for data integrity. However, WEP has been shown to fail to meet its design goals. Use of RC4 for data privacy and CRC-32 for data integrity is due mainly to their speed and ease of implementation, but they do not provide cryptographically-secure encryption and authentication.
Many serious security flaws have been exposed in these two design choices. These security flaws can invite a number of practical attacks, ranging from eavesdropping to tampering with the transferred data frames. Furthermore, there are many other security issues that are not considered in the 802.11 standard

Anglický abstrakt

This papers deals with a security provided by the Wireless Networks based on the IEEE 802.11 standard. This standard specifies the Wired Equivalent Privacy (WEP) encapsulation of 802.11 data frames to provide confidentiality, access control, and data integrity. WEP appends a 32-bit CRC checksum to each outgoing frame, and then encrypts it with RC4 using 40- or 104-bit message-key plus a 24-bit random initialization vector. WEP also decrypts each incoming frame with the message-key, and validates the CRC checksum. In this protocol, RC4 and the shared message-key are used for confidentiality and access control, and CRC checksum for data integrity. However, WEP has been shown to fail to meet its design goals. Use of RC4 for data privacy and CRC-32 for data integrity is due mainly to their speed and ease of implementation, but they do not provide cryptographically-secure encryption and authentication.
Many serious security flaws have been exposed in these two design choices. These security flaws can invite a number of practical attacks, ranging from eavesdropping to tampering with the transferred data frames. Furthermore, there are many other security issues that are not considered in the 802.11 standard

BibTex


@inproceedings{BUT17125,
  author="Pavel {Očenášek}",
  title="Reasoning about Security Issues in Wireless Devices based on the IEEE 802.11",
  annote="This papers deals with a security provided by the Wireless Networks based on the IEEE 802.11 standard. This standard specifies the Wired Equivalent Privacy (WEP) encapsulation of 802.11 data frames to provide confidentiality, access control, and data integrity. WEP appends a 32-bit CRC checksum to each outgoing frame, and then encrypts it with RC4 using 40- or 104-bit message-key plus a 24-bit random initialization vector. WEP also decrypts each incoming frame with the message-key, and validates the CRC checksum. In this protocol, RC4 and the shared message-key are used for confidentiality and access control, and CRC checksum for data integrity. However, WEP has been shown to fail to meet its design goals. Use of RC4 for data privacy and CRC-32 for data integrity is due mainly to their speed and ease of implementation, but they do not provide cryptographically-secure encryption and authentication.
Many serious security flaws have been exposed in these two design choices. These security flaws can invite a number of practical attacks, ranging from eavesdropping to tampering with the transferred data frames. Furthermore, there are many other security issues that are not considered in the 802.11 standard", address="Faculty of Electrical Engineering and Communication BUT", booktitle="11th Electronic Devices and Systems Conference 2004 Proceedings", chapter="17125", institution="Faculty of Electrical Engineering and Communication BUT", year="2004", month="september", pages="228--231", publisher="Faculty of Electrical Engineering and Communication BUT", type="conference paper" }