Assignment5x -

kitlunchroomAI and Robotics

Nov 21, 2013 (3 years and 8 months ago)


. Explain (shortly) what following concepts mean and how/where they are used. AES
(Advanced Encryption Standard),

IPsec VPN, PKE(Public Key Encryption), PKI(Public
Key Infrastructure)


Advanced Encryption Standard


is an encryption standard adopted by the U.S.

Each AES cipher has a 128
bit block size, with key sizes of 128, 192 and
256 bits, respectively. The AES ciphers have been analyzed extensively and are now
used worldwide, as was the case with its


AES is based on a design
principle known as a Substitution permutation network. It is fast in both software and
AES is often used for wireless encryption in a network, one problem is not too
many devices support it.


is a p
rotocol which sits on top of the Internet Protocol (IP) layer. It allows two or
more hosts to communicate in a secure manner (hence the name). IPsec consists of two

Encapsulated Security Payload (ESP)
, protects the IP packet data from third
interference, by encrypting the contents using symmetric cryptography algorithms
(like Blowfish, 3DES).

Authentication Header (AH)
, protects the IP packet header from third party
interference and spoofing, by computing a cryptographic checksum and ha
shing the
IP packet header fields with a secure hashing function. This is then followed by an
additional header that contains the hash, to allow the information in the packet to be

IPsec can either be used to directly encrypt the traffic bet
ween two hosts (known as
Transport Mode
); or to build “virtual tunnels” between two subnets, which could be used
for secure communication between two corporate networks (known as
Tunnel Mode
The latter is more commonly known as a
Virtual Private Network



The distinguishing technique used in public key cryptography is the use of
asymmetric key algorithms, where the key used to encrypt a message is not the same as
the key used to decrypt it. Each user has a pair of cryptographic keys


and a
private key
. The private key is kept secret, whilst the public key may be widely
distributed. Messages are encrypted with the recipient's public key and can

decrypted with the corresponding private key.



In cryptography, a

is an
arrangement that binds public keys with respective
user identities by means of a certificate authority (
). The user identity must be unique
for each CA. The binding is established through the registration and issuance process,
which, depending on the lev
el of assurance the binding has, may be carried out by
software at a CA, or under human supervision. The PKI role that assures this binding is
called the Registration Authority (
) . For each user, the user identity, the public key,
their binding, validit
y conditions and other attributes are made unforgeable in public key
certificates issued by the CA.


Wired Equivalent Privacy” (WEP) is the encryption protocol standardized in the
IEEE 802.11 Wireless LAN standard. Hacker “Hacky” are readily
available for download
on the Internet to analyze WLAN traffic and recover the clear text traffic. Research the
publicly available literature on WEP attacks and briefly summarize how these attacks
work. Suggest a few simple changes that could be made to 80
2.11 that would have made
these attacks much more difficult.

Answer: There are two primary weaknesses with popular implementations of WEP that
subject 802.11

networks to compromise:


Short Initialization Vectors (IVs) are used


Fixed, system
wide Key Var
iables are used

These weaknesses are compounded by two characteristics of 802.11 networks:

1. The data protocol contains fixed, repetitive patterns

2. The network is a wireless network

Since the IVs are short, the probability that an IV “collision” will occur, that is the
probability that two packets will be sent using the same IV, is moderately high. For a
large corporate network, a high level of utilization is likely to occur. Estima
tes suggest
that in less than one business day, a sufficient number of 802.11 packets will be
transmitted to virtually guarantee an IV collision. Remember that, although the number
of independent IVs is rather large (~2
), the “Birthday paradox” increas
es the likelihood
that some pair of IVs will match. It is not necessary that we observe a match with any
specific IV. Finding that an IV collision has occurred, the attacker can now rely on the
occurrence of fixed patterns in the plaintext to attack the
key stream. He knows that the
key generator initial state of the two messages was the same, given the IV collision, and
knows that the plaintext matches for fixed fields in the message. This gives an
unnecessary advantage to knowing the value of the key
stream. Note that in residential
applications, far less traffic is expected, so it will probably take much longer for an
attacker to gather sufficient packets to observe an IV collision.

The second major issue is a key management problem. For most impl
ementations, it
is not convenient to change the key variable with any frequency. Often a user
organization will set a single key variable system wide and leave it unchanged for the
lifetime of the system. This means that the attacker has all the time in
the world to attack
the system. Yesterday’s collected IVs are useful today, since the key variables are the
same. A more significant threat, and one that any well designed cryptosystem should not
fall prey to is compromise of past information with a curr
ent attack. If a hacker discovers
the current key variable, then they can use this to recover ALL historical information that
was e
ncrypted in the same variable.
Since so much of the WEP is static, the attacker can
precompute much of the information they
need to attack a system. With large amounts of
data storage readily available, this type of attack is quite feasible and becoming more so.

Some other intrinsic changes to 802.11 that would counter the weaknesses in WEP:


APs should throttle back power
output to the minimum needed for effective
communications. This reduces the threat of monitoring


APs should not broadcast their System ID in the clear

if a network cannot be identified
reliability, it is much more difficult to attack


MAC address filteri
ng at the AP reduces, but does not eliminate, the risk of active attack.
MAC addresses can be cloned, but not as easily as the other attacks can be mounted.