Vulnerabilities of IEEE 802.11i Wireless LAN CCMP Protocol
IEEE has recently incorporated CCMP protocol to provide robust security to IEEE 802.11 wireless LANs. It is found that CCMP has been designed with a weak nonce construction and transmission mechanism, which leads to the exposure of initial counter value. This weak construction of nonce renders the protocol vulnerable to attacks by intruders. This paper presents how the initial counter can be pre-computed by the intruder. This vulnerability of counter block value leads to pre-computation attack on the counter mode encryption of CCMP. The failure of the counter mode will result in the collapse of the whole security mechanism of 802.11 WLAN.
[1] Institute of Electrical and Electronics Engineers, Inc., IEEE Std. 802.11i-2004, Amendment to Standard for Telecommunications and
Information Exchange Between Systems - LAN/MAN Specific Requirements - Part 11: "Wireless Medium Access Control (MAC) and
Physical Layer (PHY) Specifications: Medium Access Control (MAC)
Security Enhancements", July, 2004.
[2] Institute of Electrical and Electronics Engineers, Inc., IEEE Std. 802.1X-
2001, "IEEE Standard for Local and metropolitan area networks - Port-Based Network Access Control" June, 2001.
[3] Specification for the Advanced Encryption Standard (AES), FIPS 197,
U.S. National Institute of Standards and Technology. November 26, 2001. (Online) Available: http://www.nist.gov/aes
[4] D. Whiting, R. Housley, and N. Ferguson. "Counter with CBC-MAC (CCM)". RFC 3610, September 2003.
[5] NIST Special Publication 800-38C, "Recommendation for Block Cipher
Modes of Operation: The CCM Mode for Authentication and Confidentiality". May 2004. (Online) Available:
http://csrc.nist.gov/publications/
[6] David A. McGrew, "Counter Mode Security: Analysis and Recommendations", Cisco Systems, November, 2002.
[7] M.E. Hellman, "A cryptanalytic time-memory trade-off", IEEE Transactions on Information Theory, July, 1980, pp. 401-406.
[8] D. A. McGrew and S. R. Fluhrer, "Attacks on Additive Encryption of Redundant Plaintext and Implications on Internet Security", The
Proceedings of the Seventh Annual Workshop on Selected Areas in
Cryptography (SAC 2000), Springer-Verlag, August, 2000. (Online) Available: http://www.mindspring.com/~dmcgrew/dam-srf-sac00.pdf
[9] A. Biryukov, A. Shamir, D. Wagner , "Real Time Cryptanalysis of A5/1
on a PC", Proceedings of the Fast Software Encryption Workshop 2000, Springer-Verlag, Lecture Notes in Computer Science, 2000.
[10] Jin Hong, Palash Sarkar, "Rediscovery of Time Memory Tradeoffs", 2005. (Online) Available: http://cr.yp.to/2005-590/hong.pdf
[11] M. Blaze, W. Die, R. Rivest, B. Schneier, T. Shimomura, E.
Thompson, and M. Weiner, "Minimal Key Lengths for Symmetric
Ciphers to Provide Adequate Commercial Security", January 1996. (Online) Available: http://www.counterpane.com/keylength.html
[12] Moore-s law (Online) Available:
http://www.Webopedia.com/TERM/M/Moores_Law.html
[1] Institute of Electrical and Electronics Engineers, Inc., IEEE Std. 802.11i-2004, Amendment to Standard for Telecommunications and
Information Exchange Between Systems - LAN/MAN Specific Requirements - Part 11: "Wireless Medium Access Control (MAC) and
Physical Layer (PHY) Specifications: Medium Access Control (MAC)
Security Enhancements", July, 2004.
[2] Institute of Electrical and Electronics Engineers, Inc., IEEE Std. 802.1X-
2001, "IEEE Standard for Local and metropolitan area networks - Port-Based Network Access Control" June, 2001.
[3] Specification for the Advanced Encryption Standard (AES), FIPS 197,
U.S. National Institute of Standards and Technology. November 26, 2001. (Online) Available: http://www.nist.gov/aes
[4] D. Whiting, R. Housley, and N. Ferguson. "Counter with CBC-MAC (CCM)". RFC 3610, September 2003.
[5] NIST Special Publication 800-38C, "Recommendation for Block Cipher
Modes of Operation: The CCM Mode for Authentication and Confidentiality". May 2004. (Online) Available:
http://csrc.nist.gov/publications/
[6] David A. McGrew, "Counter Mode Security: Analysis and Recommendations", Cisco Systems, November, 2002.
[7] M.E. Hellman, "A cryptanalytic time-memory trade-off", IEEE Transactions on Information Theory, July, 1980, pp. 401-406.
[8] D. A. McGrew and S. R. Fluhrer, "Attacks on Additive Encryption of Redundant Plaintext and Implications on Internet Security", The
Proceedings of the Seventh Annual Workshop on Selected Areas in
Cryptography (SAC 2000), Springer-Verlag, August, 2000. (Online) Available: http://www.mindspring.com/~dmcgrew/dam-srf-sac00.pdf
[9] A. Biryukov, A. Shamir, D. Wagner , "Real Time Cryptanalysis of A5/1
on a PC", Proceedings of the Fast Software Encryption Workshop 2000, Springer-Verlag, Lecture Notes in Computer Science, 2000.
[10] Jin Hong, Palash Sarkar, "Rediscovery of Time Memory Tradeoffs", 2005. (Online) Available: http://cr.yp.to/2005-590/hong.pdf
[11] M. Blaze, W. Die, R. Rivest, B. Schneier, T. Shimomura, E.
Thompson, and M. Weiner, "Minimal Key Lengths for Symmetric
Ciphers to Provide Adequate Commercial Security", January 1996. (Online) Available: http://www.counterpane.com/keylength.html
[12] Moore-s law (Online) Available:
http://www.Webopedia.com/TERM/M/Moores_Law.html
@article{"International Journal of Information, Control and Computer Sciences:56241", author = "M. Junaid and Muid Mufti and M. Umar Ilyas", title = "Vulnerabilities of IEEE 802.11i Wireless LAN CCMP Protocol", abstract = "IEEE has recently incorporated CCMP protocol to provide robust security to IEEE 802.11 wireless LANs. It is found that CCMP has been designed with a weak nonce construction and transmission mechanism, which leads to the exposure of initial counter value. This weak construction of nonce renders the protocol vulnerable to attacks by intruders. This paper presents how the initial counter can be pre-computed by the intruder. This vulnerability of counter block value leads to pre-computation attack on the counter mode encryption of CCMP. The failure of the counter mode will result in the collapse of the whole security mechanism of 802.11 WLAN.
", keywords = "Information Security, Cryptography, IEEE 802.11i, Computer security, Wireless LAN", volume = "1", number = "11", pages = "3502-6", }
