CRC-32 - RC4
Last Post: May 19, 2005:
-
Whats going on everybody, I'm new to this forum and thought somebody could tell me why is Integegrity check field (IC)the checksun CRC-32 is linear, I guess the linear part I dont really understand?
THIS PART I DON'T UNDERSTAND AS WELL :
flipping bit n in the message results in a deterministic set of bits in the CRC that must be flipped to produce a correct checksum on the modified message. Because flipping bits carries through after an RC4 decryption, this allows the attacker to flip arbitrary bits in an encrypted message and correctly adjust the checksum so that the resulting message appears valid.
I been reading the CWSP book like five times and reviewed Devin's White paper on 801.11i that was just posted and cannot seem put understand the above.
Thanks guys- -
Hi nbray,
I had the same question as you do till I find a very good White Paper from Cisco about Wireless security (A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite). I must say I am using this paper to prepare for the CWSP exam and I would suggest anybody interested in security to have a look at this document.
On Page 14 and 15 (I cannot put the figures in this forum)
"
3.3.2. Bit-Flipping Attacks
Bit-flipping attacks have the same goal as IV replay attacks, but they rely on the weakness of the ICV. Although the data payload size may vary, many elements remain constant and in the same bit position. The attacker will tamper with the payload portion of the frame to modify the higher layer packet. The process for a bit-flipping attack is listed below and in Figure 20:
1. The attacker sniffs a frame on the wireless LAN
2. The attacker captures the frame and flips random bits in the data payload of the frame
3. The attacker modifies the ICV (detailed later)
4. The attacker transmits the modified frame
5. The receiver (either a client or the access point) receives the frame and calculates the ICV based on the frame
contents
6. The receiver compares the calculated ICV with the value in the ICV field of the frame
7. The receiver accepts the modified frame
8. The receiver de-encapsulates the frame and processes the Layer 3 packet
9. Because bits are flipped in the layer packet, the Layer 3 checksum fails
10. The receiver IP stack generates a predictable error
11. The attacker sniffs the wireless LAN looking for the encrypted error message
12. Upon receiving the error message, the attacker derives the key stream as with the IV replay attack
The basis for this attack is the failure of the ICV. The ICV is in the WEP-encrypted portion of the frame, so how is
the attacker able to modify it to match the bit-flipped changes to the frame? The process of flipping bits is:
1. A given frame (F1 in Figure 21) has an ICV (C1)
2. A new frame is generated (F2) the same length as F1 with bits set
3. Frame F3 is created by performing the XOR function F1 and F2
4. The ICV for F3 is calculated (C2)
5. ICV C3 is generated by performing the XOR function C1 and C2
"
It helps ?
Thanks for letting us know.
Regards
Christophe
- 1