SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Proof that CRCs are not secure



    A while back, there was some interest in using a CRC
    as a secure integrity checksum (e.g., by adding it
    to IPSec).  This was rejected on principle as being
    insecure.  I recently stumbled across a practical
    demonstration of this insecurity.
    
    The WEP protocol for 802.11b wireless security made
    the mistake of using a CRC as their integrity checksum,
    and as a result can be attacked by tampering with
    data in flight - the fact that the data was tampered
    with is undetectable even when everything is encrypted
    because it's too easy to figure out which bits have
    to be flipped in the CRC to hide the tampering.  This
    is described in the fourth paragraph of the "Problems"
    section at:
    
    http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
    
    <SECURITY-EXPERT-COMMENT>
    Lest I get jumped on by the security experts, a
    contributing factor to this WEP vulnerability is
    the use of a stream cipher (RC4) rather than a
    block cipher (e.g., DES, AES) - i.e., this simple
    bit-flipping attack won't work against a good block
    cipher, but such an approach requires confidentiality
    (i.e., encryption) to obtain cryptographic integrity.
    The usual design approach is to use something like
    a keyed HMAC (cf. RFC 2104) to support cryptographic
    integrity without requiring confidentiality.
    </SECURITY-EXPERT-COMMENT>
    
    This doesn't change anything the WG is currently doing -
    there is no active proposal to use a CRC for cryptographic
    integrity, and this does not affect the use of CRCs
    in header digests, data digests, and the like.  This
    is just an FYI based on past discussion of this topic.
    
    Thanks,
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    
    


Home

Last updated: Tue Sep 04 01:04:56 2001
6315 messages in chronological order