Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis of 802.11 Privacy Jim McCann & Daniel Kuo EECS 598.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Analysis of 802.11 Privacy Jim McCann & Daniel Kuo EECS 598."— Presentation transcript:

1 Analysis of 802.11 Privacy Jim McCann & Daniel Kuo EECS 598

2 Overview Part 1: The idea –What our software does Part 2: Applications: Locating rogue access points –How our software can help

3 Part 1 User identity / MAC address Relationship Identification

4 Collection Method Run a laptop as a sniffer in a wireless network Record packets that are sent Software used: –Kismet –Ethereal –Lots of PERL

5 Personal Information Some interesting packets that leak personal information: SMTP packets – unencrypted packets contain source and destination email address IMAP packets – though encrypted versions are available, some people don’t use them

6 Personal Information Multicast DNS packets – information broadcast for device discovery in Apple’s Rendezvous service. Reveals a computer’s ID (user’s name by default) NetBIOS Name Service – used when browsing windows networks, also shows computer’s name (though windows defaults are less revealing)

7 Personal Information HTTP post – some personal information may be leaked if unencrypted post is used MSN Messenger packets – the hotmail address is found in some packets Also AIM, YMSG, FTP, Telnet (if anyone still use it), many other protocols.

8 Findings Most of our data is collected in the EECS building, where two networks are available: EECS-PRIV: an unencrypted wireless network CAEN wireless: can be connected only with VPN client

9 Findings Two weeks of data from the EECS-PRIV network: Of the 1744 MACs we saw: –850 had some identifying information –About 200 had strong identifying info Why not more? –This counts computers on the VPN which we make no attempt to identify.

10 Time profile of user At a coarser level …

11 Time profile of user Based on a MAC address, a time plot of network usage can be used to analyze user’s behavior. Typical plots reveal: - what time of the day - what days of the week a user is present. Might be interesting for malicious parties when MAC can be correlated to identity.

12

13 Demo Demo of our software

14 Feasibility of identity analysis Unencrypted network like EECS-PRIV is easiest to perform the analysis on user identity from an attacker’s perspective In a WEP environment, it is also possible for an “insider” who has the key, or an attacker who can break the key using chosen plaintext attacks. Much more difficult in the CAEN VPN environment

15 Implications A user’s movement can be tracked if the laptop’s wireless card is on, and data collecting nodes are set up in multiple locations. Also, attackers can use this technique to target important people (for example, professors or network administrators).

16 Possible Defense Mechanism Simple ways to stop others from correlating your personal information with MAC Addresses: Don’t send personal data or Don’t keep the same MAC address

17 Possible Defense Mechanism Not sending personal data: Be paranoid - Do not send email, passwords in the clear - Do not name your computer with your name or uniqname Use encryption whenever possible - Best to use VPN - Using WEP is still better than nothing

18 Possible Defense Mechanism Changing your MAC Addresses: Software can change the MAC address of many wireless cards When is a good time interval?

19 Possible Defense Mechanism Changing every time you start using the network will be a problem if you stay connected for a long time. Changing MAC address every given amount of time (say 1 hour) may help. –Special software to do this seamlessly would be nice, but there are hard cases to deal with (MAC address conflicts!).

20 Part 2: Laptops as Rogue Access Points

21 How to do this: –Have the laptop establish an ad-hoc network using the wireless card –Access the internet through ethernet This is similar to a commercial access point.

22 Laptops as Rogue Access Points It is possible for a laptop to act as a wireless router and allow access to an authorized network. It establishes an ad-hoc network with unauthorized clients and routes their packets over to the network that it is authorized on.

23 Laptops as Rogue Access Points This requires additional hardware (second wireless card) and/or software for the laptop to establish both an ad-hoc network and connect to the authorized network.

24 Discovering access points Finding if unauthorized access points or ad hoc networks exist isn’t hard. Look for people sending packets with BSS Id’s you don’t approve of (if you are an admin). Look for networks you can connect to (if you are an attacker).

25 Discovering access points Kismet does just this:

26 Tracking Finding where they actually are is harder.

27 Tracking by Identity (our method) Possible to figure out who controls the access point by looking at identity data. Hypothesis: unauthorized APs are carelessly administrated and don’t use encryption. Our software can figure out who is using them.

28 Tracking by Connections Find identity on our network of the rogue access provider by comparing data sent over the ad-hoc network. In an unencrypted network (or one we have the keys for), this can be detected by passively sniffing packets. More tricky if the data is encrypted – Using Signal Processing to Analyze Wireless Data Traffic (Craig Partridge, et al.)

29 Tracking by Connections Problem: We haven’t found a person, just another computer address. We need a list of who uses what on the local network. Our software helps!

30 Tracking by Signal Strength Alternative: Collect data and use signal strength to pinpoint the location of unauthorized clients and access points. More complicated. A Practical Approach to Identifying and Tracking Unauthorized 802.11 Cards and Access Points (Interlink Networks)

31 Tracking by Signal Strength Locating an access point with signal strength

32 Uses and Abuses Some users may not want their locations to be revealed. Spammers may start wardriving.

33 Conclusion Privacy is an issue for wireless networks, especially unencrypted networks. MAC addresses can be used to track users. Our software can be used to help discover what types of privacy information are leaked over the network. Can also help track users related to an unauthorized access point.

34 Questions Questions?

35 Laptops as Rogue Access Points Situation where this may be a problem: Lufthansa airline is providing in-flight wireless internet service starting this month Cost is $29.95 for flights over 6 hours Can imagine people ‘sharing’ the internet by using their laptops as rogue access points to share the cost

36 Uses and Abuses Making the location of a user available may be beneficial. Google has a beta version of local search. This returns local information like restaurants for a location you enter. Can imagine in the future that the location of the user can be made available for google by the access point.

37 Uses and Abuses Tradeoff between convenience and privacy Apple’s Rendezvous service automatically discovers available services. User will (by default), name the computer “ ’s Computer” for sharing purpose, and broadcast this info. This reveals the user’s personal information, so it would be better in privacy’s perspective to set the default identifier to something else.

38 Collection Method A captured packet viewed with Tethereal

Download ppt "Analysis of 802.11 Privacy Jim McCann & Daniel Kuo EECS 598."

Similar presentations

Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
NETWORK SECURITY.

NETWORK SECURITY.
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.

Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN

Similar presentations

Ads by Google