1 MD5 Cracking One way hash. Used in online passwords and file verification.

Slides:

Advertisements

Similar presentations

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

Advertisements

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.

How To Not Make a Secure Protocol WEP Dan Petro.

The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

IEEE Wireless Local Area Networks (WLAN’s).

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

WLAN What is WLAN? Physical vs. Wireless LAN

Wireless Attacks. Set up the APs Computer IP: Subnet Mask: Router IP address: –

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

CSC-682 Advanced Computer Security

CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.

A History of WEP The Ups and Downs of Wireless Security.

Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Wireless Insecurity By: No’eau Kamakani Robert Whitmire.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.

Wireless Encryption: WEP and cracking it. Eric Shea.

NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.

Wireless Network Hacking.  Authentication Techniques  1. Open System: no security techniques  2. Shared-Key: uses hashed string challenge with WEP.

Wireless Networking & Security Greg Stabler Spencer Smith.

無線網路安全 WEP. Requirements of Network Security Information Security Confidentiality Integrity Availability Non-repudiation Attack defense Passive Attack.

Intercepting Mobiles Communications: The Insecurity of ► Paper by Borisov, Goldberg, Wagner – Berkley – MobiCom 2001 ► Lecture by Danny Bickson.

Encryption Protocols used in Wireless Networks Derrick Grooms.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

How To Not Make a Secure Protocol WEP Dan Petro.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.

By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.

Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?

1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.

Module 48 (Wireless Hacking)

Wireless Protocols WEP, WPA & WPA2.

WEP & WPA Mandy Kershishnik.

A Wireless LAN Security Protocol

Wireless Security Ian Bodley.

IEEE i Dohwan Kim.

Wireless Network Security

CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)

Breaking into Wi-Fi Networks

WLAN Security Antti Miettinen.

Antti Miettinen (modified by JJ)

Security Issues with Wireless Protocols

Presentation transcript:

1 MD5 Cracking One way hash. Used in online passwords and file verification.

2 Lets destroy an MD5 hash Lets use “steiner” Md5('steiner')= 7bfd4d773bec1249bb691bbad9d968a8 Input into rcrack../rcrack *.rt -h 7bfd4d773bec1249bb691bbad9d968a8 Wait

3 MD5 hashing Tables vary greatly in size. Each added character add's exponential growth md5_loweralpha-numeric_ GB

4 General Wireless Vulnerabilities Invasion and resource stealing Traffic redirection Denial of service Rogue access points

5 The Wired Equivalent Privacy Protocol

6 Goals Confidentiality Prevent casual eavesdropping Access control Protect access to network infrastructure Data integrity Prevent tampering with transmitted messages

7 Logistics A key is shared between the client and access point Key length is 40 bits or 104 bits Keys are static and whenever a key changes, all clients must update

8 RC4 Stream Cipher

9 WEP Implementation of RC4 Checksum of the plain text is computed to provide data integrity 24 bit Initialization vector (IV) is used to increase the size of the secret key IV also makes it harder to crack by changing the key stream every time IV is pre-pended to the cipher text, that way client can decrypt the message

10 Encryption Process

11 Decryption Process

12 WEP Authentication Client sends message to access point (AP) requesting authentication AP sends plain text stream to client Client chooses IV and encrypts plain text stream Client sends IV and cipher text to AP for verification

13 WEP Frame

14 WEP Flaws and Exploits

15 Database Attack Some access points allow traffic to be encrypted or unencrypted Hacker sends packets to the access point broadcast messages, AP responds with encrypted version Hacker records key stream and puts it in database for later use When client gets sent message with IV that is in the database, hacker XORs the two to get the plain text

16 Key Scheduling Attack Some IVs are weak and through statistical analysis can reveal information about the key Active attack involves de-authenticating client repeatedly until enough packets have been received to analyze Utilizes the fact that several bytes of IP traffic can be easily predicted

17 Message Injection Hacker can listen to authentication process and determine a key stream for a particular IV Using this key stream, hacker can create packets and inject them into the network WEP allows for IVs to be reused without triggering an alarm

18 WEP Cracking Tools

19 Linux Security Distributions Several live CDs are available that contain all tools necessary to hack WEP Common applications include: Aircrack Suite - wesside-ng - aireplay-ng - aircrack-ng Airsnort Kismet

20 How to Protect Against and Attack

21 Newer Security Protocols Stop using WEP and use a newer protocol like WPA Make you password harder to crack by using the maximum number of characters and using random ASCII characters ***(deprecated)***

22 Authentication Evil Twin Attack Hacker can force user off the AP, then use the same SSID to pose as the AP How do you know who has control of an access point? Enterprise systems can use a server to authenticate users

23 Other Suggestions Wireless IDS Can monitor network to prevent rogue access points If attacker attempts to break into wireless LAN, the IDS can triangulate his location Use end to end encryption VPNs

24 Demo Locate target Do research Get AP MAC and client MAC Input into wesside-ng If necessary, spoof a clients MAC

25 Lan Manager (LM) Hashes Used by Microsoft Windows passwords are stored using this algorithm Only hashes 7 characters at a time. Makes cracking considerably easier

26 Lets break my windows Get Hash Input into ophcrack wait