Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.

Slides:

Advertisements

Similar presentations

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

Advertisements

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

Chalmers University of Technology Wireless security Breaking WEP and WPA.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.

How To Not Make a Secure Protocol WEP Dan Petro.

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

AJ Mancini IV Paul Schiffgens Jack O’Hara. WIRELESS SECURITY  Brief history of Wi-Fi  Wireless encryption standards  WEP/WPA  The problem with WEP.

WLAN What is WLAN? Physical vs. Wireless LAN

By Sean Fisk.  Not a new technology  Inherently insecure  In recent years, increased popularity.

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.

CSC-682 Advanced Computer Security

Wireless Networking.

A History of WEP The Ups and Downs of Wireless Security.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.

Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

WEP Protocol Weaknesses and Vulnerabilities

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

WEP, WPA, and EAP Drew Kalina. Overview  Wired Equivalent Privacy (WEP)  Wi-Fi Protected Access (WPA)  Extensible Authentication Protocol (EAP)

Wireless Networking & Security Greg Stabler Spencer Smith.

Wired Equivalent Privacy (WEP): The first ‘confidentiality’ algorithm for the wireless IEEE standard. PRESENTED BY: Samuel Grush and Barry Preston.

Lecture 24 Wireless Network Security

Encryption Protocols used in Wireless Networks Derrick Grooms.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.

Wireless security Wi–Fi (802.11) Security

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

How To Not Make a Secure Protocol WEP Dan Petro.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.

By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.

EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Wireless LAN Security Daniel Reichle Seminar Security Protocols and Applications SS2003.

Module 48 (Wireless Hacking)

Wireless Protocols WEP, WPA & WPA2.

Wireless Security Ian Bodley.

IEEE i Dohwan Kim.

By: Anthony Gervasi & Adam Dickinson

Presentation transcript:

Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse

Outline Wireless networking basics – Attempts at making wireless networking secure Wired Equivalent Privacy – Why it’s no longer private – Brief overview of how to crack Beyond WEP – WiFi Protected Access (WPA) Heidi Parsaye - Jason DeVries - Roxanne Ilse

Wireless Broadband How Does Wireless Broadband Work? Benefits of Wireless Broadband Disadvantage of Wireless Broadband Heidi Parsaye - Jason DeVries - Roxanne Ilse

Wireless Network Security IEEE WI-FI Wired Equivalent Privacy (WEP) TKIP (Temporal Key Integrity Protocol) MAC address filtering Wi-Fi Protected Access (WPA and WPA2) Heidi Parsaye - Jason DeVries - Roxanne Ilse

Encryption Of WEP Data Heidi Parsaye - Jason DeVries - Roxanne Ilse

Decryption Of WEP Data Heidi Parsaye - Jason DeVries - Roxanne Ilse

Important Details About WEP Frames Plaintext BSSID Initialization Vector Destination Address Encrypted LLC Header SNAP Header Data 32-bit CRC All WEP frames contain a plaintext header followed by encrypted data. The Initialization Vector is included in the plaintext. There is no CRC on the plaintext header. We can easily spoof the BSSID to get around MAC address filtering. No attempt is made to hide packet lengths. Heidi Parsaye - Jason DeVries - Roxanne Ilse

Important Details About WEP Frames The RC4 Initialization Vector must be sent in plaintext. The recipient needs to be combine it with the secret key to re-create the state array used for decryption. Heidi Parsaye - Jason DeVries - Roxanne Ilse

The Problem With WEP It’s actually a problem with RSA RC4 which was designed in 1987 by Ron Rivest (the R in RSA). In 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir (the S in RSA) discovered that the first few bytes of the RC4 data are non-random and leak information about the key. Heidi Parsaye - Jason DeVries - Roxanne Ilse

The Problem With RC4 The “Secret Key” used by KSA is actually the Initialization Vector (3 bytes) plus the Secret Key (5 or 13 bytes). Since we know the first three values, we know the output for the first three iterations of KSA. Heidi Parsaye - Jason DeVries - Roxanne Ilse

The Problem With RC4 If we can get the state array, we can now start plugging data into PRGA. More specifically, we can start running it in reverse to give us a hint about the secret key. Heidi Parsaye - Jason DeVries - Roxanne Ilse

Another Weakness BSSID Initialization Vector Destination Address Plaintext LLC Header SNAP Header Data 32-bit CRC Encrypted The 3-byte LLC Header is always the same on every frame, starting with 0xAA, indicating that SNAP is next. In fact, with a certain message we’ll cover later, we know the values for 16 of the encrypted bytes. Knowing some of the encrypted plaintext makes the job even easier. Heidi Parsaye - Jason DeVries - Roxanne Ilse

Getting The Secret Key What we really need to see is the exact same plaintext message encrypted thousands of times using different Initialization Vectors. If we get enough unique Initialization Vectors, we can crack the secret key. But how do we get a WEP network to encrypt and transmit the exact same message thousands of times? – The answer: Ask the network the same question… get the same answer thousands of times! Heidi Parsaye - Jason DeVries - Roxanne Ilse

We Have Ways Of Making You Talk Ok, so what question can we ask the network thousands of times and get the same answer? – Hey network… what’s my IP address? This is known as an ARP request. Since we don’t have the secret key, we can’t encrypt our own ARP request. That means we need to steal a legitimate ARP request from the network. Once we get one, we’ll replay it thousands of times. We’ll force the network to talk to us as it replies to these requests… generating messages for us. Heidi Parsaye - Jason DeVries - Roxanne Ilse

ARP Requests But if the data is encrypted, how could we find and read an ARP request? – The answer: We don’t need to read it or decrypt its content. We just need to recognize it as what we need. Two facts about ARP requests help us: – They’re always the same fixed length. We can look for that. – It will be sent to a broadcast address. Remember, the destination MAC address is sent as plaintext in the header so we can read that part. Heidi Parsaye - Jason DeVries - Roxanne Ilse

Retransmitting ARP Requests BSSID Initialization Vector Destination Address Plaintext LLC Header SNAP Header Data 32-bit CRC Encrypted Look at the frame again. Once we steal a legitimate ARP request, there’s absolutely nothing to keep us from spoofing our BSSID and retransmitting the exact same request as many times as we want. We don’t know the values of the encrypted bytes we’re transmitting, but that’s ok. We don’t care. We also won’t be able to read the ARP reply sent by the network. We don’t care about the contents. The important part is that they are the same every time. Heidi Parsaye - Jason DeVries - Roxanne Ilse

Recent Work In 2005, Andreas Klein extended the 2001 work of Fluhrer, Mantin, and Shamir. He found additional correlations between the encrypted data and the secret key. However, his method still relied on educated guesses to compute all bytes of the secret key sequentially. – If while computing the 10 th byte it turns out you made an incorrect guess on the 4 th byte, you have to throw out all computations done from the 4 th byte onward and start again. Heidi Parsaye - Jason DeVries - Roxanne Ilse

Recent Work In 2007, Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin optimized Klein’s 2005 attack for usage against WEP. – Most notably, they modified the attack such that it is possible to compute the secret key bytes independently, instead of sequentially… much more efficient, less wasted computations. – Working at g data rates, they showed they could crack 128-bit WEP with just 85,000 packets, a success rate of 95%... in less than 60 seconds. Heidi Parsaye - Jason DeVries - Roxanne Ilse

Using AirCrack Heidi Parsaye - Jason DeVries - Roxanne Ilse

Beyond WEP – WPA2 Implements mandatory elements of i Available in personal (SOHO) and enterprise mode Uses AES (Advanced Encryption Standards) Heidi Parsaye - Jason DeVries - Roxanne Ilse

WPA2 Components WPA2 Wi-Fi certified client devices; may require software/hardware upgrades Client supplicant, such as Microsoft or Funk Odyssey EAP Authentication Types WPA2-Enterprise Wi-Fi Certified APs; may require firmware or hardware upgrade Authentication Server (RADIUS)/Database (SQL, LDAP or AD) Heidi Parsaye - Jason DeVries - Roxanne Ilse

How WPA2 Works Initiated when user associates with an AP User must authenticate first before AP will allow access to network Authentication process enabled by IEEE 802.1X/EAP framework Client & authentication server mutually authenticate with each other via the AP Once authenticated, the authentication server & client simultaneously generate a “Pairwise Master Key” (PMK) 4-way handshake between client and AP to complete authentication and establish AES encryption keys to encrypt data exchanged between client and AP Heidi Parsaye - Jason DeVries - Roxanne Ilse