Download presentation
Presentation is loading. Please wait.
Published byJulian Sherman Modified over 8 years ago
1
Dr. Igor Santos
2
Introduction to Wi-Fi networks Encryption WEP WPA Vulnerabilities Attacks Setting up a secure Wi-Fi network Captive Portals 2
3
Introducción a las redes Wi-Fi 3
4
What is a Wi-Fi? Set of interconnected computers through a Wireless "bridge / router" or Access Point Main devices in a Wi-Fi network Network cards Access Points and Access Points (AP) Antennas 4
5
Typical topology 5
6
6 Wi-Fi network cards
7
Modes 1. Ad-hoc: interconnection between devices without the need for an AP ▪ It is similar to point-to-point connection via crossover ethernet cable (however, several PCs can be connected ad-hoc) ▪ AP manages the media → increased collisions → lowers performance 7
8
2. Managed or Infrastructure: connected to an AP that manages connections (STA <> AP) ▪ The card leaves all responsibility to the AP to manage traffic ▪ Sometimes it is necessary to know the ESSID (network id) of the network that manages the AP to access → detect it by entering monitor mode. 8
9
3. Master: as an AP, provides service and manages the connections (AP <> STA) ▪ PCs can be converted into APs ▪ HostAP: http://hostap.epitest.fihttp://hostap.epitest.fi ▪ Advantages ▪ A PC is much more powerful than an AP, many possibilities (filtering, security enhancements, routing, DHCP...) ▪ Recycling of obsolete equipment, cheap APs ▪ Shortcomings ▪ Not all cards can work in Master mode (Prism / Hermes / Atheros). 9
10
4. Monitor: allows to to capture packets without associating with an AP or ad-hoc network ▪ Monitors a specific channel without transmitting packets (passively) ▪ The card does not check the packet CRC's ▪ It is NOT THE SAME as promiscuous mode ▪ Promiscuous : in LAN networks, connected ▪ Monitor: in WiFi networks, not connected ▪ Not all cards support monitor mode ▪ http://kmuto.jp/debian/hcl/index.cgi http://kmuto.jp/debian/hcl/index.cgi ▪ http://linux-wless.passys.nl http://linux-wless.passys.nl 10
11
11 Access Points
12
Interconnects Ethernet LANs with wireless users or networks Alternatives Commercial APs Commercial APs with free software APs comerciales con software libre ▪ Install Custom Firmware on commercial AP “Homemade” APs ▪ Obsolete PC + WiFi card in Master mode 12
13
Functionalities They manage the physical media They selectively retransmit data They may have additional services ▪ DHCP ▪ Remote management (web, telnet, ssh) ▪ IP, MAC, etc.. filtering 13
14
Concepts BSSID (Basic Service Set Identifier) ▪ Unique address that identifies the AP that creates the wireless network ▪ MAC address ESSID (Extended Service Set Identifier) ▪ Unique name of up to 32 characters to identify the wireless network 14
15
Channel ▪ Wi-Fi works in the 2.4GHz bandwith ▪ It is divided in 13 channels of 22 Mhz ▪ Different frequency ranges within that band ▪ They overlap-> Interferences! ▪ Recommendation ▪ Use channels of 1, 6 and 11 so they do not overlap each other 15
16
16
17
17 Wi-Fi antennas
18
They manage to increase the coverage and performance of a wireless node Several scenarios AP inside a building Exterior APs ▪ Point to point connection ▪ Point-to-multipoint ▪ Hot-spot 18
19
There are different types of antennas Omnidirectional ▪ In all directions ▪ Ideal for APs or hot-spots Directives ▪ Towards a direction or a small sector ▪ Ideal for: ▪ Users of an AP ▪ Interconnection LAN-to-LAN 19
20
Homemade antennas 20
21
21 Encryption
22
WEP (Wired Equivalent Privacy) Included in the 802.11 standard Protection based on the RC4 algorithm Use keys of 64, 128 and 256 bits (actually 40, 104 or 232 bits: because Initialization Vector - IV = 24 bits, different in each package) The key may be generated from a passphrase or entered directly by the user The key must be known to all clients (shared secret) 22
23
WPA (Wi-Fi Protected Access) Workaround prior to 802.11i (WPA2) Improvements over WEP ▪ Dynamic key distribution with limited duration (TKIP - Temporal Key Integrity Protocol) ▪ Harder Initialization Vector: 48 bits, minimizing key reuse ▪ Integrity: from ICV (Integrity Check Value) to MIC (Michael): based on the encryption key 23
24
Dos modalities Personal -WPA (PSK) ▪ Though for simple environments ▪ Pre-Shared Key (PSK): shared secret WPA-Enterprise (RADIUS) ▪ Though for complex environments ▪ Every user has his/her login/password ▪ 802.1x ▪ Supplicant (STA) ▪ Authenticator (AP) ▪ Auth server (RADIUS) 24
25
WPA2 Approved by the IEEE and accepted by Wi-Fi Alliance in 2004 Also known as 802.11i or RSN (Robust Security Network) Improvements ▪ 802.1x-based authentication ▪ AES-based encryption ▪ Dynamic key management (GKH, PKH) ▪ Support for ad-hoc networks 25
26
PORTADA VULNERABILIDADES 26 Wi-Fi vulnerabilities
27
WiFi networks have the same problems / bugs / vulnerabilities than wired networks Besides, they have additional problems related to its wireless features Radio Scanners Radio jamming (DoS) Flexibility vs. Security... 27
28
vulnerabilities Access: wardriving WEP Encryption: Attacks like FSM, KoreK, etc WPA and WPA2 Encryption: Dictionary Attracks Man-in-the-Middle Attacks ▪ Rogue APs ▪ Vulnerabilities in APs when "bridge“ mode: ARP Poisoning Denial of Service(DoS) 28
29
29 WEP vulnerabilities
30
Walker (Intel) (2000) "WEP is not a good way to provide privacy for wireless communications" Using a stream cipher algorithm (RC4) in an environment in which the keys are repeated a mistake Main problem -> Initialization Vectors If the Initialization Vectors are repeated and we know lots of plaintext is easy to break the encryption 30
31
31
32
Borisov et al. (2001) Alphabet Building Attack (the "keystream" is derivable by a known plaintext attack) Arbaugh (2001) Attack "Inductive Chosen Plain Text" (build a Databse with all the "keystreams" for a WEP key in a relatively short time) Fluhrer, Mantin, Shamir (2001) “Weaknesses in the Key Scheduling Algorithm of RC4” (few bits determine many bits in the first permutation algorithm) 32
33
KoreK (2004) “KoreK Attacks”: set of enhancements to the attack FMS - Fluhrer, Mantin, Shamir (2001) ▪ Only about 200,000 Initialization Vectors are needed "Attack chop-chop": Reverse Inductive Attack (Arbaugh 2001) ▪ It sends an encrypted ARP request to the AP with one byte less ▪ The AP will repeat only those packets that verify the CRC ▪ After 256 attempts, it will find the valid byte of that particular iteration ▪ Requests can be send in parallel (more speed) ▪ Gradually all the "keystream“ can be derived 33
34
Reinjection of packets to generate new traffic (new Initialization Vectors) ▪ ARP requests ▪ ICMP Traffic ▪ DHCP requests 34
35
Klein (2005) Improvements to the correlations found by FMS and RC4 KoreK Bittau et al. (2006) Packet fragmentation attack between STA and AP Ramachandran y Ahmad (2007) “Caffe-latte attack” (getting the user key, not the AP one) Hirte (2007) Improved "caffe-latte attack" (no need for ARPs) 35
36
Tews, Weinmann, Pyshki (2007) “Breaking 104-bit WEP in less than 60 seconds” (improved KoreK’s approach by using the contribution from Klein) Performance ▪ 50% success with 40.000 Initialization Vectors ▪ 95% success with 85.000 Initialization Vectors Beck y Tews (2008) Improvements from the approaches by Tews, Weinmann and Pyshki (reduces the number of needed packages from 90000-40000 to 24,000 ) 36
37
WEP cracking Capture traffic that contains Initialization Vectors (NOT Beacon Frames) ▪ If there are no users connected to the AP, then the traffic cannot be generated ▪ Fake Association ▪ If there is no much traffic ▪ Reinject Use one of the methods (Korek, …) to obtain the key 37
38
Brute force For WEP40, is reasonable ▪ 2 40 ▪ On a Pentium Core2Duo: 42 days (300,000 K / S) ▪ In a cluster of FPGAs: 13 minutes (1.386M K / S) For WEP104, IT IS NOT ▪ 2 104 = 20 x 10 30 ▪ On a Pentium Core2Duo: 2.14 trillion years ▪ In a cluster of FPGAs: 464 billion years Dictionary attacks Keys already broken in other APs Default keys 38
39
Many manufacturers configure default WEP ESSID recognizable as WLAN_XX or equivalent Deductible WEP passphrase generated according to: ▪ A common prefix for each manufacturer ▪ BSSID ▪ The XX WLAN_XX Other unknown data ▪ You can try brute force the 16,384 possibilities WlanDecrypter generates these possible keys depending on the BSSID and ESSID Only one encrypted packet capture is needed ▪ WlanInject to generate a false association if there is no traffic 39
40
GNU/Linux Tools aircrack, aircrack-ng ▪ Continuous development ▪ Highly recommended WepLab ▪ Centered in WEP, few updates ▪ GUI (wxWepLab) Assistants ▪ Airoscript ▪ wesside-ng y easside-ng ▪ spoonwep2. 40
41
Tools for Microsoft Windows Privative Software ▪ CommView for WiFi (TamoSoft) ▪ OmniPeek (WildPackets) ▪ AirMagnet WiFi Analyzer (AirMagnet) 41
42
Ports of free software (partial functionality) Ports de software libre (parcial functionality ) ▪ airsnort: obsolete ▪ WepLab ▪ Doesn’t support Windows capture ▪ Required Wireshark or other capture programs ▪ aircrack y aircrack-ng ▪ Currently widely used ▪ Capture and reinjection with some drivers 42
43
A few years ago it was said that WEP was bad, but better than nothing Today it is almost the opposite: Protecting a network with WEP makes it easy to crack because it is a challenge very accessible to casual crackers There are security protocols, so WEP should be discarded ALWAYS 43
44
44 WPA-PSK vulnerabilities
45
WPA-PSK vulnerabilities The system used by WPA for the exchange of information used for the key generation is weak Preset Keys are "unsafe" (WPA-PSK) ▪ Subject to dictionary attacks ▪ No need to capture lots of traffic, capture only key exchange 45
46
1. Capture initial handshake 4 packets WPA from user authentication against an AP de autenticación de un cliente contra un AP 2. Brute force or dictionary attack to extract the key Success depends on the dictionary Éxito depende del diccionario It is also possible to use Rainbow Tables 46
47
Many manufacturers configure default WPA ESSID recognizable ▪ WLAN_XXXX ▪ JAZZTEL_XXX BSSID also needed Online Tools ▪ http://www.seguridadwireless.net/wpamagickey1.php http://www.seguridadwireless.net/wpamagickey1.php ▪ http://www.seguridadwireless.net/wpamagickey.php http://www.seguridadwireless.net/wpamagickey.php 47
48
CoWPAtty In its fourth version cracks WPA2 There are "rainbow tables" of the most common challenges (English) for common ESSIDs (linksys, tsunami, comcomcom, etc..) wpa_crack Proof of concept SpoonWpa GUI assistant wpacracker.com Cracking WPA using cloud computing (17 US$) 48
49
WPA_XXXX / JAZZTEL_XXXX? http://www.seguridadwireless.net/wpamagickey1.php http://www.seguridadwireless.net/wpamagickey1.php http://www.seguridadwireless.net/wpamagickey.php http://www.seguridadwireless.net/wpamagickey.php Test default passphrase “12345670” WPA-PSK? 1. Obtain the ESSID 2. Obtain authentication: De authenticate: aireplay-ng - 0 3. Pre-computed tables for that ESSID Crack: aircrack-ng, cowpatty 49
50
4. Without tables for that ESSID Generate tables: genpmk (in parallel if possible) Goto 3 50
51
WIFISLAX!!! 51 Other Tools
52
WIFISLAX 4.0 LiveCD Linux Wifi Audit Tools http://www.wifislax.com/wifislax-4-0-el-regreso http://www.wifislax.com/wifislax-4-0-el-regreso 52
53
53 Setting up a secure Wi-Fi network
54
WPA2 encryption with strong and not predictable password Disable beacon frames Set MAC filtering Disable DHCP Setup different IP range set than the default (192.168.1.X) Limit the number of clients that can be connected 54
55
Implementation in Microsoft Windows Client: Windows XP SP2+ / Vista / 7 Authenticator: AP hardware (WRT54g) RADIUS server: Microsoft Internet Authentication Server (IAS) / FreeRADIUS.net 55
56
Implementation in GNU/Linux Client ▪ wpa_supplicant ▪ Xsupplicant ▪ wireless-tools: iwconfig + iwpriv Authenticator: hostapd (service of HostAP) RADIUS server: FreeRADIUS, OpenRADIUS, Radiator, etc. 56
57
57 Captive portals
58
Client validation system for wireless nodes Depending on the user type, it assigns bandwidth and gives access to different services Usually based on temporal "tokens" managed by HTTP-SSL (443/TCP) 58
59
59
60
Authentication process 60
61
http://www.flickr.com/photos/87546268@N00/76197417/ (AP) http://www.flickr.com/photos/87546268@N00/76197417/ (AP) http://www.flickr.com/photos/13522901@N00/5182549507/ http://www.flickr.com/photos/13522901@N00/5182549507/ http://www.flickr.com/photos/laughingsquid/176520387 http://www.flickr.com/photos/laughingsquid/176520387 http://www.flickr.com/photos/pittpics/504774599 http://www.flickr.com/photos/pittpics/504774599 http://www.flickr.com/photos/hatemaster/2197840114 http://www.flickr.com/photos/hatemaster/2197840114 http://www.flickr.com/photos/rayj1839/4940079038 http://www.flickr.com/photos/rayj1839/4940079038 http://www.flickr.com/photos/atelier_tee/5551668917 http://www.flickr.com/photos/atelier_tee/5551668917 http://www.flickr.com/photos/meredithfarmer/318077155 http://www.flickr.com/photos/meredithfarmer/318077155 http://www.flickr.com/photos/87793853@N00/2078979917/ http://www.flickr.com/photos/87793853@N00/2078979917/ 61
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.