Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modeling Wi-Fi Protected Setup Brute-Force Mitigations Using Markov Chains Lloyd Jones.

Published byHeather Potter Modified over 8 years ago

Similar presentations

Presentation on theme: "Modeling Wi-Fi Protected Setup Brute-Force Mitigations Using Markov Chains Lloyd Jones."— Presentation transcript:

1 Modeling Wi-Fi Protected Setup Brute-Force Mitigations Using Markov Chains Lloyd Jones

2 Outline  Introduction  Problem Statement  Background Information  Problem Solving Approach  Results  Introduction  Problem Statement  Background Information  Problem Solving Approach  Results

3 Introduction  Wi-Fi Protected Setup (WPS) – technology used for easy connection to wireless devices  Simpler than remembering long WEP/WPA passphrase  Push-button and PIN method  Known weaknesses in WPS  Importance  Wi-Fi Protected Setup (WPS) – technology used for easy connection to wireless devices  Simpler than remembering long WEP/WPA passphrase  Push-button and PIN method  Known weaknesses in WPS  Importance

4 Problem Statement  Compare brute-force times based on different mitigation mechanisms  Variables to consider:  PIN verification time  Overall time limit  Lockouts/Delays  Compare brute-force times based on different mitigation mechanisms  Variables to consider:  PIN verification time  Overall time limit  Lockouts/Delays 0 < d < 5 Access point-imposed delay between PIN attempts (seconds) L (s/p) 0 < s < 120 3 <= p <= 25 Lockout (s) in seconds per amount of consecutive incorrect PINs (p) t > 0 Time limit for successful attempt (minutes) A 1,2,3…n 1 < n < 11,000 PIN attempts in numerical order 0 < v < 5 Access point PIN validation time in seconds 0 < P 0 < 1 Probability of client being in unauthenticated state 0 < P 1 < 1 Probability of brute-forcing first half of PIN 0 < P 2 < 1 Probability of brute-forcing second half of PIN 0 < P < 1 Overall probability of successful brute-force given d, L (s/p), t, v

5 Background Information  WPS Vulnerability discovered by Stefan Viehboch in 2011  Caused by splitting PIN into two halves  Should be 10 7 (10,000,000)possible PINs  Actually 10 4 + 10 3 = 11,000  WPS Vulnerability discovered by Stefan Viehboch in 2011  Caused by splitting PIN into two halves  Should be 10 7 (10,000,000)possible PINs  Actually 10 4 + 10 3 = 11,000 12345 67Checksum First half of PINSecond half of PIN

6 Background Information MessageDirectionPurpose M4 Enrollee -> RegistrarSend first half of PIN M5 Registrar-> Enrollee ACK/NACK for first half of PIN M6 Enrollee -> Registrar Send second half of PIN M7 Registrar-> EnrolleeACK/NACK for second half of PIN WPS Exchange Structure

7 Background Information  Open source tools available to take advantage of this vulnerability  Reaver, Bully, and others  Other tools available to detect if WPS is enabled  Open source tools available to take advantage of this vulnerability  Reaver, Bully, and others  Other tools available to detect if WPS is enabled

8 Problem Solving Approach  Model and compare scenarios  Baseline  Per PIN delay  Lockout of s seconds per p PINs  Combination  Equations Used  Model and compare scenarios  Baseline  Per PIN delay  Lockout of s seconds per p PINs  Combination  Equations Used

9 Problem Solving Approach Markov Chain Representation States Used: P 0 – unassociated/unauthenticated P 1 – First half of PIN correct P 2 – Second half of PIN correct

10 Results

11

12

13

14

15

16

17

18  Lockout mechanisms are not necessarily better than delay mechanisms, and vice-versa  Neither can protect against an attacker with lots of time on his/her hands  Both are more of a bandage on a gaping wound  Lockout mechanisms are not necessarily better than delay mechanisms, and vice-versa  Neither can protect against an attacker with lots of time on his/her hands  Both are more of a bandage on a gaping wound

19 Questions?

Download ppt "Modeling Wi-Fi Protected Setup Brute-Force Mitigations Using Markov Chains Lloyd Jones."

Similar presentations

Brute Force Attack Against Wi-Fi Protected Setup

Brute Force Attack Against Wi-Fi Protected Setup
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Solving Equations. -132 = 4x – 5(6x – 10) -132 = 4x – 30x + 50 -132 = -26x + 50 -182 = -26x 7 = x.

Solving Equations = 4x – 5(6x – 10) -132 = 4x – 30x = -26x = -26x 7 = x.
Attacking Session Management Juliette Lessing

Attacking Session Management Juliette Lessing
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Modeling Wi-Fi Protected Setup Brute-Force Mitigations Using Markov Chains Progress Summary Lloyd Jones Progress Summary Lloyd Jones.

Modeling Wi-Fi Protected Setup Brute-Force Mitigations Using Markov Chains Progress Summary Lloyd Jones Progress Summary Lloyd Jones.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.
Security Weaknesses in Bluetooth by Markus Jakobsson and Susanne Wetzel Lucent Technologies – Bell Labs presented by Boris Kurktchiev.

Security Weaknesses in Bluetooth by Markus Jakobsson and Susanne Wetzel Lucent Technologies – Bell Labs presented by Boris Kurktchiev.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Solving Systems of three equations with three variables Using substitution or elimination.

Solving Systems of three equations with three variables Using substitution or elimination.
How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.

How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.
Introduction to networking (Yarnfield) IP addresses.

Introduction to networking (Yarnfield) IP addresses.
1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.

1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.
13-1 Introduction to Quadratic Equations  CA Standards 14.0 and 21.0  Quadratic Equations in Standard Form.

13-1 Introduction to Quadratic Equations  CA Standards 14.0 and 21.0  Quadratic Equations in Standard Form.
Topic: Solving Systems of Linear Equations Algebraically.

Topic: Solving Systems of Linear Equations Algebraically.

Similar presentations

Ads by Google