Cracking wpa2 psk in the cloud
Upcoming SlideShare
Loading in...5
×
 

Cracking wpa2 psk in the cloud

on

  • 5,123 views

 

Statistics

Views

Total Views
5,123
Views on SlideShare
5,123
Embed Views
0

Actions

Likes
1
Downloads
34
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Micro Instance 613 MB of memory, up to 2 ECUs (for short periodic bursts)Small Instance (Default) 1.7 GB of memory, 1 EC2 Compute Unit (1 virtual core with 1 EC2 Compute Unit)Large Instance 7.5 GB of memory, 4 EC2 Compute Units (2 virtual cores with 2 EC2 Compute Units each)High-CPU Medium Instance 1.7 GB of memory, 5 EC2 Compute Units (2 virtual cores with 2.5 EC2 Compute Units each)High-CPU Extra Large Instance 7 GB of memory, 20 EC2 Compute Units (8 virtual cores with 2.5 EC2 Compute Units each)

Cracking wpa2 psk in the cloud Cracking wpa2 psk in the cloud Presentation Transcript

  • Cracking WPA2-PSK in the cloud
    A Cost Effective Solution For Brute Force Attacks
    By Fotios Lindiakos and Ed Rowland
  • WPA2-PSKWi-Fi Protected Access II – Pre-shared Key
    Replaced WPA in 2004 as 802.11i standard
    Added security replacing TKIP with CCMP (AES)
    Required for devices with Wi-Fi trademark
    Two modes
    Enterprise – requires a Radius Server (802.1x)
    Personal – 256 bit key created from a string of 64 digits or 8-63 character passphrase
    Key calculation
    Passphrase  PBKDF2(f) salted w/SSID  4096 iterations of HMAC-SHA1
  • WPA2-PSK/802-11i4 Way Handshake
    • Goal - derive Passphrase from PMK
    • Correct Passphrase “guessed” if tool can calculate the same Message Integrity Code (MIC)
    Hacking Exposed - Stuart McClure, Joel Scambray, George Kurtz
  • Tools Used
    Amazon’s EC2 cloud
    Multiple types of instances running 64 bit Ubuntu 10.04 LTS
    Aircrack-ng v1.1
    Custom web front end
    Custom code to parallelize processing
    Laptop/mobile device running aircrack-ng to capture and send capture file to cloud
  • About The EC2 Cloud
    One of many proprietary web services Amazon offers providing PAAS, IAAS & SAAS
    Elastic Compute Cloud (EC2) virtualizes compute cycles into EC2 compute units (ECU)
    One ECU provides the equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or Xeon processor
    Access to an EC2 instance is via SSH leveraging PKI to encrypt a session key
  • To the cloud!
  • Cracking Statistics
  • But what about cracking…
    One Hundred MILLION keys!
  • Time to Crack 100,000,000
  • Optimized for “Bang for your buck”
  • About Custom Code
    Written in Ruby
    Front end is a Sinatra web application
    Back end is a wrapper around aircrack-ng
    Library handles communicating with EC2
    Only 234 lines of code
  • Front End
    Accepts PCAP from the user
    Also gets SSID and how many instances to run
    Creates a “message” for each instance
    This message is put on a queue waiting for client to come online
    It contains all the information the client needs
    Starts cracking instances
    Waits for results and reports them to the user
    After a key is found, terminates all clients
  • Back End
    Pops a message off the queue at boot time
    Gets the PCAP and full dictionary file
    Creates smaller wordlists
    First, makes a list based on “chunk” assigned
    Breaks that into smaller chunks for reporting purposes
    Runs aircrack-ng against each chunk
    Reports progress or the key after every iteration
  • Tested Instance Types and Cost
  • Demo
  • Results – Single Instance
  • Results – Parallel Instances
  • Future Work
    Utilize other EC2 Instance types
    High End Cluster with GPU
    33.5 ECU and 2 x NVIDIA Tesla “Fermi” M2050 GPUs
    Optimize cracking client for architecture
    Fully utilize multiple CPU/core
    Fully utilize 64 bit capabilities
    Fully utilize GPU acceleration
    Look at other cracking tools
    coWPAtty, Hydra, custom code
  • Conclusion
    It’s certainly inexpensive and easy to leverage cloud computing to hack WPA2-PSK efficiently
    As long as you have an adequate dictionary
    The attack can be prioritized based on
    Cost
    Use cheaper instances, regardless of time
    Time
    Use most powerful instances, regardless of cost