Cracking wpa2 psk in the cloud


Published on

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Micro Instance 613 MB of memory, up to 2 ECUs (for short periodic bursts)Small Instance (Default) 1.7 GB of memory, 1 EC2 Compute Unit (1 virtual core with 1 EC2 Compute Unit)Large Instance 7.5 GB of memory, 4 EC2 Compute Units (2 virtual cores with 2 EC2 Compute Units each)High-CPU Medium Instance 1.7 GB of memory, 5 EC2 Compute Units (2 virtual cores with 2.5 EC2 Compute Units each)High-CPU Extra Large Instance 7 GB of memory, 20 EC2 Compute Units (8 virtual cores with 2.5 EC2 Compute Units each)
  • Cracking wpa2 psk in the cloud

    1. 1. Cracking WPA2-PSK in the cloud<br />A Cost Effective Solution For Brute Force Attacks<br />By Fotios Lindiakos and Ed Rowland<br />
    2. 2. WPA2-PSKWi-Fi Protected Access II – Pre-shared Key<br />Replaced WPA in 2004 as 802.11i standard<br />Added security replacing TKIP with CCMP (AES)<br />Required for devices with Wi-Fi trademark<br />Two modes<br />Enterprise – requires a Radius Server (802.1x)<br />Personal – 256 bit key created from a string of 64 digits or 8-63 character passphrase<br />Key calculation<br />Passphrase  PBKDF2(f) salted w/SSID  4096 iterations of HMAC-SHA1<br />
    3. 3. WPA2-PSK/802-11i4 Way Handshake<br /><ul><li>Goal - derive Passphrase from PMK
    4. 4. Correct Passphrase “guessed” if tool can calculate the same Message Integrity Code (MIC)</li></ul>Hacking Exposed - Stuart McClure, Joel Scambray, George Kurtz<br />
    5. 5. Tools Used<br />Amazon’s EC2 cloud<br />Multiple types of instances running 64 bit Ubuntu 10.04 LTS<br />Aircrack-ng v1.1<br />Custom web front end<br />Custom code to parallelize processing<br />Laptop/mobile device running aircrack-ng to capture and send capture file to cloud<br />
    6. 6. About The EC2 Cloud<br />One of many proprietary web services Amazon offers providing PAAS, IAAS & SAAS<br />Elastic Compute Cloud (EC2) virtualizes compute cycles into EC2 compute units (ECU)<br />One ECU provides the equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or Xeon processor<br />Access to an EC2 instance is via SSH leveraging PKI to encrypt a session key<br />
    7. 7. To the cloud!<br />
    8. 8. Cracking Statistics<br />
    9. 9. But what about cracking…<br />One Hundred MILLION keys!<br />
    10. 10. Time to Crack 100,000,000<br />
    11. 11. Optimized for “Bang for your buck”<br />
    12. 12. About Custom Code<br />Written in Ruby<br />Front end is a Sinatra web application<br />Back end is a wrapper around aircrack-ng<br />Library handles communicating with EC2<br />Only 234 lines of code<br />
    13. 13. Front End<br />Accepts PCAP from the user<br />Also gets SSID and how many instances to run<br />Creates a “message” for each instance<br />This message is put on a queue waiting for client to come online<br />It contains all the information the client needs<br />Starts cracking instances<br />Waits for results and reports them to the user<br />After a key is found, terminates all clients<br />
    14. 14. Back End<br />Pops a message off the queue at boot time<br />Gets the PCAP and full dictionary file<br />Creates smaller wordlists<br />First, makes a list based on “chunk” assigned<br />Breaks that into smaller chunks for reporting purposes<br />Runs aircrack-ng against each chunk<br />Reports progress or the key after every iteration<br />
    15. 15. Tested Instance Types and Cost<br />
    16. 16. Demo<br />
    17. 17. Results – Single Instance<br />
    18. 18. Results – Parallel Instances<br />
    19. 19. Future Work<br />Utilize other EC2 Instance types<br />High End Cluster with GPU<br />33.5 ECU and 2 x NVIDIA Tesla “Fermi” M2050 GPUs<br />Optimize cracking client for architecture<br />Fully utilize multiple CPU/core<br />Fully utilize 64 bit capabilities<br />Fully utilize GPU acceleration<br />Look at other cracking tools<br />coWPAtty, Hydra, custom code<br />
    20. 20. Conclusion<br />It’s certainly inexpensive and easy to leverage cloud computing to hack WPA2-PSK efficiently<br />As long as you have an adequate dictionary<br />The attack can be prioritized based on<br />Cost<br />Use cheaper instances, regardless of time<br />Time<br />Use most powerful instances, regardless of cost<br />