Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Wireless hacking and security

A
Adel Zalok

This presentation describes the WEP issued in the original IEEE 802.11 and points out it's weakness and how can attacks be executed. Also, it summarizes the best practices to introduce security to the Wireless enviroment.

1 of 29
Wireless LAN Hacking and Security
Technical Presentation  Page Outline Introduction to WLAN Why Wireless Security ? Motivation Wired Equivalent Privacy (WEP) Hacking Wi-Fi Security Best Practices Summary & Conclusion
Technical Presentation  Page Introduction To Wireless LAN Introduction What is Wireless Networking?! A wireless Network refers to a fully connected network that allows users to share resources without using any kind of Wiring. Resources Could be : Broadband Interent Network Printers Data files Examples: Wireless Personal Area Network (PAN) Wireless LAN ( Our Guy ) Wireless MAN Mobile Networks
Technical Presentation  Page Wireless Advantages And Disadvantages Introduction To Wireless LAN Wireless Advantages Easy and Fast Installation Procedures No need for costy, Messy wiring. Easier to provide connectivity. Access to the Network can be anywhere with the range of the AP. Public places offers free or chargable access to wireless network. Wireless Disadvantages Many users = Bandwidth starvation. Unlicensed spectrum, which could lead to interfrence with other services. Frequent updates in the standards = replacing hardware = higher cost Shared medium introduces security issues.
Technical Presentation  Page IEEE Network Specifications Introduction To Wireless LAN
Technical Presentation  Page Most Important ones: Introduction To Wireless LAN
Technical Presentation  Page Wireless LAN Technologies Narrow Band Picking a frequeny and transmitting over it. Very vulnerable to multi-path fading and interference. Spread Spectrum Uses more bandwidth by spreading the signal over a large range of fqs. More imune against multi-path fading and interference. FHSS Hops across Frequencies by a certain rate. Synchronizes Hopping pattern at Tx and Rx. DSSS Breaks data Into chuks. Represents each bits with *Chips*. Introduction To Wireless LAN
Technical Presentation  Page WLAN Frequency Usage Wireless Channels in 802.11b As An Example The 802.11b standard defines 14 channels. Does it use all the 14 channels ?!  this depends on Countries North America : 11 channels Euope: 13 channels Japan: All the 14 channels Introduction To Wireless LAN
Technical Presentation  Page WLAN Modes Ad-hoc Mode All workstations can directly communicaticate together. Good if you plan to quickly get setup your wireless network when there is no access to wired Infrastructure. Infrastructure Communication occurs through an AP. A basic wireless Infrastrucutre with a single AP is called a BSS. When more than once access point is connected it is called an ESS. Roaming is supported from one BSS to another. Roaming between APs can occur for many reasons. For examples: Stronger signals. Load balancing between two APs in the same geographical area. Introduction To Wireless LAN
WLAN Modes Introduction To Wireless LAN
Here comes your footer  Page Why Wireless Security ?! Motivation !! Accidental association Malicious association Ad-hoc networks Non-traditional networks Identity theft (MAC spoofing) Man-in-the-middle attacks Denial of service Network injection Caffe Latte attack And many more !!!
Technical Presentation  Page Non Technical Example!! Why Wireless Security ?! [CEH V7 Official Course Material] Example Tools : wefi, jiwire,…
Technical Presentation  Page Most Famous and Commonly Used Cryptos !! WEP : An old wireless encryption standard (will be discussed in more details) WPA : Uses a 48 IV, 32 bit CRC and TKIP encyption for wireless security. WPA2 Personal : Uses AES 128 bits and CCMP for wireless data encryption. WPA2 Enterprise : Integrates the standards of EAP with WPA enrption WEP -- Wireless Equivalent Privacy WPA -- WiFi Protected Access CCMP -- Counter Mode With Cipher Block Chaining Message Authentication Code Protocol Why Wireless Security ?!
Here comes your footer  Page Wired Equivalent Privacy (WEP) Who am I ? Wasn‘t developed by experts. Part of the IEEE 802.11 standard. Was meant to provide confidentiality for messages on the network. Not Considered *The state of the art* any more. Was designed to achieve three main security goals: Confidentiality : Content is not readable to people outside the network. Integrity : A message can‘t be altered without altering detection. Access control : only authorized stations can access the network. Concept Encryption Decryption M C M K K As If
Here comes your footer  Page Wired Equivalent Privacy (WEP) Sending Side (Encryption Block) Steps: Integrity Check sum = Plaintext || CRC 32(Plaintext). Chosen IV || shared key (key is 40 or 104 bits). Shorter keys, less privacy Output of last step will be input to RC4 to generate the key stream. XOR the result of the RC4 with the IC value to get the Cipher text. Finally, Cipher text and IV are concatenated and transmitted on the medium. [1] RC4 is a stream-cipher algorithm, this means that it generates an infinite sequence of pseudo random bits.
Here comes your footer  Page Recieving Side (Decryption Block) Wired Equivalent Privacy (WEP) Steps: IV is extracted from received data. RC4 (IV || Shared key) = same key stream as before. RC4(IV || Shared key) XOR C. C is equal { RC4 ( IV || Shared key ) XOR Pc }. Finally, we Compare the IC value with the result of the integrity check. [1] Since the original plain text is not known by the receiver, you can’t tell if it is the real thing or not. So, we need to verify that they match.
Here comes your footer  Page Wired Equivalent Privacy (WEP) Summary of Operation (Hawk’s Eye View)
Here comes your footer  Page Wired Equivalent Privacy (WEP) On The Run Definitions !! Vulnerability : A Weakness in design that can Compromise the security of the system. Threat: An Action or an event that might compromise the secuity of the system. Exploit: A way to breach through the system security given existing vulnerabilities. Symetric Key Cryptography: Only one key is used to Encrpyt and Decrypt. The key should be distributed before transmission. Asymetric Key Cryptography: Using two keys (public, private). Public key is for encyption and private key for decryption. No need for key distribution
Here comes your footer  Page Wired Equivalent Privacy (WEP) RC4 Inputs and Outputs of the RC4: The RC4 algorithm takes as in input the Pre-Shared Key and produced and pseudo random stream. The PSK and the IV and the Generators of the RC4. IV || PSK PRN The Algorithm Consists Of Two Parts: Key Scheduling algorithm (KSA) The key scheduling algorithm is to complete the initialization of the RC4 Pseudo Random Generator (PSRG) The PRGA is to produce the pseudo random number. RC4 Seed The RC4 is a symmetric key cryptography algorithm was developed by Ronald L. Rivest Also the “R” in the RSA Encyption Algorithm. RC4 stands for Ron’s Code 4.
Here comes your footer  Page Wired Equivalent Privacy (WEP) Vulnerabilities and Threats in WEP !! The master Key is used directly as an input to the RC4 Algorithm Once one key is recovered, everything is compromised. A good idea is to create sub keys for a certain period of time. The Key size 64 bits -> 24 IV + 40 bit PSK . 40 bits is not enough to avoid Brute Forces. Vendors extended the key length to 104 to make the total size 128 bits. Key Management No algorithm for key exchange. Keys are exchanged manually. Small, and easy to remember keys are used  Higher attack probability. Use some key exchange algorithms. For example: “Diffie Hellman” CRC32 : Although it aims to provide message integrity. It doesn’t prevent the whole content from being changed. Can we fix that ?
Here comes your footer  Page Wired Equivalent Privacy (WEP) Vulnerabilities and Threats in WEP - Continue!! The Incorrect Use of RC4 Strong correlation between the Input key and resulting stream. IV is 3 bytes and is transmitted in plain text. It is easy to sniff weak keys. If one bit is lost, the entire data packet is. It is not specified how IV’s are generated. So they might be reused. Reuse of IV’s is a direct Violation of the RC4 requirements. IV is Too Small And In Clear Text Only 24 bits and is sent in clear text, will eventually be repeated after 2^24. Used as a seed for the RC4 Algorithm. Not practical when used for crypt. The above mentioned vulnerabilities are just some good examples. There is still a lot of other vulnerabilities that wasn’t mentioned here. For more information surf to www.nvd.nist.gov and look up “WEP” in the vulnerabilities Search engine. wire shark
Here comes your footer  Page Wired Equivalent Privacy (WEP) Exploiting Vulnerabilities and Threats (Attacking)!! Active Traffic Injections Using cryptanalysis, the attacker knows the exact plain text plain text version of an encrypted message. Use this information to construct messages Calculating CRC 32-values. Perform bit-flips on the original message to get the encrypted form. Now the attacker can send the packet to AP and will be correctly validated. Example of Tools that does this: AirePlay : Capture and re-inject WEPWedgie: Determines the 802.11 WEP key streams and then Injecting traffic with known keystreams.
Here comes your footer  Page Exploiting Vulnerabilities and Threats (Attacking) - Continue!! Active attack from both sides An extension to the previous attack. The attacker make guesses about header content. Some bit flipping to change DA to rogue device. Resend the packet to AP Access point decrypt the message for forward it to gateway un-encyrpted Un-encrypted message is then forwarded to attacker’s machine A guess about TCP header, would allow the attacker to change current port number to port 80 (default port for web traffic) which is allowed almost in all firewalls. Wired Equivalent Privacy (WEP)
Here comes your footer  Page Wired Equivalent Privacy (WEP) Exploiting Vulnerabilities and Threats (Attacking) - Continue!! Table Based Attack IV are repeated after a while due to their small size. Use some passive monitoring to know plain text. Compute the RC4 key stream by trying out different key values. Use this key stream to decrypt all packets with the same IV. Over time the attacker can build a complete table of IV’s and corresponding key streams. This allows the attacker to decrypt all packets sent. Passive attack decryption An attacker monitors traffic until an IV is reused. When collision is reused, the shared key and the IV results a key stream that has been previously used. Attacker XORs the cipher text with the keystream and he gets the plain text
Here comes your footer  Page Securtiy Best Practices Counter Measures Against Encryption attacks Rotate the Keys Rotate the keys after a certain period of time. By rotating the key you get a new key. Introduce a secure key management methodology As previously mention, WEP is a symmetric key crypto. Key has to be stored in all machines. A problem in large companies. The Original 802.11 standard has no methodology or specification for key management One way is to use public key cryptography for exchanging keys. This way we don’t need to store the key on every singe machine, and thus making the scaling process much easier . Use Wi-Fi Protected Access (WPA) and WPA2
Here comes your footer  Page Securtiy Best Practices Wi-Fi Protected Access (WPA) Everyone agreed that WEP is not a secure protocol anymore IEEE defined the 802.11i Only access point s that meets the standard can use this protocol. Addresses WEP problems but requires a change in hardware WPA saves the day by fixing WEP flows without needing to change hardware WPA uses: 802.1x port-access control to distribute per session keys. Provides a framework that allows use of upper layer authentication protocols line EAP. Temporal Key Integrity Protocol (TKIP) to provide key mixing and a longer initialization vector. It also provides Message Integrity check (MIC) that prevents wireless data from being modified in transit.
Here comes your footer  Page Summary & Conclusion Summary We have talked about WLAN and it’s Advantages and Dis-Advantages Introduced the Wired Encryption Protocol We have discusses the vulnerabilities and threats in WEP We mentioned how to exploit those vulnerabilities Finally, we talked about some of the best practices and counter measures. Conclusion WEP is not secure anymore Many Security parameters should be taken into consideration when designing a security protocol. There is no Silver bullet. Never feel completely safe, always be suspicious 
Here comes your footer  Page References Wired Equivalent Privacy (WEP) Functionality, Weak Points and Attacks: Gutjahr and Ludwigs ; University of Freiburg Enhancing RC4 algorithm for WLAN WEP Protocol; Yao, Chong, Xingwei; Northeastern University, Shenyang Security of the WEP algorithm; [email_address] . Hacking Wireless Networks For Dummies; Beaver and Davis.
Technical Presenation  Page Questions Thank you!!

More Related Content

Wireless hacking and security

  • 1. Wireless LAN Hacking and Security
  • 2. Technical Presentation  Page Outline Introduction to WLAN Why Wireless Security ? Motivation Wired Equivalent Privacy (WEP) Hacking Wi-Fi Security Best Practices Summary & Conclusion
  • 3. Technical Presentation  Page Introduction To Wireless LAN Introduction What is Wireless Networking?! A wireless Network refers to a fully connected network that allows users to share resources without using any kind of Wiring. Resources Could be : Broadband Interent Network Printers Data files Examples: Wireless Personal Area Network (PAN) Wireless LAN ( Our Guy ) Wireless MAN Mobile Networks
  • 4. Technical Presentation  Page Wireless Advantages And Disadvantages Introduction To Wireless LAN Wireless Advantages Easy and Fast Installation Procedures No need for costy, Messy wiring. Easier to provide connectivity. Access to the Network can be anywhere with the range of the AP. Public places offers free or chargable access to wireless network. Wireless Disadvantages Many users = Bandwidth starvation. Unlicensed spectrum, which could lead to interfrence with other services. Frequent updates in the standards = replacing hardware = higher cost Shared medium introduces security issues.
  • 5. Technical Presentation  Page IEEE Network Specifications Introduction To Wireless LAN
  • 6. Technical Presentation  Page Most Important ones: Introduction To Wireless LAN
  • 7. Technical Presentation  Page Wireless LAN Technologies Narrow Band Picking a frequeny and transmitting over it. Very vulnerable to multi-path fading and interference. Spread Spectrum Uses more bandwidth by spreading the signal over a large range of fqs. More imune against multi-path fading and interference. FHSS Hops across Frequencies by a certain rate. Synchronizes Hopping pattern at Tx and Rx. DSSS Breaks data Into chuks. Represents each bits with *Chips*. Introduction To Wireless LAN
  • 8. Technical Presentation  Page WLAN Frequency Usage Wireless Channels in 802.11b As An Example The 802.11b standard defines 14 channels. Does it use all the 14 channels ?!  this depends on Countries North America : 11 channels Euope: 13 channels Japan: All the 14 channels Introduction To Wireless LAN
  • 9. Technical Presentation  Page WLAN Modes Ad-hoc Mode All workstations can directly communicaticate together. Good if you plan to quickly get setup your wireless network when there is no access to wired Infrastructure. Infrastructure Communication occurs through an AP. A basic wireless Infrastrucutre with a single AP is called a BSS. When more than once access point is connected it is called an ESS. Roaming is supported from one BSS to another. Roaming between APs can occur for many reasons. For examples: Stronger signals. Load balancing between two APs in the same geographical area. Introduction To Wireless LAN
  • 10. WLAN Modes Introduction To Wireless LAN
  • 11. Here comes your footer  Page Why Wireless Security ?! Motivation !! Accidental association Malicious association Ad-hoc networks Non-traditional networks Identity theft (MAC spoofing) Man-in-the-middle attacks Denial of service Network injection Caffe Latte attack And many more !!!
  • 12. Technical Presentation  Page Non Technical Example!! Why Wireless Security ?! [CEH V7 Official Course Material] Example Tools : wefi, jiwire,…
  • 13. Technical Presentation  Page Most Famous and Commonly Used Cryptos !! WEP : An old wireless encryption standard (will be discussed in more details) WPA : Uses a 48 IV, 32 bit CRC and TKIP encyption for wireless security. WPA2 Personal : Uses AES 128 bits and CCMP for wireless data encryption. WPA2 Enterprise : Integrates the standards of EAP with WPA enrption WEP -- Wireless Equivalent Privacy WPA -- WiFi Protected Access CCMP -- Counter Mode With Cipher Block Chaining Message Authentication Code Protocol Why Wireless Security ?!
  • 14. Here comes your footer  Page Wired Equivalent Privacy (WEP) Who am I ? Wasn‘t developed by experts. Part of the IEEE 802.11 standard. Was meant to provide confidentiality for messages on the network. Not Considered *The state of the art* any more. Was designed to achieve three main security goals: Confidentiality : Content is not readable to people outside the network. Integrity : A message can‘t be altered without altering detection. Access control : only authorized stations can access the network. Concept Encryption Decryption M C M K K As If
  • 15. Here comes your footer  Page Wired Equivalent Privacy (WEP) Sending Side (Encryption Block) Steps: Integrity Check sum = Plaintext || CRC 32(Plaintext). Chosen IV || shared key (key is 40 or 104 bits). Shorter keys, less privacy Output of last step will be input to RC4 to generate the key stream. XOR the result of the RC4 with the IC value to get the Cipher text. Finally, Cipher text and IV are concatenated and transmitted on the medium. [1] RC4 is a stream-cipher algorithm, this means that it generates an infinite sequence of pseudo random bits.
  • 16. Here comes your footer  Page Recieving Side (Decryption Block) Wired Equivalent Privacy (WEP) Steps: IV is extracted from received data. RC4 (IV || Shared key) = same key stream as before. RC4(IV || Shared key) XOR C. C is equal { RC4 ( IV || Shared key ) XOR Pc }. Finally, we Compare the IC value with the result of the integrity check. [1] Since the original plain text is not known by the receiver, you can’t tell if it is the real thing or not. So, we need to verify that they match.
  • 17. Here comes your footer  Page Wired Equivalent Privacy (WEP) Summary of Operation (Hawk’s Eye View)
  • 18. Here comes your footer  Page Wired Equivalent Privacy (WEP) On The Run Definitions !! Vulnerability : A Weakness in design that can Compromise the security of the system. Threat: An Action or an event that might compromise the secuity of the system. Exploit: A way to breach through the system security given existing vulnerabilities. Symetric Key Cryptography: Only one key is used to Encrpyt and Decrypt. The key should be distributed before transmission. Asymetric Key Cryptography: Using two keys (public, private). Public key is for encyption and private key for decryption. No need for key distribution
  • 19. Here comes your footer  Page Wired Equivalent Privacy (WEP) RC4 Inputs and Outputs of the RC4: The RC4 algorithm takes as in input the Pre-Shared Key and produced and pseudo random stream. The PSK and the IV and the Generators of the RC4. IV || PSK PRN The Algorithm Consists Of Two Parts: Key Scheduling algorithm (KSA) The key scheduling algorithm is to complete the initialization of the RC4 Pseudo Random Generator (PSRG) The PRGA is to produce the pseudo random number. RC4 Seed The RC4 is a symmetric key cryptography algorithm was developed by Ronald L. Rivest Also the “R” in the RSA Encyption Algorithm. RC4 stands for Ron’s Code 4.
  • 20. Here comes your footer  Page Wired Equivalent Privacy (WEP) Vulnerabilities and Threats in WEP !! The master Key is used directly as an input to the RC4 Algorithm Once one key is recovered, everything is compromised. A good idea is to create sub keys for a certain period of time. The Key size 64 bits -> 24 IV + 40 bit PSK . 40 bits is not enough to avoid Brute Forces. Vendors extended the key length to 104 to make the total size 128 bits. Key Management No algorithm for key exchange. Keys are exchanged manually. Small, and easy to remember keys are used  Higher attack probability. Use some key exchange algorithms. For example: “Diffie Hellman” CRC32 : Although it aims to provide message integrity. It doesn’t prevent the whole content from being changed. Can we fix that ?
  • 21. Here comes your footer  Page Wired Equivalent Privacy (WEP) Vulnerabilities and Threats in WEP - Continue!! The Incorrect Use of RC4 Strong correlation between the Input key and resulting stream. IV is 3 bytes and is transmitted in plain text. It is easy to sniff weak keys. If one bit is lost, the entire data packet is. It is not specified how IV’s are generated. So they might be reused. Reuse of IV’s is a direct Violation of the RC4 requirements. IV is Too Small And In Clear Text Only 24 bits and is sent in clear text, will eventually be repeated after 2^24. Used as a seed for the RC4 Algorithm. Not practical when used for crypt. The above mentioned vulnerabilities are just some good examples. There is still a lot of other vulnerabilities that wasn’t mentioned here. For more information surf to www.nvd.nist.gov and look up “WEP” in the vulnerabilities Search engine. wire shark
  • 22. Here comes your footer  Page Wired Equivalent Privacy (WEP) Exploiting Vulnerabilities and Threats (Attacking)!! Active Traffic Injections Using cryptanalysis, the attacker knows the exact plain text plain text version of an encrypted message. Use this information to construct messages Calculating CRC 32-values. Perform bit-flips on the original message to get the encrypted form. Now the attacker can send the packet to AP and will be correctly validated. Example of Tools that does this: AirePlay : Capture and re-inject WEPWedgie: Determines the 802.11 WEP key streams and then Injecting traffic with known keystreams.
  • 23. Here comes your footer  Page Exploiting Vulnerabilities and Threats (Attacking) - Continue!! Active attack from both sides An extension to the previous attack. The attacker make guesses about header content. Some bit flipping to change DA to rogue device. Resend the packet to AP Access point decrypt the message for forward it to gateway un-encyrpted Un-encrypted message is then forwarded to attacker’s machine A guess about TCP header, would allow the attacker to change current port number to port 80 (default port for web traffic) which is allowed almost in all firewalls. Wired Equivalent Privacy (WEP)
  • 24. Here comes your footer  Page Wired Equivalent Privacy (WEP) Exploiting Vulnerabilities and Threats (Attacking) - Continue!! Table Based Attack IV are repeated after a while due to their small size. Use some passive monitoring to know plain text. Compute the RC4 key stream by trying out different key values. Use this key stream to decrypt all packets with the same IV. Over time the attacker can build a complete table of IV’s and corresponding key streams. This allows the attacker to decrypt all packets sent. Passive attack decryption An attacker monitors traffic until an IV is reused. When collision is reused, the shared key and the IV results a key stream that has been previously used. Attacker XORs the cipher text with the keystream and he gets the plain text
  • 25. Here comes your footer  Page Securtiy Best Practices Counter Measures Against Encryption attacks Rotate the Keys Rotate the keys after a certain period of time. By rotating the key you get a new key. Introduce a secure key management methodology As previously mention, WEP is a symmetric key crypto. Key has to be stored in all machines. A problem in large companies. The Original 802.11 standard has no methodology or specification for key management One way is to use public key cryptography for exchanging keys. This way we don’t need to store the key on every singe machine, and thus making the scaling process much easier . Use Wi-Fi Protected Access (WPA) and WPA2
  • 26. Here comes your footer  Page Securtiy Best Practices Wi-Fi Protected Access (WPA) Everyone agreed that WEP is not a secure protocol anymore IEEE defined the 802.11i Only access point s that meets the standard can use this protocol. Addresses WEP problems but requires a change in hardware WPA saves the day by fixing WEP flows without needing to change hardware WPA uses: 802.1x port-access control to distribute per session keys. Provides a framework that allows use of upper layer authentication protocols line EAP. Temporal Key Integrity Protocol (TKIP) to provide key mixing and a longer initialization vector. It also provides Message Integrity check (MIC) that prevents wireless data from being modified in transit.
  • 27. Here comes your footer  Page Summary & Conclusion Summary We have talked about WLAN and it’s Advantages and Dis-Advantages Introduced the Wired Encryption Protocol We have discusses the vulnerabilities and threats in WEP We mentioned how to exploit those vulnerabilities Finally, we talked about some of the best practices and counter measures. Conclusion WEP is not secure anymore Many Security parameters should be taken into consideration when designing a security protocol. There is no Silver bullet. Never feel completely safe, always be suspicious 
  • 28. Here comes your footer  Page References Wired Equivalent Privacy (WEP) Functionality, Weak Points and Attacks: Gutjahr and Ludwigs ; University of Freiburg Enhancing RC4 algorithm for WLAN WEP Protocol; Yao, Chong, Xingwei; Northeastern University, Shenyang Security of the WEP algorithm; [email_address] . Hacking Wireless Networks For Dummies; Beaver and Davis.
  • 29. Technical Presenation  Page Questions Thank you!!

Editor's Notes

  1. Because I know the plain text for this cipher anc C= P + RC4 (IV || Key) then I can try different Keys and adding to C I will eventually get my Plain Text