New version page

WUSTL CSE 571S - Wireless LAN Security II

Documents in this Course
IP sec

IP sec

28 pages

Load more
Upgrade to remove ads
Upgrade to remove ads
Unformatted text preview:

21-1©2007 Raj JainCSE571SWashington University in St. LouisWireless LAN Security II: Wireless LAN Security II: WEP Attacks, WEP Attacks, WPA and WPA2 WPA and WPA2 Raj Jain Washington University in Saint LouisSaint Louis, MO [email protected]/Video recordings of this lecture are available at:http://www.cse.wustl.edu/~jain/cse571-07/21-2©2007 Raj JainCSE571SWashington University in St. LouisOverviewOverview Wireless Networking Attacks  Wireless Protected Access (WPA) Wireless Protected Access 2 (WPA2)21-3©2007 Raj JainCSE571SWashington University in St. LouisWireless Networking AttacksWireless Networking Attacks1. MAC Address Spoofing Attack2. Disassociation and Deauthentication Attacks3. Shared Key Authentication Attacks4. Known Plaintext Attack5. Reaction Attack6. Message Modification Attack7. Inductive Attack8. Reuse IV Attack9. WEP Key Attacks10. FMS Attack11. Dictionary Attack on LEAP12. Rouge APs13. Ad-Hoc Networking Issues21-4©2007 Raj JainCSE571SWashington University in St. LouisMAC Address Spoofing AttackMAC Address Spoofing Attack AP has list of MAC addresses that are allowed to enter the network Attacker can sniff the MAC addresses and spoof it21-5©2007 Raj JainCSE571SWashington University in St. LouisDisassociation and Deauthentication AttacksDisassociation and Deauthentication Attacks WiFi stations authenticate and then associate Anyone can send disassociate packets Omerta, http://www.securityfocus.com/archive/89/326248simply sends disassociation for every data packet AirJack, http://802.11ninja.net includes essid_jack which sends a disassociation packet and then listens for association packets to find hidden SSIDs that are not broadcast fata_jack sends invalid authentication requests spoofing legitimate clients causing the AP to disassociate the client Monkey_jack deauthenticates a victim and poses as the AP when the victim returns (MitM) Void11, www.wlsec.net/void11 floods authenticate requests to AP causing DoS21-6©2007 Raj JainCSE571SWashington University in St. LouisShared Key Authentication AttacksShared Key Authentication Attacks Authentication challenge is sent in clear XOR of challenge and response ⇒ keystream for the IV Can use the IV and keystream for false authentication Collect keystreams for many IVs 24b IV ⇒ 2 24keystreams ⇒ 24 GB for 1500B packets Can store all possible keystreams and then use them to decrypt any messages21-7©2007 Raj JainCSE571SWashington University in St. LouisKnown Plaintext AttackKnown Plaintext Attack Wired attacker sends a message to wireless victim AP encrypts the message and transmits over the air Attacker has both plain text and encrypted text ⇒ keystreamWired Net Wireless NetKnown Plain TextCipher TextXorkeystreamSniffer21-8©2007 Raj JainCSE571SWashington University in St. LouisReaction AttackReaction Attack ICV is a linear sum ⇒ Predictable Change a few bits and rebroadcast ⇒ TCP acks (short packets) Flip selected bits ⇒ Keystream bits are 0 or 121-9©2007 Raj JainCSE571SWashington University in St. LouisMessage Modification AttackMessage Modification Attack Change the destination address to attacker's wired node Unencrypted packet will be delivered by the AP to the wired node21-10©2007 Raj JainCSE571SWashington University in St. LouisInductive AttackInductive Attack If you know n bytes of keystream, you can find n+1st byte Send a ping request with 256 variations of the n+1st byte Whichever generates a response is the correct variationKnown keystream n bytesPing packet n+1 bytesPing Response1AGuessed ByteXor Encrypted GuessYesNoOK?Packet silently dropped21-11©2007 Raj JainCSE571SWashington University in St. LouisReuse IV AttackReuse IV Attack If you have keystream for a particular IV, you can keep using the same IV for which he has keystream21-12©2007 Raj JainCSE571SWashington University in St. LouisWEP Key AttacksWEP Key Attacks 40-bit key or 104-bit key generated by a well-known pass-phrase algorithm wep_crack creats a table of keys for all dictionary words and uses them to find the key wep_decrypt tries random 40-bit keys to decrypt ⇒ 2 20attempts = 60 seconds Dictionary based pass-phrase take less than 1 seconds21-13©2007 Raj JainCSE571SWashington University in St. LouisFMS AttackFMS Attack Scott Fluhrer, Itsik Mantin, and Adi Shamir Based on a weakness of the way RC4 initializes its matrix If a key is weak, RC4 keystream contains some portions of key more than other combinations Statistically plot the distribution of parts of keystreams ⇒ Parts of key WEPcrack, http://wepcrack.sourceforge.net sniffs the network and analyzes the output using FMS to crack the keys AirSnort, http://airsnort.shmoo.com also sniffs and uses a part of FMS to find the key bsed-airtools includes dwepdump to capture the packets and dwepcrack to find the WEP key21-14©2007 Raj JainCSE571SWashington University in St. LouisDictionary Attack on LEAPDictionary Attack on LEAP LEAP uses MS-CHAP v1 for authentication Capture the challenge and response Brute force password attack21-15©2007 Raj JainCSE571SWashington University in St. LouisRouge APsRouge APs AirSnarf, http://airsnarf.shmoo.com setups a rouge AP and presents an authentication web page to the user Can steal credit card numbers21-16©2007 Raj JainCSE571SWashington University in St. LouisAdAd--Hoc Networking IssuesHoc Networking Issues Computer-to-computer networking is allowed in XP Viruses and worms can be passed on if one of them is infected and the other does not have a personal firewall21-17©2007 Raj JainCSE571SWashington University in St. LouisIEEE 802.11i Security EnhancementIEEE 802.11i Security Enhancement Strong message integrity check Longer Initialization Vector (48 bits in place of 24b) Key mixing algorithm to generate new per-packet keys Packet sequence number to prevent replay Extensible Authentication Protocol (EAP)⇒ Many authentication methods. Default=IAKERB 802.1X Authentication with Pre-shared key mode or managed mode with using RADIUS servers Mutual Authentication (Station-Key Distribution Center, Station-Access Point) AP sends security options in probe response if requested Robust Security Network (RSN) ⇒ Stronger AES encryption (AES-CCMP)21-18©2007 Raj JainCSE571SWashington University in St. Louis802.11 Security Protocol Stack802.11 Security Protocol


View Full Document
Download Wireless LAN Security II
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Wireless LAN Security II and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Wireless LAN Security II 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?