Make it Break it Fix It Jim Gromoll Wireless Security An overview Why do you care Why should you listen to me How does it break out Hackers Not an organization Standards National Institute of Science and Technology Researchers Picking up the pieces Breaking It Phases of a basic hack Develop tactics to research explore and gain knowledge Conduct Reconnaissance Identify potential weaknesses Identify potential targets Plan Attack The research Primer on 802 11b Beacon Probe Data Ad hoc Conduct the Reconnaissance Active Detection Probe and wait for response Passive Detection Promiscuous listen Look for easy traffic headers FTP Telnet etc WEP Allows detection of Link Layer activity Cloaked SSIDs can be revealed PSK can be brute forced Time And Time CPU PSK are difficult to manage Revocation difficult Making it Protecting WEP stations STA access points AP authentication servers AS 802 11i TKIP CCMP Push I Believe Standards Compliance Applications Low hanging fruit Gets Picked Get up the tree Five Phase Lifecycle SE Content Ahead Initiation Acquire and Develop Plan and Design Procure Implement Operate Dispose Simply Best Practices Fixing it IEEE 802 11 WEP Security Issues Key Management Single Default Key for Encryption No revocation method RC4 Flaws Basic key is 40 bit 104 Bit key as easy as 40 bit Lightweight Key Management for IEEE 802 11Wireless LANs IEEE 802 11 WEP Security Issues Identity Spoofing MAC Spoofing Modifiable Transmitted in the clear Data Integrity CRC 32 only Lightweight Key Management for IEEE 802 11Wireless LANs IEEE 802 11 WEP The Fix WEP Backward compatability Transfer Current Keys via RADIUS Authentication Embeds in Response nonce Uses point to point key update protocol Ruled out KDC and Public Key Uses Key pair Kcurr and Khost for integrity Lightweight Key Management for IEEE 802 11Wireless LANs IEEE 802 11 WEP The Fix WEP Operation Validates MAC retrieve Khost Respond with keys embedded encrypt with Khost Host decrypt and grab keys Lightweight Key Management for IEEE 802 11Wireless LANs IEEE 802 11 WEP The Fix WEP Keeping if fresh AP Modulo rotation of Default Key to oldest valid WEP Hosts de authenticate then re authentication Non WEP gets deauthenticated Lightweight Key Management for IEEE 802 11Wireless LANs IEEE 802 11 WEP The Fix FixedWEP Prevents replay attack Adds timestamp validation to Authentication Message 3 Lightweight Key Management for IEEE 802 11Wireless LANs Fixing It Intrusion Detection in MANET PROFIDS Profile based IDS Based on AODV IDS in Mobile Ad Hoc Network with Profile Support Intrusion Detection in MANET Threat Vectors Eaves dropping Impersonation Replay Distortion IDS in Mobile Ad Hoc Network with Profile Support Intrusion Detection in MANET Proposed Architecture Traffic Interception Statistical Preprocessing Event generation Module Profile based IDS Mechanism Alert generation IDS in Mobile Ad Hoc Network with Profile Support Intrusion Detection in MANET Proposed Architecture Agent Based Each node learns if neighbor activity is bad Uses basic statistical models Modifies routing table IDS in Mobile Ad Hoc Network with Profile Support
View Full Document
Unlocking...