Abstract image of a woman sitting on books and studying on a laptop

7.Wireless

P
phanleson

This document provides an overview of the learning plan and objectives for a course on network security. The course covers topics such as wireless network threats, encryption, and protocols. It discusses weaknesses in early wireless networks and alternatives to improve security. The document also examines wireless network architectures, attacks targeting different layers, and ways antenna configuration can impact threats.

Business
1 of 65
Downloaded 21 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Course 3: Network Security, Section 7 Pascal Meunier, Ph.D., M.Sc., CISSP May 2004, updated July 30, 2004 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity Building Program (Award Number 0113725) and the Purdue e-Enterprise Center Copyright (2004) Purdue Research Foundation. All rights reserved.
Course 3 Learning Plan  Architecture  Physical and link layer  Network layer  Transport layer  Application layer: DNS, RPC, NFS  Application layer: Routing  Wireless networks  More secure protocols: DNSSEC, IPSEC, IPv6
Learning objectives  Learn about threats faced by wireless networks  Understand how encrypted wireless networks can be attacked  Learn from the mistakes in the design of 802.11b
Wireless Networks  Wireless Threats  Antennas – Directionality – Range – Gain  Design Weaknesses  Implementation Weaknesses  Automated WEP crackers and sniffers  Alternatives to WEP
Interesting Wireless Uses  Burlington Northern and Santa Fe Railway Company (BNSF) US railroad uses Wi-Fi to run 'driverless' trains (Smith 2003).  Home Depot (Luster 2002), BestBuy (Computerworld 2002) and Lowes (Ashenfelter 2003) were famous for being targetted by hackers sitting in the parking lots and eavesdropping on traffic to cash registers, and even accessing their networks through their wireless access points.  The Navy was reportedly interested in deploying 802.11b technology to control warships (Cox 2003).
Wireless Threats  Medium is open to most attackers in the neighborhood of a wireless node – Near-impossibility of establishing a clear physical security boundary  Higher gain antennas can be used to overcome distance or a weak signal  Remote attackers can aim at: – The physical layer – The link layer  Media Access Control (MAC)  Logical link – The network layer
Threats  DoS attacks – Jamming – Fake collisions (Request to send, see slides on CSMA/CA) – Amplification  Integrity attacks – Packets captured, modified and reinjected  Confidentiality attacks – Capture passwords, authentication tokens, etc...  Authentication and Accountability attacks – Anonymity for attacker – Reassign accountability to network or account owners
Physical Layer  CIA  Coverage vs Risk  Antenna gain vs transmission power
Question  Which property of “CIA” (confidentiality, integrity, availability) can’t you guarantee in any wireless network?  How about a warship that is steered and controlled through wireless networks. What could happen?
Answer  You can’t guarantee availability, because wireless networks can be jammed.  A warship controlled through a wireless network could stop responding and continue on a bad course (collision or otherwise)
Wireless Coverage is Risk  The potential number of locations from which attackers can operate is proportional to the area covered.  Areas you physically control may not be as risky  The size of the area is not completely under your control, because attackers can use arbitrarily large antennas.  However, you can control the amount of power used. How does that affect the risk?
Wireless Power  Area of a sphere = 4π r2  Total power is constant  Power/area decreases ≈ 1/r2  Big antennas capture more power (more area) – Analogy: Lenses  The bigger the lens, the more light is captured Source Receiving Antenna
Wireless Power  Antenna gain is measured in dB (decibels) as the ratio of power captured compared to a reference antenna.  Gain usually comes at the cost of increased directionality – Power is concentrated in (and captured from) a narrower field
Antenna Gain (dB)  Where P2 is the power captured by the reference antenna  A gain of 3 dB means captured power is doubled.  A gain of 10 dB means captured power is increased 10 times.  A gain of 20 dB means captured power is increased 100 times.
Variable Power  Some access points and cards can use varying amounts of power  Uncommon feature (Cisco, Apple Airport Ex)  How is the range changed by power? 2 P1 r 1 = 2 P2 r 2  How much power do you need to double the range? – "r" is the range !
Power Calculations  Double range needs 4x power  Equivalent statement: – An increase in power of 6 dB doubles the range  Triple range needs 9x power  Lower the power to decrease the risk area  Cisco Aironet Antennas Reference Guide – http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prod lit/agder_rg.htm
Question  Your wireless network usually has a range of 100 feet. However you are having a (confidential) meeting in a 10’ diameter (circular) room but want to use a wireless access point in the room. By how much can you decrease the power to diminish the threats?
Answer  A 10’x10’ room approximately fits inside a 5’ radius sphere.  100/5 = 20x range reduction  Power =1/(20x20) = 1/400  So if the power was 400 mW, 1 mW should now be sufficient.
Question  If you want to spy on the meeting mentioned previously, from 100 feet away, what is the gain (in dB) of the antenna you need?
Answer Gain (dB) = 10 log(400) = 10 log(4) + 10 log(100) = 6+20 = 26 dB
Link Layer  802.11b security is focused at the link layer  Media Access Control – MAC address-based access control lists  Refer to the slides on Media Access Control in the link layer – CSMA/CA (Collision avoidance)  Refer to the slides on spurious RTS (request to send)  Logical Link – Logical organization of stations and access points – WEP encryption – Network Management frames
Logical Link  Wireless networks have two possible architectures – Ad-hoc networks  Similar concept: Peer-to-Peer – Access-point-based networks (a.k.a. infrastructure mode)  All traffic goes through the access point.  A station is a member of which network? – Association concept
Definitions  BSS (Basic Service Set) – A collection of stations (a.k.a. nodes) communicating wirelessly together – To differentiate between closeby BSS and their own, they use a BSSID, which has the format of a MAC address.  All stations in one BSS use the same BSSID to communicate Company A's ? Company B's Network Network
Infrastructure Mode  The BSSID is usually the MAC address of the AP (Access Point)  Sophisticated APs have the capability of handling several BSSes with different BSSIDs, and appear as several virtual APs. Stations using the same BSSID AP Wired Network
Ad-hoc Mode  The stations use a random number as the BSSID – The first station selects the BSSID and the others use it Stations using the same BSSID
Definitions (cont.)  ESS: Extended Service Set – Composed of several BSSes joined together.  SSID: Service Set ID – Commonly known as the network name  Human-readable name – "ESSID" is sometimes used to refer to the SSID used in the context of an ESS – Transparent for the end user  Only aware of the SSID  Traffic in an ESS may be using several different BSSIDs if there are several APs in it.
Question  The MAC address of an access point is used for:  a) SSID  b) ESSID  c) BSS  d) BSSID
Question  The MAC address of an access point is used for:  a) SSID  b) ESSID  c) BSS  d) BSSID
Beacon Frames  Beacon Frames broadcast the SSID – Help users locate available networks – Layer 2 Management frames – Networks without BFs are called "closed networks"  Simply means that the SSID is not broadcast anymore  Weak attempt at security through obscurity, to make the presence of the network less obvious  BSSIDs are revealed as soon as a single frame is sent by any member station  Mapping between SSIDs and BSSIDs is revealed by several management frames that are not encrypted
Is the SSID a Secret?  Stations looking for an access point send the SSID they are looking for in a "probe request"  Access points answer with a "probe reply" frame, which contains the SSID and BSSID pair  Stations wanting to become part of a BSS send an association request frame, which also contains the SSID/BSSID pair in clear text – So do re-association requests (see next slides) and their response  Therefore, the SSID remains secret only on closed networks with no activity  Conclusion: Closed networks mainly inconvenience legitimate users
Authentication and Association  To become part of a BSS, a station must first authenticate itself to the network – Then request association to a specific access point  The access point is in charge of authentication and accepting the association of the station – Unless an add-on authentication system (e.g., Radius) is used  MAC address is trusted as giving the correct identity of the station or access point – How can this be abused?
Abusing MAC Addresses  A station doesn't know if it is talking to a real access point, or to the same access point every time – Access points are not authenticated by stations  Even if they were, the MAC address can be faked  An access point doesn't know if it is talking to the same station every time
Authentication and (Dis)Association Attacks  Any station can impersonate another station or access point and attack or interfere with the authentication and association mechanisms. – As these frames are not encrypted, the difficulty is trivial  Disassociation and deauthentication frames – A station receiving one of those frames must redo the authentication and association processes – With a single short frame, an attacker can delay the transmission of data and require the station and real access point to redo these processes  takes several frames to perform.
Disassociation Exploit  Efficiency was demonstrated by Bellardo (2003)  Seems to have been used in the "Black Hat" (see below) community prior to that report – The tool "KisMAC" implements it  Availability is affected – can be selective against specific users Note: White Hats should do no harm and obey all the rules; Black Hats do whatever they want
Authentication Modes  Authentication is done by: – a station providing the correct SSID – or through "shared key authentication"  Access point and all base stations share a secret encryption key – Hard to deploy – Hard to change – Hard to keep secret – No accountability  Requires a station to encrypt with WEP (see next slides) a challenge text provided by the access point  An eavesdropper gains both the plaintext and the cyphertext – Perform a known plaintext attack – This authentication helps to crack WEP encryption!
Nota Bene: 802.11b and WEP  Remind yourself through this presentation that 802.11b was designed by professional software and hardware engineers and reviewed by many such.  Be extremely careful and skeptical about “home- brewed” security and encryption solutions. – This is an often repeated mistake
WEP: Wired Equivalent Privacy  Cryptographic mechanism used to defend against threats  Developed without – Academic or public review – Review from cryptologists  Has significant vulnerabilities and design flaws  Only about a quarter to a third of wireless access points use WEP – Tam et al. 2002 – Hamilton 2002 – Pickard and Cracknell 2001, 2003
WEP  WEP is a stream cipher – Uses RC-4 to produce a stream of bytes that are XORed with the plaintext – The input to the stream cipher algorithm is an "initial value" (IV) sent in plaintext, and a secret key – IV is 24 bits long – Length of the secret is either 40 or 104 bits, for a total length for the IV and secret of 64 or 128 bits – Marketing publicized the larger number, implying that the secret was a 64 or 128 bit number, in a classical case of deceptive advertising  How else can you call a protection that is 16.8 million times weaker than advertised?
XOR Encryption  0 XOR 0 = 0 1 XOR 0 = 1 1 XOR 1 = 0 (z XOR y) XOR z = y (z XOR y) XOR y = z Works independently of which of z or y is the “plaintext”, "pad" or the “ciphertext”
Stream Cipher  Given an IV and secret key, the stream of bytes (pad) produced is always the same – Pad XOR plaintext = ciphertext  If an IV is ever reused, then the pad is the same  Knowing all the pads is equivalent to knowing the secret  Application to WEP: – The pad is generated from the combination between the IV and the WEP key passed through RC4 – Knowing all the pads is equivalent to knowing the 40 or 104-bit secret  "Weak" IVs reveal additional information about the secret
Pad-Collection Attacks  There is (should be) a different pad for every encrypted packet that is sent between AP and a station  By mapping pads to IVs, we can build up a table and skip the RC4 step – The stream is never longer than 1500 bytes (the maximum Ethernet frame size) – The 24 bit-IV provides 16,777,216 (256^3) possible streams, so all the pads can fit inside 25,165,824,000 bytes (23.4 GB)  We never have to have the WEP Key – Once we have a complete table, it's as good as having the WEP key.
Cracking WEP  Passive attacks – The presence of the attacker does not change traffic, until WEP has been cracked  Active attacks – Active attacks increase the risk of being detected, but are more capable. – If an active attack is reasonable (i.e., the risk of detection is disregarded), the goal is to stimulate traffic  Collect more pads and uses of weak IVs  Some attacks require only one pad.
How Authentication Helps Collecting Pads  Access point sends the plaintext  Station returns ciphertext  Mallory computes – plaintext XOR ciphertext = pad – The IV was in plain text in the packet – Mallory now has a pad and matching IV  Mallory can now authenticate! – Access point sends another plaintext challenge – Mallory chooses to use the same IV and pad – Returns Pad XOR plaintext = ciphertext
Disassociation Attack to Collect Pads  Active attack  Keep forcing stations to re-authenticate and reveal more pads by using different IVs
Faking Being an Access Point  An attacker can also pretend to be an access point  Run a cycle of authentication and deauthentication to collect all the pads from other stations  Works even if the real access points do not require shared key authentication – Attacker can require it while faking being an access point
"Single Pad" Attacks  Exploits based on knowing a single encryption pad and IV – Smurf – TCP SYN flood – UDP attacks
Defeating Firewalls with Single Pad Attacks  Access Point behind a firewall  Mallory sends packets to Victim, who believes they come from Mallory's accomplice (replies)  Mallory's accomplice forwards packets to Mallory Mallory's Victim Mallory Accomplice Firewall AP Internet Wired Internal Network
Results  UDP replies can be obtained unencrypted  TCP sessions can be established with sensitive services intended to be protected by the firewall  Intrusion detection systems will most likely ignore responses originating from internal hosts – the attacks can proceed undetected at this level  For all practical purposes, in this configuration WEP has been completely defeated.
Defenses  Provide a firewall for the wireless network with a rule to refuse packets that do not contain source addresses part of the wireless network's range  Connect access points outside the internet firewall (as if they were part of the internet). – Can also negate some advantages of the wireless network for legitimate users
Administrative Access  Some access points allow administrative access from the wireless network  Or offer services on a UDP port (e.g., Apple base stations listen on UDP port 192)  One-packet attacks directed against these services could exploit vulnerabilities – disable the access point or make it difficult to use  Administrative access to access point should be disabled from the wireless network – Not all access points support this feature.
More Pad Collection Attacks  Pads collected by disassociation attacks have a limited length  Mallory sends packets to himself (or to another wireless station) through an internet accomplice  Mallory gets the matching encrypted version Mallory's Mallory Accomplice Firewall AP Internet Wired Internal Network
Defense  Requires a stateful firewall – will distinguish and block fake responses by keeping track of wether the destination host really made a prior request to the source IP of the packets  A variation of the attack allows a more sophisticated attacker to launch chosen plaintext attacks against the encryption itself – this attack may be useful against encryptions superseeding WEP as well
Weak Keys (a.k.a. Weak IVs)  Due to how RC4 is used in WEP, some IVs can reveal information about the secret key – Mathematical details out of the scope of this material  Attack – FMS (Fluhrer et al. 2001) cryptographic attack on WEP – Practicality demonstrated by Stubblefield et al. (2001) – Collection of the first encrypted octet of several million packets. – Exploits  WEPcrack (Rager 2001)  Airsnort (Bruestle et al. 2001) – Key can be recovered in under a second (after collecting the data).
Defenses  Some wireless cards no longer generate weak IVs (given a secret, weak IVs can be listed; WEPcrack can do this)  Some Lucent devices are known to have stopped generating weak IVs (binaervarianz 2003)  Other vendors should be able to do the same, and make this attack ineffective – Which Symantec products use WEP and could stop generating weak IVs?
Integrity Attacks  What if Mallory modified a captured packet and resent it on the wireless network?  IP destination address always in the same location – Modify packet so a copy is sent to Mallory's accomplice  Accomplice receives the decrypted packet  Based on a CRC checksum weakness (Borisov 2001) – Given the knowledge of (part of) the plaintext, a WEP- protected message can be changed at will – Mallory needs only to guess the relevant IP address  Or part of it, if Mallory's accomplice can sniff traffic on destination network
Defenses  Use another encryption layer, such as SSL (https) or ssh
Implementation Weaknesses  Restricted IV selection – Some access points (old Cisco firmware, notably) produced IVs using only 18 of the 24-bit space – Lowered the storage requirement for all pads from 23.4 GB to a mere 366 MB (Meunier et al. 2002)  Poor randomness for IVs – IVs being used more often (reuses of the same pad) – Sequential generation allow complete collection faster  Newsham 21-bit attack
Implementation Issues  Newsham 21-bit attack – Some manufacturers generate WEP keys from text, in an effort to increase ease-of-use – But the algorithm used produces only keys in a 21-bit space instead of 40-bit  Brute force cracking of WEP is 2^19 (524,288) times faster  Takes less than a minute on commodity hardware (Newsham 2001) – Exploits  The tool KisMAC implements this attack – According to the tool's documentation, Linksys and D-link products seemed to be vulnerable, but not 3Com and Apple » Are Symantec products vulnerable?
Automated WEP Crackers and Sniffers  AiroPeek (Commercial) – Easy-to-use, flexible and sophisticated analyzer  WEPCrack, AirSnort – Implementations of the FMA attack  NetStumbler – This is a popular network discovery tool, with GPS support. It does not perform any cracking. A MacOS equivalent is named "iStumbler".  KisMAC – This is a MacOS X tool for network discovery and cracking WEP with several different methods  Kismet – swiss-army knife
LEAP: The Lightweight Extensible Authentication Protocol  Proprietary, closed solution – was stated (without much details) by Cisco as unaffected by WEP vulnerabilities (Cisco 2002).  LEAP conducts mutual authentication – client is assured that the access point is an authorized one – Uses per-session keys that can be renewed regularly  Makes the collection of a pad or weak IVs more difficult  Secret key can be changed before the collection is complete – The user is authenticated, instead of the hardware  MAC address access control lists are not needed – LEAP requires an authentication server (RADIUS) to support the access points
LEAP Attacks  Dictionary attacks – Password-based scheme – Requires user passwords be guessable (Wright 2003)  LEAP access points don't use weak IVs – Use MS-CHAP v2, show the same weaknesses as MS- CHAP (Wright 2003) – There are many variants of the Extensible Authentication Protocol, such as EAP-TLS and PEAP.
WPA  Wi-Fi Protected Access – stop-gap solution that solves issues related to the WEP encryption itself  IVs are larger (48 bits instead of 24)  Shared key is used more rarely – Used to negotiate and communicate "temporal keys"  "Temporal keys" are used to encrypt packets instead – Doesn't solve issues with the management frames – Collision Avoidance mechanism can still be exploited – Can be supported by most of the 802.11b hardware
Questions or Comments? 
About These Slides  You are free to copy, distribute, display, and perform the work; and to make derivative works, under the following conditions. – You must give the original author and other contributors credit – The work will be used for personal or non-commercial educational uses only, and not for commercial activities and purposes – For any reuse or distribution, you must make clear to others the terms of use for this work – Derivative works must retain and be subject to the same conditions, and contain a note identifying the new contributor(s) and date of modification – For other uses please contact the Purdue Office of Technology Commercialization.  Developed thanks to the support of Symantec Corporation
Pascal Meunier pmeunier@purdue.edu Contributors: Jared Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki, Melissa Dark, Chris Clifton, Gustavo Rodriguez-Rivera

More Related Content

PPT
wi-fi definition
Naveed Hassan
 
PPT
Multiplexing,LAN Cabling,Routers,Core and Distribution Networks
Panimalar Engineering College
 
PDF
G0361052058
inventionjournals
 
PDF
Juniper bti packet optical training
Muhammad Denis Iqbal
 
PDF
DWDM Presentation
ayodejieasy
 
PPT
Important terms in understanding internet programming
shahajahankhan123
 
PPT
Wi Fi
Ram Dutt Shukla
 
PPTX
Wdm and dwdm ppt
Aakash Singh
 
wi-fi definition
Naveed Hassan
 
Multiplexing,LAN Cabling,Routers,Core and Distribution Networks
Panimalar Engineering College
 
G0361052058
inventionjournals
 
Juniper bti packet optical training
Muhammad Denis Iqbal
 
DWDM Presentation
ayodejieasy
 
Important terms in understanding internet programming
shahajahankhan123
 
Wi Fi
Ram Dutt Shukla
 
Wdm and dwdm ppt
Aakash Singh
 

What's hot (20)

PPTX
Wwwwww
misgina Mengesha
 
PPTX
TECHNIQUES TO COMBAT OSNR IN DWDM LINKS
MapYourTech
 
PDF
3 S W 2009 I E E E Abstracts Java, N C C T Chennai
ncct
 
PDF
Minimizing mobiles communication time using modified binary exponential backo...
IJCNCJournal
 
DOCX
Dense wavelength division multiplexing....
Arif Ahmed
 
PDF
dwdm
g d
 
PPT
Cc wdm network design
zeedoui2
 
PPT
Dense wavelength division multiplexing
Tauseef khan
 
PPTX
Optical code division multiple access
Murtadha ali shukur
 
PDF
Ed36788792
IJERA Editor
 
PPTX
Cisco DWDM Chromatic Dispertion Calculation in CTP\XLS
Valery Kayukov
 
PDF
CDMA Transmitter and Receiver Implementation Using FPGA
IOSR Journals
 
PPTX
Wavelength division multiplexing
Nalin Dubey
 
PDF
Comp science notes
Felix Lidoro
 
PPT
Dwdm
Mastan Shaik
 
PPTX
OFC Communication - Pocket Note
Sushmesh Sharma (Looking For Change)
 
PPTX
WDM & Optical Amplifiers
Eng_Ahmad
 
PPTX
Wavelength division multiplexing
Muhammad Uzair Rasheed
 
PPTX
Cdma 101
SAFAREENA
 
PPT
Cellular systems and infrastructure base wireless network
University of Science & Technology, Beijing
 
Wwwwww
misgina Mengesha
 
TECHNIQUES TO COMBAT OSNR IN DWDM LINKS
MapYourTech
 
3 S W 2009 I E E E Abstracts Java, N C C T Chennai
ncct
 
Minimizing mobiles communication time using modified binary exponential backo...
IJCNCJournal
 
Dense wavelength division multiplexing....
Arif Ahmed
 
dwdm
g d
 
Cc wdm network design
zeedoui2
 
Dense wavelength division multiplexing
Tauseef khan
 
Optical code division multiple access
Murtadha ali shukur
 
Ed36788792
IJERA Editor
 
Cisco DWDM Chromatic Dispertion Calculation in CTP\XLS
Valery Kayukov
 
CDMA Transmitter and Receiver Implementation Using FPGA
IOSR Journals
 
Wavelength division multiplexing
Nalin Dubey
 
Comp science notes
Felix Lidoro
 
Dwdm
Mastan Shaik
 
OFC Communication - Pocket Note
Sushmesh Sharma (Looking For Change)
 
WDM & Optical Amplifiers
Eng_Ahmad
 
Wavelength division multiplexing
Muhammad Uzair Rasheed
 
Cdma 101
SAFAREENA
 
Cellular systems and infrastructure base wireless network
University of Science & Technology, Beijing
 
Ad

Viewers also liked (6)

PPT
Wisp Italy ISP WiFi
Hotware International Inc.
 
PPT
Wisp Scotia Wificity
Hotware International Inc.
 
PPT
2007 EuRad Conference: Speech on Rough Layers (ppt)
Nicolas Pinel
 
PPTX
Dual Band Microstrip Antenna
Anas Kadri
 
PPTX
MicroStrip Antenna
Tarek Nader
 
PPTX
Smart antenna systems
Apoorva Shetty
 
Wisp Italy ISP WiFi
Hotware International Inc.
 
Wisp Scotia Wificity
Hotware International Inc.
 
2007 EuRad Conference: Speech on Rough Layers (ppt)
Nicolas Pinel
 
Dual Band Microstrip Antenna
Anas Kadri
 
MicroStrip Antenna
Tarek Nader
 
Smart antenna systems
Apoorva Shetty
 
Ad

Similar to 7.Wireless (20)

DOCX
Mi0035 computer networks
smumbahelp
 
PDF
Computer networks wireless lan,ieee-802.11,bluetooth
Deepak John
 
DOCX
Mi0035 computer networks
smumbahelp
 
PPTX
Wireless Local Area Networks
Dilum Bandara
 
DOCX
Mi0035 computer networks
smumbahelp
 
DOCX
Mi0035 computer networks
smumbahelp
 
PPTX
Mobile Computing (Part-2)
Ankur Kumar
 
DOCX
Mi0035 computer networks
Study Stuff
 
PPTX
It2402 mobile communication unit2
RMK ENGINEERING COLLEGE, CHENNAI
 
PDF
Module 3 wlan,bluetooth vlan
Deepak John
 
PPT
wifi-technology
tardeep
 
PPT
Slides-ICISS.ppt
chaitragowda46
 
PPTX
Lect3_MS_Networksvlan,WIRLESS ,CSMA,4G.pptx
MuhammadHamza117822
 
PPT
Wi fi[1]
Manish Srivastava
 
PDF
Wireless Technology
Netwax Lab
 
PPTX
WLAN
Mukesh Chinta
 
PPT
CCNA Network Devices
Dsunte Wilson
 
PPT
Ieee 802.11overview
Object-Frontier Software Pvt. Ltd
 
PPT
IEEE-802.11overview1111111111111111111.ppt
NasrEldeen4
 
PPTX
IEEE-802.11overview.pptx ieee 802 11 overview
sadiariasat10
 
Mi0035 computer networks
smumbahelp
 
Computer networks wireless lan,ieee-802.11,bluetooth
Deepak John
 
Mi0035 computer networks
smumbahelp
 
Wireless Local Area Networks
Dilum Bandara
 
Mi0035 computer networks
smumbahelp
 
Mi0035 computer networks
smumbahelp
 
Mobile Computing (Part-2)
Ankur Kumar
 
Mi0035 computer networks
Study Stuff
 
It2402 mobile communication unit2
RMK ENGINEERING COLLEGE, CHENNAI
 
Module 3 wlan,bluetooth vlan
Deepak John
 
wifi-technology
tardeep
 
Slides-ICISS.ppt
chaitragowda46
 
Lect3_MS_Networksvlan,WIRLESS ,CSMA,4G.pptx
MuhammadHamza117822
 
Wi fi[1]
Manish Srivastava
 
Wireless Technology
Netwax Lab
 
WLAN
Mukesh Chinta
 
CCNA Network Devices
Dsunte Wilson
 
Ieee 802.11overview
Object-Frontier Software Pvt. Ltd
 
IEEE-802.11overview1111111111111111111.ppt
NasrEldeen4
 
IEEE-802.11overview.pptx ieee 802 11 overview
sadiariasat10
 

More from phanleson (20)

PDF
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
PPT
Firewall - Network Defense in Depth Firewalls
phanleson
 
PPT
Mobile Security - Wireless hacking
phanleson
 
PPT
Authentication in wireless - Security in Wireless Protocols
phanleson
 
PPT
E-Commerce Security - Application attacks - Server Attacks
phanleson
 
PPT
Hacking web applications
phanleson
 
PPTX
HBase In Action - Chapter 04: HBase table design
phanleson
 
PPT
HBase In Action - Chapter 10 - Operations
phanleson
 
PPT
Hbase in action - Chapter 09: Deploying HBase
phanleson
 
PPTX
Learning spark ch11 - Machine Learning with MLlib
phanleson
 
PPTX
Learning spark ch10 - Spark Streaming
phanleson
 
PPTX
Learning spark ch09 - Spark SQL
phanleson
 
PPT
Learning spark ch07 - Running on a Cluster
phanleson
 
PPTX
Learning spark ch06 - Advanced Spark Programming
phanleson
 
PPTX
Learning spark ch05 - Loading and Saving Your Data
phanleson
 
PPTX
Learning spark ch04 - Working with Key/Value Pairs
phanleson
 
PPTX
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
PPT
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
phanleson
 
PPT
Lecture 1 - Getting to know XML
phanleson
 
PPTX
Lecture 4 - Adding XTHML for the Web
phanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
Firewall - Network Defense in Depth Firewalls
phanleson
 
Mobile Security - Wireless hacking
phanleson
 
Authentication in wireless - Security in Wireless Protocols
phanleson
 
E-Commerce Security - Application attacks - Server Attacks
phanleson
 
Hacking web applications
phanleson
 
HBase In Action - Chapter 04: HBase table design
phanleson
 
HBase In Action - Chapter 10 - Operations
phanleson
 
Hbase in action - Chapter 09: Deploying HBase
phanleson
 
Learning spark ch11 - Machine Learning with MLlib
phanleson
 
Learning spark ch10 - Spark Streaming
phanleson
 
Learning spark ch09 - Spark SQL
phanleson
 
Learning spark ch07 - Running on a Cluster
phanleson
 
Learning spark ch06 - Advanced Spark Programming
phanleson
 
Learning spark ch05 - Loading and Saving Your Data
phanleson
 
Learning spark ch04 - Working with Key/Value Pairs
phanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
phanleson
 
Lecture 1 - Getting to know XML
phanleson
 
Lecture 4 - Adding XTHML for the Web
phanleson
 

Recently uploaded (20)

PDF
Keppel_Proposed Divestment of M1 Limited
KeppelCorporation
 
PDF
income tax laws notes important pakistan
VrindaTayade1
 
PDF
Daniels 2024 Inclusive, Sustainable Development
CMassociates
 
PPTX
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
DOCX
Center Enamel A Strategic Partner for the Modernization of Georgia's Chemical...
cecvessels
 
PDF
Susan Semmelmann: Enriching the Lives of others through her Talents and Bless...
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PDF
#1 Safe and Secure Verified Cash App Accounts for Purchase.pdf
Buy Verified Cash App Accounts
 
PDF
Robin Fischer: A Visionary Leader Making a Difference in Healthcare, One Day ...
The lifescience magaizne
 
PDF
Environmental Law Communication: Strategies for Advocacy (www.kiu.ac.ug)
publication11
 
PDF
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
PPTX
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
PPTX
IITM - FINAL Option - 01 - 12.08.25.pptx
MukeshAssociates2
 
PPTX
operations management : demand supply ch
JayeshJaiswal23
 
PPTX
CTG - Business Update 2Q2025 & 6M2025.pptx
HcTrSoros
 
DOCX
80 DE ÔN VÀO 10 NĂM 2023vhkkkjjhhhhjjjj
janggookdal
 
PDF
ANALYZING THE OPPORTUNITIES OF DIGITAL MARKETING IN BANGLADESH TO PROVIDE AN ...
IJMIT JOURNAL
 
PDF
Booking.com The Global AI Sentiment Report 2025
agatadrynko
 
PPT
Lecture 3344;;,,(,(((((((((((((((((((((((
princessbliss09
 
PDF
NEW - FEES STRUCTURES (01-july-2024).pdf
priyansubarmanwork
 
PDF
Charisse Litchman: A Maverick Making Neurological Care More Accessible
The lifescience magaizne
 
Keppel_Proposed Divestment of M1 Limited
KeppelCorporation
 
income tax laws notes important pakistan
VrindaTayade1
 
Daniels 2024 Inclusive, Sustainable Development
CMassociates
 
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
Center Enamel A Strategic Partner for the Modernization of Georgia's Chemical...
cecvessels
 
Susan Semmelmann: Enriching the Lives of others through her Talents and Bless...
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
#1 Safe and Secure Verified Cash App Accounts for Purchase.pdf
Buy Verified Cash App Accounts
 
Robin Fischer: A Visionary Leader Making a Difference in Healthcare, One Day ...
The lifescience magaizne
 
Environmental Law Communication: Strategies for Advocacy (www.kiu.ac.ug)
publication11
 
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
IITM - FINAL Option - 01 - 12.08.25.pptx
MukeshAssociates2
 
operations management : demand supply ch
JayeshJaiswal23
 
CTG - Business Update 2Q2025 & 6M2025.pptx
HcTrSoros
 
80 DE ÔN VÀO 10 NĂM 2023vhkkkjjhhhhjjjj
janggookdal
 
ANALYZING THE OPPORTUNITIES OF DIGITAL MARKETING IN BANGLADESH TO PROVIDE AN ...
IJMIT JOURNAL
 
Booking.com The Global AI Sentiment Report 2025
agatadrynko
 
Lecture 3344;;,,(,(((((((((((((((((((((((
princessbliss09
 
NEW - FEES STRUCTURES (01-july-2024).pdf
priyansubarmanwork
 
Charisse Litchman: A Maverick Making Neurological Care More Accessible
The lifescience magaizne
 

7.Wireless

  • 1. Course 3: Network Security, Section 7 Pascal Meunier, Ph.D., M.Sc., CISSP May 2004, updated July 30, 2004 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity Building Program (Award Number 0113725) and the Purdue e-Enterprise Center Copyright (2004) Purdue Research Foundation. All rights reserved.
  • 2. Course 3 Learning Plan  Architecture  Physical and link layer  Network layer  Transport layer  Application layer: DNS, RPC, NFS  Application layer: Routing  Wireless networks  More secure protocols: DNSSEC, IPSEC, IPv6
  • 3. Learning objectives  Learn about threats faced by wireless networks  Understand how encrypted wireless networks can be attacked  Learn from the mistakes in the design of 802.11b
  • 4. Wireless Networks  Wireless Threats  Antennas – Directionality – Range – Gain  Design Weaknesses  Implementation Weaknesses  Automated WEP crackers and sniffers  Alternatives to WEP
  • 5. Interesting Wireless Uses  Burlington Northern and Santa Fe Railway Company (BNSF) US railroad uses Wi-Fi to run 'driverless' trains (Smith 2003).  Home Depot (Luster 2002), BestBuy (Computerworld 2002) and Lowes (Ashenfelter 2003) were famous for being targetted by hackers sitting in the parking lots and eavesdropping on traffic to cash registers, and even accessing their networks through their wireless access points.  The Navy was reportedly interested in deploying 802.11b technology to control warships (Cox 2003).
  • 6. Wireless Threats  Medium is open to most attackers in the neighborhood of a wireless node – Near-impossibility of establishing a clear physical security boundary  Higher gain antennas can be used to overcome distance or a weak signal  Remote attackers can aim at: – The physical layer – The link layer  Media Access Control (MAC)  Logical link – The network layer
  • 7. Threats  DoS attacks – Jamming – Fake collisions (Request to send, see slides on CSMA/CA) – Amplification  Integrity attacks – Packets captured, modified and reinjected  Confidentiality attacks – Capture passwords, authentication tokens, etc...  Authentication and Accountability attacks – Anonymity for attacker – Reassign accountability to network or account owners
  • 8. Physical Layer  CIA  Coverage vs Risk  Antenna gain vs transmission power
  • 9. Question  Which property of “CIA” (confidentiality, integrity, availability) can’t you guarantee in any wireless network?  How about a warship that is steered and controlled through wireless networks. What could happen?
  • 10. Answer  You can’t guarantee availability, because wireless networks can be jammed.  A warship controlled through a wireless network could stop responding and continue on a bad course (collision or otherwise)
  • 11. Wireless Coverage is Risk  The potential number of locations from which attackers can operate is proportional to the area covered.  Areas you physically control may not be as risky  The size of the area is not completely under your control, because attackers can use arbitrarily large antennas.  However, you can control the amount of power used. How does that affect the risk?
  • 12. Wireless Power  Area of a sphere = 4π r2  Total power is constant  Power/area decreases ≈ 1/r2  Big antennas capture more power (more area) – Analogy: Lenses  The bigger the lens, the more light is captured Source Receiving Antenna
  • 13. Wireless Power  Antenna gain is measured in dB (decibels) as the ratio of power captured compared to a reference antenna.  Gain usually comes at the cost of increased directionality – Power is concentrated in (and captured from) a narrower field
  • 14. Antenna Gain (dB)  Where P2 is the power captured by the reference antenna  A gain of 3 dB means captured power is doubled.  A gain of 10 dB means captured power is increased 10 times.  A gain of 20 dB means captured power is increased 100 times.
  • 15. Variable Power  Some access points and cards can use varying amounts of power  Uncommon feature (Cisco, Apple Airport Ex)  How is the range changed by power? 2 P1 r 1 = 2 P2 r 2  How much power do you need to double the range? – "r" is the range !
  • 16. Power Calculations  Double range needs 4x power  Equivalent statement: – An increase in power of 6 dB doubles the range  Triple range needs 9x power  Lower the power to decrease the risk area  Cisco Aironet Antennas Reference Guide – http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prod lit/agder_rg.htm
  • 17. Question  Your wireless network usually has a range of 100 feet. However you are having a (confidential) meeting in a 10’ diameter (circular) room but want to use a wireless access point in the room. By how much can you decrease the power to diminish the threats?
  • 18. Answer  A 10’x10’ room approximately fits inside a 5’ radius sphere.  100/5 = 20x range reduction  Power =1/(20x20) = 1/400  So if the power was 400 mW, 1 mW should now be sufficient.
  • 19. Question  If you want to spy on the meeting mentioned previously, from 100 feet away, what is the gain (in dB) of the antenna you need?
  • 20. Answer Gain (dB) = 10 log(400) = 10 log(4) + 10 log(100) = 6+20 = 26 dB
  • 21. Link Layer  802.11b security is focused at the link layer  Media Access Control – MAC address-based access control lists  Refer to the slides on Media Access Control in the link layer – CSMA/CA (Collision avoidance)  Refer to the slides on spurious RTS (request to send)  Logical Link – Logical organization of stations and access points – WEP encryption – Network Management frames
  • 22. Logical Link  Wireless networks have two possible architectures – Ad-hoc networks  Similar concept: Peer-to-Peer – Access-point-based networks (a.k.a. infrastructure mode)  All traffic goes through the access point.  A station is a member of which network? – Association concept
  • 23. Definitions  BSS (Basic Service Set) – A collection of stations (a.k.a. nodes) communicating wirelessly together – To differentiate between closeby BSS and their own, they use a BSSID, which has the format of a MAC address.  All stations in one BSS use the same BSSID to communicate Company A's ? Company B's Network Network
  • 24. Infrastructure Mode  The BSSID is usually the MAC address of the AP (Access Point)  Sophisticated APs have the capability of handling several BSSes with different BSSIDs, and appear as several virtual APs. Stations using the same BSSID AP Wired Network
  • 25. Ad-hoc Mode  The stations use a random number as the BSSID – The first station selects the BSSID and the others use it Stations using the same BSSID
  • 26. Definitions (cont.)  ESS: Extended Service Set – Composed of several BSSes joined together.  SSID: Service Set ID – Commonly known as the network name  Human-readable name – "ESSID" is sometimes used to refer to the SSID used in the context of an ESS – Transparent for the end user  Only aware of the SSID  Traffic in an ESS may be using several different BSSIDs if there are several APs in it.
  • 27. Question  The MAC address of an access point is used for:  a) SSID  b) ESSID  c) BSS  d) BSSID
  • 28. Question  The MAC address of an access point is used for:  a) SSID  b) ESSID  c) BSS  d) BSSID
  • 29. Beacon Frames  Beacon Frames broadcast the SSID – Help users locate available networks – Layer 2 Management frames – Networks without BFs are called "closed networks"  Simply means that the SSID is not broadcast anymore  Weak attempt at security through obscurity, to make the presence of the network less obvious  BSSIDs are revealed as soon as a single frame is sent by any member station  Mapping between SSIDs and BSSIDs is revealed by several management frames that are not encrypted
  • 30. Is the SSID a Secret?  Stations looking for an access point send the SSID they are looking for in a "probe request"  Access points answer with a "probe reply" frame, which contains the SSID and BSSID pair  Stations wanting to become part of a BSS send an association request frame, which also contains the SSID/BSSID pair in clear text – So do re-association requests (see next slides) and their response  Therefore, the SSID remains secret only on closed networks with no activity  Conclusion: Closed networks mainly inconvenience legitimate users
  • 31. Authentication and Association  To become part of a BSS, a station must first authenticate itself to the network – Then request association to a specific access point  The access point is in charge of authentication and accepting the association of the station – Unless an add-on authentication system (e.g., Radius) is used  MAC address is trusted as giving the correct identity of the station or access point – How can this be abused?
  • 32. Abusing MAC Addresses  A station doesn't know if it is talking to a real access point, or to the same access point every time – Access points are not authenticated by stations  Even if they were, the MAC address can be faked  An access point doesn't know if it is talking to the same station every time
  • 33. Authentication and (Dis)Association Attacks  Any station can impersonate another station or access point and attack or interfere with the authentication and association mechanisms. – As these frames are not encrypted, the difficulty is trivial  Disassociation and deauthentication frames – A station receiving one of those frames must redo the authentication and association processes – With a single short frame, an attacker can delay the transmission of data and require the station and real access point to redo these processes  takes several frames to perform.
  • 34. Disassociation Exploit  Efficiency was demonstrated by Bellardo (2003)  Seems to have been used in the "Black Hat" (see below) community prior to that report – The tool "KisMAC" implements it  Availability is affected – can be selective against specific users Note: White Hats should do no harm and obey all the rules; Black Hats do whatever they want
  • 35. Authentication Modes  Authentication is done by: – a station providing the correct SSID – or through "shared key authentication"  Access point and all base stations share a secret encryption key – Hard to deploy – Hard to change – Hard to keep secret – No accountability  Requires a station to encrypt with WEP (see next slides) a challenge text provided by the access point  An eavesdropper gains both the plaintext and the cyphertext – Perform a known plaintext attack – This authentication helps to crack WEP encryption!
  • 36. Nota Bene: 802.11b and WEP  Remind yourself through this presentation that 802.11b was designed by professional software and hardware engineers and reviewed by many such.  Be extremely careful and skeptical about “home- brewed” security and encryption solutions. – This is an often repeated mistake
  • 37. WEP: Wired Equivalent Privacy  Cryptographic mechanism used to defend against threats  Developed without – Academic or public review – Review from cryptologists  Has significant vulnerabilities and design flaws  Only about a quarter to a third of wireless access points use WEP – Tam et al. 2002 – Hamilton 2002 – Pickard and Cracknell 2001, 2003
  • 38. WEP  WEP is a stream cipher – Uses RC-4 to produce a stream of bytes that are XORed with the plaintext – The input to the stream cipher algorithm is an "initial value" (IV) sent in plaintext, and a secret key – IV is 24 bits long – Length of the secret is either 40 or 104 bits, for a total length for the IV and secret of 64 or 128 bits – Marketing publicized the larger number, implying that the secret was a 64 or 128 bit number, in a classical case of deceptive advertising  How else can you call a protection that is 16.8 million times weaker than advertised?
  • 39. XOR Encryption  0 XOR 0 = 0 1 XOR 0 = 1 1 XOR 1 = 0 (z XOR y) XOR z = y (z XOR y) XOR y = z Works independently of which of z or y is the “plaintext”, "pad" or the “ciphertext”
  • 40. Stream Cipher  Given an IV and secret key, the stream of bytes (pad) produced is always the same – Pad XOR plaintext = ciphertext  If an IV is ever reused, then the pad is the same  Knowing all the pads is equivalent to knowing the secret  Application to WEP: – The pad is generated from the combination between the IV and the WEP key passed through RC4 – Knowing all the pads is equivalent to knowing the 40 or 104-bit secret  "Weak" IVs reveal additional information about the secret
  • 41. Pad-Collection Attacks  There is (should be) a different pad for every encrypted packet that is sent between AP and a station  By mapping pads to IVs, we can build up a table and skip the RC4 step – The stream is never longer than 1500 bytes (the maximum Ethernet frame size) – The 24 bit-IV provides 16,777,216 (256^3) possible streams, so all the pads can fit inside 25,165,824,000 bytes (23.4 GB)  We never have to have the WEP Key – Once we have a complete table, it's as good as having the WEP key.
  • 42. Cracking WEP  Passive attacks – The presence of the attacker does not change traffic, until WEP has been cracked  Active attacks – Active attacks increase the risk of being detected, but are more capable. – If an active attack is reasonable (i.e., the risk of detection is disregarded), the goal is to stimulate traffic  Collect more pads and uses of weak IVs  Some attacks require only one pad.
  • 43. How Authentication Helps Collecting Pads  Access point sends the plaintext  Station returns ciphertext  Mallory computes – plaintext XOR ciphertext = pad – The IV was in plain text in the packet – Mallory now has a pad and matching IV  Mallory can now authenticate! – Access point sends another plaintext challenge – Mallory chooses to use the same IV and pad – Returns Pad XOR plaintext = ciphertext
  • 44. Disassociation Attack to Collect Pads  Active attack  Keep forcing stations to re-authenticate and reveal more pads by using different IVs
  • 45. Faking Being an Access Point  An attacker can also pretend to be an access point  Run a cycle of authentication and deauthentication to collect all the pads from other stations  Works even if the real access points do not require shared key authentication – Attacker can require it while faking being an access point
  • 46. "Single Pad" Attacks  Exploits based on knowing a single encryption pad and IV – Smurf – TCP SYN flood – UDP attacks
  • 47. Defeating Firewalls with Single Pad Attacks  Access Point behind a firewall  Mallory sends packets to Victim, who believes they come from Mallory's accomplice (replies)  Mallory's accomplice forwards packets to Mallory Mallory's Victim Mallory Accomplice Firewall AP Internet Wired Internal Network
  • 48. Results  UDP replies can be obtained unencrypted  TCP sessions can be established with sensitive services intended to be protected by the firewall  Intrusion detection systems will most likely ignore responses originating from internal hosts – the attacks can proceed undetected at this level  For all practical purposes, in this configuration WEP has been completely defeated.
  • 49. Defenses  Provide a firewall for the wireless network with a rule to refuse packets that do not contain source addresses part of the wireless network's range  Connect access points outside the internet firewall (as if they were part of the internet). – Can also negate some advantages of the wireless network for legitimate users
  • 50. Administrative Access  Some access points allow administrative access from the wireless network  Or offer services on a UDP port (e.g., Apple base stations listen on UDP port 192)  One-packet attacks directed against these services could exploit vulnerabilities – disable the access point or make it difficult to use  Administrative access to access point should be disabled from the wireless network – Not all access points support this feature.
  • 51. More Pad Collection Attacks  Pads collected by disassociation attacks have a limited length  Mallory sends packets to himself (or to another wireless station) through an internet accomplice  Mallory gets the matching encrypted version Mallory's Mallory Accomplice Firewall AP Internet Wired Internal Network
  • 52. Defense  Requires a stateful firewall – will distinguish and block fake responses by keeping track of wether the destination host really made a prior request to the source IP of the packets  A variation of the attack allows a more sophisticated attacker to launch chosen plaintext attacks against the encryption itself – this attack may be useful against encryptions superseeding WEP as well
  • 53. Weak Keys (a.k.a. Weak IVs)  Due to how RC4 is used in WEP, some IVs can reveal information about the secret key – Mathematical details out of the scope of this material  Attack – FMS (Fluhrer et al. 2001) cryptographic attack on WEP – Practicality demonstrated by Stubblefield et al. (2001) – Collection of the first encrypted octet of several million packets. – Exploits  WEPcrack (Rager 2001)  Airsnort (Bruestle et al. 2001) – Key can be recovered in under a second (after collecting the data).
  • 54. Defenses  Some wireless cards no longer generate weak IVs (given a secret, weak IVs can be listed; WEPcrack can do this)  Some Lucent devices are known to have stopped generating weak IVs (binaervarianz 2003)  Other vendors should be able to do the same, and make this attack ineffective – Which Symantec products use WEP and could stop generating weak IVs?
  • 55. Integrity Attacks  What if Mallory modified a captured packet and resent it on the wireless network?  IP destination address always in the same location – Modify packet so a copy is sent to Mallory's accomplice  Accomplice receives the decrypted packet  Based on a CRC checksum weakness (Borisov 2001) – Given the knowledge of (part of) the plaintext, a WEP- protected message can be changed at will – Mallory needs only to guess the relevant IP address  Or part of it, if Mallory's accomplice can sniff traffic on destination network
  • 56. Defenses  Use another encryption layer, such as SSL (https) or ssh
  • 57. Implementation Weaknesses  Restricted IV selection – Some access points (old Cisco firmware, notably) produced IVs using only 18 of the 24-bit space – Lowered the storage requirement for all pads from 23.4 GB to a mere 366 MB (Meunier et al. 2002)  Poor randomness for IVs – IVs being used more often (reuses of the same pad) – Sequential generation allow complete collection faster  Newsham 21-bit attack
  • 58. Implementation Issues  Newsham 21-bit attack – Some manufacturers generate WEP keys from text, in an effort to increase ease-of-use – But the algorithm used produces only keys in a 21-bit space instead of 40-bit  Brute force cracking of WEP is 2^19 (524,288) times faster  Takes less than a minute on commodity hardware (Newsham 2001) – Exploits  The tool KisMAC implements this attack – According to the tool's documentation, Linksys and D-link products seemed to be vulnerable, but not 3Com and Apple » Are Symantec products vulnerable?
  • 59. Automated WEP Crackers and Sniffers  AiroPeek (Commercial) – Easy-to-use, flexible and sophisticated analyzer  WEPCrack, AirSnort – Implementations of the FMA attack  NetStumbler – This is a popular network discovery tool, with GPS support. It does not perform any cracking. A MacOS equivalent is named "iStumbler".  KisMAC – This is a MacOS X tool for network discovery and cracking WEP with several different methods  Kismet – swiss-army knife
  • 60. LEAP: The Lightweight Extensible Authentication Protocol  Proprietary, closed solution – was stated (without much details) by Cisco as unaffected by WEP vulnerabilities (Cisco 2002).  LEAP conducts mutual authentication – client is assured that the access point is an authorized one – Uses per-session keys that can be renewed regularly  Makes the collection of a pad or weak IVs more difficult  Secret key can be changed before the collection is complete – The user is authenticated, instead of the hardware  MAC address access control lists are not needed – LEAP requires an authentication server (RADIUS) to support the access points
  • 61. LEAP Attacks  Dictionary attacks – Password-based scheme – Requires user passwords be guessable (Wright 2003)  LEAP access points don't use weak IVs – Use MS-CHAP v2, show the same weaknesses as MS- CHAP (Wright 2003) – There are many variants of the Extensible Authentication Protocol, such as EAP-TLS and PEAP.
  • 62. WPA  Wi-Fi Protected Access – stop-gap solution that solves issues related to the WEP encryption itself  IVs are larger (48 bits instead of 24)  Shared key is used more rarely – Used to negotiate and communicate "temporal keys"  "Temporal keys" are used to encrypt packets instead – Doesn't solve issues with the management frames – Collision Avoidance mechanism can still be exploited – Can be supported by most of the 802.11b hardware
  • 64. About These Slides  You are free to copy, distribute, display, and perform the work; and to make derivative works, under the following conditions. – You must give the original author and other contributors credit – The work will be used for personal or non-commercial educational uses only, and not for commercial activities and purposes – For any reuse or distribution, you must make clear to others the terms of use for this work – Derivative works must retain and be subject to the same conditions, and contain a note identifying the new contributor(s) and date of modification – For other uses please contact the Purdue Office of Technology Commercialization.  Developed thanks to the support of Symantec Corporation
  • 65. Pascal Meunier pmeunier@purdue.edu Contributors: Jared Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki, Melissa Dark, Chris Clifton, Gustavo Rodriguez-Rivera