Jacob Bertels Christopher Rawlings

qualtaghblurtingMobile - Wireless

Dec 12, 2013 (3 years and 10 months ago)

77 views

Jacob Bertels

Christopher Rawlings

What is a Wireless Network?


Basic network is WLAN
-

Wireless LAN


Most based on the IEEE 802.11 standards


Use IP and MAC address


WPAN


Wireless Personal Area Network


Bluetooth


Infrared Data


Association (IrDA)


Near Field


Communication

More Wireless Networks


WWAN
-

Wireless Wide Area Network


Mobile Telecommunications cellular network


LTE, Uses Encryption and Authentication


Point
-
to
-
point and Omnidirectional


Cellular Networks
-

Towers


Different Frequencies


Cell phones
-

Tower Handoff


Signal
-
to
-
Noise

Wireless Mesh Networks


Mesh Topography of Routers


Usually Fixed mesh routers
form a multi
-
hop structure of a
network


Can be modeled as a graph


Edge would be: Distance, Data
Rate, Noise, Frequency


Mesh is “self
-
healing”


Mesh Network Cont.


Load Balancing Priority over Shortest Path


Measures current congestion on each path


Continually runs algorithm


Better Approach To Mobile
Adhoc

Networking (B.A.T.M.A.N.)


Detects other nodes, informs neighbors


Sends out , node remembers direction


Cares only about the best first step


Dynamically creates routes

Data Packet Scheduling


Minimize resource starvation and make fair


Some Routers and switches use First
-
In
-
First
-
Out (FIFO)
-

Based in a Queue


Round Robin


Separate Queue for every data flow


Algorithm lets each data flow to take turns


Can use Weight Round Robin for Priorities



Error Correction


Forward Error Correction


Encodes Redundancy for Verification at
Receiver


Simple FEC
-

(3,1) repetition code (inefficient)


Repetition of same byte multiple times


Parity Bits are used


Sets the last bit (odd or


even number of 1s)


Hamming(7,4)

Error Correction Cont.


Multidimensional Parity
-
Check Code


Ex. Want to send: 2541


Split up into 25, 41, add parity


Goes to 257,415, add digits 66


Send code 25741566
-

Decoder receives
value

Error Correction Cont.


Turbo Code
-

Used for 3G and Satellite


Encoder
-

Takes input converts to three outputs


Interleaver

scrambles input into pseudo
-
random pattern


Redundancy is added in each Encoder


Multiple outputs ensures consistency


Error Correction Cont.


Turbo Code
-

Decoder


Decoder tries to decode each input


Uses feedback and iteratively verifies
data is correct


What is WEP?


Wired Equivalent Privacy


First
Wifi

encryption standard


Uses stream cipher RC4


Two Key sizes


64bit


128bit

How WEP Encryption Works


Start with a Key


Make a pseudo
random Initialization
vector


Concatenate the Key
with the Initialization
Vector(IV) to make a
Keystream


The
Keystream

is then
XOR’ed

with the plain
text
data

Encrypted

Data

Collecting Data

Generating Traffic

Collecting Data

Password Broken

What is WPA?


Wi
-
Fi Protected Access


Used as a time filler until WPA2 ratified

WPA Strengths


Still used RC4 cipher, but increased the
IV length to 48 bits


Also used a different
keystream

for each
packet


Began salting the key with the network
name


Causes computation time to increase


WPA Flaws


Small packets such as ARP packets or
DNS packets are crack
-
able


Still very difficult because of key size

What is WPA2?


Wi
-
Fi Protected Access II


Also called Full IEEE 802.11i or IEEE
802.11.i
-
2004


But who really wants to remember that


Current top of the line wireless security


WPA2 Strengths


Very Large Key


256 bits


Uses AES algorithm


Not a stream Cipher


Based on 4x4 Matrices


Not going to go into much detail


Don’t want to steal another group’s topic too
much

WPA2 Weakness


Only one major weakness


Not even in the algorithms


WPS Flaw


Wi
-
Fi Protected Setup


Allows easy secure network connectivity


Has a pin made up of 8 numbers


Grouped in 2 groups 4&4


If an attacker can break the pin, they can get
the encryption key without breaking the
crypto

Breaking WPA


Must capture “4 way handshake”


Only real way is to brute force the
password


You must have a list of “words” to try as
passwords


Can have a list of words ready for
attacking or have a program that makes
the words on the fly


Capture 4
W
ay Handshake

Brute Forcing Password

Password Found

Breaking WPA


You can pre
-
compute the hashes


Rainbow tables(hash tables)


Contain the hash and the corresponding key


They still have to be computed, but they can
be computer beforehand and kept


Church of
Wifi

rainbow tables ~45GB


1000 top network names


~
1,000,000 passwords


Breaking WPA


Either way, if a complex password is
used, breaking the password becomes
mathematically impossible

Breaking WPA Example


64 character password


94 possible characters(full keyboard)


Possible passwords=7.33x10^126


@
1googolplex(10^100/s
)
passwords/second


On average to brute force it would take
1.16*10^19=11600000000000000
YEARS!


Questions?