Wireless LAN Security
Wireless
LAN
Security
Hồ Đắc Biên
0985 196 884
MCSA
,
MCITP-EA
,
CCNP
,
,
,,
CCIE Written, Security+, CEH
Website :
Forum : />Agenda
Agenda
Introduction WLAN Security Threats
Evolution of Wireless LAN Securit
y
y
Demo : Crack WEP, WPA PSK
Prevention
Prevention
Q&A
Website :
Forum : />Introduction WLAN Security Threats
Website :
Forum : />Introduction
Introduction
Website :
Forum : />Wireless LAN Security Threats
Wireless
LAN
Security
Threats
Website :
Forum : />WarDriving Equipment
+18dB Antenna
Poor guys
A laptop with WLAN adapter
Rich guys
Website :
Forum : />Toys for Hackers
Toys
for
Hackers
Website :
Forum : />ADual
-
Use Product
A
Dual
Use
Product
Website :
Forum : />Netstumbler
Netstumbler
Website :
Forum : />Kismet
Kismet
Website :
Forum : />Sniffer on WLAN
• All messages are sent in clear over the wireless network.
• Eavesdroppers may be stealing your messages secretly…
eavesdroppe
r
gateway.cs
telnet gateway.cs
login:
login:
58888888
password:
…
asdfg888
…
Website :
Forum : />•Other insecure applications: pop3, web-based email services, etc.
Evolution of Wireless LAN Security
Website :
Forum : />Evolution of Wireless LAN Security
Evolution
of
Wireless
LAN
Security
1997 2001 2003 2004 to Present
WEP
802.1x EAP WPA 802.11i / WPA2
Basic encryption
No strong
authentication
Static
Dynamic keys
Improved
encryption
U
ser
Standardized
Improved
encryption
Strong user
AES strong
encryption
Authentication
Dynamic key
Static
,
breakable keys
Not scalable
MAC filters and
U
ser
authentication
802.1X EAP
(LEAP, PEAP)
Strong
,
user
authentication
(such as, LEAP,
PEAP, EAP-
FAST)
Dynamic
key
management
SSID-cloaking
also used to
complement
WEP
RADIUS
Website :
Forum : />WEP (Wired Equivalent Privacy)
WEP
(Wired
Equivalent
Privacy)
Uses either 40
bit or 104
bit shared
ke
Uses
either
40
-
bit
or
104
-
bit
shared
-
ke
y
encryption with a 24-bit initialization vector
This encr
yp
tion scheme is extremel
y
vulnerable
yp y
1. WEP keys are static
2. Initialization vector is short and possibly
constant
3. Initialization vector easily known to attacker
4
WEP has no cryptographic integrity protection
4
.
WEP
has
no
cryptographic
integrity
protection
Website :
Forum : />WEP (Continued)
WEP
(Continued)
RC4
Developed by Ron Rivest
Became public in 1994
St i h d f WEP
St
ream c
i
p
h
er use
d
f
or
WEP
Ideal for its extremely fast speed for
g
eneratin
g
p
seudo random numbers
ggp
Website :
Forum : />WEP(Diagram)
WEP(Diagram)
Website :
Forum : />Encryption Standards(Continued)
Encryption
Standards(Continued)
WPA
128
bit ti ith 48
bit i iti li ti t
128
-
bit
encryp
ti
on w
ith
a
48
-
bit
i
n
iti
a
li
za
ti
on vec
t
o
r
Uses TKIP
Extends the IV space
All f k t k t ti
All
ows
f
or per pac
k
e
t
k
ey cons
t
ruc
ti
on
Provides cryptographic integrity
Key derivation and Distribution
WPA2
Uses CCMP
Uses AES with 128-bit ke
y
and 128-bit block size
y
Required part of 802.11i standard
Website :
Forum : />Cracks in WEP
–
Historic Evolution
2001 - The insecurity of 802.11, Mobicom, July 2001
N. Borisov, I. Goldberg and D. Wagner.
2001 - Weaknesses in the key scheduling algorithm of RC4.
S. Fluhrer, I. Mantin, A. Shamir. Aug 2001.
2002
U i th Fl h M ti d Sh i Att k t B k WEP
2002
-
U
s
i
ng
th
e
Fl
u
h
rer,
M
an
ti
n, an
d
Sh
am
i
r
Att
ac
k
t
o
B
rea
k
WEP
A. Stubblefield, J. Ioannidis, A. Rubin.
2004 – KoreK, improves on the above technique and reduces the
lit fWEP ki W i l d
comp
l
ex
it
y o
f
WEP
crac
ki
ng.
W
e now requ
i
re on
l
y aroun
d
500,000 packets to break the WEP key.
2005
Adreas Klein introduces more correlations between the
2005
–
Adreas
Klein
introduces
more
correlations
between
the
RC4 key stream and the key.
2007 – PTW extend Andreas technique to further simplify WEP
Cracking Now with just around 60 000
–
90 000 packets it is
Website :
Forum : />Cracking
.
Now
with
just
around
60
,
000
90
,
000
packets
it
is
possible to break the WEP key.
WEP Attacks
–
exposure area
WEP
Attacks
exposure
area
Using known methods, exposure is
limited to RF range of WEP enabled
E
P Attacks
FMS, Korek
PTW
limited
to
RF
range
of
WEP
enabled
network
Can your keys be cracked when roaming
clients are miles away from the
o
p
erational network?
W
E
PTW
No Mutual
Authentication
p
Message
Modification
Message
Injection
Website :
Forum : />Distance from Authorized Network (Miles)
1 10 100 1000 On the Moon
Demo : Crack WEP Key, WPA PSK
Website :
Forum : />Wireless network model
Wireless
network
model
We assume that:We assume that:
We
assume
that:We
assume
that:
1. Wireless router’s wan interface
connects to a DSL/Cable
connects
to
a
DSL/Cable
Modem
2. A user com
p
uter connects to
p
router through wireless
connection which is protected
by WEP
by
WEP
3. Attacker doesn’t know the WEP
password and even the SSID
Website :
Forum : />password
and
even
the
SSID
and Channel.
Crack WEP Key
Crack
WEP
Key
1. Wireless card su
pp
ort crack WEP ke
y
pp y
/>2. Driver
/>3. Crack Tool :
Aircrack
Suite
Aircrack
Suite
BackTrack
htt // i k
/d k h # i k
it 1
Website :
Forum : />htt
p:
//
a
i
rcrac
k
-ng.org
/d
o
k
u.p
h
p
#
a
i
rcrac
k
-ng_su
it
e
1
Wireless Card Crack WEP
TL-WN510G
WG511T
WG111T
Website :
Forum : />D-Link WUA-1340
WG111T
Setup Card & Begin Scan
Setup
Card
&
Begin
Scan
First, you need to scan for a victim & setup your
d F th Ki t t ti ll d t t
car
d
.
F
or a
th
eros,
Ki
sme
t
au
t
oma
ti
ca
ll
y
d
e
t
ec
t
s,
others you will need to edit Kismet’s config.
Once you know the bssid & channel you need,
Once
you
know
the
bssid
&
channel
you
need,
set your network card to Monitor
Website :
Forum : />Begin Dumping & Injecting
Begin
Dumping
&
Injecting
Use airodump to record all of the IVs you’ll need
tk
t
o crac
k
Use aireplay to inject a mass quantity to get new
IVs to use to crack the key.
IVs
to
use
to
crack
the
key.
You’ll need at least 100,000 keys to crack a 128-
bit WEP key, generally 200-300k is good.
Use new PTW attack we only need 20,000 for 64
bits, 60,000 – 80,000 for 128 bits WEP
Website :
Forum : />