WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic,...
-
Upload
nguyendung -
Category
Documents
-
view
230 -
download
0
Transcript of WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic,...
![Page 1: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/1.jpg)
WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir
![Page 2: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/2.jpg)
Chapters
1. Introductions2. Modes of Unauthorized Access3. Security Measures4. Wired Equivalent Privacy (WEP)5. Wi-Fi Protected Access v1 (WPAv1)6. Wi-Fi Protected Access v2 (WPAv2)7. Security Issues WPAv1/WPAv28. Wi-Fi Protected Setup (WPS)9. 802.1x Security
10. Sources
![Page 3: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/3.jpg)
1. Introduction
● What is WLAN ?
● What is WLAN Security ?
● Most common Types of WLAN Security○ Wired Equivalent Privacy (WEP)
○ Wi-Fi Protected Access (WPAv1 and WPAv2)
● Why is WLAN Security Important ?
● Wireless Intrusion Prevention System (WIPS)
● Wireless Intrusion Detection System (WIDS)
![Page 4: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/4.jpg)
2. Modes of Unauthorized Access
● Accidental association● Malicious association● Ad hoc networks● Identity Theft (MAC spoofing)● Man-in-the-middle attacks● Denial of Service● Network Injection● Caffe Latte attack
![Page 5: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/5.jpg)
3. Security Measures
● SSID hiding● MAC ID filtering● Static IP addressing● 802.1x security● Regular WEP● WPAv1● WPAv2● End-to-end encryption (E2EE)
![Page 6: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/6.jpg)
4. Wired Equivalent Privacy (WEP)
● Authentication
Two methods of authentication can be used :
● Method 1 : Open system authentication
● Method 2 : Shared Key authentication
○ challenge-response authentication ( example : password )
● WEP-Compontents○ Cyclic redudancy check (CRC)○ Rivest Cipher Number 4 (RC-4)○ Initialization vector○ Shared key
![Page 7: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/7.jpg)
4. WEP-Authentication
1.1:Source:http://www.elektronik-kompendium.de/sites/net/0905251.htm
![Page 8: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/8.jpg)
4. Wired Equivalent Privacy (WEP)
● WEP encryption○ Message M -> cipher text C○ P:= M || CRC( M )○ Z:= RC4 ( IV || SK )○ C:= P XOR Z
● Transmission○ IV || C
● WEP decryption○ cipher text C -> Message M○ Z = RC4( IV || SK)○ C XOR Z = P XOR Z XOR Z = P○ P=M || CRC(M)
![Page 9: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/9.jpg)
4. Wired Equivalent Privacy (WEP)
● WEP Encryption(cont)
○ Secret key with 40 or 104 bit length
○ Integrity check value
1.1Basic WEP encryption: RC4 keystream XORed with plaintext
![Page 10: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/10.jpg)
4. Wired Equivalent Privacy (WEP)
● Security details○ Authentication , encryption and integrity check are using the same key
○ Several ways to attack
● Security Issues○ Key distribution
○ 40-bit keysize is insufficient
○ Man-in-the-midle attacks
○ Shared key authentification can be observed
● Security Measures○ No Shared key authenification , delete SSID
○ Commonly changing of wep key
![Page 11: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/11.jpg)
5. Wi-Fi Protected Access v1 (WPAv1)
● Temporal Key Integrity Protocol (TKIP) - On October 31, 2002 , the Wi-Fi Alliance
endorsed TKIP under the name Wi-Fi Protected Access ( WPA )
● Functionality and the difference between WEP○ Based on WEP but with many differences
○ It’ s based on RC4 protocol ( default algorithm, but can be configured to use AES-CCMP
instead of RC4 )
○ Wireless security through a password
○ Authentication through the use of a 64 digit hexadecimal key or an passcode.
![Page 12: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/12.jpg)
5. Wi-Fi Protected Access v1 (WPAv1)
● Target users
○ WPA-Personal (WPA-PSK) : a common method to secure wireless networks, and it is suitable
for most home networks
○ WPA-Enterprise : provides the security needed for wireless networks in business
environments where a RADIUS server is deployed
![Page 13: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/13.jpg)
5. WPAv1 - Encryption/Decryption
● Encryption○ Message P -> Cipher_text C○ P:= M || MIC(M || CRC( M || MIC( M )))○ Z:= RC4( IV || K)○ C:= P XOR Z
● Transmition○ IV || C
● Decryption○ Cipher_text C -> Message M○ Z = RC4 (IV || K)○ C XOR Z = P XOR Z XOR Z = P○ P = M || MIC ( M ) || CRC ( M || MIC ( M ))
![Page 14: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/14.jpg)
5. WPAv1 - Security problems and Measures
● Security problems○ “Brute force” attack ○ Man in the middle attack○ Pre Shared Keys (PSKs)
● Measures○ Select a secure pass phrase○ Firmware updates○ Minimization of the Wlan range○ Change wireless password frequently
![Page 15: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/15.jpg)
5. Wi-Fi Protected Access v2 (WPAv2)
Functionality
○ Described in the picture 1.3
○ Access point is the authenticator and the client the supplicant
○ 802.1x/Radius-Server or Pre-Shared-Key (PSK)
![Page 16: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/16.jpg)
5. WPAv2 - Functionality
1.3:Source:http://www.elektronik-kompendium.de/sites/net/0907111.htm
![Page 17: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/17.jpg)
6. Wi-Fi Protected Access v2 (WPAv2)
● Advanced Encryption Standard (AES)○ Substitution-permutation-network (SPN)
● Counter Mode CBC-MAC Protocol (CCMP)
● IEEE 802.1x / Radius○ Secure authentication method○ Access control○ Authorization and accounting (AAA)○ Bandwidth allocation (QoS)○ Single Sign-on (SSO)
![Page 18: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/18.jpg)
● Weak password
● WPA packet spoofing and decryption ○ TKIP vulnerabilities
● WPS PIN recovery - Security flaw that allows a remote attacker to recover the WPS PIN
and, with it, the router's WPA/WPA2 password in a few hours.
7. Security Issues WPAv1/WPAv2
![Page 19: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/19.jpg)
7. Security Issues WPAv1/WPAv2
● MS-CHAPv2 - In 2012 the complexity of breaking MS-CHAPv2 was reduced to that of
breaking a single DES key
● Hole196 - is vulnerability in the WPA2 protocol that abuses the shared Group Temporal Key
(GTK)
![Page 20: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/20.jpg)
Summary
* with a random password that has at least 12 characters
WEP WPAv1 WPAv2
Cipher RC4 RC4 AES
Key static dynamic dynamic
Key Size 40 Bit 128 Bit 128 Bit
IV Size 24 Bit 48 Bit 48 Bit
Data Integrity CRC32 MIC CBC-MAC
Authentication PSK PSK/Radius PSK/Radius
broken partially broken secure*
![Page 21: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/21.jpg)
8. Wi-Fi Protected Setup (WPS)
● Modes○ Pin-method
○ Push-button method
○ Near field comunication method
○ USB-method
● Vulnerabilities ○ Online brute-force attack
○ Offline brute-force attack
○ Physical security issues
![Page 22: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/22.jpg)
8. Wi-Fi Protected Setup (WPS)
● Technical architecture
○ Access point (AP) with integrated registrar capabilities configures an Enrollee Station
(STA)
○ Registrar STA configures the Access point (AP) as an enrollee
○ Registrar STA configures enrollee STA
● Protocol
○ Extensible Authentication Protocol (EAP) mesage exchanges
○ Information is transferred through a new Information Element (IE)
○ Stream of messages may change when configuring different kinds of devices (AP or
STA)
![Page 23: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/23.jpg)
9. 802.1x security
● Extensible Authentication Protocol (EAP)
● EAP over LAN --> EAPOL
● Port entities
● Typical authentication progression
○ Initialization
○ Initiation
○ Negotiation
○ Authentication
● Vulnerabilities in 802.1X-2001 and 802.1X-2004
○ To achieve high security is EAP-TLS needed
![Page 24: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/24.jpg)
How to crack WEP password?
● Target: Cracking wireless password that uses WEP encryption.● OS: Linux Kali● Tool: aircrack-ng
![Page 25: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/25.jpg)
Thank you for your attention!
![Page 26: WLAN Security - Uni Salzburguhl/PScrypt16/WLAN Security.pdf · WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir. Chapters 1. Introductions ... Authentication](https://reader031.fdocuments.us/reader031/viewer/2022021709/5baf341809d3f2e27b8bc7aa/html5/thumbnails/26.jpg)
10. Sources
● http://www.elektronik-kompendium.de/sites/net/1801211.htm● https://en.wikipedia.org/wiki/Wireless_access_point● https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup● http://www.diffen.com/difference/WPA_vs_WPA2 ● http://www.packetnexus.com/docs/kb/981419493_14249.php
● http://www.dummies.com/how-to/content/understanding-wep-
weaknesses.html