Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Wi-Fi Sec Null
Transcript of Wi-Fi Sec Null
Obviously not advised
Everyone has access to the network and hence your data
Significant improvements to WPA
Strong encryption and authentication support
Advised to use in almost all environments
What is ?
Wi-Fi AKA Wireless Fidelity.
The Idea of Wireless networks emerged as early as 1985
WiFi is a popular technology that allows an electronic device to exchange data or connect to the internet wirelessly using radio waves
The Wi-Fi Alliance
A trade association
Promotes Wi-Fi technology
Certifies Wi-Fi products if they conform to certain standards of interoperability.
Owns the Wi-Fi trademark
54 Mbps@2.4 Ghz
Same range as 802.11b
Backward-compatible with 802.11b
Speeds slower in dual-mode
attempts to combine the best of both 802.11a and 802.11b
11 Mbps@2.4 Ghz
Full speed up to 300 feet
Coverage up to 1750 feet
54 Mbps@5 Ghz
Not interoperable with 802.11b
Dual-mode APs require 2 chipsets, look like two APs to clients
The Wi-Fi Alliance defines Wi-Fi as any "wireless local area network (WLAN) products that are based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 standards"
Only Wi-Fi products that complete Wi-Fi Alliance interoperability certification testing successfully may use the "Wi-Fi CERTIFIED" trademark!!!
Adds AES encryption
Requires high cpu, new chips required
TKIP is interim solution
Designed to improve on 802.11g in the amount of bandwidth supported by utilizing multiple wireless signals and antennas (called MIMO technology) instead of one
Offers somewhat better range over earlier Wi-Fi standards due to its increased signal intensity.
Equipment backward compatible with 802.11g gear
Subset of 802.11i, forward-compatible with 802.11i (WPA2)
Encryption: Version one uses TKIP
AuthC: 802.1x & EAP – allows auth via RADIUS, also allows auth via PSK
Wi-Fi Protected Access (WPA) enabled Version of 802.11i
What do we Use Wi-Fi for?
Signal travels through Air => visible to everyone
But is it accessible to everyone?
No Security configured
Wi-Fi protected Access: Advanced
Works with old hardware (the same as WEP)
Aimed at improving WEP without changing hardware
Uses TKIP (Temporal Key Integrity Protocol)
Wired equivalant privacy
WEP - How to Crack!!!
How it Works?
The original native security mechanism for WLAN
provide security through a 802.11 network
Used to protect wireless communication from eavesdropping (confidentiality)
Prevent unauthorized access to a wireless network (access control)
Prevent tampering with transmitted messages
Provide users with the equivalent level of privacy to wired LAN inbuilt in wireless networks.
Appends a 32-bit CRC checksum to each outgoing frame (INTEGRITY)
Encrypts the frame using RC4 stream cipher = 40-bit (standard) or 104-bit (Enhanced) message keys + a 24-bit IV random initialization vector (CONFIDENTIALITY).
Initialization Vector (IV)
and default key on the station access point are used to create a key stream
The key stream is then used to convert the plain text message
into the WEP encrypted frame.
The Key Scheduling Algorithm (KSA)
Involves creating a scrambled state array
This state array will now be used as input in the second phase, called the PRGA phase.
The Pseudo Random Generation Algorithm (PRGA):
The state array from the KSA process is used here to generate a final key stream.
Each byte of the key stream generated is then Xor’ed with the corresponding plain text byte to produce the desired cipher text.
ICV (Integrity Check Value)= CRC32 (cyclic redundancy check) integrity check
plain-text XOR keystream= cipher-text
cipher-text XOR keystream= plain-text
plain-text XOR cipher-text= keystream
The Initialization Vector
WEP encrypted networks can be cracked in 10 minutes
Goal is to collect enough IVs to be able to crack the key
IV = Initialization Vector, appended to the encrypted data as plaintext
Injecting packets generates IVs
Popular WEP Attacks
ARP REPLAY ATTACK
WPA/WPA2 - How to PAWN!!!
WPA2 - Intro
Based on the IEEE 802.i standard
2 versions: Personal & Enterprise
The primary enhancement over WPA is the use of the AES (Advanced Encryption Standard) algorithm
The encryption in WPA2 is done by utilizing either AES or TKIP
The Personal mode uses a PSK (Pre-shared key) & does not require a separate authentication of users
The enterprise mode requires the users to be separately authenticated by using the EAP protocol
Data encrypted using the RC4 stream cipher, with a 128-bit key & a 48-bit initialization vector (IV).
Temporal Key Integrity Protocol (TKIP) dynamically changes keys as the system is used: major improvement in WPA over WEP
When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP
Weakest of all: Not recommended
Limitation: Only Hexadecimal Passwords accepted => no special characters
Methods to break were devised years ago
takes less than 15 mins to break in!!
WPA 2 WEAKNESS
Can’t protect against layer session hijacking
Can’t stand in front of the physical layer attacks
Access points failure
Vulnerable to the Mac addresses spoofing
WPA-PSK protected networks are vulnerable to dictionary attacks
Spoof the Mac address of the AP and tell client to disassociate
Sniff the wireless network for the WPA-PSK handshake
Use GenPMK to create PMK
Run CowPatty against handshake to crack the key
Needs SSID to crack the WPA-PSK; easily obtainable!
Also supports WPA2-PSK cracking with the same pre-computed tables!
It’s the Little password Button thingy.
Easiest way by far to break WPA-2
It is an 8 Digit numeric pin
8th digit is checksum i.e 10^7 + 10 combinations
Some routers you don’t have option to disable or change it.
Attacker require couple of hours to crack in
Created by the Wi-Fi Alliance and introduced in 2006
Advice for Victims
A Security Cunsultant
A Network security Engineer
A Brief History of mine
Security Analyst @ Cartel Software
Where can we find Wi-Fi?
What do we Use Wi-Fi for?
Steps to hack lan!
locate for the victims' network wire pole
Get up on the pole; keep your crimper handy!
Find the hard wire
Cut from between
fit a jack
ESSID = HackMeIfUCan
Don't Ever do that
Use Https instead of Http
Use Vpn For extra protection
Lower your router Tx power to Minimum
Use password with random character & symbols. keep it long as you can remember
If possible Disable WPS or FLASH router with dd-wrt
Never use same password everywhere
Never shop on Public Wi-Fi , Don’t even use them
CEH Trainer @ Jagsar Int.