Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross

Faculty Advisor and team Dr. Steve Russell –Associate Professor Electrical and Computer Engineering Adrienne Huffman –Graduate Student Computer Engineering Jon Murphy Computer Engineering Steve Eilers Computer Engineering Alex Pease Computer Engineering Jessica Ross Computer Engineering and Mathematics

Definitions ARP – Address Resolution Protocol IV – Initialization Vector L2TP – Layer 2 Tunneling Protocol PPTP – Point to Point Tunneling Protocol Radius – Remote Authentication Dial In User Service SSL – Secure Socket Layer WEP – Wired Equivalency Privacy WPA – Wi-Fi Protected Access VPN – Virtual Private Network

What is SHARK? SHARK is a wireless security network to be used to study security related issues on wireless networks Tool to teach interested students about wireless security Report statistics about attackers and methods used to researchers at ISU Deployable to any remote location

Why SHARK? Client’s Last Semester as Professor, wants project finished Educated college students about security Give students something fun to do

Limitations SHARK must be portable and extendable Initial build of the SHARK system must consist of three or fewer computers SHARK must be built within a $150 budget Must use public domain software Must be capable of collecting research data

Intended Users Primary –College students in computer related fields –Know the basics of wireless networking Secondary –Interested community members –People looking for a free access point

Intended Uses Primary –Learning tool for students –Study methods of wireless attacks –Study basic network security –Legal and ethical way for students to participate in hacking exercises

SHARK Node

SHARK – Software Ubuntu Squid –Web proxy cache Direct traffic to appropriate places Apache –Used to create local web-server login/registration Keep track of users MySQL –Database WireShark/Ethereal –Network Protocol Analyzer Captures all traffic on SHARK Network

Levels of Security SHARK has five levels of security –Guppy No security, used for basic registering on network –Clownfish WEP security –Swordfish Rotating WEP security –Barracuda WPA security –SHARK RADIUS security Provides statistical data on hacking patterns

Wired Equivalent Privacy (WEP) 64-bit WEP 128-bit WEP Same 24bit IV Stream Flaws in WEP –Repeating IV –Short –Stream Cipher XOR is bad

Aircrack, airodump, airdecap No magic number of IV’s –250,000 – 400,000 for 40 bit –750,000 – 2M + for 104 bit More users = more IV’s sent = More IV’s that are re-used Can read packets if IV is re-used but key not broken yet Breaking WEP Down

WPA Software update to WEP (closely related to rotating WEP) –Re-keying –No more weak IV packets Pre-shared Key –Only as strong a pasephrase Extensible Authentication Protocol (EAP) –User authentication –Radius

Traffic Generator – Baiting the Hook Breaking WEP and WPA encryption –Attackers must analyze thousands of packets

7-of-9 Off-the-Shelf wireless access point –Provides generic internet access –Traffic is captured and compared to SHARK traffic

Network View Analysis Subnet

Network Pros/Cons Pros – One external IP – Firewall – branches Cons – extensive forwarding

Machine Breakdown

SmallBox Captures traffic on SHARK Stores and Analyzes data –Packet Capture WireShark –Filter Snort –Webserver Apache

Sharkweb When attackers break into SHARK, are forwarded here Logged into database –WebserverApache –Web UtilitiesMySQL, PHP

Virtualnet Simulates additional machines running services without adding cost of physical machines –OS Ubuntu –Virtual Machine ManagerXen

Virtual Machines VM 1 –Mimicking a standard server VM 2 –Tarpit Delays incoming connections for as long as possible VM 3 –HoneyD Confuse attackers to think it has open ports

Secure Tunneling VPN –Provide secure communications over unsecured networks Benefits –Provides the level of security we desire Downsides –If SHARK is compromised, they have direct access to our network Solution –Scripting for “on- the-fly” configuration

Secure Tunneling – VPN One of the only ways to provide a secure and extensible way to access the SHARK machines Need the ability to create multiple VPN sessions, so a VPN server is required Multiple solutions available –PPTP –L2TP –SSL

Status of SHARK Completed –All computers have main software packages installed and configured –Order for parts has been placed –Xen server fully configured –Portal redirect In Progress –Open access point for registering –Virtual machines up and running In Concept –VPN –Radius Server –Data Statistics and Heuristics

Testing Target Audience CPRE 537 wireless Security Class CONTEST –Open Registration week 1 –WEP weeks 2,3 –WPA week 4 –Rotating WEP week 5 –RADIUS week 6 –Results week 7 –Basic Analysis week 8

Hours and Resources Hours (current)Cost ($10.50/hr) Steve Eilers60$ Alex Pease86$ Jon Murphy58$ Jessica Ross50$ Wireless AP$49.99 Router$39.99 HubDonated (2) ComputersDonated (3) Wireless Cards$39.99 Total254$

Future Uses Make the automation of tasks smoother Better documentation Increase the number of fields for registration.

Commercialization This project is a research project and is not intended for commercialization.

Questions?