Abusing 802.11: Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 1 Weaknesses in LEAP Challenge/Response Joshua Wright

Slides:

Advertisements

Similar presentations

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

Advertisements

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.

Some Common Campus PKI Applications January 2004 CSG Meeting Jim Jokl.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar Amit Golander.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Ariel Eizenberg PPP Security Features Ariel Eizenberg

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

IEEE Wireless Local Area Networks (WLAN’s).

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Securing iSCSI for Data Backup and Disaster Recovery JAMES HUGHES CS526 5/03/05 James W. Hughes 1.

PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.

Georgy Melamed Eran Stiller

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Autoimmunity Disorder in Wireless LANs By Md Sohail Ahmad J V R Murthy, Amit Vartak AirTight Networks.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

Mobile and Wireless Communication Security By Jason Gratto.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

IPSec/IKE Protocol Hacking ToorCon 2K2 – San Diego, CA Anton Rager Sr. Security Consultant Avaya Security Consulting.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,

1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

Wireless Encryption: WEP and cracking it. Eric Shea.

NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)

Hands-On Ethical Hacking and Network Defense Lecture 14 Cracking WEP Last modified

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.

WEP, WPA, and EAP Drew Kalina. Overview  Wired Equivalent Privacy (WEP)  Wi-Fi Protected Access (WPA)  Extensible Authentication Protocol (EAP)

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

Cody Brookshear Andy Borman

CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.

Doc.: IEEE /200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil.

Distributed WPA Cracking CSCI Distributed Systems Spring 2011 University of Colorado Rodney Beede Ryan Kroiss Arpit Sud

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

PPP Configuration.

WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

WLAN Security1 Security of WLAN Máté Szalay

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.

1 Example security systems n Kerberos n Secure shell.

Port Based Network Access Control

Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.

Wireless Technologies

WEP & WPA Mandy Kershishnik.

PPP – Point to Point Protocol

Applying known techniques to WEP Keys Tim Newsham

Virtual Private Networks (VPN)

Presentation transcript:

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 1 Weaknesses in LEAP Challenge/Response Joshua Wright

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 2 LEAP == Cisco Marketshare LEAP is Cisco’s plan to have controlling marketshare in the AP product space Lightweight Extensible Authentication Protocol –Also known as Cisco EAP –Easy to install and configure –Easy to support (unified supplicant) –It must be secure, right?

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 3 LEAP is a closed EAP type LEAP specification only opened to business partners under NDA Client is licensed to other NIC manufacturers (D-Link, SMC, 3Com, Apple) AP code to do LEAP is IP of Cisco Information gathered here is collected from: –Packet captures of LEAP transactions – September/ html

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 4 LEAP makes the world safer Provides authentication and data privatization –Uses modified MS-CHAPv2 challenge/response in the clear –Uses mutual authentication to mitigate MITM attacks –Uses short-lived WEP keys to encrypt data –Prevents usage of weak IV’s from the AP

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 5 MS-CHAPv2 Weaknesses MS-CHAPv2 weaknesses apply to the LEAP exchange –No salt in stored NT hashes Permits pre-computed dictionary attacks –Weak DES key selection for challenge/response Permits recovery of 2 bytes of the NT hash –Username sent in clear-text –We can deduce authentication passwords

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 6 LEAP STA Challenge/Resp 1.AP issues random 8-byte challenge to STA 2.STA uses 16 byte NT hash (MD4) of password to generate 3 DES keys 1.NT 1 – NT 7 2.NT 8 – NT 14 3.NT 15 – NT 16 + “\0 \0 \0 \0 \0” 3.Each DES key is used to encrypt the challenge (each generating 8 bytes of output) 4.STA sends 24-byte response to challenge 5.AP issues success or failure message

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 7 Response leaks 2 bytes of NT hash The third DES key is weak –Five NULL’s are consistent in every challenge/response –Leaves only 2^16 possibilities Can calculate 2^16 DES with a known challenge in < 1 sec Significantly reduces search space –Known hash bytes significantly reduces hash possibilities –‘$ grep “B1B2$” nthash-dict > possible-passwords’ –From 2.5 million passwords, usually leaves ~30

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 8 Our Attack Take a large password list, calculate MD4 hashes to generate a password+NT hash list Capture LEAP challenge/response –Extract username, challenge, response –Calculate the last 2 bytes of the NT hash from the response Search through pass+hash list for hashes with matching bytes Use matching entries to encrypt the challenge –Matching captured and calculated response will indicate the user’s password

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 9 Implementation – asleap-imp genkeys –Accepts a dictionary list of passwords and generates a “password \t hash” output file asleap –Reads from a pcap file, or from a network interface in RFMON mode –Watches for LEAP challenge/response –Calculates last two bytes of NT hash –Searches through genkeys output file for matches –Reports the user password

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 10 asleap-imp Features Search mode –Hops on all channels with user-specified hopping duration Active mode –Identifies active STA’s –Injects spoofed frame sending LEAP Logoff, followed by a deauthenticate frame to the STA Forces the victim to participate in a new challenge/response Saves LEAP exchange in a pcap file for later analysis –Hack from another machine with more disk space/larger genkeys password list

Abusing : Weaknesses in LEAP Challenge/Response – Defcon 2003 Slide 11 asleap-imp Demo