Cracking WPA/WPA2 in the Cloud

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
1 Practical stuff Crack the WPA key of this laptop. SSID: « Philips WiFi » Password list and cowpatty table available on CD (only useful today).
CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
Analysis of the i 4-Way Handshake Changhua He, John C Mitchell 2004 ACM International Workshop on Wireless Security (WiSe'04) Sang-Rok Kim Dependable.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
MIS Week 12 Site:
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
MIS Week 13 Site:
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.
1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.
Analysis of 4-way handshake protocol in IEEE i Changhua He Stanford University Mar. 04, 2004.
MIS Week 11 Site:
A Brief Overview by Aditya Dutt March 18 th ’ Aditya Inc.
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Wireless and Security CSCI 5857: Encoding and Encryption.
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
1 WPA, what else? UNAM, Mexico City November 27-28, 2008 Thomas d’Otreppe de Bouvette Aircrack-ng.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
CS 525M – Mobile and Ubiquitous Computing Seminar Bradley Momberger Randy Chong.
20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Distributed WPA Cracking CSCI Distributed Systems Spring 2011 University of Colorado Rodney Beede Ryan Kroiss Arpit Sud
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Shambhu Upadhyaya Security – Key Hierarchy Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 11)
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Doc.: IEEE /008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.
Doc.: IEEE /0899r2 Submission July2010 Dan Harkins, Aruba NetworksSlide 1 Secure PSK Authentication Date: Authors:
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Port Based Network Access Control
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Module 48 (Wireless Hacking)
Re-evaluating the WPA2 Security Protocol
Advanced Penetration testing
Advanced Penetration testing
Advanced Penetration testing
Advanced Penetration testing
Wireless Network Security
Advanced Penetration testing
PEKM (Post-EAP Key Management Protocol)
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Fast Roaming Compromise Proposal
Fast Roaming Compromise Proposal
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
Fast Roaming Compromise Proposal
Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc
Sept 2003 PMK “sharing” Tim Moore Tim Moore, Microsoft.
Presentation transcript:

Cracking WPA/WPA2 in the Cloud Vivek Ramachandran Founder, SecurityTube.net

Shameless Self Promotion B.Tech, ECE IIT Guwahati WEP Cloaking Defcon 19 Caffe Latte Attack Toorcon 9 802.1x, Cat65k Cisco Systems Media Coverage CBS5, BBC Trainer, 2011 Microsoft Security Shootout Wi-Fi Malware, 2011

Backtrack 5 Wireless Penetration Testing http://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581/

SecurityTube.net Training Students in 75+ Countries

Pentester Academy

Agenda WPA/WPA2 Cracking Using Cloud Services Automation Tool Architecture Infrastructure vs Platform as a Service Automation Tool

WPA-Personal – Passphrase Based Pre-Shared Key 256 bit PBKDF2 Passphrase (8-63)

Eavesdropping the 4 Way Handshake Supplicant Authenticator Probe Request-Response Authentication RR, Association RR Pre-Shared Key 256 bit Pre-Shared Key 256 bit Message 1 ANounce Snounce PTK PTK Message 2 Snounce + MIC Message 3 Key Installation Key Installed Message 4 Key Install Acknowledgement Key Installed

WPA-PSK Dictionary Attack 4 Way Handshake SNonce ANonce AP MAC Client MAC Pre-Shared Key 256 bit PBKDF2 (SSID) PTK Passphrase (8-63) Dictionary Verify by Checking the MIC

Open Source Tools Available!

PBKDF2 Password Based Key Derivation Function RFC 2898 PBKDF2(Passphrase, SSID, ssidLen, 4096, 256) 4096 – Number of times the passphrase is hashed 256 – Intended Key Length of PSK

PMK Generator Architecture Wordlist Generator PMK Generator SQL Database Amazon RDS SSID List

Amazon SQS (Message Queue) Worker Architecture Master Worker-1 Worker-2 Worker-3 Amazon SQS (Message Queue) Worker-4 Worker-5 Worker-6

Distributed Message Queue

Relational Database in the Cloud

Workflow Distributed password list creator Password and SSID inserted into Message Queue Worker machines create PMK from (Password, SSID) and store in Amazon RDS

Handshake Verification PMK, Handshake Master Worker-1 Worker-2 Worker-3 Amazon SQS (Message Queue) Worker-4 Worker-5 Worker-6

Benchmark 1000 PMKs created / Second / Instance 130,000 PMK Verifications / Second / Instance 100 Worker Instances were run

Costs Involved – PMK Creation Total cost of 100 instances / hour - $6 Total PMK Creation - 360 million/ hour Cost of startup amortized Stored for future use for a given SSID – Wordlist combination

Costs Involved – PMK Verification Total cost of 100 instances / hour - $6 Total PMK Verifications - 45 Billion / hour Cost of startup amortized Permutation based WordList only to be generated once

Google AppEngine

POST based Data Passing Architecture PMK, Handshake Resident Instance Task-1 Task-2 Task-3 POST based Data Passing Task-4 Task-5 Task-6

Chigu  - Amazon EC2 Automatically setup multiple machines on EC2 with pre-created AMI Bring up master, upload “job” Job consists of the following: Wordlist Creation PMK generation Handshake verification

Chigu in Action

Chigu Public Release Beta release available now Testers please email vivek@securitytube.net Version 1 to be released March 15th 2014 Custom AMI for Amazon and Controller Google Appengine Application and Controller http://Chigu.SecurityTube.net

WPA-Enterprise Authenticator Authentication Server Supplicant Association EAPoL Start EAP Request Identity EAP Request Identity EAP Response Identity EAP Packets EAP Packets EAP Success EAP Success PMK to AP 4 Way Handshake Data Transfers

Source: Layer3.wordpress.com

MS-CHAPv2 Cracked in Minutes

CloudCracker.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.