Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross.

Published byDorthy Arnold Modified over 9 years ago

Similar presentations

Presentation on theme: "Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross."— Presentation transcript:

1 Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross

2 Faculty Advisor and team Dr. Steve Russell –Associate Professor Electrical and Computer Engineering sfr@iastate.edu Adrienne Huffman –Graduate Student Computer Engineering adnihuff@iastate.edu Jon Murphy Computer Engineering jwmurph@iastate.edu Steve Eilers Computer Engineering seilers@iastate.edu Alex Pease Computer Engineering Alex.pease@iastate.edu Jessica Ross Computer Engineering and Mathematics rossjr@iastate.edu

3

4 Definitions ARP – Address Resolution Protocol IV – Initialization Vector L2TP – Layer 2 Tunneling Protocol PPTP – Point to Point Tunneling Protocol Radius – Remote Authentication Dial In User Service SSL – Secure Socket Layer WEP – Wired Equivalency Privacy WPA – Wi-Fi Protected Access VPN – Virtual Private Network

5 What is SHARK? SHARK is a wireless security network to be used to study security related issues on wireless networks Tool to teach interested students about wireless security Report statistics about attackers and methods used to researchers at ISU Deployable to any remote location

6 Why SHARK? Client’s Last Semester as Professor, wants project finished Educated college students about 802.11 security Give students something fun to do

7 Limitations SHARK must be portable and extendable Initial build of the SHARK system must consist of three or fewer computers SHARK must be built within a $150 budget Must use public domain software Must be capable of collecting research data

8 Intended Users Primary –College students in computer related fields –Know the basics of wireless networking Secondary –Interested community members –People looking for a free access point

9 Intended Uses Primary –Learning tool for students –Study methods of wireless attacks –Study basic network security –Legal and ethical way for students to participate in hacking exercises

10 SHARK Node

11 SHARK – Software Ubuntu Squid –Web proxy cache Direct traffic to appropriate places Apache –Used to create local web-server login/registration Keep track of users MySQL –Database WireShark/Ethereal –Network Protocol Analyzer Captures all traffic on SHARK Network

12 Levels of Security SHARK has five levels of security –Guppy No security, used for basic registering on network –Clownfish WEP security –Swordfish Rotating WEP security –Barracuda WPA security –SHARK RADIUS security Provides statistical data on hacking patterns

13 Wired Equivalent Privacy (WEP) 64-bit WEP 128-bit WEP Same 24bit IV Stream Flaws in WEP –Repeating IV –Short –Stream Cipher XOR is bad

14 Aircrack, airodump, airdecap http://www.linux-wlan.org/docs/wlan_adapters.html.gz No magic number of IV’s –250,000 – 400,000 for 40 bit –750,000 – 2M + for 104 bit More users = more IV’s sent = More IV’s that are re-used Can read packets if IV is re-used but key not broken yet Breaking WEP Down

15 WPA Software update to WEP (closely related to rotating WEP) –Re-keying –No more weak IV packets Pre-shared Key –Only as strong a pasephrase Extensible Authentication Protocol (EAP) –User authentication –Radius

16 Traffic Generator – Baiting the Hook Breaking WEP and WPA encryption –Attackers must analyze thousands of packets

17 7-of-9 Off-the-Shelf wireless access point –Provides generic internet access –Traffic is captured and compared to SHARK traffic

18 Network View Analysis Subnet

19 Network Pros/Cons Pros – One external IP – Firewall – branches Cons – extensive forwarding

20 Machine Breakdown

21 SmallBox Captures traffic on SHARK Stores and Analyzes data –Packet Capture WireShark –Filter Snort –Webserver Apache

22 Sharkweb When attackers break into SHARK, are forwarded here Logged into database –WebserverApache –Web UtilitiesMySQL, PHP

23 Virtualnet Simulates additional machines running services without adding cost of physical machines –OS Ubuntu –Virtual Machine ManagerXen

24 Virtual Machines VM 1 –Mimicking a standard server VM 2 –Tarpit Delays incoming connections for as long as possible VM 3 –HoneyD Confuse attackers to think it has open ports

25 Secure Tunneling VPN –Provide secure communications over unsecured networks Benefits –Provides the level of security we desire Downsides –If SHARK is compromised, they have direct access to our network Solution –Scripting for “on- the-fly” configuration

26 Secure Tunneling – VPN One of the only ways to provide a secure and extensible way to access the SHARK machines Need the ability to create multiple VPN sessions, so a VPN server is required Multiple solutions available –PPTP –L2TP –SSL

27 Status of SHARK Completed –All computers have main software packages installed and configured –Order for parts has been placed –Xen server fully configured –Portal redirect In Progress –Open access point for registering –Virtual machines up and running In Concept –VPN –Radius Server –Data Statistics and Heuristics

28 Testing Target Audience CPRE 537 wireless Security Class CONTEST –Open Registration week 1 –WEP weeks 2,3 –WPA week 4 –Rotating WEP week 5 –RADIUS week 6 –Results week 7 –Basic Analysis week 8

29 Hours and Resources Hours (current)Cost ($10.50/hr) Steve Eilers60$630.00 Alex Pease86$903.00 Jon Murphy58$609.00 Jessica Ross50$525.00 Wireless AP$49.99 Router$39.99 HubDonated (2) ComputersDonated (3) Wireless Cards$39.99 Total254$2796.97

30 Future Uses Make the automation of tasks smoother Better documentation Increase the number of fields for registration.

31 Commercialization This project is a research project and is not intended for commercialization.

32 Questions?

Download ppt "Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Similar presentations

Ads by Google