Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

Published byJean Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna."— Presentation transcript:

1 Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna

2 Outline ● 802.11 Overview ● WEP ● Other security measures ● Attacks ● Lab motivation

3 802.11 Overview ● IEEE 802.11 denotes a set of wireless standards definied by IEEE ● Most popular include 802.11a/b/g ● 802.11a is in the 5GHz band, b/g is in the 2.4GHz band ● 802.11i is intended to improve security

4 Security Features ● Service Set Identifier (SSID) ● Used to differentiate between access points ● Sent out in a beacon frame ● These are plain text messages

5 Associating with an AP ● Two initialization methods ● Shared Key or Open Key ● With Open Key anyone can talk to the AP ● Shared Key requires authentication as soon as association succeeds

6 Wired Equivalent Privacy (WEP) ● WEP uses the stream cipher C4 – RC4 generates a pseudorandom stream of bits (a "keystream") which is combined with the plaintext using xor – Decryption is performed the same way ● WEP uses two key sizes: 40 bit &104 bit – 64 bit and 128 bit WEP ● To each is added a 24-bit initialization vector (IV) which is transmitted in the clear.

7 WEP ● WEP has several weaknesses ● The weakness with RC4 is with the Initialization Vector (IV) ● This lead to several different types of attacks ● We will use a tool that combines two of these attacks, and the appendix will describe another

8 WEP attack #1 ● The 24 bit IV has a numerical limit ● Only 16,777,216 possible IVs ● Listening long enough, and IVs will be repeated ● Enough duplicate IVs and the WEP key can be determined

9 WEP attack #2 ● Another attack relies on the fact that some IVs are weak ● Using a formula, one can take a weak IV and infer part of the WEP key ● Listening to the network long enough and the WEP key can be discovered ● This attack, like the last one, can take a very long time

10 WEP attack #3 ● A new attack was developed by a hacker name KoreK ● This attack relies on gathering enough unique IVs ● This is a statistical attack that requires about 200,000 unique IVs to determine a 40-bit WEP key

11 Default Settings ● Most consumer access points are very easy to setup ● However, their default states have no security and are easy to lookup ● Despite this, many people leave their APs in this state, making them easy targets

12 Protecting Your Network ● There are several methods to increase the security of a wireless network ● Turning off SSID broadcasting ● SSID broadcasting helps attackers find your WLAN ● While not broadcasting will not stop anyone, it will make your network less interesting

13 MAC Address Filtering ● MAC address filtering allows only a set list of hardware devices connect ● In theory every device will have a unique MAC address ● However, using a sniffer the MAC address of a valid client is easily found ● Most wireless cards allow their MAC addresses to be changed

14 WPA - Wi-Fi Protected Access ● By increasing the size of the keys, the number of keys in use, and adding a secure message verification system, WPA makes breaking into a Wireless LAN far more difficult. ● The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards; however it is subject to attack. To limit this risk, WPA networks shut down for 30 seconds whenever an attempted attack is detected.

15 Lab Goals ● Determine router type and defaults ● Examining unencrypted traffic ● Bypassing MAC address filtering ● Cracking WEP using Aircrack ● Setting up a fake AP to steal login information

16 Network Layout

17 Unencrypted Traffic

18 MAC Address Filtering ● Sniff traffic for a valid MAC address ● Change your MAC address to the valid one (Spoofing) ● Full access if no encryption on the network

19 Cracking WEP with Aircrack ● Airodump collects packets ● Aircrack is used on the output file from Airodump ● It uses unique IVs to break the WEP key ● ~330,000 unique IVs and Aircrack broke the key in 1 second ● ~100,000 and it took 21 seconds

20 Fake AP ● The tool suite we will use allows us to setup our wireless card as an access point ● To make this useful we will need to do some work ● By deauthenticating a client from his AP, we can make him connect to our fake one ● By forging a web page we can potentially steal important login information ● This attack is very hard for the victim to realize until it is far to late

21 Links to tools ● Ethereal – – http://www.ethereal.com ● Kismet – – http://www.kismetwireless.net ● Auditor security collection - – http://new.remote-exploit.org/index.php/Auditor_main ● Aircrack – – http://www.cr0.net:8040/code/network/aircrack

22 References ● http://en.wikipedia.org/wiki/RC4 ● http://en.wikipedia.org/wiki/WEP ● http://en.wikipedia.org/wiki/IEEE_802.11 ● http://www.securityfocus.com/infocus/1814 ● http://www.cr0.net:8040/code/network/aircrack/

23 Questions?

Download ppt "Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna."

Similar presentations

Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
WLAN Security: Cracking WEP/WPA

WLAN Security: Cracking WEP/WPA
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.

The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.
Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.

Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
The Final Nail in WEP’s Coffin Andrea Bittau, Mark Handley – University College London Joshua Lackey - Microsoft CPS372 Gordon College.

The Final Nail in WEP’s Coffin Andrea Bittau, Mark Handley – University College London Joshua Lackey - Microsoft CPS372 Gordon College.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Similar presentations

Ads by Google