Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cracking WPA/WPA2 in the Cloud

Published byEmerald Chambers Modified over 8 years ago

Similar presentations

Presentation on theme: "Cracking WPA/WPA2 in the Cloud"— Presentation transcript:

1 Cracking WPA/WPA2 in the Cloud
Vivek Ramachandran Founder, SecurityTube.net

2 Shameless Self Promotion
B.Tech, ECE IIT Guwahati WEP Cloaking Defcon 19 Caffe Latte Attack Toorcon 9 802.1x, Cat65k Cisco Systems Media Coverage CBS5, BBC Trainer, 2011 Microsoft Security Shootout Wi-Fi Malware, 2011

3 Backtrack 5 Wireless Penetration Testing

4 SecurityTube.net Training
Students in 75+ Countries

5 Pentester Academy

6 Agenda WPA/WPA2 Cracking Using Cloud Services Automation Tool
Architecture Infrastructure vs Platform as a Service Automation Tool

7 WPA-Personal – Passphrase Based
Pre-Shared Key 256 bit PBKDF2 Passphrase (8-63)

8 Eavesdropping the 4 Way Handshake
Supplicant Authenticator Probe Request-Response Authentication RR, Association RR Pre-Shared Key 256 bit Pre-Shared Key 256 bit Message 1 ANounce Snounce PTK PTK Message 2 Snounce + MIC Message 3 Key Installation Key Installed Message 4 Key Install Acknowledgement Key Installed

9 WPA-PSK Dictionary Attack
4 Way Handshake SNonce ANonce AP MAC Client MAC Pre-Shared Key 256 bit PBKDF2 (SSID) PTK Passphrase (8-63) Dictionary Verify by Checking the MIC

10 Open Source Tools Available!

11 PBKDF2 Password Based Key Derivation Function RFC 2898
PBKDF2(Passphrase, SSID, ssidLen, 4096, 256) 4096 – Number of times the passphrase is hashed 256 – Intended Key Length of PSK

12 PMK Generator Architecture
Wordlist Generator PMK Generator SQL Database Amazon RDS SSID List

13 Amazon SQS (Message Queue)
Worker Architecture Master Worker-1 Worker-2 Worker-3 Amazon SQS (Message Queue) Worker-4 Worker-5 Worker-6

14 Distributed Message Queue

15 Relational Database in the Cloud

16 Workflow Distributed password list creator
Password and SSID inserted into Message Queue Worker machines create PMK from (Password, SSID) and store in Amazon RDS

17 Handshake Verification
PMK, Handshake Master Worker-1 Worker-2 Worker-3 Amazon SQS (Message Queue) Worker-4 Worker-5 Worker-6

18 Benchmark 1000 PMKs created / Second / Instance
130,000 PMK Verifications / Second / Instance 100 Worker Instances were run

19 Costs Involved – PMK Creation
Total cost of 100 instances / hour - $6 Total PMK Creation million/ hour Cost of startup amortized Stored for future use for a given SSID – Wordlist combination

20 Costs Involved – PMK Verification
Total cost of 100 instances / hour - $6 Total PMK Verifications Billion / hour Cost of startup amortized Permutation based WordList only to be generated once

21 Google AppEngine

22 POST based Data Passing
Architecture PMK, Handshake Resident Instance Task-1 Task-2 Task-3 POST based Data Passing Task-4 Task-5 Task-6

23 Chigu  - Amazon EC2 Automatically setup multiple machines on EC2 with pre-created AMI Bring up master, upload “job” Job consists of the following: Wordlist Creation PMK generation Handshake verification

24 Chigu in Action

25 Chigu Public Release Beta release available now
Testers please Version 1 to be released March 15th 2014 Custom AMI for Amazon and Controller Google Appengine Application and Controller

26 WPA-Enterprise Authenticator Authentication Server Supplicant
Association EAPoL Start EAP Request Identity EAP Request Identity EAP Response Identity EAP Packets EAP Packets EAP Success EAP Success PMK to AP 4 Way Handshake Data Transfers

27 Source: Layer3.wordpress.com

28 MS-CHAPv2 Cracked in Minutes

29 CloudCracker.com

Download ppt "Cracking WPA/WPA2 in the Cloud"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-00xx-00-sec Title: IEEE 802.11r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
IEEE 802.11i: A Retrospective Bernard Aboba Microsoft March 2004.

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
1 Practical stuff Crack the WPA key of this laptop. SSID: « Philips WiFi » Password list and cowpatty table available on CD (only useful today).

1 Practical stuff Crack the WPA key of this laptop. SSID: « Philips WiFi » Password list and cowpatty table available on CD (only useful today).
CN8816: Network Security 1 Security in Wireless LAN 802.11i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
Analysis of the 802.11i 4-Way Handshake Changhua He, John C Mitchell 2004 ACM International Workshop on Wireless Security (WiSe'04) Sang-Rok Kim Dependable.

Analysis of the i 4-Way Handshake Changhua He, John C Mitchell 2004 ACM International Workshop on Wireless Security (WiSe'04) Sang-Rok Kim Dependable.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.

Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
MIS 5212.001 Week 12 Site:

MIS Week 12 Site:
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
MIS 5212.001 Week 13 Site:

MIS Week 13 Site:
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Similar presentations

Ads by Google