KRACK Attack Team 05 Duncan Yee Eric Kwok Derrick Lee 1
Content Introduction Overview Problem Implementation Discussion References 2
Introduction The IEEE 802.11 wireless network protocol is the most common protocol used to connect wirelessly to the network This includes computers, laptops, network connected home locks, and electronic devices that connect wirelessly to the internet Various authentication schemes are used to provide a secure Wireless Local Area Network (WLAN) The most secure and commonly used method of authentication scheme is the Wi-Fi Protected Access 2 (WPA2) In 2017, a method to exploit the WPA2 authentication scheme has been discovered called the Key Reinstallation Attack (KRACK) WPA3 which was announced in 2018, is the successor to WPA2 which provides a more secure handshake, but it has yet been implemented to a large scale 3
Goal: We will simulate the transmission of packets through a wireless network and demonstrate how the KRACK attack can be implemented Numerous patches have been provided by network providers to counteract the KRACK attack We will discuss what these patches do to provide details on the measures used to protect against this attack 4
Content Introduction Overview Problem Implementation Discussion References 5
Overview WPA2 supersedes the previous WPA and Wired Equivalent Privacy (WEP) It is a security protocol that provides authentication for clients prior to being granted access to the network WPA2 supports the Temporal Key Integrity Protocol (TKIP), CCM mode Protocol (CCMP), and Advanced Encryption Standard (AES) encryption modes to securely encrypt packets in transmission 6
Proof of Concept attack against Android When the attack was released in October 2017, researchers were able to demonstrate decryption of WiFi packets and were able to acquire login information 7
8
9
i.e. router; provides (Client) supplicants access to 4-Way Handshake wireless network (AP) i.e. your device; laptop, desktop, tablet The supplicant knows the wireless network passphrase (user entered) The authenticator knows the wireless network passphrase The 4-way handshake provides a means for the two devices to prove that they both know the passphrase 10
4-Way Handshake 1) AP generates and sends an Authenticator Number used once (ANonce) to client 2) Client constructs the Pairwise Transient Key (PTK) with the ANonce, sends its own SNonce, and protects the frame with a Message Integrity Code (MIC) value 3) AP calculates the PTK, constructs and sends the Group Temporal Key (GTK) and sequence number. A MIC value is also used to protect frame and PTK is directed to be installed 4) Client sends confirmation to AP and is ready to configure its hardware Data port is now open and data can be unicasted using the PTK and multicasted with the GTK. 11
Content Introduction Overview Problem Implementation Discussion References 12
Problem The vulnerability of the WPA2 security protocol is from the third step of the 4-way handshake, where the access point constructs and sends the GTK and sequence number The attacker doesn’t require the passphrase to implement the attack and instead, tries to degrade the shared encryption keys This means changing passphrases to connect to the network will not help 13
Krack Once a target network is selected, the attacker clones the real AP onto a separate channel called the Rogue Access Point Attacker will send spoofed 802.11 management frames from the Rogue AP in an attempt to get clients to connect to it instead of the real AP, resulting in a man-in-the-middle position Right before the 3rd step of the 4-way handshake, a forged ANonce from the Rogue AP is sent forcing the target to re-install the shared key, essentially repeating step 1 As this process repeats multiple times, the key becomes predictable allowing the attacker to decrypt packet data. It may also be possible for the attacker to inject malicious packets. 14
Man-In-The-Middle Position After spoofing 802.11 management frames to trick a client into connecting to the malicious attacker’s AP, packets between the client and AP are intercepted. The attacker is free to resend message 3 of the handshake to the client and capture multiple encrypted messages. 15
Android and Linux Wpa_supplicant version 2.4 and above: Once the encryption key has been installed on the client for the first time, it is cleared from memory for security reasons. If message 3 is received again, the client will “reinstall” the encryption key, however it has been cleared. An all-zero key will be installed a result, making it trivial to decrypt subsequent packets. (XOR with an all-zero key produces the exact same message) 16
More Details on Decryption E 1 and E 2 are encrypted packets captured from the client. P 1 and P 2 are the plaintext contents of the packets KS is the keystream used to encrypt the messages. By capturing multiple packets and correctly guessing P 1 , all subsequent packets P 2 can be decrypted 17
Content Introduction Overview Problem Implementation Discussion References 18
EAP Protocol Captured by Wireshark 19
Simulation of WiFi Network 20
Simulation of Man In The Middle Packets 21
Content Introduction Overview Problem Implementation Discussion References 22
Prevention Use wired Ethernet connection -> not always viable Make sure security patches are up to date and installed 23
A Closer Look On Security Patches Linux has an open-source patch while the DD-WRT open router firmware has a design patch available to be analyzed Implementations of its patch: - prevent TK reinstallation if TK has already been set - track current GTK and prevent further reinstallation attempts (prevents resetting of sequence counter) - track whether PTK has been installed and prevent installation of an all-zero TK (also prevents re-installation of the same PTK to the driver) - generation of a new ANonce when starting a new 4-way handshake to rekey PTK 24
Additionally: WPA2 with CCMP and AES is still more secure than TKIP or WEP TKIP is similar to the deprecated WEP standard for backwards compatibility Because WEP has been proven to be insecure, TKIP is also vulnerable 25
Future Work Continuation to add more nodes to the simulation Implementation of the prevention methods Improvements to the aforementioned prevention techniques 26
Questions? 27
Content Introduction Overview Problem Implementation Discussion References 28
References ● Images.theconversation.com. (2019). [online] Available at: https://images.theconversation.com/files/190426/original/file-20171016-30954-gq7cfn.png?ixlib=rb-1.1.0&q=45&auto=format [Accessed 19 Mar. 2019]. ● thecybersecurityman, V. (2019). All Wi-Fi Networks are Currently Vulnerable to Attack . [online] The Cybersecurity Man. Available at: https://thecybersecurityman.com/2017/11/03/all-wi-fi-networks-are-currently-vulnerable-to-attack/ [Accessed 23 Mar. 2019]. ● W1.fi. (2019). Index of /security/2017-1 . [online] Available at: https://w1.fi/security/2017-1/ [Accessed 7 Mar. 2019]. ● Svn.dd-wrt.com. (2019). Changeset 33525 – DD-WRT . [online] Available at: https://svn.dd-wrt.com//changeset/33525 [Accessed 10 Mar. 2019]. ● Chacos, B. and Simon, M. (2019). KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know . [online] PCWorld. Available at: https://www.pcworld.com/article/3233308/krack-wi-fi-security-flaw-faq-tips.html [Accessed 16 Mar. 2019]. ● Hitchhikersguidetolearning.com. (2019). EAPOL 4-Way Handshake | Hitch Hiker's Guide to Learning . [online] Available at: http://www.hitchhikersguidetolearning.com/2017/09/17/eapol-4-way-handshake/ [Accessed 15 Mar. 2019]. ● L. Epia Realpe, O. Parra and J. Velandia, "Use of KRACK Attack to Obtain Sensitive Information", Mobile, Secure, and Programmable Networking, pp. 270-276, 2019. Available: https://link-springer-com.proxy.lib.sfu.ca/chapter/10.1007/978-3-030-03101-5_22. [Accessed 10 February 2019]. ● C. Kohlios and T. Hayajneh, "A Comprehensive Attack Flow Model and Security Analysis for Wi-Fi and WPA3", Electronics, vol. 7, no. 11, p. 284, 2018. Available: https://www.mdpi.com/2079-9292/7/11/284/htm. [Accessed 10 February 2019]. ● S. Naitik, P. Vernekar and V. Shetty, "Mitigation of KeyReinstallation Attackin WPA2 Wi-Fi networks by detection of Nonce Reuse", International Research Journal of Engineering and Technology(IRJET), vol. 05, no. 05, p. 1531, 2018. Available: https://www.irjet.net/archives/V5/i5/IRJET-V5I5290.pdf. [Accessed 10 February 2019]. 29
Recommend
More recommend