Wifi
Wireless Encryption • Unencrypted • WEP • WPA-2
Threat Model- Unencrypted
Threat Model- Unencrypted
SSID Hiding • SSID - network name • LoboGuest • eduroam • Default — broadcast SSID • SSID hiding — do not broadcast SSID
MAC Filtering • MAC address- uniquely identifies a device on a network • Blacklist MACs • Whitelist MACs
RC4 • Stream Cipher
WEP • 40 bit key • 24 bit initialization vector
WEP Packet Checksum IV Key ID Payload RC4 Encrypted http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
WEP: Passive Attack • IP traffic is predictable/redundant • Look for packets with the same IV • Two packets P1 and P2 with same IV C1 = P1 xor RC4(k||IV) • C1 = P1 xor RC4(k||IV) • C2 = P2 xor RC4(k||IV) • C1 xor C2 = P1 xor P2 • Use stats or known plaintext to find P1, P2
Implementation bug or design flaw? • What if random IVs were used? • IV space – 224 possibilities • Collision after 4000 packets • Rough estimate: a busy AP sends 1000 packets/sec • Collision every 4s! • Even with counting IV (best case), rollover every few hours
WEP: Table Attack • Small number of IVs • Figure out plain text for one packet. • Compute the RC4 key stream: RC4(k||IV) • Do this for all IVs (15GB storage) • Decrypt ALL the packets.
WPA-2 https://www.krackattacks.com/
WPA2: handshake frame
WPA2: handshake
KRACK attack • KRACK: Key reinstallation attack • Man-in-the middle between supplicant and authenticator • Replay old third message in handshake (rather than relay the third message) • Also resets packet counters: attacker can now replay packets
KRACK attack
Key takeaway • KRACK causes nonce reuse • Nonce reuse causes pain (relay of packets, decryption of packets, perhaps even forgery of packets)
Recommend
More recommend