wifi wireless encryption
play

Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- - PowerPoint PPT Presentation

Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat Model- Unencrypted SSID Hiding SSID - network name LoboGuest eduroam Default broadcast SSID SSID hiding do not broadcast SSID


  1. Wifi

  2. Wireless Encryption • Unencrypted • WEP • WPA-2

  3. Threat Model- Unencrypted

  4. Threat Model- Unencrypted

  5. SSID Hiding • SSID - network name • LoboGuest • eduroam • Default — broadcast SSID • SSID hiding — do not broadcast SSID

  6. MAC Filtering • MAC address- uniquely identifies a device on a network • Blacklist MACs • Whitelist MACs

  7. RC4 • Stream Cipher

  8. WEP • 40 bit key • 24 bit initialization vector

  9. WEP Packet Checksum IV Key ID Payload RC4 Encrypted http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

  10. WEP: Passive Attack • IP traffic is predictable/redundant • Look for packets with the same IV • Two packets P1 and P2 with same IV C1 = P1 xor RC4(k||IV) • C1 = P1 xor RC4(k||IV) • C2 = P2 xor RC4(k||IV) • C1 xor C2 = P1 xor P2 • Use stats or known plaintext to find P1, P2

  11. Implementation bug or design flaw? • What if random IVs were used? • IV space – 224 possibilities • Collision after 4000 packets • Rough estimate: a busy AP sends 1000 packets/sec • Collision every 4s! • Even with counting IV (best case), rollover every few hours

  12. WEP: Table Attack • Small number of IVs • Figure out plain text for one packet. • Compute the RC4 key stream: RC4(k||IV) • Do this for all IVs (15GB storage) • Decrypt ALL the packets.

  13. WPA-2 https://www.krackattacks.com/

  14. WPA2: handshake frame

  15. WPA2: handshake

  16. KRACK attack • KRACK: Key reinstallation attack • Man-in-the middle between supplicant and authenticator • Replay old third message in handshake (rather than relay the third message) • Also resets packet counters: attacker can now replay packets

  17. KRACK attack

  18. Key takeaway • KRACK causes nonce reuse • Nonce reuse causes pain (relay of packets, decryption of packets, perhaps even forgery of packets)

Recommend


More recommend