310 likes | 325 Views
802.11i Wireless Security. Patrick Wiseman and John Holmes. Timeline. W.E.P. STANDARD BROKEN BY STATISTICAL ATTACK. 802.11 PROTOCOL INTRODUCED. AMENDMENT 802.11G. AMENDMENTS 802.11A & 802.11B INTRODUCED. WPA INTRODUCED IMPLEMENTING TKIP ENCRYPTION.
E N D
802.11i Wireless Security • Patrick Wiseman and John Holmes
Timeline W.E.P. STANDARD BROKEN BY STATISTICAL ATTACK 802.11 PROTOCOL INTRODUCED AMENDMENT 802.11G AMENDMENTS 802.11A & 802.11B INTRODUCED WPA INTRODUCED IMPLEMENTING TKIP ENCRYPTION. WPA2 INTRODUCED IMPLEMENTING AES ENCRYPTION W.E.P. INTRODUCED AS A SECURITY STANDARD 1997 1999 2001 2003 2005 2007
802.11 Wireless Standards • The IEEE defines the 802.11 standards which applies to a wide variety of wireless devices. • The FCC defines the frequencies which allowed for use in the United States. • The Wifi-Alliance works to maintain interoperability between devices by further defining the ambiguities in the standards, implementing drafts, and making further changes to further security.
Different 802.11 wireless standards *DRAFT STANDARD
Progression of Wireless Security • In 1999, the first standard security control widely adopted was Wired Equivalent Privacy (WEP). Due to the flawed implementation of the RC4 scheduling algorithm, it did not provide the level of security intended. • Vendors scrambled to put together temporary security solutions which frequently worked by adding to or altering the standard. This includes hidden SSID and MAC filtering. • In 2003, the WiFi Alliance releases WiFi Protected Access (WPA) which meets 802.11i wireless standards except for including support for AES encrpytion, which in 2004, is released with WPA2.
Pen. Testing Wireless Needs • Most wireless cards are designed to allow a wireless internet connection and follow the standards necessary to fulfill these requirements. • We would like a card that can perform the tasks we give it. This includes monitoring traffic not sent to it and injecting packets against the standard.
Chipsets and Drivers • The problem arises with different chipsets having drivers perform tasks while others will implement them in hardware. • This is why some wireless cards will not include the functionality for the features desired, such as most Broadcom cards. • Another reason is that while the card may support the functionality required, the drivers for that card almost certainly will not by default. • We will be using ralink chipset with the XX driver specifically to avoid problems with different wireless cards.
Monitoring a Wireless Connection • There are usually two drivers for wireless cards with hardware support for advanced features: one support active monitoring and another supporting passive monitoring. • Active Monitoring allows the card send out and see beacon requests. This is only useful really to see what wireless Access Points are available. • Passive Monitoring allows the card to see all the traffic that is on the airwaves. This is clearly more useful to an attacker.
Netstumbler • An active monitoring tool for Windows.
Airodump • An Active/Passive Monitoring Tool for Linux
Wireshark • A active/passive monitoring tool for Windows/linux.
Trivial Defenses • Cloaked or Hidden Service Set Identifier can be discovered using a de-authentication attack. This sends out forged de-authenticate or disassociate packets.
Trivial Defenses • MAC address filtering is defeated by passive monitoring and changing the MAC address on the attacking computer.
Ineffective Defenses: WEP • A distributed brute force attack on a 40-bit WEP key only takes approximately 24 hours. This means that attackers will know within 24-hours of capturing the first few packets whether or not they are dealing with a longer 104-bit key. • A more sophisticated dictionary attack can be used against APs using the Neesus Datacom Algorithm (such as Linksys, Belkin, and Netgear) which runs in a matter of seconds.
Ineffective Defenses: WEP • WEP’s main vulnerability was discovered in 2001 by Fluhrer, Mantin and Shamir which found a vulnerability in the RC4 key scheduling algorithm. • Wired Equivalent Privacy was implemented incorrectly with two main sources of failure: Initialization Vectors (IVs) and Integrity Checks (ICs). • IVs with a particular pattern (weak IVs) could be used to deduce the key. • Approximately 300,000 packets for a 40-bit key or 1,000,000 packets for a 104-bit key • IC algorithm errors allow for packet injection with correct CRCs.
jc-wepcrack • Tool can be used to brute force 40-bit WEP keys in about about a week. • Tool can be used to brute force 104-bit WEP keys although not quickly.
wepcrack • Uses the newsham-21 bit Dictionary Attack, which works on vulnerabilities on the Neesus Datacom Algorithm.
airsnort • Works on vulnerabilities in the RC4 scheduling algorithm. • The time required to find the key can be reduced by packet injection.
aircrack-ng • Works on vulnerabilities in the RC4 scheduling algorithm. • The time required to find the key can be reduced by packet injection.
Effective Defenses: WPA(2)-PSK • WPA and WPA2 can be configured to use a pre-shared key (password). • WPA and WPA2 can also be configured using EAP to use other authentication methods such a Remote Authentication Dial In User Service (RADIUS) • The limitation of security for PSK is once again the strength of the chosen key. • The limitation on RADIUS depends on the configuration, but is likely to also be password strength, but with more safeguards.
WPA Dictionary Attack • WPA-PSK particularly is vulnerable to a dictionary attack although greatly slowed down by the 4096 times each tested password must be hashed. • The best defense against this type of attack is to use passwords not based on dictionary words and to include a mix of capital and lower case letters, numbers, and symbols.
cowpatty • cowpatty is a simple tool which takes the 4-way handshake of a WPA connection and performs a dictionary attack to derive the key
airdecap • Once the WPA key is known, dumps of captured packets may be decrypted with airdecap.
Rogue AP Points • Currently some of the easiest attacks to perpetrate are masquerading as commonly used APs such as tmobile, linksys, or GTwireless. • By doing so you simply bypass all of the need to crack encrypted keys and tunnel through security mechanisms • The user will be exposed on the same subnet as the attacker with possibly little or no knowledge of such an incident. • Windows XP preferred network list tries to automatically connect to all the networks on the list, failing that it tries to connect to an SSID of random numbers. Even if it successfully connects, it does not tell the user.
KARMA • Can be used to collect data, by having users accidentally or inadvertently connect to it. It provides low level functionality for several protocols. Although configured to respond to everything, can be setup to only respond to the random SSIDs generated when no other wireless networks found.
Recovering WEP/WPA keys • Given the zero configuration and preferred network lists it might be desirable for an attack with a compromised machine to just steal the authentication detail rather than crack them. • This is trivial to do in linux with the command: • cat /etc/wpa_supplicant.conf
wzcook • A tool for Windows XP that collects WEP/WPA keys from zero configuration and places them in a text file.
Best Current Practice • Use WPA2 utilizing the Advanced Encryption Standard (AES) encryption, Extensible Authentication Protocol - Transport Layer Security (EAP-TLS), and Remote Authentication Dial In User Service (RADIUS) for mutual authentication.
FreeRADIUS • FreeRADIUS is a open source version of the RADIUS service.
What you will do in lab • Discover Access Points using both linux and windows tools • Perform wireless sniffing in passive mode with linux • Perform de-authentication DoS attacks • Perform RTS/CTS DoS attacks • Defeat trivial defenses such as cloaked SSID names and MAC address filtering • Recover a WEP key using RC4 statistical attacks • Recover a WPA-PSK key using a dictionary attack • Perform masquerading attacks using Rogue AP software • Recover lost WEP/WPA keys from preferred network lists in Windows and linux • Configure WPA2, EAP-TLS, and RADIUS to demonstrate current best practice