WiFi Secuiry: Attack & Defence

HACKING & INFORMATION SECURITY
Presents:
-With TechNext

We Are…The Speakers…
Sudarshan Pawar
Certified Security Expert(C.S.E.)
Certified Information Security Specialist (C.I.S.S.)
Security Xplained (TechNext Speaker)
Computer Engg.
& a Security Professional
Prakashchandra Suthar
Security Enthusiast
Cisco Certified Network Associate
Red Hat Linux Certified
Security Xplained (TechNext Speaker)
Computer Engg
Security Researcher.

Topics to be covered
• Basics of Wifi
• Types of wireless networks
• Wireless Standards(802.11 series)
• Encryption Algorithms
• Wireless hacking methodology
• ATTACKS(commonly encountered)
• Staying secure(Defense)
• Security Tools
We are not including stats, history, who did what/when/why-> Bcoz it’s Booooring….!!! U can
google them later….!

• Basics of Wifi
• Types of wireless networks
• Wireless Standards(802.11 series)
• Encryption Algorithms
• Wireless hacking methodology
• ATTACKS(commonly encountered)
• Staying secure(Defense)
• Security Tools

Wifi Basics
• WiFi(Wireless Fidelity)->Wireless
networks(commonly referred as WLAN
• Developed on IEEE 802.11 standards
• Wireless networks include: Bluetooth, Infrared
communication, Radio Signal etc.
• Components used:
o Wireless Client Receiver
o Access Point
o Antennas

Extension to a wired network
(BROADBAND ROUTER)
(ACCESS POINT)
(EXTENSION POINT)

Multiple Access points
(BROADBAND ROUTER)
(ACCESS POINT-1)
(ACCESS POINT-2)

3g Hotspot
GPRS
3G
4G
Internet

How many of you have tried this???

WiFi Standards
Points 802.11b 802.11a 802.11g 802.11n
Extension to 802.11 802.11 802.11a 802.11g
Bandwidth (Mhz) 20 (11Mbps) 20 (54Mbps) 20 (54Mbps) 20 (54Mbps)
40 (150Mbps)
Frequency(Ghz) 2.4 5 2.4 2.4, 5
Pros Lowest cost;
signal range is
good and not
easily obstructed
fast maximum
speed; regulated
frequencies
prevent signal
interference from
other devices
fast maximum
speed; signal
range is good and
not easily
obstructed
fastest maximum
speed and best
signal range;
more resistant to
signal
interference from
outside sources
Cons slowest
maximum speed
highest cost;
shorter range
signal that is
more easily
obstructed
costs more than
802.11b;
appliances may
interfere on the
unregulated
signal frequency
standard is not
yet finalized;

Are u seriously concerned about wifi
security????? Be honest!

WEP(Wired Equivalence Privacy)
• The first encryption scheme made available
for Wi-Fi.
• Uses 24 bit initialization vector for cipher
stream RC4 for confidentiality
• CRC-32 bit checksum for integrity.
• Typically used by home users.
• Uses 64,128, 256 bit keys
• Flawed from the get go.

WEP Working
KEY
STORE WEP Key IV
RC4
CIPHER KEYSTREAM
DATA ICV
PAD KID CIPHERTEXTIV
WEP ENCRYPTED
PACKET(MAC FRAME)
CRC 32
CHECKSUM
XOR
ALGO.

WEP Weakness
1. Key management and key size
2. 24 bit IV size is less.
3. The ICV algorithm is not appropriate
4. Use of RC4 algorithm is weak
5. Authentication messages can be easily forged

WPA (Wi-Fi Protected Access)
• Data Encryption for WLAN based on 802.11 std.
• Improved Encryption & Authentication Method.
• Uses TKIP
– Based on WEP
– Michael algorithm
• Hardware changes not required
• Firmware update
Types
1. Personal 2. Enterprise
PSK 802.1x + RADIUS

WPA Working
Temporary
Encryption key
Transmit
Address
T.S.C.
KEY
MIXING
WEP
SEED
RC4
CIPHER KEYSTREAM
MAC
HEADER
IV KID EIV CIPHER TEXT
MSDU
MIC KEY
MPDU ICV
MICHAELS
ALGORITHM MSDU + MIC KEY
( PACKET TO BE TRANSMITTED )

WPA2
• Long Term Solution (802.11)
• Stronger Data protection & Network access
control
• Used CCMP
– Based on AES
• Hardware changes required
Types
1. Personal Pre Shared Key
2. Enterprise 802.1x + RADIUS

WPA2 Working
Source: EC Council

Breaking WPA/WPA2
• Dictionary Attacks(Not so successful, but yeah
some time…)
• Brute Force(tools like: Kismac, Aireplay etc)
• WPA PSK

Security breaching sequence
Find the network
Study its traffic
Study Security
mechanisms
ATTACK!!!!!!!!
(i.e. Decrypt the
packets)

Access point is busy handling attackers request
AFTER ATTACK

Man In The Middle Attack(MITM)
• Before

ARP Poisoning/Spoofing
Source: http://securitymusings.com/wp-content/uploads/2008/12/arp-spoofing.png

Fake Access Points
SSID: XYZ Bank

Defense against WPA / WPA2 attacks
• Extremely Complicated keys can help
• Passphrase should not one from dictionary, so
use uncommon-senseless words.
• Key should be more than 20 chars with
combination of special chars, numbers,
alphabets. Change them at regular intervals.

1. WPA instead of WEP
2. WPA2 Enterprise implementation
3. Place AP at secured location.
4. Centralized authentication & Update Drivers
regularly.
5. Changing default SSID after Configuring
WLAN
6. Firewall policies & Router access Password
Security Checkboxes

1. MAC add. Filtering
2. Encryption at Access Point
3. Packet Filtering between AP
4. Network Strength configuration.
5. Use Ipsec’s for encryption on WLANS
6. Check out for Rogue Access Points
Security Checkboxes(contd…)

Wi-Fi Security Auditing Tools
• AirMagnet Wifi Analyzer
• AirDefense
• Adaptive wireless IPS
• ARUBA RF Protect WIPS
• And many others…

Questions?
• What you want to ask, many already have that same question
on their mind. Be bold and lead
• OK, if you don’t want to speak and keep shut and keep
thinking about it in your mind and take those questions home,
make sure you email those to us and sleep well at night!

What should be our topic for the next meet?
I hate to ask but, how can we make this better?

WiFi Secuiry: Attack & Defence

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie WiFi Secuiry: Attack & Defence

Ähnlich wie WiFi Secuiry: Attack & Defence (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

WiFi Secuiry: Attack & Defence