Practical Verification of TKIP Vulnerabilities

•

0 gefällt mir•2,282 views

vanhoefm

Presentation given at Asia CCS on the paper "Practicular Verification of WPA-TKIP Vulnerabilities".

Technologie

 Efficient Denial of Service
 Forge arbitrary packets to client
 Decrypt traffic towards client
1
TKIP:WiFi security protocol

Why studyTKIP if a replacement already exist?
2
1999 2002 2004
WEP
Broken
WPA-TKIP
Acceptable
WPA-CCMP
(AES)
Secure

Detected 6803 networks
66% supportTKIP
19% support onlyTKIP
3
Need more arguments to killTKIP!

4
Beck &Tews Attack
>8 mins Key to calculate
integrity check
Forge 3 small
packets to client

NewAttack:
 Efficient Denial of Service
Improve & implement existing ideas to:
 Forge arbitrary packets
 Decrypt packets towards client
[M. Beck. EnhancedTKIP michael attacks.]
5

1. Add Message Integrity Check (MIC)
2. Encrypt using XOR stream cipher
3. Add Packet ID (#ID) to avoid replays
#ID MICData
Encrypted
How are packets sent/received?
6

8
#ID MICData
If decrypted, reveals MIC key.
If ( two MIC failures within a minute )
halt all traffic for 1 minute

Attack: Capture packet, change priority, replay.
9
#ID / prior. MICData
Encrypted

 Avoids replay detection
 Doesn’t affect decryption
 Changes expected MIC value
Attack: Capture packet, change priority, replay.
10
#ID / prior. MICData
Encrypted
Change
priority

 Avoids replay detection
 Doesn’t affect decryption
 Changes expected MIC value
Attack: Capture packet, change priority, replay.
11
#ID / prior. MICData
Encrypted
Change
priority
MIC Failure(s) Traffic halted for 1 minute

Beck &Tews attack can forge 3 packets.
Injecting more requires new keystreams:
12
Ciphertext PlaintextKeystream
 All packets start with
LLC header
 We predict these with
very high accuracy
Capture packets
with new #ID’s.

 LLC Header is only 12 bytes ….
 Combine them using fragmentation!
#ID1 Data1 #ID16 Data16 MIC
Data MIC
Data1 Data16 MICData2
 12 bytes/fragment: inject 120 bytes of data

Port Scanner:
1. Get MIC key using Beck &Tews attack
2. InjectTCP SYN packets
3. Detect SYN/ACK based on length
Remarks:
 High amount of packet injection proven!
 Also: DNS poisoning, DHCP spoofing, …
14

AP
Client
1. Sniff packet
2.
15
Attacker
Data MICPing req.
Sniffed packet

AP
Client
1. Sniff packet
2.
16
Attacker
Data MICPing req.
Sniffed packet
Magic

AP
Client
1. Sniff packet
2.
3. Reply incl. packet
External IP
17
Attacker
Data MICPing req.
Sniffed packet
Magic

 State1: initial state of every packet
 State2: state after processing prefix
 State3: equal to state1 due to magic bytes
 State4: equal to MIC of sniffed packet!
Data MICMagicPrefix
Sniffed packet
18
State4State3State2State1

Possible applications?
 Decrypt web responses:
 Web mail
 Bank details
 …
 DecryptTCP sequence number, hijack
connection and inject malware?
19

Integrity (MIC) not verified when fragmented:
AlfaAWUS036h Belkin F5D7053 Ralink U150BB
20
Attack time reduced
from >8 min to zero.

No replay protection:
AlfaAWUS036h Belkin F5D7053 Tomato 1.28
(AP firmware)
21
No need to generate
new keystreams!

Always accepts unencrypted packets:
AlfaAWUS036h Belkin F7D1102 ScarletVDSL
(AP of ISP in BE)
22
Game over, you lose!

TKIP is insecure!
 Efficient Denial of Service
 Forge any packet towards client
 Decrypt traffic towards client
24

Weitere ähnliche Inhalte

Was ist angesagt?

Mobile Security - Wireless hacking

phanleson

Wireless Cracking using Kali

n|u - The Open Security Community

Hacking wireless networks

Sahil Rai

This presentation covers different attacks that can be leveraged against wireless networks using Enterprise (802.1x) authentication. Attendees will learn about and see demonstrations of these attacks, many of which can be used to reveal the credentials used to join the wireless network. The presentation concludes with recommendations on how to defend against these attacks. Matt Neely (CISSP, CTGA, GCIH and GCWN) is the Profiling Team Manager at SecureState, a Cleveland Ohio based security consulting company. At SecureState, Matt and his team perform traditional penetration tests, physical penetration tests, web application security reviews and wireless security assessments. His research interests include the convergence of physical and logical security, cryptography and all things wireless. Matt is also a host on the Security Justice podcast.

Attacking and Securing WPA Enterprise Networks

Northeast Ohio Information Security Forum

Exploiting WiFi Security

Hariraj Rathod

Fundamentals of network hacking

Pranshu Pareek

Packet sniffing & ARP Poisoning

Viren Rao

T C P I P Weaknesses And Solutions

eroglu

Barriers to TOR Research at UC Berkeley

joebeone

Anton Chuvakin on Honeypots

Anton Chuvakin

Mitm(man in the middle) ssl proxy attacks

JaeYeoul Ahn

Hacking Cisco

guestd05b31

The presentation covers information about basic and advanced ddos attacks; the tools, techniques and methods to perform them and how to prevent them using the methods present in TCP/IP. Given the different network and application protocols for tcp/ip; we tried to describe where ddos attacks are made possible in the communication process . Each attack is seperately analyzed and described and defense technique is described using the same analogy. Our motto: If there is a ddos case, there was a way to defend it.

Ddos and mitigation methods.pptx (1)

btpsec

Wpa3

Bhavya Dashora

Practical steps to mitigate DDoS attacks

Security Session

Type of DDoS attacks with hping3 example

Himani Singh

Securing wireless network

Syed Ubaid Ali Jafri

Presented at NZISIG on Tuesday 26th February 2019. "WPA3: What is it good for? (With a little bit of Bluetooth and a soupçon of GPS)" I offered this talk to Purplecon but they didn't want it so you're getting it instead. Since it's been a few months I've added some other stuff on the end. Overview of existing issues in WAP, WPA, WPA2 and WPS Skateboarding dog story WPA3 improvements: - Password protection - Preshared keys (Simultaneous Authentication of Equals - SAE) - CNSA - Opportunistic Wireless Encryption (OWE) - Wifi Easy Connect Bluetooth - Direction finding - End to end security GPS - 6th April could get interesting.

WPA3 - What is it good for?

Tom Isaacson

DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...

ShortestPathFirst

The TCP/IP protocol suite has a number of vulnerability and security flaws inherent in the protocols. Those vulnerabilities are often used by crackers for Denial of Service (DOS) attacks, connection hijacking and other attacks. The following are the major TCP/IP security problems: TCP SYN attacks (or SYN Flooding) ¡§CThe TCP uses sequence numbers to ensure data is given to the user in the correct order. The sequence numbers are initially established during the opening phase of a TCP connection in the three-way handshake. TCP SYN attacks take advantage of a flaw in how most hosts implement TCP three-way handshake. When Host B receives the SYN request from A, it must keep track of the partially opened connection in a "listen queue" for at least 75 seconds and a host can only keep track of a very limited number of connections. A malicious host can exploit the small size of the listen queue by sending multiple SYN requests to a host, but never replying to the SYN&ACK the other host sends back. By doing so, the other host's listen queue is quickly filled up, and it will stop accepting new connections, until a partially opened connection in the queue is completed or times out. This ability to effectively remove a host from the network for at least 75 seconds can be used as a denial-of-service attack, or it can be used to implement other attacks, like IP Spoofing. IP Spoofing - IP spoofing is an attack used to gain unauthorized access to computers, whereby the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host. The IP layer assumes that the source address on any IP packet it receives is the same IP address as the system that actually sent the packet -- it does no authentication. Many higher level protocols and applications also make this assumption, so it seems that anyone able to forge the source address of an IP packet could get unauthorized privileges. There are few variations of IP Spoofing such as Blind and Non-blind spoofing, man-in-the-middle- attack (connection hijacking), etc. For details, please read the IP Spoofing section. Routing attacks ¡§C This attack takes advantage of Routing Information Protocol (RIP), which is often an essential component in a TCP/IP network. RIP is used to distribute routing information within networks, such as shortest-paths, and advertising routes out from the local network. Like TCP/IP, RIP has no built in authentication, and the information provided in a RIP packet is often used without verifying it. Attacks on RIP change where data goes to, not where it came from. For example, an attacker could forge a RIP packet, claiming his host "X" has the fastest path out of the network. All packets sent out from that network would then be routed through X, where they could be modified or examined. An attacker could also use RIP to effectively impersonate any host, by causing all traffic sent to that host to be sent to the attacker's machine

Security problems in TCP/IP

Sukh Sandhu

Was ist angesagt? (20)

Mobile Security - Wireless hacking

Wireless Cracking using Kali

Hacking wireless networks

Attacking and Securing WPA Enterprise Networks

Exploiting WiFi Security

Fundamentals of network hacking

Packet sniffing & ARP Poisoning

T C P I P Weaknesses And Solutions

Barriers to TOR Research at UC Berkeley

Anton Chuvakin on Honeypots

Mitm(man in the middle) ssl proxy attacks

Hacking Cisco

Ddos and mitigation methods.pptx (1)

Wpa3

Practical steps to mitigate DDoS attacks

Type of DDoS attacks with hping3 example

Securing wireless network

WPA3 - What is it good for?

DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...

Security problems in TCP/IP

Ähnlich wie Practical Verification of TKIP Vulnerabilities

802.11i

akruthi k

Ip Spoofing

arpit.arp

M08 protecting your message data in IBM MQ with encryption

Robert Parker

KRACK attack

VadimDavydov3

Fragattacks-Breaking-Wi-Fi-Through-Fragmentation-And-Aggregation.pdf

YuChianWu

IS Security Presentation

Renjith K P

Wi fi-security-the-details-matter

DESMOND YUEN

Wired equivalent privacy by SecArmour

Sec Armour

Isys20261 lecture 07

Wiliam Ferraciolli

Cys Report Krack Attack Threat Briefing

Debra Baker, CISSP CSSP

https://eprint.iacr.org/2016/475 We investigate nonce-reuse issues with the Galois/Counter Mode (GCM) algorithm as used in TLS. Nonce reuse in GCM allows an attacker to recover the authentication key and forge messages as described by Joux. With an Internet-wide scan we identified over 70,000 HTTPS servers that are at risk of nonce reuse. We also identified 184 HTTPS servers repeating nonces directly in a short connection. Affected servers include large corporations, financial institutions, and a credit card company. We implement a proof of concept attack allowing us to violate the authenticity of affected HTTPS connections and inject content.

[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...

Aaron Zauner

WPA2

Mshari Alabdulkarim

Net

Raviteja

The Caffe Latte attack debunks the age old myth that to crack WEP, the attacker needs to be in the RF vicinity of the authorized network, with at least one functional AP up and running. We demonstrate that it is possible to retrieve the WEP key from an isolated Client - the Client can be on the Moon! - using a new technique called "AP-less WEP Cracking". With this discovery Pen-testers will realize that a hacker no longer needs to drive up to a parking lot to crack WEP. Corporations still stuck with using WEP, will realize that their WEP keys can be cracked while one of their employees is transiting through an airport, having a cup of coffee, or is catching some sleep in a hotel room. Interestingly, Caffe Latte also has a great impact on the way Honey-pots work today and takes them to the next level of sophistication.

Caffe Latte Attack

AirTight Networks

Caffe Latte Attack Presented In Toorcon

Md Sohail Ahmad

Wireless security837

mark scott

Apple introduced a new set of features in iOS 8 and Yosemite under the name "Continuity". These features allow iPhones to work with other iDevices such as Macs and iPads in new ways. Handoff, Instant hotspot and Airdrop are some of the new services offered by Continuity. Among these new services is one named "Call Relay". Essentially, it allows one to make and receive phone calls via iDevices and route them through the iPhone. This is not your typical VOIP service but a P2P connection based on a proprietary protocol. Apple's security white-paper is short and vague on this particular topic. Only four paragraphs are dedicated to explain how Call Relay works and the only security relevant information is as follows: "The audio will be seamlessly transmitted from your iPhone using a secure peer-to-peer connection between the two devices." I reverse engineered the protocol to understand how it works. The goal was to see if Apple's design was secure and find vulnerabilities focusing on ways to eavesdrop phone calls. In this presentation, I will start by explaining all the details of this protocol and the process of reverse engineering it. Once the protocol is understood by the audience, I will discuss the thread surface and the different attack vectors possible. I will focus on what worked and demonstrate with demos. We will see how it is possible to abuse the protocol to spy on victims by leaving their mic open. We can also troll victims by dropping or preventing them from picking up phone calls. Last, I will explain how an attacker can abuse multi-party calls to impersonate other callers. Once we understand the vulnerabilities, we will discuss how it can be weaponized to build an amateur (insert 3 letters here)-spy program. This presentation covers CVE-2016-4635, CVE-2016-4721, CVE-2016-4722 and CVE-2016-7577

Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol

Martin Vigo

Protecting sensitive information of an Autonomous System (AS) is a critical issues. False origin with IP source address spoofing is a major threat for AS which causes serious attacks like insider attack, DDoS, unauthorized access of intellectuals and many more. Intra domain IP source address spoofing is still a challenge for security experts due to less secure router architecture and unavailability of perfect solution. In this paper, we aim to modify current LAN communication technology in private network to eliminate the possibility of any spoofed packet going outside that network. Our method is fast, light weighted, low management overhead and easy to deploy in IPv4 (preferable in IPv6), which prevent IP source address spoofing in same subnet (AS) and replay attack..

Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...

IDES Editor

ip spoofing

vipin soni

DTS Solution - Wireless Security Protocols / PenTesting

Shah Sheikh

Ähnlich wie Practical Verification of TKIP Vulnerabilities (20)

802.11i

Ip Spoofing

M08 protecting your message data in IBM MQ with encryption

KRACK attack

Fragattacks-Breaking-Wi-Fi-Through-Fragmentation-And-Aggregation.pdf

IS Security Presentation

Wi fi-security-the-details-matter

Wired equivalent privacy by SecArmour

Isys20261 lecture 07

Cys Report Krack Attack Threat Briefing

[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...

WPA2

Net

Caffe Latte Attack

Caffe Latte Attack Presented In Toorcon

Wireless security837

Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol

Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...

ip spoofing

DTS Solution - Wireless Security Protocols / PenTesting

Kürzlich hochgeladen

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Real Time Object Detection Using Open CV

Khem

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Histor y of HAM Radio presentation slide

vu2urc

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Kürzlich hochgeladen (20)

Automating Google Workspace (GWS) & more with Apps Script

Apidays New York 2024 - The value of a flexible API Management solution for O...

[2024]Digital Global Overview Report 2024 Meltwater.pdf

Partners Life - Insurer Innovation Award 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Real Time Object Detection Using Open CV

How to Troubleshoot Apps for the Modern Connected Worker

Exploring the Future Potential of AI-Enabled Smartphone Processors

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Histor y of HAM Radio presentation slide

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

The 7 Things I Know About Cyber Security After 25 Years | April 2024

A Year of the Servo Reboot: Where Are We Now?

Axa Assurance Maroc - Insurer Innovation Award 2024

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Data Cloud, More than a CDP by Matt Robison

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Practical Verification of TKIP Vulnerabilities

1.  Efficient Denial of Service  Forge arbitrary packets to client  Decrypt traffic towards client 1 TKIP:WiFi security protocol

2. Why studyTKIP if a replacement already exist? 2 1999 2002 2004 WEP Broken WPA-TKIP Acceptable WPA-CCMP (AES) Secure

3. Detected 6803 networks 66% supportTKIP 19% support onlyTKIP 3 Need more arguments to killTKIP!

4. 4 Beck &Tews Attack >8 mins Key to calculate integrity check Forge 3 small packets to client

5. NewAttack:  Efficient Denial of Service Improve & implement existing ideas to:  Forge arbitrary packets  Decrypt packets towards client [M. Beck. EnhancedTKIP michael attacks.] 5

6. 1. Add Message Integrity Check (MIC) 2. Encrypt using XOR stream cipher 3. Add Packet ID (#ID) to avoid replays #ID MICData Encrypted How are packets sent/received? 6

7. 1. Add Message Integrity Check (MIC) 2. Encrypt using XOR stream cipher 3. Add Packet ID (#ID) to avoid replays #ID MICData Encrypted How are packets sent/received? 7 MIC key Encryption key

8. 8 #ID MICData If decrypted, reveals MIC key. If ( two MIC failures within a minute ) halt all traffic for 1 minute

9. Attack: Capture packet, change priority, replay. 9 #ID / prior. MICData Encrypted

10.  Avoids replay detection  Doesn’t affect decryption  Changes expected MIC value Attack: Capture packet, change priority, replay. 10 #ID / prior. MICData Encrypted Change priority

11.  Avoids replay detection  Doesn’t affect decryption  Changes expected MIC value Attack: Capture packet, change priority, replay. 11 #ID / prior. MICData Encrypted Change priority MIC Failure(s) Traffic halted for 1 minute

12. Beck &Tews attack can forge 3 packets. Injecting more requires new keystreams: 12 Ciphertext PlaintextKeystream  All packets start with LLC header  We predict these with very high accuracy Capture packets with new #ID’s.

13.  LLC Header is only 12 bytes ….  Combine them using fragmentation! #ID1 Data1 #ID16 Data16 MIC Data MIC Data1 Data16 MICData2  12 bytes/fragment: inject 120 bytes of data

14. Port Scanner: 1. Get MIC key using Beck &Tews attack 2. InjectTCP SYN packets 3. Detect SYN/ACK based on length Remarks:  High amount of packet injection proven!  Also: DNS poisoning, DHCP spoofing, … 14

15. AP Client 1. Sniff packet 2. 15 Attacker Data MICPing req. Sniffed packet

16. AP Client 1. Sniff packet 2. 16 Attacker Data MICPing req. Sniffed packet Magic

17. AP Client 1. Sniff packet 2. 3. Reply incl. packet External IP 17 Attacker Data MICPing req. Sniffed packet Magic

18.  State1: initial state of every packet  State2: state after processing prefix  State3: equal to state1 due to magic bytes  State4: equal to MIC of sniffed packet! Data MICMagicPrefix Sniffed packet 18 State4State3State2State1

19. Possible applications?  Decrypt web responses:  Web mail  Bank details  …  DecryptTCP sequence number, hijack connection and inject malware? 19

20. Integrity (MIC) not verified when fragmented: AlfaAWUS036h Belkin F5D7053 Ralink U150BB 20 Attack time reduced from >8 min to zero.

21. No replay protection: AlfaAWUS036h Belkin F5D7053 Tomato 1.28 (AP firmware) 21 No need to generate new keystreams!

22. Always accepts unencrypted packets: AlfaAWUS036h Belkin F7D1102 ScarletVDSL (AP of ISP in BE) 22 Game over, you lose!

23. AP Client Your IP! 23Attacker

24. TKIP is insecure!  Efficient Denial of Service  Forge any packet towards client  Decrypt traffic towards client 24

25. 25

Practical Verification of TKIP Vulnerabilities

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Practical Verification of TKIP Vulnerabilities

Ähnlich wie Practical Verification of TKIP Vulnerabilities (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Practical Verification of TKIP Vulnerabilities