SlideShare une entreprise Scribd logo
1  sur  17
Attack and Defense in Wireless
Networks
Presented by Aleksandr Doronin
What is WEP ?
• Wireless connections need to be secured since the
intruders should not be allowed to access, read and
modify the network traffic.
• Mobile systems should be connected at the same
time.
• Algorithm is required which provides a high level of
security as provided by the physical wired networks.
• Protect wireless communication from eavesdropping,
prevent unauthorized access.
Security Goals of WEP:
• Access Control
 Ensure that your wireless infrastructure is not
used.
• Data Integrity
 Ensure that your data packets are not modified in
transit.
• Confidentiality
 Ensure that contents of your wireless traffic is not
leaked.
Understanding WEP
• WEP relies on a secret key which is shared between
the sender (mobile station) and the receiver (access
point).
• Secret Key : packets are encrypted using the secret
key before they are transmitted.
• Integrity Check : it is used to ensure that packets are
not modified in transit
Understanding WEP contd…
• To send a message to M:
– Compute the checksum c(M). Checksum does not
depend on the secret key ‘k’.
– Pick a IV ‘v’ and generate a key stream RC4(v,k).
– XOR <M,c(M)> with the key stream to get the
cipher text.
– Transmit ‘v’ and the cipher text over a radio link.
How WEP Works
Key Stream = RC4(v,k)
Message CRC
Transmitted Data
XOR
Cipher Text
V
Plain Text
How WEP works ?
• WEP uses RC4 encryption algorithm known as
“stream cipher” to protect the confidentiality of its
data.
• Stream cipher operates by expanding a short key into
an infinite pseudo-random key stream.
• Sender XOR’s the key stream with plaintext to
produce cipher text.
• Receiver has the copy of the same key, and uses it to
generate an identical key stream.
• XORing the key stream with the cipher text yields the
original message.
Attack types
• Passive Attacks
– To decrypt the traffic based on statistical analysis
(Statistical Attack)
• Active Attacks
– To inject new traffic from authorized mobile stations,
based on known plaintext.
• Active Attacks
– To decrypt the traffic based on tricking the access point
• Dictionary Attacks
– Allow real time automated decryption of all traffic.
Wireless Networks and Security
1) What are Wireless Networks?
• A wireless network is the way that a computer is connected
to a router without a physical link.
2) Why do we need?
• Facilitates mobility – You can use lengthy wires instead, but
someone might trip over them.
3) Why security?
• Attacker may hack a victim’s personal computer and steal
private data or may perform some illegal activities or crimes
using the victim’s machine and ID. Also there's a possibility to
read wirelessly transferred data (by using sniffers)
Wireless Networks and Security
Three security approaches:
1. WEP (Wired Equivalent Privacy)
2. WPA (Wi-Fi Protected Access)
3. WPA2 (Wi-Fi Protected Access, Version 2)
WPA also has two generations named Enterprise and Personal.
WEP (Wired Equivalent Privacy)
• Encryption:
– 40 / 64 bits
– 104 / 128 bits
24 bits are used for IV (Initialization vector)
• Passphrase:
– Key 1-4
– Each WEP key can consist of the letters "A" through "F" and the
numbers "0" through "9". It should be 10 hex or 5 ASCII characters in
length for 40/64-bit encryption and 26 hex or 13 ASCII characters in
length for 104/128-bit encryption.
WPA/WPA2 Personal
• Encryption:
– TKIP
– AES
• Pre-Shared Key:
– A key of 8-63 characters
• Key Renewal:
– You can choose a Key Renewal period, which instructs the device how
often it should change encryption keys. The default is 3600 seconds
Attacking WEP
• iwconfig – a tool for configuring wireless adapters. You can
use this to ensure that your wireless adapter is in “monitor”
mode which is essential to sending fake ARP (Address
Resolution Protocol) requests to the target router
• macchanger – a tool that allows you to view and/or spoof
(fake) your MAC address
• airmon – a tool that can help you set your wireless adapter
into monitor mode (rfmon)
• airodump – a tool for capturing packets from a wireless router
(otherwise known as an AP)
• aireplay – a tool for forging ARP requests
• aircrack – a tool for decrypting WEP keys
How to defend when using WEP
• Use longer WEP encryption keys, which makes the data analysis task more
difficult. If your WLAN equipment supports 128-bit WEP keys.
• Change your WEP keys frequently. There are devices that support
"dynamic WEP" which is off the standard but allows different WEP keys to
be assigned to each user.
• Use a VPN for any protocol, including WEP, that may include sensitive
information.
• Implement a different technique for encrypting traffic, such as IPSec over
wireless. To do this, you will probably need to install IPsec software on
each wireless client, install an IPSec server in your wired network, and use
a VLAN to the access points to the IPSec server.
How to defend when using WPA
• Passphrases – the only way to crack WPA is to sniff the
password PMK associated with the handshake authentication
process, and if this password is extremely complicated it will
be almost impossible to crack
• Passphrase Complexity – select a random passphrase that is
not made up of dictionary words. Select a complex passphrase
of a minimum of 20 characters in length and change it at
regular intervals
Common defense techniques
• Change router default user name and password
• Change the internal IP subnet if possible
• Change default name and hide broadcasting of the SSID
(Service Set Identifier)
• None of the attack methods are faster or effective when a
larger passphrase is used.
• Restrict access to your wireless network by filtering access
based on the MAC (Media Access Code) addresses
• Use Encryption
Summary
• Change all possible default router settings
• Use encryption (WPA/WPA2)
• Use long and complex keys/passphrases

Contenu connexe

Similaire à Wireless Security.ppt

5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
Rama Krishna M
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
ClubHack
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol Security
David Barker
 

Similaire à Wireless Security.ppt (20)

DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
Unit08
Unit08Unit08
Unit08
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
 
Wireless Security (1).ppt
Wireless Security (1).pptWireless Security (1).ppt
Wireless Security (1).ppt
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
Shashank wireless lans security
Shashank wireless lans securityShashank wireless lans security
Shashank wireless lans security
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol Security
 
Wireless Network security
Wireless Network securityWireless Network security
Wireless Network security
 
Wireless lan security(10.8)
Wireless lan security(10.8)Wireless lan security(10.8)
Wireless lan security(10.8)
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 
Wi fi pentesting
Wi fi pentestingWi fi pentesting
Wi fi pentesting
 
Wpa3
Wpa3Wpa3
Wpa3
 
Wireless hacking and security
Wireless hacking and securityWireless hacking and security
Wireless hacking and security
 
Topic 4.0 wireless technology
Topic 4.0 wireless technologyTopic 4.0 wireless technology
Topic 4.0 wireless technology
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
 

Dernier

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 

Dernier (20)

Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 

Wireless Security.ppt

  • 1. Attack and Defense in Wireless Networks Presented by Aleksandr Doronin
  • 2. What is WEP ? • Wireless connections need to be secured since the intruders should not be allowed to access, read and modify the network traffic. • Mobile systems should be connected at the same time. • Algorithm is required which provides a high level of security as provided by the physical wired networks. • Protect wireless communication from eavesdropping, prevent unauthorized access.
  • 3. Security Goals of WEP: • Access Control  Ensure that your wireless infrastructure is not used. • Data Integrity  Ensure that your data packets are not modified in transit. • Confidentiality  Ensure that contents of your wireless traffic is not leaked.
  • 4. Understanding WEP • WEP relies on a secret key which is shared between the sender (mobile station) and the receiver (access point). • Secret Key : packets are encrypted using the secret key before they are transmitted. • Integrity Check : it is used to ensure that packets are not modified in transit
  • 5. Understanding WEP contd… • To send a message to M: – Compute the checksum c(M). Checksum does not depend on the secret key ‘k’. – Pick a IV ‘v’ and generate a key stream RC4(v,k). – XOR <M,c(M)> with the key stream to get the cipher text. – Transmit ‘v’ and the cipher text over a radio link.
  • 6. How WEP Works Key Stream = RC4(v,k) Message CRC Transmitted Data XOR Cipher Text V Plain Text
  • 7. How WEP works ? • WEP uses RC4 encryption algorithm known as “stream cipher” to protect the confidentiality of its data. • Stream cipher operates by expanding a short key into an infinite pseudo-random key stream. • Sender XOR’s the key stream with plaintext to produce cipher text. • Receiver has the copy of the same key, and uses it to generate an identical key stream. • XORing the key stream with the cipher text yields the original message.
  • 8. Attack types • Passive Attacks – To decrypt the traffic based on statistical analysis (Statistical Attack) • Active Attacks – To inject new traffic from authorized mobile stations, based on known plaintext. • Active Attacks – To decrypt the traffic based on tricking the access point • Dictionary Attacks – Allow real time automated decryption of all traffic.
  • 9. Wireless Networks and Security 1) What are Wireless Networks? • A wireless network is the way that a computer is connected to a router without a physical link. 2) Why do we need? • Facilitates mobility – You can use lengthy wires instead, but someone might trip over them. 3) Why security? • Attacker may hack a victim’s personal computer and steal private data or may perform some illegal activities or crimes using the victim’s machine and ID. Also there's a possibility to read wirelessly transferred data (by using sniffers)
  • 10. Wireless Networks and Security Three security approaches: 1. WEP (Wired Equivalent Privacy) 2. WPA (Wi-Fi Protected Access) 3. WPA2 (Wi-Fi Protected Access, Version 2) WPA also has two generations named Enterprise and Personal.
  • 11. WEP (Wired Equivalent Privacy) • Encryption: – 40 / 64 bits – 104 / 128 bits 24 bits are used for IV (Initialization vector) • Passphrase: – Key 1-4 – Each WEP key can consist of the letters "A" through "F" and the numbers "0" through "9". It should be 10 hex or 5 ASCII characters in length for 40/64-bit encryption and 26 hex or 13 ASCII characters in length for 104/128-bit encryption.
  • 12. WPA/WPA2 Personal • Encryption: – TKIP – AES • Pre-Shared Key: – A key of 8-63 characters • Key Renewal: – You can choose a Key Renewal period, which instructs the device how often it should change encryption keys. The default is 3600 seconds
  • 13. Attacking WEP • iwconfig – a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in “monitor” mode which is essential to sending fake ARP (Address Resolution Protocol) requests to the target router • macchanger – a tool that allows you to view and/or spoof (fake) your MAC address • airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon) • airodump – a tool for capturing packets from a wireless router (otherwise known as an AP) • aireplay – a tool for forging ARP requests • aircrack – a tool for decrypting WEP keys
  • 14. How to defend when using WEP • Use longer WEP encryption keys, which makes the data analysis task more difficult. If your WLAN equipment supports 128-bit WEP keys. • Change your WEP keys frequently. There are devices that support "dynamic WEP" which is off the standard but allows different WEP keys to be assigned to each user. • Use a VPN for any protocol, including WEP, that may include sensitive information. • Implement a different technique for encrypting traffic, such as IPSec over wireless. To do this, you will probably need to install IPsec software on each wireless client, install an IPSec server in your wired network, and use a VLAN to the access points to the IPSec server.
  • 15. How to defend when using WPA • Passphrases – the only way to crack WPA is to sniff the password PMK associated with the handshake authentication process, and if this password is extremely complicated it will be almost impossible to crack • Passphrase Complexity – select a random passphrase that is not made up of dictionary words. Select a complex passphrase of a minimum of 20 characters in length and change it at regular intervals
  • 16. Common defense techniques • Change router default user name and password • Change the internal IP subnet if possible • Change default name and hide broadcasting of the SSID (Service Set Identifier) • None of the attack methods are faster or effective when a larger passphrase is used. • Restrict access to your wireless network by filtering access based on the MAC (Media Access Code) addresses • Use Encryption
  • 17. Summary • Change all possible default router settings • Use encryption (WPA/WPA2) • Use long and complex keys/passphrases

Notes de l'éditeur

  1. TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs
  2. The passphrase is the password that we are giving to our network- to our AP. The PSK is the passphrase but he (the PSK) took it and translate it to 256 bits of string. In WPA/WPA2/personal the PMK is the PSK
  3. PMK- Pairwise Master Key: The passphrase is the password that we are giving to our network- to our AP. The PSK is the passphrase but he (the PSK) took it and translate it to 256 bits of string. In WPA/WPA2/personal the PMK is the PSK