Analyzing Wireless Security in Columbia, Missouri

Similar documents
The Final Nail in WEP s Coffin

Overview of Security

Stream Ciphers. Stream Ciphers 1

How Insecure is Wireless LAN?

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Wireless Network Defensive Strategies

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

05 - WLAN Encryption and Data Integrity Protocols

Is Your Wireless Network Being Hacked?

CE Advanced Network Security Wireless Security

Wireless Security Security problems in Wireless Networks

Vulnerability issues on research in WLAN encryption algorithms WEP WPA/WPA2 Personal

Security Analysis of Common Wireless Networking Implementations

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS

Stream Ciphers - RC4. F. Sozzani, G. Bertoni, L. Breveglieri. Foundations of Cryptography - RC4 pp. 1 / 16

CS263: Wireless Communications and Sensor Networks

Security in IEEE Networks

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Wireless Network Security

A Light Weight Enhancement to RC4 Based Security for Resource Constrained Wireless Devices

How crypto fails in practice? CSS, WEP, MIFARE classic. *Slides borrowed from Vitaly Shmatikov

A Scheme for Key Management on Alternate Temporal Key Hash

Overview of IEEE b Security

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

A Light Weight Enhancement to RC4 Based

Wireless Attacks and Countermeasures

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

In the previous column (September

CS 393/682 Network Security

WPA Migration Mode: WEP is back to haunt you

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

Cryptanalysis of IEEE i TKIP

AN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT

Physical and Link Layer Attacks

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Security in Data Link Protocols

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

What you will learn. Summary Question and Answer

HACKING & INFORMATION SECURITY Presents: - With TechNext

Network Security Essentials

Plaintext Recovery Attacks Against WPA/TKIP

WarDriving. related fixed line attacks war dialing port scanning

Wireless Security i. Lars Strand lars (at) unik no June 2004

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

Wireless Insecurity / How Johnny can hack your WEP protected b Network!

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

Security in Data Link Protocols

Security of WiFi networks MARCIN TUNIA

Information Security CS526

Wireless Network Security

Key Separation in Twofish

Security and Authentication for Wireless Networks

Enhancing Security of Improved RC4 Stream Cipher by Converting into Product Cipher

Wireless Attacks and Defense. By: Dan Schade. April 9, 2006

Different attacks on the RC4 stream cipher

What is Eavedropping?

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

WLAN Security. รศ. ดร. อน นต ผลเพ ม Asso. Prof. Anan Phonphoem, Ph.D.

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security 3/23/18

PGP, Net Scanning, Wireless Network Security SPRING 2018: GANG WANG

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Wireless technology Principles of Security

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Nomadic Communications Labs

A 2013 Study of Wireless Network Security in New Zealand: Are We There Yet?

Nomadic Communications Labs. Alessandro Villani

Wireless Network Security Spring 2016

Wireless Networking Basics. Ed Crowley

WLAN Security - Contents. Wireless LAN Security. WLAN Technologies. The ISM Frequency Bands

A Light Weight Enhancement to RC4 Based Security for Resource Constrained Wireless Devices

Wireless Network Security Spring 2015

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

CPSC 467: Cryptography and Computer Security

Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University.

Section 4 Cracking Encryption and Authentication

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Symmetric Cryptography

Wireless Security Algorithms

Block Cipher Operation. CS 6313 Fall ASU

International Journal of Computer Engineering and Applications, Volume XII, Issue III, March 18, ISSN

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Cryptanalysis. Ed Crowley

Cryptography ThreeB. Ed Crowley. Fall 08

Part 1. Lecturer: Prof. Mohamed Bettaz Coordinator: Prof. Mohamed Bettaz Internal Examiner: Dr. Mourad Maouche. Examination Paper

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Double-DES, Triple-DES & Modes of Operation

Outline Basics of Data Encryption CS 239 Computer Security January 24, 2005

Homework 2: Symmetric Crypto Due at 11:59PM on Monday Feb 23, 2015 as a PDF via websubmit.

Transcription:

Analyzing Wireless Security in Columbia, Missouri Matthew Chittum Clayton Harper John Mixon Johnathan Walton Abstract The current state of wireless security in most areas can be estimated based on trends and collected data, but the complete picture is often unknown. Without collecting the information on most wireless access points in a given area, we cannot compare different areas based on their security, get an accurate view of the areas as a whole, or relate wireless security with other factors in a given region. We have performed a wireless security audit of Columbia, MO. Information was collected on thousands of access points throughout the city in hopes of understanding a large area s use of wireless networking and its possible security flaws. The flaws of WEP encryption allow a supposedly secure computer to be breached and then compromised. We have demonstrated how simple it is to bypass WEP encryption using easily accessible software available on the Internet. We have determined that although Columbia s overall level of security is better than the national average, it still leaves much room for improvement. 1

Part 1: Wardriving Wardriving: The Basics Wardriving, in a basic sense, is the act of driving in a vehicle searching for and detecting wireless access points (APs) using a laptop or other hardware equipped with wireless capabilities. Wardriving Software Netstumbler Kismet/Kismac Aircrack Ethereal 2

Why Wardrive? Analyze the security vulnerabilities that are associated with APs over a given area. Compare different areas based on their security Get an accurate view of the areas as a whole Relate wireless security with other factors in a given region. Wardriving Ethics Laws (There are none prohibiting it) Netstumbler sends a probe and the AP responds. This is how wireless networking is supposed to work! As long as you don t gain access or use the WiFi connection then their aren t any ethical considerations. 3

Our Software Choice: Netstumbler Why? Supports nearly all wireless network adapters Ease of use and a great support community Reliable High refresh rates Decent amount of statistics GPS/Mapping Support Overall a great piece of software! The Setup Netstumbler v0.4.0 (http://www.netstumbler.com/downloads/ ) Earthstumbler (http://mboffin.com/earthstumbler/ ) Google Earth (http://earth.google.com/ ) Garmin Etrex and serial cable Dell Wireless 1370 WLAN Mini-PCI card Computer running Windows XP Car 4

GPS Capability Statistics Of Interest Encryption or No Encryption Unique SSID DSSS Channel 802.11x standard (such as a,b,g) 5

Statistics Surveyed 5,563 APs in Columbia Nearly 30% had a default SSID, 12% higher than the national average. 88.1% of APs in Columbia had 802.11g capability. 59% of discovered APs in Columbia were secure, nearly 20% higher than the national average. Statistics Continued 11,134,831 unique APs and their location have been uploaded to Wigle.net by 67,683 registered wardrivers. Channels 1, 6, and 11 comprise 91% of 802.11DSS channels used. It is possible to crack WEP security in as little as 10 minutes in a heavy traffic area; TigerNET uses WEP security. Since 2002 the growth rate of wireless network adoption has been exponential. 6

Columbia's Encryption Level 41% 59% Secure Unsecure 802.11DSSS Channel Usage 25% 9% 13% 1% 53% 1% 1% 0% 1% 1% 3% 1% 1 2 3 4 5 6 7 8 9 10 11 7

Part 2: WEP Protocol WEP Protocol (Encryption) 1 Message (M) 3 Plaintext (P) Message (M) CRC 2 7 8 9 CRC XOR ( ) Ciphertext (C) IV Ciphertext (C) 4 5 6 Initialization Vector (IV) Secret Key (k) RC4 Keystream (B) Transmitted Data 8

Explanation 1. The WEP encryption process begins with the Message (M) that needs to be transmitted. 2. A cyclic redundancy check (CRC) or integrity checksum is computed on the Message (M) for error handling. 3. The Message (M) and the CRC are concatenated together to form Plaintext (P). 4. An Initialization Vector (IV) is chosen. 5. The RC4 algorithm is applied to the IV and Secret Key (k). Explanation Continued 6. The RC4 algorithm generates a Keystream (B) of pseudorandom bits. 7. The Plaintext (P) is XOR ed with the Keystream (B). 8. The XOR operation creates the Ciphertext (C). 9. The IV and Ciphertext (C) are concatenated and are ready to be transmitted. 9

Another Look Plaintext Message (M) CRC XOR ( ) Keystream (B) = RC4(v, k) IV Ciphertext (C) Transmitted Data Analytical Approach Encryption: P = M + CRC B = RC4(IV, k) B is a RC4 function of IV and k C = P B = P RC4(IV, k) Decryption: P = C RC4(IV, k) = (P RC4(IV, k)) RC4(IV, k) = P The checksum is then checked to verify that the data does not contain errors. 10

Problems WEP encryption uses RC4, a stream cipher algorithm. Stream cipher algorithms work by taking a secret key and creating a pseudorandom keystream from that key. This keystream is then XORed with the plaintext to create the ciphertext. Stream cipher algorithms are relatively weak because encrypting two messages using the same IV can reveal information about both messages. C 1 = P 1 RC4(IV, k) C 2 = P 2 RC4(IV, k) C 1 C 2 = (P 1 RC4(IV, k)) (P 2 RC4(IV, k)) = P 1 P 2 Problems Continued The result is both of the plaintexts XORed together. If the plaintext of one message is known the other is easily obtainable. Even if one of the plaintexts is not known there are simple techniques that can easily recover both of the plaintexts. One such technique is searching for two English phrases that when XORed together form the two plaintexts XORed together. 11

The most common: Attack Methods Brute Force Keystream Reuse Weak IV Brute Force Simplest method Tries all possible key combinations until the correct key is found. Because of the length of keys WEP uses it takes an extremely long time for this method to successfully find the correct key Inefficient and impractical. 12

Keystream Reuse If a keystream is known then it is possible to recover the data that was encrypted using that keystream. Only 2^24 (16 million) IVs exist (and even less if weak IVs are excluded) IVs can be repeated within the matter of hours. Keystream Reuse Continued Problem: Encrypting two different messages using the same IV and secret key can reveal important information about both messages. (Previously Discussed) C 1 = P 1 RC4(IV, k) C 2 = P 2 RC4(IV, k) C 1 C 2 = (P 1 RC4(IV, k)) P 2 RC4(IV, k)) = P 1 P 2 13

Weak IVs The secret key can be computed by capturing many packets some of which use weak IVs. One weak IV can reveal a correct key byte 5% of the time. With a large number of IVs the most probable key can be guessed. Cracking WEP Times We demonstrate an active attack on the WEP protocol that is able to recover a 104-bit WEP key using less that 40,000 frames with a success probability of 50%. In order to succeed in 95% of all cases 85,000 packets are needed. http://eprint.iacr.org/2007/120.pdf 14

Cracking WEP Times Continued With 40 bit keys, the median number of packets required to crack the key is one million. With two million packets, 80% of the 40-bit key could be obtained. Graphs on next slide Graphs 15

Conclusions Columbia s encryption level is considerably higher than the national average but there is still room for improvement. WEP encryption provides little protection because it is easily crackable. WPA is the best encryption standard today Talk to residents Future Work See if they are aware of what kind of security they use What they know about wireless security in general Find more secure standards and attempts to find flaws in those and other existing standards 16

References [1] A. Bittau, M. Handley, and J. Lackey. The Final Nail in WEP s Coffin. http://tapir.cs.ucl.ac.uk/bittau-wep.pdf [2] D. Wagner. Weak Keys in RC4, 1995. www.cs.berkeley.edu/~daw/my-posts/my-rc4-weak-keys [3] E. Tews, R. Weinmann, A. Pyshkin. Breaking 104 bit WEP in less than 60 seconds. http://eprint.iacr.org/2007/120.pdf [4] L.M.S.C of the IEEE Computer Soceity. Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Standard 802.11, 1999 Edition. [5] N. Borisov, I. Goldberg, and D. Wagner. Intercepting Mobile Communications: The Insecurity of 802.11. http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf [6] S. Fluhrer, I. Mantin, A, Shamir. Weakness in the Key Scheduling Algorithm of RC4. www.cs.umd.edu/~waa/classpubs/rc4_ksaproc.ps [7] www.wigle.net 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback