Troubleshooting WLANs (Part 2)

Similar documents
Welcome! SharkFest 16 Europe. Troubleshooting WLANs (Part 2) Rolf Leutert

SharkFest 18 Europe. Troubleshooting WLANs (Part 2) Troubleshooting WLANs using Management & Control Frames. Rolf Leutert

Troubleshooting WLANs (Part 1)

SharkFest 18 Europe. Troubleshooting WLANs (Part 1) Layer 1 & 2 Analysis Using Wireshark, Wi-Spy & Other Tools. Rolf Leutert

Chapter 24 Wireless Network Security

Chapter 17. Wireless Network Security

Wireless Network Security

Configuring Layer2 Security

Add performance and security to your business' wireless network with the Intellinet High-Power Wireless AC1750 Dual-Band Gigabit PoE Access Point.

Wireless Network Security Spring 2015

Wireless Network Security Spring 2016

Physical and Link Layer Attacks

Wireless# Guide to Wireless Communications. Objectives

WPA-GPG: Wireless authentication using GPG Key

Wireless Network Security

CWNP PW Certified Wireless Analysis Professional. Download Full Version :

Wireless Networked Systems

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

Wireless technology Principles of Security

KRACKing WPA2 by Forcing Nonce Reuse. Mathy Nullcon, 2 March 2018

Wireless KRACK attack client side workaround and detection

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Table of Contents 1 WLAN Security Configuration Commands 1-1

KRACKing WPA2 by Forcing Nonce Reuse. Mathy Chaos Communication Congress (CCC), 27 December 2017

KRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018

Configuring a WLAN for Static WEP

outline background & overview mac & phy wlan management security

Improved KRACK Attacks Against WPA2 Implementations. Mathy OPCDE, Dubai, 7 April 2018

Network Encryption 3 4/20/17

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy CCS 2017, 1 October 2017

Configuring a VAP on the WAP351, WAP131, and WAP371

Author: Bill Buchanan. Wireless LAN. Unit 2: Wireless Fundamentals

original standard a transmission at 5 GHz bit rate 54 Mbit/s b support for 5.5 and 11 Mbit/s e QoS

Wireless networking with three times the speed and five times the flexibility.

Troubleshooting WLANs

Wireless 300N Access Point 300 Mbps, MIMO, Bridge, Repeater, Multiple SSIDs and VLANs Part No.:

Secure Wireless LAN Design and Deployment

Institute of Electrical and Electronics Engineers (IEEE) IEEE standards

Wireless LANs. ITS 413 Internet Technologies and Applications

Wireless Networking based on Chapter 15 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Configuring the Client Adapter

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

WPA Passive Dictionary Attack Overview

3.1. Introduction to WLAN IEEE

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Configuring the Wireless Parameters (CPE and WBS)

WIRELESS USB 2.0 ADAPTER. Manual (DN & DN )

1.0 Basic RF Characteristics (15%) 1.1 Describe RF signal characteristics Frequency Amplitude Phase 1.1.

SEN366 (SEN374) (Introduction to) Computer Networks

CHAPTER 11 WIRELESS LAN TECHNOLOGY AND THE IEEE WIRELESS LAN STANDARD

Hands-On Exercises: IEEE Standard

Introduction to Wireless Networking CS 490WN/ECE 401WN Winter 2007

802.11a/n Long Range Wireless Outdoor CB/A P

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

ECB N Multi-Function Gigabit Client Bridge

ECB N Multi-Function Client Bridge

EOC1650. Wireless Access Point / Client Bridge / Client Router PRODUCT DESCRIPTION. 2.4GHz 54Mbps b/g Superior Performance

EnGenius EAP-9550 Indoor Access Point

SharkFest'17 US. Basic workshop of. IEEE packet dissection. Megumi Takeshita

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing

I N D E X Numerics 100 Mbps WLANs, WLANs, 88

CWNA Exam PW0-100 certified wireless network administrator(cwna) Version: 5.0 [ Total Questions: 120 ]

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

CSC344 Wireless and Mobile Computing. Department of Computer Science COMSATS Institute of Information Technology

Multi-Function Gigabit Wireless-N Client Bridge 2.4GHz 300Mbps Client Bridge/AP/ WDS/Repeater

CWNA-107.exam.45q. Number: CWNA-107 Passing Score: 800 Time Limit: 120 min File Version: 1. CWNA-107

EOC-2610 Long Range Wireless Access Point / Client Bridge

Exam Questions CWSP-205

CWNP PW Certified Wireless Network Administrator (CWNA) Download Full Version :

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

4.3 IEEE Physical Layer IEEE IEEE b IEEE a IEEE g IEEE n IEEE 802.

Wireless High power Multi-function AP

Appendix E Wireless Networking Basics

Functions of physical layer:

Guide to Wireless Communications, Third Edition. Objectives

Wireless Security i. Lars Strand lars (at) unik no June 2004

SharkFest 16 Europe. Troubleshooting with Monitoring Mode Finding Patterns in your pcaps

Wireless Networks. CSE 3461: Introduction to Computer Networking Reading: , Kurose and Ross

EAP Wireless Access Point. 2.4 GHz b/g 54 Mbps

WLAN The Wireless Local Area Network Consortium

IEEE i and wireless security

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

802.11ac 2x2:2 Dual-Band High-Powered Wireless Access Point/Client Bridge

Security of WiFi networks MARCIN TUNIA

2.4GHz / 5GHz 54Mbps a/b/g Flexible Application

PRODUCT DESCRIPTION. Learn more about EnGenius Solutions at

WLAN The Wireless Local Area Network Consortium

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security

WLAN Roaming and Fast-Secure Roaming on CUWN

EOC GHz 54Mbps b/g Multi-Function AP

Key Features. EnGenius Outdoor CPE design High Power, High Sensitivity and Strong Reliability Solutions under Harsh Environment.

ECB7510. Wireless Gigabit Dual Band Concurrent Router AP PRODUCT DESCRIPTION

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Key Features EnGenius Outdoor Access Points, High Sensitivity and Strong Reliability Solutions under Harsh Environment

Data and Computer Communications. Chapter 13 Wireless LANs

SE-WL-PCI-03-11G PCI CARD DRIVERS INSTALLATION. Table of Contents

EOC1650. Wireless Access Point / Client Bridge / Client Router. 2.4GHz 54Mbps b/g Superior Performance

Denial-of-Service Attacks Against the 4-way Wi-Fi Handshake

Transcription:

SharkFest 17 Europe Troubleshooting WLANs (Part 2) Troubleshooting WLANs using 802.11 Management & Control Frames 8. November 2017 Breaking News: Including KRACK!!! Rolf Leutert Leutert NetServices Switzerland www.netsniffing.ch #sf17eu Estoril, Portugal 7-10 November 2017

Introduction 2 Rolf Leutert, El. Ing. HTL Leutert NetServices Zürich-Airport, Switzerland Network Analysis & Troubleshooting Protocol Trainings TCP/IP, WLAN, VoIP, IPv6 Wireshark Certified Network Analyst 2010 Wireshark Instructor since 2006 Sniffer certified Instructor since 1990 leutert@netsniffing.ch www.netsniffing.ch

Session Objectives 3 Learn why analyzing WiFi layer 2 is a demanding task Learn that WiFi frames looks very different from Ethernet Learn why WiFi frames have one to four address fields Learn how critical processes e.g. Joining, Roaming works Learn how to read Wireshark files to isolate WiFi problems Licensed by istockphoto.com Troubleshooting WiFi requires a full understanding of all 802.11 Management & Control frames and its associated processes!

WLAN 802.11 Management, Control and Data Frames 4 802.11Frame Types Overview Management Frames: Beacon Probe Request & Response Authentication & Deauthentication Association & Disassociation Reassociation Request & Response Action Control Frames: Request to Send (RTS) Clear to Send (CTS) Acknowledge / Block Acknowledge Request / Block Acknowledge Power Save Poll Data Null Function Data Frames: +

The IEEE 802.11 Frame Formats 5 Four different frame formats are used FC Dur. RA FC Acknowledge, Clear to Send FC Dur. RA TA FC Request to Send FC Dur. RA TA DA/SA Seq. PDU Data Frame, Beacon, Probe Request, Probe Response, Authentication, Deauthentication, Association, Reassociation, Disassociation FC Dur. RA TA DA Seq. SA PDU Data Frame through repeater Field names: FC = Frame Control, Dur. = Duration, RA = Receiver MAC Address, TA = Transmitter MAC Address; DA = Destination MAC Address, SA = Source MAC Address, Seq. = Sequence, PDU = Protocol Data Unit, FC = Frame Check Sequence

WiFi Data Transmission 6 WiFi data frames have three MAC address field Sta2 AP FC Dur. RA TA DA MAC AP MAC Sta1 MAC Sta2 Seq. PDU Sta1 To Distribution System DA SA Type MAC Sta2 MAC Sta1 PDU Ethernet Frame DA SA Type MAC Sta1 MAC Sta2 Ethernet Frame Sta2 AP PDU From Distribution System RA TA SA FC Dur. MAC Sta1 MAC AP MAC Sta2 Seq. PDU Sta1

WiFi Data Transmission & Retransmission 7 WiFi data frames are acknowledged or retransmitted Sta2 AP FC Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU Sta1 Data Frame FC Dur. MAC Sta1 FCS Acknowledgement All retransmitted frames are marked with the Retry Bit Sta2 AP FC Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU Sta1 R Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU R Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU Data Frames FC Dur. MAC Sta1 FCS Acknowledgement

WiFi Data Transmission & Retransmission 8 All retransmitted frames are marked with the Retry Bit

WiFi Data Transmission 9 In non-aggregation mode each packet is acknowledged individually The acknowledge frame follows immediately after each data frame The (single) acknowledge has no source address field

WiFi Data Transmission 10 802.11n introduced aggregation mode with a Block Acknowledge (BA) In A-MPDU mode up to 64 frames can be acknowledged with one BA

Management Frame: Beacon 11 Beacon tags contain information about supported and required features Standard 802.11a rates HT (High Throughput) 802.11n supported Robust Security Network contains info about type of authentication & encryption VHT (Very High Throughput) Standard 802.11ac supported

Management Frames: Probe Request & Response 12 A client sends Probe Requests to scan the channels for Access Points Capturing with multiple AirPcaps shows the scanning process

Management Frames: Probe Request & Response 13 Probe Request contains client features and a specific or broadcast SSID Access Points reply with Probe Response, containing same fields as Beacon Client supports 802.11a/n/ac

Management Frames: Authentication & Association 14 The client selects an Access Point and sends Authenticate & Associate requests Both processes must be successful in order to join the Access Point

Decrypting WEP, WPA & WPA2 PSK 15 Wireshark can decrypt WEP, WPA & WPA2 PSK if the key is available To decrypt WPA & WPA2 the key negotiation process must be captured

Client joining problem (case one) 16 A client needs up to a minute duration to join an Access Point Analyzing the trace file discloses the reason

Client joining problem (case two) 17 A client is not able to join an Access Point and finally deauthenticates from AP Analyzing the trace file discloses the reason

Analyzing the WiFi roaming process 18 A client is roaming from channel 1 to 11 because the SNR of the new AP is better Following the client with two AirPcaps allows to capture the roaming process

Client roaming problem (case three) 19 User is complaining about sporadic hangers in bar code scanners, up to minutes Vendors of mobile clients and access points are finger pointing, since month. Problem could be assigned to bar code vendor by analyzing trace files.

Control Frames: Request to Send / Clear to Send 20 A WLAN node can reserve airtime and refrain all other stations from sending RTS/CTS reservation is used in busy cells, Hidden Node situations or in mixed mode A short form, so-called CTS-to-Self is often used in cells with B-Only clients present

Overview WiFi 802.11 Standards 21 Rate Modulation Description 1 2 Barker/DBPSK Barker/DBPSK 802.11 DSSS Long Preamble 5.5 11 CCK/DQPSK CCK/DQPSK 802.11b High Rate (HR) with Short Preamble Rate Modulation Description 6, 9 12, 18 24, 36 48, 54 OFDM/BPSK OFDM/QPSK OFDM/16-QAM OFDM/64-QAM 802.11g Extended Rate PHY (ERP) 6, 9 12, 18 24, 36 48, 54 OFDM/BPSK OFDM/QPSK OFDM/16-QAM OFDM/64-QAM 802.11a From 6.5 up to 600* OFDM/16-QAM OFDM/64-QAM 802.11n High Throughput (HT) Extensions From 6.5 up to 600* OFDM/16-QAM OFDM/64-QAM 802.11n HT Extensions 2.4 GHz Band CCK = Complementary Code Keying DBPSK = Differential Binary Phase-Shift Keying DQPSK = Differential Quadrature Phase-Shift Keying OFDM = Orthogonal Frequency Division Multiplexing BPSK = Binary Phase-Shift Keying QPSK = Quadrature Phase-Shift Keying QAM = Quadrature Amplitude Modulation From 86 up to 6930** OFDM/16-QAM OFDM/64-QAM OFDM/256-QAM 5 GHz Band * With up to 2 Channels and up to 4 Streams **With up to 8 Channels and up to 8 Streams 802.11ac Very High Throughput (VHT)

Overview WiFi 802.11n/ac Raw Rates 22 * AirPcap Nx supports 802.11n with up to two Spatial Streams (2x2:2) in Legacy, HT20 or HT40 mode (no SGI & Greenfield mode) +

KRACK (Key Reinstallation Attacks) 23 October 2017: Breaking bad news is shocking the WLAN world KRACK is able to decrypt the most widely used WPA & WPA2 security; this in Personal as well as Enterprise mode Engineers at University KU Leuven, Belgium have discovered a method called KRACK using Channel based Men in the Middle method The attack is achieved by manipulating and replaying cryptographic messages during the initial 4-way WPA/WPA2 handshake KRACK decrypts all presently used cipher suites (WPA-TKIP, AES-CCMP and GCMP) KRACK does not require any expensive radio equipment, it rather works with cheap ofthe-shelf Wi-Fi dongles A detailed demonstration and whitepaper is published https://www.krackattacks.com/

KRACK is performed in two steps 24 Step 1: A Men in the Middle (MitM) device is inserted Based on a technique called Channel based MitM attack Can be used to read, drop, insert or manipulate frames Client MitM AP Channel 6 Channel 1 Client MAC AP MAC Client MAC AP MAC Step 2: The initial 4-way handshake authentication is manipulated by KRACK Frames are dropped or inserted to force a Nonce value to be reused Client MitM AP +

Step 1: Inserting Men in the Middle (MitM) device 25 Phase 1: KRACK starts with jamming an active WLAN channel Continues jamming: MitM device is sending random noise or random Wi-Fi frames to create collisions. Selective jamming: The MitM device reads the frame type and starts jamming only specific frames from the AP (Beacons, Probe responses). Jammed frames will be discarded by a receiver due to bad FCS. Client Channel 1 AP MitM AP MAC SSID: MyWLAN Already connected clients will start probing for alternative APs with same SSID in other channels. New clients will continue probing for APs by scanning other channels.

Step 1: Inserting Men in the Middle (MitM) device 26 Phase 2: A client is joining MitM (a faked AP) MitM device is jamming channel and sending Beacons on a different channel. MitM is faking AP by using MAC address and SSID of AP in Beacons Channel 1 Client Client MAC Channel 6 Beacons with AP MAC SSID: MyWLAN Client joining AP Response MitM MitM joining AP with client MAC AP Response AP AP MAC SSID: MyWLAN Client is joining MitM (faked AP) in channel 6 MitM stops jamming and joins AP in channel 1 using clients MAC address AP replies in channel 1, frames are forwarded to client by MitM in channel 6 MitM is established and can block or forward frames in both directions +

WPA and WPA2 Personal and Enterprise Mode 27 Before the 4-way handshake starts, a session key must be present on client and AP. WPA/2 offers two methods to obtain this key Pairwise Master Key (PMK). The PMK itself is never used directly for authentication or encryption! Personal or Pre-Shared Key (PSK) Mode, most widely used in Home/SOHO networks All clients and the AP use the same manually configured Hex string or Passphrase Client PSK PMK AP PSK PMK Enterprise Mode, most widely used in professional environments The Extensible Authentication Protocol (EAP) is used to negotiate the PMK Supplicant (Client) Authenticator (AP) Enterprise Network Every client has a different PMK EAPoL over WLAN PMK Radius (EAP) Authentication Server (Radius) +

The 4-way handshake authentication process 28 To understand KRACK, the normal WPA 4-way handshake must be understood The handshaek provides mutual authentication and session key agreement. To start, both sides need a shared secret called the Pairwise Master Key (PMK). A Session Key, called Pairwise Transient Key (PTK) is derived from the PMK. The PTK is derived by using five values: PMK, Authenticator Nonce (ANonce), Supplicant Nonce (SNonce), and the MAC addresses of both the Supplicant and Authenticator. The Nonce is a random Number used once created by the client and the AP. Client parameters: PMK Client MAC SNonce Supplicant (Client) Authenticator (AP) AP parameters: PMK AP MAC Anonce Missing parameters to derive the PTK: AP MAC ANonce Missing parameters to derive the PTK: Client MAC SNonce

The 4-way handshake authentication process 29 The 4-way handshake process decoded by Wireshark

The 4-way handshake authentication process 30 To understand KRACK, the normal WPA 4-way handshake must be understood Messages 1 and 2 provide the missing parameters to derive the PTK (session key) The AP provides the Group Temporal Key (GTK), to decrypt broad/multicasts The Replay Counter (RC) must be increased by one in each new AP message Supplicant (Client) PTK is constructed Key (Message 1 of 4) AP MAC, ANonce, RC=0 Authenticator (AP) Key (Message 2 of 4) Client MAC, SNonce, RC=0 PTK is constructed PTK & GTK installed Key (Message 3 of 4) GTK, RC=1 Key (Message 4 of 4) ACK, RC=1 GTK is sent PTK installed +

Step 2: KRACK is manipulating the 4-way handshake process 31 Supplicant Channel 6 MitM Channel 1 Authenticator PTK is constructed Key (Message 1 of 4) AP MAC, ANonce, RC=0 Key (Message 1 of 4) AP MAC, ANonce, RC=0 Key (Message 2 of 4) Client MAC, SNonce, RC=0 Key (Message 2 of 4) Client MAC, SNonce, RC=0 PTK is constructed PTK & GTK installed Key (Message 3 of 4) GTK, RC=1 Key (Message 4 of 4) ACK, RC=1 X Blocked Key (Message 3 of 4) GTK, RC=1 GTK is sent Data Transmission Encrypted Data X Blocked PTK & GTK reinstalled Key (Message 3 of 4) GTK, RC=2 Key (Message 4 of 4) ACK, RC=2 Key (Message 3 of 4) GTK, RC=2 Key (Message 4 of 4) ACK, RC=2 Retransmission Data Transmission with reused Nonce Encrypted Data Encrypted Data Data received +

KRACK Summary 32 Impact (Bad facts) The KRACK method can decrypt WPA/WPA2 frames by hacking the session key Relatively easy to implement, no expensive equipment required MitM is not easy detectable, as almost no impact on WLAN performance Can intrude in new as well as existing sessions by forcing clients to join the MitM Large installed base of WPA/WPA2 means large field of potential attacks Works in both WPA/WPA2 Personal as well as Enterprise Mode Works for all presently used cipher suites (WPA-TKIP, AES-CCMP, and GCMP) Limitations (Good facts) KRACK can not disclose the Pairwise Master Key (PMK) KRACK can not decrypt higher layer encryption like VPN, HTTPS etc. MitM device must be located within radio cell range of client and AP Precautions Using higher layer encryption like VPN, HTTPS etc. MitM can be detected by sniffing simultaneously in multiple channels Updating WLAN drivers on clients and APs as soon as available from vendors Using wired networks +

Thank you for your attention 33 Hope you learned something useful! SeaPics.com Rolf Leutert, Leutert NetServices, www.netsniffing.ch

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback