WPA Migration Mode: WEP is back to haunt you

Similar documents
Configuring Cipher Suites and WEP

Configuring WEP and WEP Features

Configuring a Wireless LAN Connection

Configuring Authentication Types

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Section 4 Cracking Encryption and Authentication

Securing a Wireless LAN

Configuring a VAP on the WAP351, WAP131, and WAP371

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Securing Your Wireless LAN

Wireless Network Security

05 - WLAN Encryption and Data Integrity Protocols

FAQ on Cisco Aironet Wireless Security

Wireless Attacks and Countermeasures

Wireless Networking Basics. Ed Crowley

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

Security of WiFi networks MARCIN TUNIA

Configuring Multiple SSIDs

Configuring VLANs CHAPTER

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

What is Eavedropping?

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Lab Configure Enterprise Security on AP

Hacking Encrypted Wireless Network

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

Security in IEEE Networks

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Wireless LAN Security. Gabriel Clothier

Wireless Network Security Spring 2015

Cisco Systems, Inc , 1200, 1300 Series AP (Autonomous mode) Product sw version 12.3(11)JA4 I75 Handset sw version 1.4.

Workgroup Bridges. Cisco WGBs. Information About Cisco Workgroup Bridges. Cisco WGBs, page 1 Third-Party WGBs and Client VMs, page 9

Using Cisco Workgroup Bridges

Configuring Repeater and Standby Access Points

Configuring the WMIC for the First Time

Wireless Network Security Spring 2016

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Configuring the Access Point/Bridge for the First Time

Is Your Wireless Network Being Hacked?

Wireless Security Security problems in Wireless Networks

Configuring VLANs CHAPTER

Configuring Layer2 Security

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

accounting (SSID configuration mode) through encryption mode wep accounting (SSID configuration mode) through

Physical and Link Layer Attacks

Tutorial: Simple WEP Crack

Overview of Security

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

HACKING & INFORMATION SECURITY Presents: - With TechNext

WarDriving. related fixed line attacks war dialing port scanning

Network Encryption 3 4/20/17

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

The Final Nail in WEP s Coffin

Temporal Key Integrity Protocol: TKIP. Tim Fielder University of Tulsa Tulsa, Oklahoma

8 VLANs. 8.1 Introduction. 8.2 vlans. Unit 8: VLANs 1

Viewing Status and Statistics

Summary. Deployment Guide: Configuring the Cisco Wireless Security Suite 1 OL

Security Setup CHAPTER

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

accounting (SSID configuration mode) through encryption mode wep

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

Appendix E Wireless Networking Basics

Vulnerability issues on research in WLAN encryption algorithms WEP WPA/WPA2 Personal

A Comparison of Data-Link and Network Layer Security for IEEE Networks

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

What you will learn. Summary Question and Answer

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

Gaining Access to encrypted networks

Open System - No/Null authentication, anyone is able to join. Performed as a two way handshake.

CE Advanced Network Security Wireless Security

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

Table of Contents 1 WLAN Security Configuration Commands 1-1

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

ETHICAL HACKING OF WIRELESS NETWORKS IN KALI LINUX ENVIRONMENT

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

Wireless Filtering and Firewalling

Numerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13

Configuring WLANsWireless Device Access

WLAN Roaming and Fast-Secure Roaming on CUWN

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Encrypted WiFi packet injection and circumventing wireless intrusion prevention systems

Basic Wireless Settings on the CVR100W VPN Router

ISR Wireless Configuration Example

Content. Chapter 1 Product Introduction Package Contents Product Features Product Usage... 2

Nomadic Communications Labs

Analyzing Wireless Security in Columbia, Missouri

How to Configure Wireless Internet Access (Wi-Fi) Advanced Settings on the Qwest Standard Modem: Actiontec GT701-WG

Nomadic Communications Labs. Alessandro Villani

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

HACKING EXPOSED WIRELESS: WIRELESS SECURITY SECRETS & SOLUTIONS SECOND EDITION JOHNNY CACHE JOSHUA WRIGHT VINCENT LIU. Mc Graw mim

Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide

Wireless Network Security

Chapter 24 Wireless Network Security

b/g/n 1T1R Wireless USB Adapter. User s Manual

Transcription:

Black Hat USA 2010 WPA Migration Mode: WEP is back to haunt you Leandro Meiners (lmeiners@coresecurity.com / @gmail.com) Diego Sor (dsor@coresecurity.com / diegos@gmail.com) Page 1 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Agenda Introduction to WEP Introduction to WPA Migration Mode Attacking WPA Migration Mode Mitigations and recommendations Page 2 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Introduction to WEP The boring Page 3 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Introduction to WEP WEP Properties WEP s confidentiality: Based on RC4, which is a symmetric stream cipher:» Symmetric: the encryption and decryption keys are the same» Stream cipher: encryption occurs one digit at a time WEP s integrity: Based on a ICV (Integrity Check Value)» Implemented as a CRC-32 WEP s key management: IEEE 802.11 does not define any key management service» WEP depends on an external key distribution/management mechanism» Generally, WEP keys are set manually Page 4 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Introduction to WEP WEP Encapsulation 1. Seed generation: The secret key is concatenated with an initialization vector (IV) (i.e. IV Secret Key) 2. Compute ICV: CRC-32 of the plaintext (payload data) 3. Compute Key stream: Key stream = RC4(seed) 4. Encryption: Cipher text = Key stream XOR (Plaintext ICV) 5. Message = IV Cipher text Page 5 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Introduction to WEP WEP Message tampering Checksum (i.e. CRC-32) is linear: CRC-32(A XOR B) = CRC-32(A) XOR CRC-32(B) Let C = [M XOR WEP(iv,key), CRC-32(M) XOR WEP(iv,key)], then it is possible for an attacker to obtain C where: C = [M XOR WEP(iv,key), CRC-32(M ) XOR WEP(iv,key)] where M = M XOR (only knowing C and ) C = [M XOR WEP(iv,key) XOR, CRC-32(M) XOR CRC-32( ) XOR CRC-32(Zero) XOR WEP(iv,key)] Or in layman s terms: xor the data with the mask ( ) xor the checksum with the checksum of the mask ( CRC-32( ) ) Page 6 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Introduction to WPA Migration Mode Starting to get interesting Page 7 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

WPA Migration Mode What is WPA Migration Mode? Cisco s WPA Migration Mode allows stations that support the following types of authentication and encryption schemes, to associate to the access point using the same SSID: WPA clients capable of TKIP and authenticated key management. IEEE802.1X compliant clients (such as legacy LEAP clients and clients using TLS) capable of authenticated key management but not TKIP. WEP clients not capable of TKIP or authenticated key management. Page 8 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

WPA Migration Mode How WPA Migration Mode works WPA Cipher Suite configuration: Multicast Cipher Suite: WEP Unicast Cipher Suite: TKIP Using WEP as multicast cipher allows WEP and WPA stations to decrypt multicast traffic. AP tracks encryption capabilities of each station, and because IEEE 802.11 networks are switched, the AP forwards unicast frames encrypted appropriately (WEP or TKIP). Page 9 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

WPA Migration Mode Configuring WPA Migration Mode WPA optional A cipher suite containing TKIP and 40-bit or 128-bit WEP A static WEP key in key slot 2 or 3 ap# configure terminal ap(config)# interface dot11radio 0 ap(config-if)# ssid migrate ap(config-if-ssid)# authentication open ap(config-if-ssid)# encryption mode ciphers tkip wep128 ap(config-if)# encryption key 2 size 128 AAAAAAAAAAAAAAAAAAAAAAAAAA transmit-key ap(config-if)# ssid migrate ap(config-if-ssid)# authentication key-management wpa optional ap(config-if-ssid)# wpa-psk ascii migrationmode ap(config-if-ssid)# end ap# Page 10 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

WPA Migration Mode Detecting an AP with WPA Migration Mode Wireshark Filter: Beacon frame: wlan.fc.type_subtype == 0x08 Has a WPA Information element: wlan_mgt.tag.number == 221 Multicast cipher suite is WEP (40 or 104 bit): wlan_mgt.tag.interpretation == "Multicast cipher suite: WEP (40-bit)" wlan_mgt.tag.interpretation == "Multicast cipher suite: WEP (104-bit) Unicast cipher suite is TKIP: wlan_mgt.tag.interpretation == "Unicast cipher suite 1: TKIP" Page 11 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

WPA Migration Mode Detecting an AP with WPA Migration Mode (2) Wireshark Filter: wlan.fc.type_subtype == 0x08 and wlan_mgt.tag.number == 221 and (wlan_mgt.tag.interpretation == "Multicast cipher suite: WEP (40- bit)" or wlan_mgt.tag.interpretation == "Multicast cipher suite: WEP (104-bit)") and wlan_mgt.tag.interpretation == "Unicast cipher suite 1: TKIP" Page 12 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

WPA Migration Mode Detecting an AP with WPA Migration Mode (3) Kismet (patched): Page 13 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode Now we are talking Page 14 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode Scenarios The effect of supporting both static or dynamic WEP clients and WPA clients is that security will operate at the least-secure level common to all devices. In WPA Migration Mode, although WPA key authentication, perpacket keying, and message integrity are enabled, this is not enforced for all clients. As a result, a passive WEP key attack could be launched against WEP users. -- Cisco Systems WI-FI PROTECTED ACCESS, WPA2 AND IEEE 802.11I Q&A, 2004 WEP stations still hanging around No WEP stations in sight Page 15 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode WEP stations still hanging around 1. Passively wait (and capture) for a broadcast ARP frame (distinguished by its characteristic size) that is answered by a WEP station. 2. Replay the captured frame. 3. Capture the ARP replies sent by the WEP station (under attack). 4. Run aircrack-ng against the captured frames to obtain the WEP key. Just fire aireplay-ng against a WEP station: aireplay-ng -2 -b <BSSID> -d FF:FF:FF:FF:FF:FF -f 1 -m 68 -n 86 <WIFI INTERFACE> http://aircrack-ng.org/doku.php?id=how_to_crack_wep_via_a_wireless_client Page 16 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode No WEP stations in sight 1. Perform an authentication and association as a WEP station against the target access point. 2. Passively wait (and capture) for a broadcast ARP frame (distinguished by its characteristic size.). 3. Bitflip the captured frame to convert it into a ARP request sent by the attacker station (from a random IP address). 4. Replay the bitflipped frame with the From-DS bits. 5. Capture the ARP requests and replies forwarded by the access point. 6. Run aircrack-ng against the captured frames to obtain the WEP key. http://corelabs.coresecurity.com/index.php?module=wiki&action=view&ty pe=publication&name=wpa_migration_mode Page 17 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode No WEP stations in sight: in drawing Page 18 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode No WEP stations in sight: the aircrack-ng way! 1. Perform an authentication and association as a WEP station against the target access point. 2. Passively wait (and capture) for a broadcast ARP frame (distinguished by its characteristic size.). 3. Capture the ARP requests forwarded by the access point. 4. Run aircrack-ng against the captured frames to obtain the WEP key. Just fire aireplay-ng in interactive mode and wait for a WEP broadcast ARP frame forwarded by the AP: aireplay-ng -2 p 0841 -c FF:FF:FF:FF:FF:FF b <BSSID> -h <Attack MAC> <WIFI INTERFACE> http://aircrack-ng.org/doku.php?do=show&id=how_to_crack_wep_with_no_clients Page 19 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode Demo: Attacking WPA Migration Mode After all, it is what we came for Page 20 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode Broadcast Key Rotation The access point generates and distributes a dynamic group key when the last non-key management (static WEP) client disassociates, and it distributes the statically configured WEP key when the first non-key management (static WEP) client authenticates. In WPA migration mode, this feature significantly improves the security of key-management capable clients when there are no static-wep clients associated to the access point -- Cisco Systems Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Configuring broadcast key rotation in WPA Migration Mode ap# configure terminal ap(config)# interface dot11radio 0 ap(config)# broadcast-key change 300 capability-change ap(config)# end ap# Page 21 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode Bypassing Broadcast Key Rotation 1. Perform an authentication and association as a WEP station against the target access point. Just fire aireplay-ng to perform a fake authentication: aireplay-ng -1 0 -e <SSID> -a <BSSID> -h <Attack MAC> <WIFI INTERFACE> http://aircrack-ng.org/doku.php?id=fake_authentication Page 22 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode Demo: Bypassing Broadcast Key Rotation Everybody likes a second demo Page 23 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode PSPF (a.k.a. Client/AP Isolation) Security feature that blocks station-to-station traffic. Station sends frame to another station (through AP). Frame must be a To-DS type frame. AP drops frame (To-DS frame with destination on the wireless side). No PSPF PSPF ap# configure terminal ap(config)# interface dot11radio 0 ap(config)# bridge-group 1 port-protected ap(config)# end Page 24 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode With PSPF Enabled Each time a WEP station joins Page 25 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode With PSPF Enabled (2) Each time a WEP station joins (decrypted) Page 26 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode With PSPF Enabled : the attack 1. Perform an authentication and association as a WEP station against the target access point. 2. Continuously send Reassociation requests. 3. Capture the WEP frames sent by the access point to the WEP station. 4. Run patched aircrack-ng against the captured frames to obtain the WEP key. Patched aircrack-ng: Added logic to determine if frame is a WLCCP packet based on its characteristic size. Integrated WLCCP WEP-encapsulated frames into PTW attack. Page 27 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode Demo: Bypassing PSPF Who doesn t like a third demo? Page 28 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode WEP Cracking Flowchart Page 29 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode WPA Migration Mode Cracking Flowchart Page 30 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Attacking WPA Migration Mode We have the WEP key now what? Obtain the SSID Obtain the WEP key ID # iwconfig <WIFI INTERFACE> essid <SSID> key [<KEY_ID>] <KEY> Page 31 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Mitigations and Recommendations The truly interesting Page 32 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Mitigations and Recommendations Solutions WEP WPA MIGRATION MODE Page 33 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Mitigations and Recommendations Mitigation strategies Enable PSPF (Public Secure Packet Forwarding). Enable MAC filtering. Limit signal strength (to only cover the required area). Implement time-based access control. Don t forget The attack is still possible under these constraints!!! Page 34 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Mitigations and Recommendations Recommendations Use two SSID with separate VLANs: WPA-SSID WEP-SSID Put all the filtering you can think of in the WEP-SSID, as it will be compromised VPN over the Wi-Fi, etc. See Integrated deployments of Cisco wireless LAN security by Krishna Sankar, Sri Sundaralingam, Andrew Balinsky. http://books.google.com/books?id=n_2eztajsbuc&lpg=pp1 &pg=pa277#v=onepage&q&f=false Page 35 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

Questions? http://corelabs.coresecurity.com/index.php?module=wiki& action=view&type=publication&name=wpa_migration_mode Page 36 WPA Migration Mode: WEP is back to haunt you Leandro Meiners Diego Sor

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback