Advanced WiFi Attacks Using Commodity Hardware

Similar documents
Advanced WiFi Attacks Using Commodity Hardware

WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy CCS 2017, 1 October 2017

Wireless Security Security problems in Wireless Networks

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing

KRACKing WPA2 by Forcing Nonce Reuse. Mathy Nullcon, 2 March 2018

KRACKing WPA2 by Forcing Nonce Reuse. Mathy Chaos Communication Congress (CCC), 27 December 2017

Table of Contents 1 WLAN Security Configuration Commands 1-1

Denial-of-Service Attacks Against the 4-way Wi-Fi Handshake

KRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

A Practical, Targeted, and Stealthy attack against WPA-Enterprise WiFi

Improved KRACK Attacks Against WPA2 Implementations. Mathy OPCDE, Dubai, 7 April 2018

Configuring a VAP on the WAP351, WAP131, and WAP371

Welcome to my presentation: Message Denial and Alteration on IEEE Low- Power Radio Networks.

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

Configuring Cipher Suites and WEP

CWNP PW Certified Wireless Analysis Professional. Download Full Version :

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Security of WiFi networks MARCIN TUNIA

Wireless technology Principles of Security

Encrypted WiFi packet injection and circumventing wireless intrusion prevention systems

Attacks on WLAN Alessandro Redondi

4.3 IEEE Physical Layer IEEE IEEE b IEEE a IEEE g IEEE n IEEE 802.

transmitting on the same channel or adjacent channels

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

What you will learn. Summary Question and Answer

Wireless Router at Home

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017

Viewing Status and Statistics

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

How Insecure is Wireless LAN?

Worldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System

Chapter 24 Wireless Network Security

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Troubleshooting WLANs (Part 2)

Wireless Protocols. Training materials for wireless trainers

HACKING & INFORMATION SECURITY Presents: - With TechNext

CS263: Wireless Communications and Sensor Networks

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Wireless Attacks and Countermeasures

05 - WLAN Encryption and Data Integrity Protocols

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

IEEE Technical Tutorial. Introduction. IEEE Architecture

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

Wireless LANs. ITS 413 Internet Technologies and Applications

CMPE 257: Wireless and Mobile Networking

Physical and Link Layer Attacks

Wireless Networked Systems

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

Wireless Network Security Spring 2014

Wireless Local Area Networks (WLANs) Part I

Introduction to IEEE

3.1. Introduction to WLAN IEEE

Overview of Security

WarDriving. related fixed line attacks war dialing port scanning

Wireless Network Security Spring 2015

The security of existing wireless networks

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Wireless Network Security Spring 2013

Link Layer: Retransmissions

Multiple Access Links and Protocols

Gaining Access to encrypted networks

Network Security. Thierry Sans

Wireless and Mobile Networks

Wireless Network Security Spring 2015

Wireless Access Point

Appendix E Wireless Networking Basics

standard. Acknowledgement: Slides borrowed from Richard Y. Yale

Wireless Local Area Part 2

Wireless Networking Basics. Ed Crowley

Wireless Network Security Spring 2016

Wi-Fi Scanner. Glossary. LizardSystems

CSCD 433 Network Programming Fall Lecture 7 Ethernet and Wireless

User Manual. TOTOLINK Wireless-N Router

CWNA Exam PW0-100 certified wireless network administrator(cwna) Version: 5.0 [ Total Questions: 120 ]

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security

The Final Nail in WEP s Coffin

CSMC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala. Fall 2018 CMSC417 Set 1 1

Security and Authentication for Wireless Networks

User Guide. For TP-Link Auranet Access Points

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

Network Encryption 3 4/20/17

IEEE a/ac/n/b/g Outdoor Stand-Alone Access Point. Management Guide. ECWO Series. Software Release v1.0.1.

PowerStation2 LiteStation2 LiteStation5 User s Guide

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

MAC. Fall Data Communications II 1

Appendix A Pseudocode of the wlan_mac Process Model in OPNET

Reliable Multicast Scheme Based on Busy Signal in Wireless LANs

Mohammad Hossein Manshaei

SSL/TLS. How to send your credit card number securely over the internet

User Manual. TOTOLINK Wireless-N Portable AP


A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Security Setup CHAPTER

Lecture 16: QoS and "

FAQ on Cisco Aironet Wireless Security

Transcription:

Advanced WiFi Attacks Using Commodity Hardware Mathy Vanhoef and Frank Piessens (KU Leuven) ACSAC 2014

Background WiFi assumes each station acts fairly With special hardware this isn t the case Continuous jamming (channel unusable) Selective jamming (block specific packets) 2

Background WiFi assumes each station acts fairly >$4000 With special hardware this isn t the case Continuous jamming (channel unusable) Selective jamming (block specific packets) 3

Our Contributions A small 15$ USB allows: Study of selfish behavior Continuous & selective jamming Reliable manipulation of encrypted traffic 4

Selfish Behavior Implement & study selfish behavior

Selfish Behavior Steps taken to transmit a frame: In use SIFS AIFSN Backoff Packet 2 1. SIFS: let hardware process the frame 2. AIFSN: depends on priority of frame 3. Random backoff: avoid collisions 4. Send the packet

Selfish Behavior Steps taken to transmit a frame: In use SIFS AIFSN Backoff Packet 2 Manipulate by modifying Atheros firmware: Disable backoff Reducing AIFSN Reducing SIFS

Selfish Behavior Steps taken to transmit a frame: In use SIFS AIFSN Backoff Packet 2 Manipulate by modifying Atheros firmware: Disable backoff Reducing AIFSN Reducing SIFS Optimal strategy: From 14 to 37 Mbps Reduces throughput

Countermeasure DOMINO defense system [MobiSys 04] detects this selfish behavior. More on this later! 9

Selfish Behavior What if there are multiple selfish stations? In a collision, both frames are lost. Capture effect: in a collision, frame with the best signal and lowest bitrate is decoded. Result: Selfish clients will lower their bitrate to beat other selfish stations! Until this gives no more gain.

Continuous Jammer Want to build a continuous jammer 1. Instant transmit: disable carrier sense 2. No interruptions: queue infinite #packets Frames to be transmitted are in a linked list: PHY core Frame 1 Frame 2 11

Continuous Jammer Want to build a continuous jammer 1. Instant transmit: disable carrier sense 2. No interruptions: queue infinite #packets Frames to be transmitted are in a linked list: PHY core Frame 1 Frame 2 Infinite list! 12

Continuous Jammer Experiments No packets visible in monitor mode! Other devices are silenced. Default antenna gives range of ~80 meters. Amplifier gives range of ~120 meters 13

Selective Jammer Decides, based on the header, whether to jam the frame. 14

How does it work? 1. Detect and decode header 2. Abort receiving current frame 3. Inject dummy packet Hard Easy Physical packet Detect Init Jam

Detecting frame headers? PHY core Decodes physical WiFi signals Internal CPU DMA RAM while(recvbuff[0] == 0): pass Can read header of frames still in the air.

Selective Jammer: Reliability Jammed beacons with many devices/positions How fast can it react? Position of first mangled byte? 1 Mpbs beacon in 2.4 GHz: position 52 6 Mpbs beacon in 5 GHz: position 88 Context: MAC header is 34 bytes 17

Selective Jammer: Reliability Jammed beacons with many devices/positions Conclusion 100% reliable selective jammer not possible Medium to large packets can be jammed Surprising this is possible with a limited API! 18

Countermeasures DOMINO defense system [MobiSys 04]: Assumes MAC header is still valid. Attacker has low #(corrupted frames) Thrown of the network Unfortunately it s flawed Jammed (corrupted) frames are not authenticated, we can forge them. Pretend that a client is jamming others. 19

Impact on higher-layers What about higherlayer protocols? 20

Impact on higher-layers What if we could reliably manipulate encrypted traffic? 21

Impact on higher-layers What if we could reliably manipulate encrypted traffic? not decrypt! We could attack TKIP! 22

Reliably Intercepting Traffic! Channel-based MiTM attack Works against encrypted networks Can reliably manipulate encrypted traffic. 23

Reliably Intercepting Traffic? Create rogue AP with MAC address AP handshake fails = AP devices communicate directly Same MAC address but different channel We forward frames between channels Handshake OK, all traffic via rogue AP Jammers will force clients to our rogue AP 24

Example: attacking TKIP It would allow us to attack TKIP. But why research TKIP? Isn t it dead? 1999 2002 2004 WEP TKIP AES-CCMP Not used Not used? Mainly used 25

Example: attacking TKIP It would allow us to attack TKIP. But why research TKIP? Isn t it dead? 1999 2002 2004 WEP TKIP AES-CCMP Not used Not used? Used!! Mainly used 26

Why research TKIP? Network can allow both TKIP and CCMP: New devices uses CCMP Unicast traffic Old devices uses TKIP Broadcast traffic: Old devices must be able to decrypt it 27

Why research TKIP? If a network supports TKIP, all broadcast traffic is encrypted using TKIP. 28

TKIP Usage (2014) Found ~6000 networks 7% support only TKIP 67% support TKIP TKIP is still widely used! 29

Quick Background How are packets sent/received? MIC key Data MIC Encrypted 1. Add Message Integrity Check (MIC) 2. Encrypt using RC4 30

MIC Countermeasures Data MIC If decrypted, reveals MIC key. If ( two MIC failures within a minute) halt all traffic for 1 minute Oracle to decrypt last byte [WiSec 09] 31

TKIP Group Cipher For broadcast, all clients send a MIC failure. Use channel-based MiTM and drop them Avoids MIC countermeasures Results Can obtain MIC key within 7 minutes. Inject/decrypt some packets [AsiaCCS 13] Use only AES-CCMP! 32

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback