WPA Passive Dictionary Attack Overview

Similar documents
Chapter 24 Wireless Network Security

Wireless Network Security

WPA-GPG: Wireless authentication using GPG Key

Wireless Network Security

Wireless Network Security Spring 2015

Chapter 17. Wireless Network Security

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

Wireless Network Security Spring 2016

Lab Configure Enterprise Security on AP

IEEE i and wireless security

Configuring the Client Adapter through Windows CE.NET

Wireless Attacks and Countermeasures

What is Eavedropping?

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Wireless LAN Security. Gabriel Clothier

Configuring Wireless Security Settings on the RV130W

FAQ on Cisco Aironet Wireless Security

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Securing Wireless Communication Against Dictionary Attacks Without Using PKI

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

WLAN Roaming and Fast-Secure Roaming on CUWN

Configuring Authentication Types

Authentication and Security: IEEE 802.1x and protocols EAP based

Configuring WEP and WEP Features

Configuring the Client Adapter through the Windows XP Operating System

Configuring a VAP on the WAP351, WAP131, and WAP371

Wireless technology Principles of Security

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy CCS 2017, 1 October 2017

Appendix E Wireless Networking Basics

1 FIVE STAGES OF I.

Secure Wireless LAN Design and Deployment

Configuring Layer2 Security

Configuring Cipher Suites and WEP

Troubleshooting WLANs (Part 2)

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

Physical and Link Layer Attacks

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Configuring the Client Adapter through the Windows XP Operating System

Table of Contents 1 WLAN Security Configuration Commands 1-1

Exam Questions SY0-401

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Cisco Exactexams Questions & Answers

Section 4 Cracking Encryption and Authentication

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

Improved KRACK Attacks Against WPA2 Implementations. Mathy OPCDE, Dubai, 7 April 2018

KRACKing WPA2 by Forcing Nonce Reuse. Mathy Nullcon, 2 March 2018

Wireless# Guide to Wireless Communications. Objectives

Wi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018

Securing a Wireless LAN

Nomadic Communications Labs. Alessandro Villani

IEEE 802.1X workshop. Networkshop 34, 4 April Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

KRACKing WPA2 by Forcing Nonce Reuse. Mathy Chaos Communication Congress (CCC), 27 December 2017

Network Security: WLAN Mobility. Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017

LESSON 12: WI FI NETWORKS SECURITY

Figure 5-25: Setup Wizard s Safe Surfing Screen

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

EAPeak - Wireless 802.1X EAP Identification and Foot Printing Tool. Matt Neely and Spencer McIntyre

Nomadic Communications Labs

Securing Wireless LANs with Certificate Services

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

Vulnerability issues on research in WLAN encryption algorithms WEP WPA/WPA2 Personal

Aerohive Private PSK. solution brief

Configuring a WLAN for Static WEP

Light Mesh AP. User s Guide. 2009/2/20 v1.0 draft

KRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Wireless Network Security

Wireless Technologies

Configuring the Client Adapter

TestsDumps. Latest Test Dumps for IT Exam Certification

Temporal Key Integrity Protocol: TKIP. Tim Fielder University of Tulsa Tulsa, Oklahoma

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Basic Wireless Settings on the CVR100W VPN Router

Chapter - 6 WIRELESS NETWORK SECURITY

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Radiant Systems Wireless Point-of-Sale Security Requirements

TopGlobal MB8000 Hotspots Solution

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

Cisco Questions & Answers

Security Setup CHAPTER

Network Encryption 3 4/20/17

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Wireless MAXg Technology

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

Crypto: Passwords and RNGs. CS 642 Guest Lecturer: Adam Everspaugh

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

How to connect your device using eduroam

Denial-of-Service Attacks Against the 4-way Wi-Fi Handshake

Chapter 3 Wireless Configuration

Secure Initial Access Authentication in WLAN

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Wireless Security Guide (for Windows XP, Windows Vista, Windows 7, Mac OSx)

WarDriving. related fixed line attacks war dialing port scanning

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Transcription:

WPA Passive Dictionary Attack Overview TakehiroTakahashi This short paper presents an attack against the Pre-Shared Key version of the WPA encryption platform and argues the need for replacement. What is WPA? The WPA standard is a subset of the 802.11i wireless security standard intended to address the cryptographic shortcomings of Wired Equivalent Protocol (WEP). WPA comes in two forms: per-user based security designed for enterprises, and a pre-shared key mode designed for consumers. While the former utilizes a RADIUS server to ensure per user keying, the latter greatly simplifies deployment for home and SOHO users by having a master key (based on a pass phrase) for the wireless LAN. WPA and 802.11i are necessary because WEP has known weaknesses, poor key manageability, and lacks simplicity needed among home users for deployment. Types of WPA Enterprise Mode - Per-user authentication based protocol with the combination of 802.1x security framework, authentication server, TKIP key management and Michael integrity checking aimed for enterprise use. The 802.1x provides administrators with a variety of security implementations to establish authentication in which RADIUS is the de-facto. TKIP and Michael offer per-packet key mixing, a message integrity check and a re-keying mechanism with efficiency. Consumer Mode - Pre-shared key (PSK) based protocol with the combination of Pre-Shared Key, TKIP key management and Michael integrity checking aimed for home use. Simplicity of deployment is of primary concern. Mechanism

Essential WPA tasks in Consumer Mode: 1. associating with the access point (AP) 2. authentication and distribution of the PMK (Pair-wise Master Key) 3. creation and installation of the PTK (Pair-wise Transient Key) based on PMK 4. integrity check 5. a successful wireless session using TKIP based on PTK Vulnerability The PSK version of WPA suffers from an offline dictionary attack because of the broadcasting of information required to create and verify a session key. In WPA, the PMK (master key) is produced by running a special function on a pre-shared pass phrase and an SSID. Both the host and the AP use this PMK, along with MAC addresses and nonces, in order to create the PTK (session key) and install it on both sides. The following is pseudo code for the creation of the PMK and the PTK, where PBKDF2 and PRF-512 are key generating algorithms based on keyed hashes. PMK = PBKDF2(passphrase, ssid, ssidlength, 4096, 256) PTK = PRF-512(PMK, Pairwise key expansion, Min(AP_Mac, Client_Mac) Max(AP_Mac, Client_Mac) Min(ANonce, SNonce) Max(ANonce, SNonce)) The PMK is generated by inputting the string of the pass phrase, SSID, and the SSID length into the PBKDF2 algorithm, which is set to hash 4096 times and generate a value of 256 bits. Since the SSID is easily recoverable, it should be noted that only the pass phrase would have to be guessed in order to determine the valid PMK. Furthermore, in the generation of the PTK for cracking purposes, only the PMK needs to be determined since all other fields can be trivially discovered; the 1st step in the 4 way handshake provides ANonce and AP_MAC while the 2nd step provides SNonce and Client_MAC, and the signature of the PTK just generated. The PTK consists of 4 keys: Key Confirmation Key (KCK), Key Encryption Key (KEK), Temporal Key 1, and Temporal Key 2. After receiving the 1st packet of the 4way handshake traffic, the client generates the PTK and runs MD5 hash function on the KCK and the EAP packet to be sent. This hash is then added to the EAP packet and sent over the network as the 2nd step. Now, an intruder can utilize the

hash portion of this packet and match it with the hash result of his guessed PTK and collected EAP packet; the correctly guessed pass phrase produces the same signature. Hence the intruder, by passively sniffing two of the EAPOL packets, can begin an offline dictionary attack. The availability of the attack is not constrained to the state of users as long as there exits an active session within the network. A well known disassociation attack can be used to trigger a re-association between the host and the AP at which time the attacker can gather the necessary packets. Analysis A tool called wpa_attack has been prepared to challenge this vulnerability. The effectiveness of the attack is directly proportional to the entropy of the pass phrase chosen. Because a detailed analysis of heuristics deployed in a typical password cracking tool is beyond the scope of this paper, any experimental results are not provided here. However, the software extends Password Cracking Library (PCL) and does provide an easily configurable interface allowing flexibility in implementing heuristics. A study of password choice observed in UNIX system administrators supports the relative feasibility of the tool: nearly 40% of administrator s passwords consisted of a word or combination of words [1]. It is a fairly reasonable assumption that less technically inclined users are likely to choose low entropy pass phrases at a higher rate. Conclusion The PSK version of WPA is rather self-contradicting. The nature of a pass phrase is likely to constrain the entropy of the pass chosen, leaving a great opportunity for a tool like wpa_attack to automate the process of effective off-line password cracking. Hence, the Wi-Fi alliance recommends a pass phrase longer than 20 characters, a requirement unlikely to be executed in practice by its target audience. In the end, the PSK version of WPA does not provide what is expected for end-users: easy and secure wireless connectivity. A clear resolution to this issue can be found in the project called tinypeap, named after the protocol it uses for 802.1x authentication phase. In short, tinypeap is a small self contained authenticator utilizing RADIUS and PEAP/MSCHAPv2, allowing developers to implement enterprise level security within consumer level products. Even more

importantly, it also provides users with a straight forward setup and uses familiar username and password based credentials for authentication. A user with tinypeap enabled devices can enjoy the highest level of the wireless security while easily managing the backend through graphical interfaces (i.e. Linksys WRT54G version implements a web interface). References [1] M. Bishop, Improving System Security via Proactive Password Checking, 1994

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback