Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Presentation

advertisement 
Eavesdropping attack over Wi-Fi
Course: Security and Privacy on the Internet
Instructor: Dr. A.K. Aggarwal
Presented By:
Fadi Farhat
Fall, 2007
1
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Table of Contents
Part I: Paper presentation
1. Define Eavesdropping.
2. Difference between Eavesdropping over wired networks
& Eavesdropping over wireless networks.
3.
What we need to eavesdrop?
4. Legality of eavesdropping devices.
5.
What makes Wi-Fi susceptible to be compromised?
6. How to Secure Wi-Fi Networks?
7. Wi-Fi Special attacks.
8. How to detect eavesdropping over Wi-Fi?
2
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Table of Contents
Part II: Project presentation
Introduction
1.
Experiment Architecture and Scenarios
2.
Hosts Installations and Configuration
3.
Tuning CommView sniffer for experiment
4.
Conducting the Experiment
4.1. Spying on HTTP (Web Pages)
4.2. Spying on FTP (Downloading files)
4.3. Spying on SMTP (Emails)
3
5.
IDS Promisacn 3.0
6.
References
7.
Lab Experiment with ?????
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Part I
Paper presentation
4
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Eavesdropping
5

Eavesdropping is the process of gathering
information from a network by snooping on
transmitted data.

To eavesdrop is to secretly overhear a private
conversation over a confidential communication
in a not legally authorized way.

The information remains intact, but its privacy is
compromised.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Eavesdropping over
wired & wireless networks
Eavesdropping over wired networks
Over wired networks eavesdropping is more
difficult

It needs the eavesdropper to tap the
network, using a network tap which is a
hardware device that provides a way to access
the data flowing across the network.

Can’t be achieved unless the eavesdropper
can be in touch with the wire of the network
which is difficult sometimes and impossible the
other times.

6
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Eavesdropping over
wired & wireless networks
Eavesdropping over wireless networks

Easier to be achieved (no compromised dangerous).
You need
7

A computer with wireless network adapter working on
promiscuous mode

To be in the area of the wireless network coverage

To have one of the particular software tools that allows
the eavesdropping over Wi-Fi. Commercial name for the 802.11 products.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
What we need to eavesdrop?
1. Hardware tools
8

Network adapter supporting promiscuous
mode (to intercept and read each network
packet especially those of other network
address). Ex: Prism 2, 2.5 and 3.

High-power antennas can be used to
provide intercepting wireless traffic from
miles away.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
What we need to eavesdrop?
2. Software tools

Any Wireless Packet Sniffer can be used

Widely available for sale and even free over the Internet
Ex:
Network
Stumbler,
Hitchhiker,
Aircrack-ng,
Wireshark, Kisemet, Commview, Javvin packet
analyzer, Wildpackets, Network monitor, Wireless
monitor
9
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Legality of eavesdropping devices
10

Be aware of the legal issues before you buy
eavesdropping devices.

It is a crime in most countries to eavesdrop
on someone’s privacy

But as network administrators need to
analyze traffic on their networks (debug
networks, find illegitimately installed access
points) they may need eavesdropping
devices.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
What makes Wi-Fi susceptible to be
compromised
11

Most of the network adapters used around
the world are unsecured and open to
unauthorized use

Many individuals’ and businesses don't
understand how to secure a wireless
network

Many Wi-Fi products come ready-to-use
right out of the box.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Securing Wi-Fi Networks?
12

The only available way to fight eavesdropping is
the encryption.

But even using the encryption technique will not
prevent capturing the data in its encrypted form.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
How to Secure Wi-Fi Networks?
Simple Steps to Secure Wi-Fi Network
1. Change the Administrative Password on
your Wireless Routers.
2. Installing a Firewall.
3. Change the Default SSID Name and Turn
off SSID Broadcasting.
4. Disable DHCP.
5. Replace WEP with WPA.
13
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
How to Secure Wi-Fi Networks?
1. Change the Administrative Password
on your Wireless Routers.
14

Routers came with default password to
provide easy access.

Changing those passwords is one of the
first recommended steps to do.

Default passwords are posted on the
vendor support sites.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
How to Secure Wi-Fi Networks?
2. Installing a Firewall.
15

A firewall is the fence of your network
from any unauthorized accessing

Can help in the protection of your PC by
blocking or allowing the pass to your
network.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
How to Secure Wi-Fi Networks?
3. Change the Default SSID Name and
Turn off SSID Broadcasting.
16

In Wi-Fi a service set identifier (SSID) is a code
attached to all packets on a wireless network to
identify each packet as a part of the network.

Changing SSID will necessitate the wireless
client computers to enter the name of the SSID
by hand before they can connect to the network.

But even though and because the data packets
that are transmitted
will include the SSID it
may be discovered.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
How to Secure Wi-Fi Networks?
4. Disable DHCP
17

Disable the “Dynamic Host Configuration
Protocol”

Assign IP addresses to the client
computers manually to restrict the access
to the router to specific MAC addresses.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
How to Secure Wi-Fi Networks?
5. Replace WEP with WPA
18

WEP “Wired Equivalent Privacy” is a security protocol,
encrypting data transmitted over the wireless computer
network to provide security and privacy, and to protect the
vulnerable wireless link between clients and access points.

But as WEP is weak and can be cracked in about 3
minutes as the FBI showed in 2005 using some freely
access tools, WPA “Wi-Fi Protected Access” which is more
powerful using 128-bit encryption keys and dynamic
session keys, must replace it to provide strong data
protection.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Wi-Fi Special attacks
Man-In-The-Middle Attack is one of the attacks
that can’t be applied to wired networks, it’s just
applicable to Wi-Fi.
19

Hackers can configure a rogue AP to imitate a
legitimate AP.

Once the client is connected to the rogue AP, the
hacker can perform any attack that involves
modifying the packet stream.

Emails can be read, phishing attacks can be
implemented etc...
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
How to detect eavesdropping over Wi-Fi
 Some Wi-Fi equipment makers have added
more security measures like
 Intrusion detection uses position location
technology to detect the presence of a
malicious station in order to track down the
offending station and remove it.
 Sniffing node detection tool to detect the
Promiscuous Nodes. Ex: PromiScan.
20
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Part II
Project presentation
21
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Introduction
 In this project, I simulate an easy, yet
important, eavesdropping wireless attack.
 Unsecured wireless sessions can be
target for eavesdropping attackers.
 Serious confidential and personal data
can be captured, analyzed and even retransmitted on one’s behalf.
22
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Experiment Architecture and Scenarios
Experiment Architecture
NetGear Wireless router
Victim Laptop
Toshiba Windows XP
Ethernet Intranet
Intranet Server
Windows Server 2000
(Web, Mail, FTP services)
Victim Machine
Intruder
HP Laptop
Windows XP
CommView for WiFi
Intruder Machine
23
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Experiment Architecture and Scenarios
Experiment Scenarios
The intruder (an upset student) will try to listen to
the data flow to/from the victim (his professor)
and capture important information about him.
24

Spying on HTTP (Web Pages)

Spying on FTP (Downloading files)

Spying on SMTP (Emails)
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Victim Machine
Configuring Outlook Express email client
Toshiba Laptop
CPU: Centrino 1.7 Ghz
Memory: 1 GB
Hard Disk: 80 GB
Operating System: Windows XP professional
IP Address: 192.168.1.2
25
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Victim Machine
Configuring Outlook Express email client
26
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Victim Machine
Configuring Outlook Express email client
27
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Victim Machine
Configuring Outlook Express email client
28
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Host Intruder Machine (Laptop)
Installing CommView for Wi-Fi
HP Laptop
CPU: Centrino 1.7 GHz
Memory: 512M
Hard Disk: 60 GB
Operating System: Windows XP professional
IP Address: NO IP ADDRESS
CommView For Wi-Fi (packet sniffer and generator)
29
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Host Intranet Server
Installing IIS, SMTP and FTP
Configuring IIS, SMTP, FTP
IBM server
CPU: Xeon 3.00 GHz
Memory: 256 MB
Hard Disk: 80 G
Operating System: Windows 2000 Advanced Server (Ser)
IP Address: 192.168.1.100
Application: MS-IIS web server, SMTP Relay service, FTP service.
Note: For assist limitation: This server is implemented using VMware ver 4.0. A
virtual machine application that runs on top of the installed operating system. I
had to use it because the installed OS (windows XP) doesn’t support web
services (IIS, SMTP, FTP).
100 Mbps UTP connection to Access point
30
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Host Intranet Server
ON windows 2000 server, start->setting -> control panel
Add/Remove program, Add/Remove windows Components
Check the checkbox of IIS services
31
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Host Intranet Server
For the HTML, add the file called default.htm to the folder
c:\inetpub\wwwroot.
32
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Host Intranet Server
For SMTP, configure mail server domain name.
start programs administrative tools  Internet Services
Manager. Click on SMTP. Right click on domain. Click Add
new domain and type uwindsor.ca.
33
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Host Intranet Server
FTP needs no configuration. Just need to add some file to the
ftproot folder. These files will be downloaded by clients.
34
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of Access point Router
SSID
IP address
DHCP service
Channel ID
Brand Name: Netgear 54 wireless router XG614v7
SSID name: Stay Away
Channel ID: 2
4 ports UTP switch (Intranet server is connected via)
Operating System: Windows 2000 Advanced Server (Ser)
IP Address: 192.168.1.1
Acts as a router between the wireless network and the intranet network as
shown in figure 1
35
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration of
Access point
Router
Configure Netgear
using HTTP
browser typing
HTTP://192.168
.1.1
Type the name in
the SSID name.
In the channel field,
select the
channel.
Make sure the
security field is
“none”.
36
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Hosts Installations and Configuration
Configuration
of Access
point Router
Configure the IP
address and
the DHCP of
the AP
37
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Tuning CommView sniffer for experiment
Starting CommView for Wi-Fi,
Click on File menu then select start capture.
38
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Tuning CommView sniffer for experiment
Configure the channel number
To limit the search
39
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Tuning CommView sniffer for experiment
Configure IP aliases to simplify the analysis of the captured
packets by showing the alias name instead of IP address.
click on Settings IP aliases, Type in the IP address of each
host involved in the scenario
40
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Tuning CommView sniffer for experiment
Configuring CommView Rules (Filters)





41
Click on Rules tab
Enable IP address rules
Check the Capture option,
Check the Both option
Type the IP addresses of the entire host
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Tuning CommView sniffer for experiment
Configuring CommView Rules (Filters)
My scenario is to capture certain packets
so only sniff the following set of protocols
42
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Tuning CommView sniffer for experiment
Configuring CommView Rules (Filters)

Click on Rules tab

Tell the sniffer to only sniff the following set of protocols
TCP port 80 for HTTP
TCP port 20, 21 for FTP
TCP port 25 for SMTP (mail).



43
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
Start Eavesdropping


44
Start CommView by clicking on File --> start capture
From the scanning window, click on start scanning
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
Spying on HTTP (Web Pages)



45
In this attack the intruder will spy on the victim
http traffic. The Victim is accessing a web server
and reading a specific important confidential
page from his corporate web server.
The victim will type in the web browser the
website name (here it is an IP address
192.168.1.100)
After performing the previous step, CommView
packet tab shows that there are 45 packets has
been captured.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Spying on HTTP (Web Pages)
46
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Spying on HTTP (Web Pages)
Spying on HTTP (Web Pages)
To make it easier for the intruder to actually
see what the victim was watching the
intruder can reconstruct the HTTP session
and view it as a web page with some format
limitation. To do this the intruder can simply
right click on any HTTP packets and select
“Reconstruct TCP session.
47
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
Spying on HTTP (Web Pages)
48
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
Spying on HTTP (Web Pages)
CommView was even able to show images transferred during the
HTTP session
49
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
Spying on FTP (Downloading files)
50

The victim will connect to an FTP server to
download an important confidential file. The
victim will do the following steps

From command prompt victim will connect to the
ftp server entering administrator account and
password and then downloading a configuration
file called rules.txt
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
Spying on FTP (Downloading files)
This screen is from the victim’s laptop.
51
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
Spying on FTP (Downloading files)
The intruder was able to capture the whole session in 67 packets. The
username and password where captured. All the commands issued by
the victim where gathered as well as a copy of the downloaded text file.
52
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
Spying on FTP (Downloading files)
Copy of the downloaded text file.
53
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
Spying on SMTP (Emails)
The victim, using his Outlook Express sends a confidential email to Dr. Aggarwal
54
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
Spying on SMTP (Emails)
CommView captured the email, the sender, the receiver and the subject
55
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Conducting the Experiment
•
•
•
56
This whole experiment was happened over a non
secure network.
I conducted the same detailed experiment but over a
secure network using WEP security and the results
were the same as over a non secure network.
But when I conducted the same experiment over a
secure network using WPA security, the laptop using
sniffer couldn't even connect to the network.
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
IDS Promisacn 3.0
The intrusion detection system that can detect the
Promiscuous sniffing nodes (Eavesdropping) is called
PromiScan.
But due to its high price 500$ I couldn’t used it .
The free trial version of that software has many limitations
(Special IP address range) and I actually spend more
than 10 hours trying it but without any results.
57
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
References











58
[1] M. Domenico, A. Calandriello, G. Calandriello and A. Lioy. Dependability
in Wireless Networks: Can We Rely on WiFi?. IEEE Security and Privacy,
5(1):23-29, 2007
[2] www.london-wifi.com
[3] www.wlantenna.com/wlantenna.htm
[4] http://www.tscmvideo.com/eavesdropping/eavesdropping-device.html
[5] LucidLink, the network security products company, WiFiTheft.com,
wifi.weblogsinc.com, WarDriving.com, Wigle.net, www.intelligentedu.com
[6] Wikipedia encyclopedia. Eavesdropping on Wi-Fi, chapter 6 page 122
[7] http://www.sciam.com/article.cfm
[8] A. Nicholson and B. Noble. Automatic Network Management for Mobile
Devices. In Proc. Seventh IEEE Workshop on Mobile Computing Systems &
Applications, IEEE Computer Society, pages 47–47, 2006.
[9] Eavesdropping on Wi-Fi, chapter 6 page 122
[10] The experiment Scenario figure, Eavesdropping project.
[11] www.securityfriday.com/products/promiscan.html
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Questions in the lab
59
564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Related documents
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Trutech Webs
Trutech Webs
Lecture for Chapter 2.3 (Fall 09)
Lecture for Chapter 2.3 (Fall 09)
Instance Based Social Network Representation
Instance Based Social Network Representation
Using Social Media in Research: Privacy, Trust, & Ethics
Using Social Media in Research: Privacy, Trust, & Ethics
DS1 - Claran Mc Mahon CyPsy RCSI
DS1 - Claran Mc Mahon CyPsy RCSI
Download
advertisement