Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Hands-on with wifi security v2

advertisement 
Hands-onwith wifi security
OWASPGöteborgSecurity Tapas
2015-10-20
AndersRosdahl
#whoami
Avarage security enthusiast
Nobleedingedge research,nowall of fames,nocve's
Actually,this isme...
@rosdahl
Agenda
Wifi overview
Authentication andencryption
Attacks
Defence
Demo/lab
Wifi overview
Accesspointscontinuously
sendbeacons toannounce
themselves
Clients continously probe for
accesspoints
Authentication
Association
Bands,channels andfrequencies
Maxdata
transferrate
(Mbit/s)
Bandwidth
(MHz)
802.11
Releaseyear
Frequency
(GHz)
a
1999
5/(3.7)
54
20
b
1999
2.4
11
22
g
2003
2.4
54
20
2.4/5
72/150
(perMIMO
stream)
20/40
5
96/200/433/866
(perMIMO
stream)
20/40/80/160
n
ac
2009
2013
there’s more...
Wireless Modes
Each wireless device/inteface can beinone of thefollowing modes.Definitions
vary.
Station– also referred toasClient modeorManaged mode
Master– also referred toasAccessPointorInfrastructure mode
Adhoc– formesh wifi networks
Monitor – also referred toasRFMON(RadioFrequency MONitor).Used
tosilently listentowifi traffic.Aninterfaceinthis modecan capture
traffic without connecting toany network.
Notallcombinationof wifi cards/drivers/OSsupportallmodes..
Authentication andencryption
WEP
• BasedontheRC4streamcipher,whichiseffectivelybroken
WPA/WPA2
WPS
• WPA – intermediatesolutionwhilewaitingforWPA2,whichwouldfixall
thatwasbrokenwithWEP.Designedbycrytographers.
• PSKorasymmetrickeypairs/certificates
• TKIP-RC4(WPA)/CCMP-AES(WPA2)
• ProvidesWPA/WPA2passwordtoclientrequiringonlyaPINcode
• Twomodes:
• Push-Button-Connect
• 4/8digitPINcode
Attacks
WPA/WPA2
1.
2.
3.
Deauthenticate connected client(s)with traffic injection
Capture re-authentication handshake
Offline word-listorrule-based brute forceattackonrecorded handshake
WPS
Brute forceWPSPIN.In2012several deficiencies inWPSwere disclosed.E.g.only max11k
vs10Mtries isneeded since APacks/nacks first 4digits.
WPSbackoff/timeouttimeoutprevents bruteforcing.Was notubiquitous 2012.
WEP
RC4...
Offline brute forceattacksimilar toWPAabove
Defence – hotsecurity tipsforhotspots
Use longandstrongWPA2
passwords!
Disable WPSonyour router
Don’t use WEP– obviously...
Use VPNwhen connected to
publicaccesspoints – anyone can
listen
Becareful about auto-connect
featuresof devices toavoid
connecting torougeaccess
points
Demo/lab
Alfacards forloan!
Related documents
Tactical network solutions
Tactical network solutions
Configure Work Group Bridge
Configure Work Group Bridge
Ethnic Revolution
Ethnic Revolution
Dr David Xiao - Personal Home Pages (at UEL)
Dr David Xiao - Personal Home Pages (at UEL)
#16 How does atomic size change within groups and across periods?
#16 How does atomic size change within groups and across periods?
Tutorials - Cal Poly Pomona
Tutorials - Cal Poly Pomona
Wireless Networking & Security
Wireless Networking & Security
Exercise
Exercise
I Stand here Ironing
I Stand here Ironing
Comparative Analysis of Wireless Security Protocols and Issues
Comparative Analysis of Wireless Security Protocols and Issues
The Woes of WiFi, Part 1: Insecure by Default
The Woes of WiFi, Part 1: Insecure by Default
Practical WLAN security
Practical WLAN security
Download
advertisement