man-in-the-middle - Personal.kent.edu
Download
Report
Transcript man-in-the-middle - Personal.kent.edu
WIRELESS
NETWORK
SECURITY
Hackers
• Ad-hoc networks
• War Driving
• Man-in-the-Middle
• Caffe Latte attack
AD-HOC networks
WAR DRIVING
• Searching
for Wi-Fi
by person
in moving
vehicle
MAN-IN-THE-MIDDLE
• Hotspots have little security
• Entices computers to log into soft Access
Point
• Hacker connects to real AP – offers steady
flow of traffic
• Hacker sniffs the traffic
• Forces you to loose connection +
reconnect within the hackers AP.
CAFFE LATTE ATTACK
• Targets the Windows wireless stack
• Possible to obtain the WEP key from a
remote client
• Sends flood of encrypted ARP
requests
• Attacker can obtain the WEP key
within minutes
Wireless Intrusion
Prevention System (WIPS)
• Robust way to counteract wireless
security risks
• PCI Security Standard Council
published guidelines for large
organizations
WEP: Wired Equivalent
Privacy
1999
• Secret Keys [Codes
to Encrypt Data]
• Secondary Goal :
Control Network Access
WEP
• 64,128, 256 bit key
• 24 bits used for Initialization
Vector
• Each packet includes integrity
check
Stream Ciphers
• RC4 is a stream cipher
• Expands a key into an infinite
pseudo-random keystream
What about IVs?
• RC4 keystream should not be reused.
• Use initialization vector to generate
different keystream for each packet by
augmenting the key
• IV reuse(24 bits)=>16.7 million variations
• Same shared key in both directions
• Encryption is vulnerable to collision-based
attacks.
Linear Checksum
• Encrypted CRC-32 used as integrity
check
• Fine for random errors, but not
deliberate ones
• CRC is linear
• Can maliciously flip bits in the
packet
• Can replay modified packets!
WEP
• Problem #1:
• No Limit on using the same IV Value
more than once.This makes the
encryption vulnerable to collisionbased attacks.
• Problem #2
• The IV is only 24 bits, there are only
16.7 million possible variations.
WEP
• Problem: #3:
• Master Keys are used directly, when they
should be used to generate other
temporary keys.
• Problem #4:
• Users don’t change their keys very often
on most networks, giving attackers ample
time to try various techniques.
802.11i
• TKIP [Temporal Key Integrity
Protocol]
• AES is a cryptographic algorithm
- new hardware may be required
• 802.1X: used for authentication
802.1X
• Keeps the network port
disconnected until
authentication is complete.
• The port is either made
available or the user is denied
access to the network.
WPA: Wifi Protected
Access
• Subset of 802.11i
• Master keys are never directly
used.
• Better key management.
• Impressive message integrity
checking.
WPA: Wifi Protected
Access
• Advantages:
• IV length has increased to 48 bits,
over 500 trillion possible key
combinations
• IVs better protected through the
use of TKIP sequence counter,
helping to prevents reuse of IV
keys.
WPA: Wifi Protected
Access
• Master keys are never directly
used
• Better key management
• Impressive message integrity
checking.
802.11i
WPA2
• WPA2 uses AES (Advanced Encryption
Standard) to provide stronger encryption.
• Enterprise uses IEEE 802.1X and EAP to
provide authentication. Consumer uses a
pre-shared key, or password.
• New session Keys for every associationunique to that client.
• Avoids reuse.
• WPA =
TKIP + 802.1X
To get a Robust Secure Network,
the hardware must use CCMP
[Counter Mode CBC MAC
Protocol]
WPA2 = CCMP+802.1X
TIPS
• Change default Administrator
Passwords for router.
• Turn on WPA/WEP
Encryption
• Change the Default SSID
• Enable Mac Address Filtering
TIPS
• Disable SSID Broadcast
• Do Not Auto-Connect to Open
Wi-Fi Networks
• Assign Static IP Addresses to
Devices Turn off DHCP on the
router access point
TIPS
Ensure firewall is
enabled on your
router and also each
computer connected.
TIPS
• Position the router or Access
Point Safely
• Turn Off the Network during
Extended Periods of Non-Use.
Questions ?