Transcript SHARK Node - ECpE Senior Design

Shark: A Wireless Internet
Security Test Bed
Senior Design Project May07-09
Stephen Eilers
Jon Murphy
Alex Pease
Jessica Ross
Faculty Advisor and team
• Dr. Steve Russell
– Associate Professor
• Electrical and Computer
Engineering
• [email protected]
• Adrienne Huffman
– Graduate Student
• Computer Engineering
• [email protected]
• Jon Murphy
• Computer Engineering
• [email protected]
• Steve Eilers
• Computer Engineering
• [email protected]
• Alex Pease
• Computer Engineering
• [email protected]
• Jessica Ross
• Computer Engineering
and Mathematics
• [email protected]
Definitions
•
•
•
•
•
•
•
•
•
ARP – Address Resolution Protocol
IV – Initialization Vector
L2TP – Layer 2 Tunneling Protocol
PPTP – Point to Point Tunneling Protocol
Radius – Remote Authentication Dial In User
Service
SSL – Secure Socket Layer
WEP – Wired Equivalency Privacy
WPA – Wi-Fi Protected Access
VPN – Virtual Private Network
What is SHARK?
• SHARK is a wireless security network to be
used to study security related issues on
wireless networks
• Tool to teach interested students about
wireless security
• Report statistics about attackers and
methods used to researchers at ISU
• Deployable to any remote location
Why SHARK?
• Client’s Last Semester as Professor,
wants project finished
• Educated college students about 802.11
security
• Give students something fun to do
Limitations
• SHARK must be portable and
extendable
• Initial build of the SHARK system must
consist of three or fewer computers
• SHARK must be built within a $150
budget
• Must use public domain software
• Must be capable of collecting research
data
Intended Users
• Primary
– College students in computer related fields
– Know the basics of wireless networking
• Secondary
– Interested community members
– People looking for a free access point
Intended Uses
• Primary
– Learning tool for students
– Study methods of wireless attacks
– Study basic network security
– Legal and ethical way for students to
participate in hacking exercises
SHARK Node
Shark
Ubuntu
Squid
Void11
Apache
Mysql
WireShark
SHARK – Software
• Ubuntu
• Squid
– Web proxy cache
• Direct traffic to appropriate places
• Apache
– Used to create local web-server login/registration
• Keep track of users
• MySQL
– Database
• WireShark/Ethereal
– Network Protocol Analyzer
• Captures all traffic on SHARK Network
Levels of Security
• SHARK has five levels of security
– Guppy
• No security, used for basic registering on network
– Clownfish
• WEP security
– Swordfish
• Rotating WEP security
– Barracuda
• WPA security
– SHARK
• RADIUS security
• Provides statistical data on hacking patterns
Wired Equivalent Privacy (WEP)
• 64-bit WEP
128-bit WEP
• Same 24bit IV Stream
• Flaws in WEP
– Repeating IV
– Short
– Stream Cipher
• XOR is bad
Breaking WEP Down
• Aircrack, airodump, airdecap
• http://www.linux-wlan.org/docs/wlan_adapters.html.gz
• No magic number of IV’s
– 250,000 – 400,000 for 40 bit
– 750,000 – 2M + for 104 bit
• More users = more IV’s sent = More IV’s that are
re-used
• Can read packets if IV is re-used but key not
broken yet
WPA
• Software update to WEP (closely related
to rotating WEP)
– Re-keying
– No more weak IV packets
• Pre-shared Key
– Only as strong a pasephrase
• Extensible Authentication Protocol (EAP)
– User authentication
– Radius
Traffic Generator – Baiting the
Hook
• Breaking WEP and WPA encryption
– Attackers must analyze thousands of packets
7-of-9
• Off-the-Shelf wireless
access point
– Provides generic internet access
– Traffic is captured and compared to
SHARK traffic
Network View Analysis Subnet
virtualnet
smallbox
Sharkweb
hub
D-Link
router
Internet
Network Pros/Cons
• Pros
– One external IP
– Firewall
– branches
• Cons
– extensive
forwarding
Machine Breakdown
VirtualNet
Ubuntu
Xen
SmallBox
SUSE
Snort
WireShark
Mysql
Apache
Sharkweb
FreeBSD
Apache
Mysql
php
SmallBox
• Captures traffic on SHARK
• Stores and Analyzes data
– Packet Capture
– Filter
– Webserver
WireShark
Snort
Apache
Sharkweb
When attackers break into SHARK, are
forwarded here
• Logged into database
– Webserver
– Web Utilities
Apache
MySQL, PHP
Virtualnet
• Simulates additional machines running
services without adding cost of
physical machines
– OS
– Virtual Machine Manager
Ubuntu
Xen
Virtual Machines
• VM 1
– Mimicking a standard server
• VM 2
– Tarpit
• Delays incoming connections for as long as
possible
• VM 3
– HoneyD
• Confuse attackers to think it has open ports
Secure Tunneling
•VPN
–Provide secure
communications
over unsecured
networks
•Benefits
–Provides the level
of security we desire
•Downsides
–If SHARK is
compromised, they
have direct access to
our network
•Solution
–Scripting for “onthe-fly” configuration
Secure Tunneling – VPN
• One of the only ways to
provide a secure and
extensible way to access
the SHARK machines
• Need the ability to create
multiple VPN sessions, so
a VPN server is required
• Multiple solutions available
– PPTP
– L2TP
– SSL
Status of SHARK
• Completed
– All computers have main software packages installed and
configured
– Order for parts has been placed
– Xen server fully configured
– Portal redirect
• In Progress
– Open access point for registering
– Virtual machines up and running
• In Concept
– VPN
– Radius Server
– Data Statistics and Heuristics
Testing
• Target Audience CPRE 537 wireless
Security Class
• CONTEST
– Open Registration
– WEP
– WPA
– Rotating WEP
– RADIUS
– Results
– Basic Analysis
week 1
weeks 2,3
week 4
week 5
week 6
week 7
week 8
Hours and Resources
Hours (current)
Cost ($10.50/hr)
Steve Eilers
60
$630.00
Alex Pease
86
$903.00
Jon Murphy
58
$609.00
Jessica Ross
50
$525.00
Wireless AP
$49.99
Router
$39.99
Hub
Donated (2)
Computers
Donated (3)
Wireless Cards
$39.99
Total
254
$2796.97
Future Uses
• Make the automation of tasks smoother
• Better documentation
• Increase the number of fields for
registration.
Commercialization
• This project is a research project and is
not intended for commercialization.
Questions?