1. Introduction to WiFi and Mobile Hacking
In our wireless and mobile technology. We’ll discuss wireless LAN network types. We’ll discuss the Ssid and Mac filters. Wep WPA versus wep and WPA two. We’ll discuss techniques like wet weaknesses and WPA weaknesses. We’ll discuss some of the tools like Discovery, Mac spoofing, web cracking and traffic generation. And then we’ll discuss some countermeasures like eap radius and IAS integration. Eight.
2. WiFiNetwork Types, Widely Deployed Standards, A, B, G, 802.11n – MIMO, 802.11ac,
There are generally two types of WiFi wireless networks, one called infrastructure mode and the other called device device or peertopeer, sometimes called ad hoc networks. An ad hoc or device device network is a wireless network where data is transmitted directly between wireless devices on the network without passing through an access point. An infrastructure mode is one that has a central point of configuration and management. It’s much more secure because we can apply encryption such as Web, WPA or even the extensible authentication protocol. The device is still transmit in all directions. Although they have a central point of configuration management.
The most widely deployed standard is a set of media access, control and layer specifications for implementing wireless local area networks, computer communication in the 2. 43. 6 and five, and even the 60 GHz frequency band they’re created and maintained by the IEEE Landman Standards Committee. The base version of the standard was released in 1997 and has subsequent amendments. The Standard and Amendments provide the basis for wireless network product using the WiFi brand. The most popular ones are the 800 and 211 A, B and G. But you’re going to see with the standards evolving, we’ve got some new ones on the back. Let’s compare the predominant standards of about maybe five years ago.
We had the 800 and 211 B, which operated in the 2. 4 GHz frequency, 800 and 211 A in the 5 GHz frequency, and 811 G, which also operated in the 2. 4 GHz frequency. I want you to notice that the speed of them is different. And I also want you to notice, most importantly, that the range is different. The higher the frequency, the further the range. So A doesn’t go quite as far, but it is isolated in its own range as you’re going to see in a couple of minutes. That’s going to make a difference on another one that we’re going to talk about. The 800 and 211. MIMO Standard stands for multiple in, multiple out. It uses the multiple antennas to increase or decrease its error rates.
Previously on the 8211 G, B and A, we used one antenna for in and out, so it talked kind of like a CB radio. MIMO is a conjunction with Optical Frequency Division Multiplexing, and it’s part of the 800 and 211 16 Wimax Standard and 800 and 211 in High throughput Standard, which is expected to be finalized in mid 2007. It was actually finalized in about 2009, but the problem with that was there were so many people that were on board trying to create this standard, it made it very difficult for the standard to become a standard. Some of the advantages of 800 and 211 in are it had about eight times more coverage than G, much higher throughput speed, because it doesn’t have to act like a CB radio. It can send and receive at the same time.
And with MIMO, even your existing G clients will get a boost in range of about 20%. Lastly, we have the 800 and 211 AC, which is a wireless computer networking standard. It is marketed under the brand name of WiFi. It was developed in the IEEE Standards Association and notice it also works on the 5 GHz band. Now, its claim to fame is that it has a theoretical limitation of one gigabit per second and a single link layer throughput of at least 500 megabits per second. This is accomplished by extending the Air interface concepts embraced in 800 and 211 in wider RF bandwidth up to 160 MIMO spatialing streams, up to eight of them, multi user MIMO and a high density modulation.
3. 802.11n – MIMO, 802.11ac, SSID, MAC Filtering, WEP, Weak IV Packets
Now, the Ssid, which stands for Service Set Identity is the wireless network name. It’s composed of anywhere from one to a 32 byte string. It actually is broken down into what’s called the Essid Extended, which is the name that you typically see when you see the wireless network client software and then the BSSID which is the Mac address or the access point. This allows two access points to server the same wireless network. For example, if you’ve gone to hotels that you’ve seen holiday Inn floor one, Holiday In, floor two, holiday Inn floor three. They really didn’t need to do that because the BSSID would be different.
They could have just named them all Holiday Inn. It would have associated with the closest access point. The security of Ssid hiding is another thing that we can do because we can turn this off. It actually is recommended that we disable this, which is the default setting for many access points to transmit it into Clear. Unfortunately, by just simply disabling it, it doesn’t really provide really an effective security for the wireless network. It’s more of an out of sight, out of mind type of thing. I like to refer to it as if you’re driving down the road and the garage door is closed, you assume it’s locked, whereas if the garage door is open, well, you know that garage door is open.
That’s kind of the same type of thing because in reality we can force it to transmit a packet telling us the Ssid if somebody is attached to it. The next thing we want to talk about is Mac filtering. The Mac filtering in computer Networking refers to the security access control method where the 48 bit address is assigned to each network and it’s used to determine access to that network. Now, Mac addresses are uniquely assigned to each card. So the Mac filtering on a network permits and denies network access to specific devices by the use of blacklists and whitelists. While the restriction of network access through the use is straightforward, an individual is not identified by the Mac address but rather by the device only.
So an authorized person will need to have a whitelist entry for each device that he or she uses and be accessed to the network while giving a wireless network some additional protection. Mac filtering can be circumvented by scanning a valid Mac and then spoofing one’s own Mac to the validated one. In other words, we can scan the air because the Mac address has to supply it in clear text, then set our Mac address to that one. This can be done in the Windows Registry or by using command line tools on the Linux platform. Mac address filtering is often referred to as security through obscurity. The first encryption type we want to talk about is something called Wired Equivalent Privacy or Wep.
This was the very first encryption mechanism that was applied to the 800 and 211 standard. It was ratified in September of 1999, and its intention was to provide data confidentiality to that compared to the wired network. Although its name implies that it is as secured as a wired connection, wep has been demonstrated to have numerous flaws and has been deprecated in order to favor newer standards such as WPA Two. In 2003, the WiFi Alliance announced that web had been superseded by Wi Fi protected Access or WPA. In 2004, the ratification was eight zero eleven I, which is essentially WPA Two.
The IEEE declared that both Wep 40 bit and Wep 104 bit have been deprecated as they failed to meet their security goals. Some of the drawbacks to Wep is that it uses an RC four cipher. It can use 64 or 128 bit keys. The keys are constructed of a 24 bit initialization vector, and the remainder is a user defined key. IV is a role encounter used to change the entire key of the packet. This illustration is an illustration of since the first data to be encrypted in a Web packet is usually the snap header. As with IP and Arp packets, the first byte of this is almost always zero xaa, the first 24 bits being given up in clear tech. Since the IV is transmitted in plain text, weak Ivs are very easy to detect.
The key value is determined after given a sufficient amount of traffic and repeated applications of this strategy, we recover the entire key. Since the Ivs is a three byte string and there are two to the 24th power of possible values, or about 16 million in change, it has been estimated that about 2% of these are weak. Empirical studies show that it only takes a few hundred packets encrypted with weak Ivs to crack the encryption. The question isn’t whether wep can be broken, but how long it takes to be broken. As a rule of thumb, a few million packets generate enough weak Ivs to recover easily web keys. We can also force it to use weak Web keys because Web doesn’t check for retransmissions. More on this in a couple of slides.
4. XOR Basics, WEP Weaknesses
The next thing we want to discuss is something called the exclusive or. This is actually a boolean gate or boolean portion of logic that is used in an encryption process. This is absolutely on the test, so you need to understand it. It’s really pretty easy. When the bits match, we get a zero. When the bits don’t match, we get a one. Back when you took Height high School algebra, we were able to solve for one unknown. For example, three A equals twelve. If we divide both sides by three A is going to equal four. We can solve for one unknown. But if we say three A plus B equals twelve, we don’t necessarily know what the value is. So we can whittle it down to its most basic form, but we can’t solve it completely.
We can solve for one unknown. So if we have a certain amount of data that’s represented with these bits here, and we have the ciphertext that’s represented here, we can use the exclusive or mechanism to find out what the key is. Because we’re solving for one unknown, the next thing we want to talk about is Web weakness. There are a number of shortcomings that are available in Web. It’s practical to eavesdrop a web protected network from distances of even a mile or more from the target. By default, Web relies on a single shared key. Among users that means everyone has the same key. So if you do have access to that wep network, you could read everyone else’s information.
This leads to practical problems in handling compromises, which often leads to ignoring compromise. In 2005, a group of the US Federal Bureau of Investigation gave a demonstration where they cracked Web protected network in three minutes using publicly available tools. This is typically the case anymore. I can crack Web in anywhere from five to 15 minutes using a small amount of packet. The more packets we have, the easier it is to crack Web. Its weaknesses rely on transmitting in clear text the header of the packet. Now remember, it reduces the length of the key by 24 bits. So in other words, we’re not even having to crack the whole 128 bit packet, we’re only having to crack 128 less 24 bits. Some IV strings reveal certain bytes of the user defined key.
These are known as weak ivs. So if I know what’s in the packet, in other words I sent the packet out, then I know what’s in the packet. I am solving for one unknown. Then the web key is universal for all web clients. And the biggest problem we have is web doesn’t check for retransmissions of the same packet. This allows an attacker to replay certain packets to the network. The most popular form of the packet is an Arp request. I know what’s in an Arp request and once it goes through the access point, I know how it’s encrypted. Thus I’m solving for one unknown. If I just simply reissue that Arp request over and over and over over again. It would give me the capability to crack. Wep in a Very quick Period of time.
5. TKIP, WPA vs WEP, WPA MIC Vulnerabilty, WPA-PSK Encryption
Now, the first thing we want to talk about since we were able to crack Web so easily is something called Temporal Key Integrity Protocol or TKIP. It actually was a stopgap secure protocol used in IEEE 811 wireless networking standard. TKIP was designed by the 8211 I Task Force and the Y Alliance as an interim solution to replace Web without requiring the replacement of legacy hardware. This was necessary because the breaking down of wep had left WiFi networks without a viable link layer security solution. And there was a security solution needed for something was already deployed as hardware.
So as we know, TKIP must fit into the same place, into the same amount of firmware as we did, so it could replace Web. So we had to very tightly code TKIP. Unfortunately, TKIP is no longer considered secure. It was deprecated in 2012 revision of 802,000 standard, giving it up to WPA two, which is a more secure version of the protocol. A couple of key points about TKIP that were very good were that the keys were generated dynamically on a per client basis, very similar to how SSL does. This means that each and every client uses a completely different key. Unlike Web, we’re able to see across members in our same security domain.
Individuals using WPA using TKIP are not because everyone gets a different key. Now, the key is generated from a hashing function based upon the Mac address of the access point, a nonce from the access point, which is nothing more than a challenge, a Mac of the client and a nonce of the client followed by the Ssid. Now, at some point in time, every one of those, with the exception of the pre shared key, is delivered in clear text. So we simply need to grab all of those pieces, put them together, hash them and try and guess what the key is very similar to cracking a password. Now let’s talk about how WPA improved on Web.
First off, the IV links has been increased from 24 bits to 48 bits. Now remember that the security is increased or doubled by every bit that we add. So it’s not necessarily doubled from 24 to 48. It has gone to the power of another 24 power. So it’s much tighter than it appears to be. Ivs are now used as a sequence counter. This prevents encrypted traffic from being replayed to the network, which is a big weakness in Web. Also, weak ivs have been eradicated WPA avoid using known weak IV value. We also used what was called a master key. The master key is not used directly inside of WPA, it is used by unlike Web, where all Web clients use the same key.
This means there’s more traffic being encrypted with the same key and hence if we’re member of that security domain, we also can read the information in those individuals. In BPA we use a key hierarchy which is used where each and every client uses a demonstrations key, we have a key management function. It requires that the same key is configured on the client. This does not allow for a secure key management.Now, in key management, Web requires the same keys configured on the client. This doesn’t allow for secure key management. Key management isn’t an issue in WPA due to the key generation process. We also have the message integrity checking.
WPA uses an integrity check called MIT known as Michael. Hardware constraints require that the checking has to be relatively simple because remember, we need to fit it into the same place that Web created. In theory, there’s only a 1 million chance of guessing the correct Michael. Then we still have to crack the key. This prevents attackers altering the packets of data. Now, if you can guess one in a million, you need to be helping me with my lottery number. Unfortunately, WPA and BPA two have vulnerability. If an attacker sends two packets of authorized data during a 1 second period, the system assumes it’s under attack and shuts it down.
The shutdown is meant to prevent attack, but could trigger revealing sensitive information. Most clients will automatically attempt to connect to a preferred client after the network disassociation. And this is where we typically grab all of those pieces we talked about before the access point Mac, the client Mac, the access point knots, the client knots, and the Ssid. All we need to do then is simply pass through it all of the information that is needed. Now, as I said before, WPA is not necessarily considered to be as secure as we would like it to be. And this may have to do with the cipher issue. WPA and WPA Two are virtually identical in the way that they function.
Both are derived from an early snapshot of WPA being 8211 I the major difference between WPA and WPA two encryption algorithms. Remember, WPA uses RC four and the TKIP protocol. And WPA two uses AES or the Advanced Encryption Standard. And AES ccmp is abbreviated from advanced encryption. Standard counter mode with cipher block chaining message authentication protocol. Say that 50 times fast. We know that as is a much tighter encryption. WPA and WPA two encryption are able to use either a pre shared key or able to use an encapsulated security payload. The problem with WPA and WPA Two is the key generation process. Remember that the key is generated from all those pieces.
We grabbed the Mac address of the access point, the Mac of the client, nons of the client, and the Ssid. Then we try and obtain the pre shared key because that is our one unknown. As I said before, all of the above information is transmitted in clear text except for the pre shared key. If an attacker is able to intercept the trike, they can take a pre shared key from a dictionary file, combine it with the rest of the data, and compare the values until a match is found. Most administrators use a weak dictionary based key, as they believe WPA and WPA, two encryption, is much more secure than Web, although it simply needs the proper passphrase or password to be able to use this.