SlideShare a Scribd company logo

Wireless hacking and security

A
Adel Zalok

This presentation describes the WEP issued in the original IEEE 802.11 and points out it's weakness and how can attacks be executed. Also, it summarizes the best practices to introduce security to the Wireless enviroment.

1 of 29
Wireless LAN Hacking and Security
Technical Presentation  Page Outline Introduction to WLAN Why Wireless Security ? Motivation Wired Equivalent Privacy (WEP) Hacking Wi-Fi Security Best Practices Summary & Conclusion
Technical Presentation  Page Introduction To Wireless LAN Introduction What is Wireless Networking?! A wireless Network refers to a fully connected network that allows users to share resources without using any kind of Wiring. Resources Could be : Broadband Interent Network Printers Data files Examples: Wireless Personal Area Network (PAN) Wireless LAN ( Our Guy ) Wireless MAN Mobile Networks
Technical Presentation  Page Wireless Advantages And Disadvantages Introduction To Wireless LAN Wireless Advantages Easy and Fast Installation Procedures No need for costy, Messy wiring. Easier to provide connectivity. Access to the Network can be anywhere with the range of the AP. Public places offers free or chargable access to wireless network. Wireless Disadvantages Many users = Bandwidth starvation. Unlicensed spectrum, which could lead to interfrence with other services. Frequent updates in the standards = replacing hardware = higher cost Shared medium introduces security issues.
Technical Presentation  Page IEEE Network Specifications Introduction To Wireless LAN
Technical Presentation  Page Most Important ones: Introduction To Wireless LAN
Technical Presentation  Page Wireless LAN Technologies Narrow Band Picking a frequeny and transmitting over it. Very vulnerable to multi-path fading and interference. Spread Spectrum Uses more bandwidth by spreading the signal over a large range of fqs. More imune against multi-path fading and interference. FHSS Hops across Frequencies by a certain rate. Synchronizes Hopping pattern at Tx and Rx. DSSS Breaks data Into chuks. Represents each bits with *Chips*. Introduction To Wireless LAN
Technical Presentation  Page WLAN Frequency Usage Wireless Channels in 802.11b As An Example The 802.11b standard defines 14 channels. Does it use all the 14 channels ?!  this depends on Countries North America : 11 channels Euope: 13 channels Japan: All the 14 channels Introduction To Wireless LAN
Technical Presentation  Page WLAN Modes Ad-hoc Mode All workstations can directly communicaticate together. Good if you plan to quickly get setup your wireless network when there is no access to wired Infrastructure. Infrastructure Communication occurs through an AP. A basic wireless Infrastrucutre with a single AP is called a BSS. When more than once access point is connected it is called an ESS. Roaming is supported from one BSS to another. Roaming between APs can occur for many reasons. For examples: Stronger signals. Load balancing between two APs in the same geographical area. Introduction To Wireless LAN
WLAN Modes Introduction To Wireless LAN
Here comes your footer  Page Why Wireless Security ?! Motivation !! Accidental association Malicious association Ad-hoc networks Non-traditional networks Identity theft (MAC spoofing) Man-in-the-middle attacks Denial of service Network injection Caffe Latte attack And many more !!!
Technical Presentation  Page Non Technical Example!! Why Wireless Security ?! [CEH V7 Official Course Material] Example Tools : wefi, jiwire,…
Technical Presentation  Page Most Famous and Commonly Used Cryptos !! WEP : An old wireless encryption standard (will be discussed in more details) WPA : Uses a 48 IV, 32 bit CRC and TKIP encyption for wireless security. WPA2 Personal : Uses AES 128 bits and CCMP for wireless data encryption. WPA2 Enterprise : Integrates the standards of EAP with WPA enrption WEP -- Wireless Equivalent Privacy WPA -- WiFi Protected Access CCMP -- Counter Mode With Cipher Block Chaining Message Authentication Code Protocol Why Wireless Security ?!
Here comes your footer  Page Wired Equivalent Privacy (WEP) Who am I ? Wasn‘t developed by experts. Part of the IEEE 802.11 standard. Was meant to provide confidentiality for messages on the network. Not Considered *The state of the art* any more. Was designed to achieve three main security goals: Confidentiality : Content is not readable to people outside the network. Integrity : A message can‘t be altered without altering detection. Access control : only authorized stations can access the network. Concept Encryption Decryption M C M K K As If
Here comes your footer  Page Wired Equivalent Privacy (WEP) Sending Side (Encryption Block) Steps: Integrity Check sum = Plaintext || CRC 32(Plaintext). Chosen IV || shared key (key is 40 or 104 bits). Shorter keys, less privacy Output of last step will be input to RC4 to generate the key stream. XOR the result of the RC4 with the IC value to get the Cipher text. Finally, Cipher text and IV are concatenated and transmitted on the medium. [1] RC4 is a stream-cipher algorithm, this means that it generates an infinite sequence of pseudo random bits.
Here comes your footer  Page Recieving Side (Decryption Block) Wired Equivalent Privacy (WEP) Steps: IV is extracted from received data. RC4 (IV || Shared key) = same key stream as before. RC4(IV || Shared key) XOR C. C is equal { RC4 ( IV || Shared key ) XOR Pc }. Finally, we Compare the IC value with the result of the integrity check. [1] Since the original plain text is not known by the receiver, you can’t tell if it is the real thing or not. So, we need to verify that they match.
Here comes your footer  Page Wired Equivalent Privacy (WEP) Summary of Operation (Hawk’s Eye View)
Here comes your footer  Page Wired Equivalent Privacy (WEP) On The Run Definitions !! Vulnerability : A Weakness in design that can Compromise the security of the system. Threat: An Action or an event that might compromise the secuity of the system. Exploit: A way to breach through the system security given existing vulnerabilities. Symetric Key Cryptography: Only one key is used to Encrpyt and Decrypt. The key should be distributed before transmission. Asymetric Key Cryptography: Using two keys (public, private). Public key is for encyption and private key for decryption. No need for key distribution
Here comes your footer  Page Wired Equivalent Privacy (WEP) RC4 Inputs and Outputs of the RC4: The RC4 algorithm takes as in input the Pre-Shared Key and produced and pseudo random stream. The PSK and the IV and the Generators of the RC4. IV || PSK PRN The Algorithm Consists Of Two Parts: Key Scheduling algorithm (KSA) The key scheduling algorithm is to complete the initialization of the RC4 Pseudo Random Generator (PSRG) The PRGA is to produce the pseudo random number. RC4 Seed The RC4 is a symmetric key cryptography algorithm was developed by Ronald L. Rivest Also the “R” in the RSA Encyption Algorithm. RC4 stands for Ron’s Code 4.
Here comes your footer  Page Wired Equivalent Privacy (WEP) Vulnerabilities and Threats in WEP !! The master Key is used directly as an input to the RC4 Algorithm Once one key is recovered, everything is compromised. A good idea is to create sub keys for a certain period of time. The Key size 64 bits -> 24 IV + 40 bit PSK . 40 bits is not enough to avoid Brute Forces. Vendors extended the key length to 104 to make the total size 128 bits. Key Management No algorithm for key exchange. Keys are exchanged manually. Small, and easy to remember keys are used  Higher attack probability. Use some key exchange algorithms. For example: “Diffie Hellman” CRC32 : Although it aims to provide message integrity. It doesn’t prevent the whole content from being changed. Can we fix that ?
Here comes your footer  Page Wired Equivalent Privacy (WEP) Vulnerabilities and Threats in WEP - Continue!! The Incorrect Use of RC4 Strong correlation between the Input key and resulting stream. IV is 3 bytes and is transmitted in plain text. It is easy to sniff weak keys. If one bit is lost, the entire data packet is. It is not specified how IV’s are generated. So they might be reused. Reuse of IV’s is a direct Violation of the RC4 requirements. IV is Too Small And In Clear Text Only 24 bits and is sent in clear text, will eventually be repeated after 2^24. Used as a seed for the RC4 Algorithm. Not practical when used for crypt. The above mentioned vulnerabilities are just some good examples. There is still a lot of other vulnerabilities that wasn’t mentioned here. For more information surf to www.nvd.nist.gov and look up “WEP” in the vulnerabilities Search engine. wire shark
Here comes your footer  Page Wired Equivalent Privacy (WEP) Exploiting Vulnerabilities and Threats (Attacking)!! Active Traffic Injections Using cryptanalysis, the attacker knows the exact plain text plain text version of an encrypted message. Use this information to construct messages Calculating CRC 32-values. Perform bit-flips on the original message to get the encrypted form. Now the attacker can send the packet to AP and will be correctly validated. Example of Tools that does this: AirePlay : Capture and re-inject WEPWedgie: Determines the 802.11 WEP key streams and then Injecting traffic with known keystreams.
Here comes your footer  Page Exploiting Vulnerabilities and Threats (Attacking) - Continue!! Active attack from both sides An extension to the previous attack. The attacker make guesses about header content. Some bit flipping to change DA to rogue device. Resend the packet to AP Access point decrypt the message for forward it to gateway un-encyrpted Un-encrypted message is then forwarded to attacker’s machine A guess about TCP header, would allow the attacker to change current port number to port 80 (default port for web traffic) which is allowed almost in all firewalls. Wired Equivalent Privacy (WEP)
Here comes your footer  Page Wired Equivalent Privacy (WEP) Exploiting Vulnerabilities and Threats (Attacking) - Continue!! Table Based Attack IV are repeated after a while due to their small size. Use some passive monitoring to know plain text. Compute the RC4 key stream by trying out different key values. Use this key stream to decrypt all packets with the same IV. Over time the attacker can build a complete table of IV’s and corresponding key streams. This allows the attacker to decrypt all packets sent. Passive attack decryption An attacker monitors traffic until an IV is reused. When collision is reused, the shared key and the IV results a key stream that has been previously used. Attacker XORs the cipher text with the keystream and he gets the plain text
Here comes your footer  Page Securtiy Best Practices Counter Measures Against Encryption attacks Rotate the Keys Rotate the keys after a certain period of time. By rotating the key you get a new key. Introduce a secure key management methodology As previously mention, WEP is a symmetric key crypto. Key has to be stored in all machines. A problem in large companies. The Original 802.11 standard has no methodology or specification for key management One way is to use public key cryptography for exchanging keys. This way we don’t need to store the key on every singe machine, and thus making the scaling process much easier . Use Wi-Fi Protected Access (WPA) and WPA2
Here comes your footer  Page Securtiy Best Practices Wi-Fi Protected Access (WPA) Everyone agreed that WEP is not a secure protocol anymore IEEE defined the 802.11i Only access point s that meets the standard can use this protocol. Addresses WEP problems but requires a change in hardware WPA saves the day by fixing WEP flows without needing to change hardware WPA uses: 802.1x port-access control to distribute per session keys. Provides a framework that allows use of upper layer authentication protocols line EAP. Temporal Key Integrity Protocol (TKIP) to provide key mixing and a longer initialization vector. It also provides Message Integrity check (MIC) that prevents wireless data from being modified in transit.
Here comes your footer  Page Summary & Conclusion Summary We have talked about WLAN and it’s Advantages and Dis-Advantages Introduced the Wired Encryption Protocol We have discusses the vulnerabilities and threats in WEP We mentioned how to exploit those vulnerabilities Finally, we talked about some of the best practices and counter measures. Conclusion WEP is not secure anymore Many Security parameters should be taken into consideration when designing a security protocol. There is no Silver bullet. Never feel completely safe, always be suspicious 
Here comes your footer  Page References Wired Equivalent Privacy (WEP) Functionality, Weak Points and Attacks: Gutjahr and Ludwigs ; University of Freiburg Enhancing RC4 algorithm for WLAN WEP Protocol; Yao, Chong, Xingwei; Northeastern University, Shenyang Security of the WEP algorithm; [email_address] . Hacking Wireless Networks For Dummies; Beaver and Davis.
Technical Presenation  Page Questions Thank you!!

Recommended

Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Shital Kat
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
AirTight Networks
 
Wlan security
Wlan securityWlan security
Wlan security
Upasona Roy
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
Prakashchand Suthar
 
Wlan security
Wlan securityWlan security
Wlan security
Sajan Sahu
 
Security & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case StudySecurity & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case Study
Mohammad Mahmud Kabir
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking Security
Anshuman Biswal
 
Wifi security
Wifi securityWifi security
Wifi security
Dooremoore
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Agris Ameriks
 
Wireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by VijayWireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by Vijay
thevijayps
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
kentquirk
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
Syed Ubaid Ali Jafri
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
Chetan Kumar S
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
Gyana Ranjana
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
System ID Warehouse
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
Fábio Afonso
 
Wireless Lan Security
Wireless Lan SecurityWireless Lan Security
Wireless Lan Security
SANDEEPONSLIDESHARE
 
wifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slideswifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slides
guest1c1a9a
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
Rama Krishna M
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network Security
Ayoma Wijethunga
 
Wireless security
Wireless securityWireless security
Wireless security
paripec
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
WEP
WEPWEP
WEP
Sudeep Kulkarni
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
Rajan Kumar
 
Lecture 11 wifi security
Lecture 11 wifi securityLecture 11 wifi security
Lecture 11 wifi security
rajakhurram
 

More Related Content

What's hot (20)

Wifi security
Wifi securityWifi security
Wifi security
Dooremoore
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Agris Ameriks
 
Wireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by VijayWireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by Vijay
thevijayps
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
kentquirk
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
Syed Ubaid Ali Jafri
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
Chetan Kumar S
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
Gyana Ranjana
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
System ID Warehouse
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
Fábio Afonso
 
Wireless Lan Security
Wireless Lan SecurityWireless Lan Security
Wireless Lan Security
SANDEEPONSLIDESHARE
 
wifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slideswifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slides
guest1c1a9a
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
Rama Krishna M
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network Security
Ayoma Wijethunga
 
Wireless security
Wireless securityWireless security
Wireless security
paripec
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
WEP
WEPWEP
WEP
Sudeep Kulkarni
 
Wifi security
Wifi securityWifi security
Wifi security
Dooremoore
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Agris Ameriks
 
Wireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by VijayWireless and WLAN Secuirty, Presented by Vijay
Wireless and WLAN Secuirty, Presented by Vijay
thevijayps
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
kentquirk
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
Syed Ubaid Ali Jafri
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
Chetan Kumar S
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
Gyana Ranjana
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
System ID Warehouse
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
Fábio Afonso
 
Wireless Lan Security
Wireless Lan SecurityWireless Lan Security
Wireless Lan Security
SANDEEPONSLIDESHARE
 
wifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slideswifi-y3dips-stmik_mdp_slides
wifi-y3dips-stmik_mdp_slides
guest1c1a9a
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
Rama Krishna M
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network Security
Ayoma Wijethunga
 
Wireless security
Wireless securityWireless security
Wireless security
paripec
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
WEP
WEPWEP
WEP
Sudeep Kulkarni
 

Viewers also liked (20)

Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
Rajan Kumar
 
Lecture 11 wifi security
Lecture 11 wifi securityLecture 11 wifi security
Lecture 11 wifi security
rajakhurram
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
Cisco Mobility
 
From Fast To SPDY
From Fast To SPDYFrom Fast To SPDY
From Fast To SPDY
Mike Belshe
 
Wireless Hacking Talk
Wireless Hacking TalkWireless Hacking Talk
Wireless Hacking Talk
Mario B.
 
Mobile Phone Safety.pdf
Mobile Phone Safety.pdfMobile Phone Safety.pdf
Mobile Phone Safety.pdf
Rashad Heydarov
 
Non-technical presentation of Basic Computer Systems
Non-technical presentation of Basic Computer SystemsNon-technical presentation of Basic Computer Systems
Non-technical presentation of Basic Computer Systems
Daniel Moore
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
P1Security
 
Non technical presentation
Non technical presentationNon technical presentation
Non technical presentation
connorhowe131
 
Wireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaWireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit Bhatia
Arpit Bhatia
 
Ss7 tutorial
Ss7 tutorialSs7 tutorial
Ss7 tutorial
janardhanreddy30
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network Forensics
Savvius, Inc
 
Signaling system 7 (ss7)
Signaling system 7 (ss7)Signaling system 7 (ss7)
Signaling system 7 (ss7)
usman zulfqar
 
SS7
SS7SS7
SS7
denys.pozniak
 
07 2
07 207 2
07 2
a_b_g
 
Wireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP
 
Market Basket Analysis Algorithm with Map/Reduce of Cloud Computing
Market Basket Analysis Algorithm with Map/Reduce of Cloud ComputingMarket Basket Analysis Algorithm with Map/Reduce of Cloud Computing
Market Basket Analysis Algorithm with Map/Reduce of Cloud Computing
Jongwook Woo
 
Apache Hadoop India Summit 2011 talk "The Next Generation of Hadoop MapReduce...
Apache Hadoop India Summit 2011 talk "The Next Generation of Hadoop MapReduce...Apache Hadoop India Summit 2011 talk "The Next Generation of Hadoop MapReduce...
Apache Hadoop India Summit 2011 talk "The Next Generation of Hadoop MapReduce...
Yahoo Developer Network
 
Map Reduce
Map ReduceMap Reduce
Map Reduce
Sri Prasanna
 
WIRELES NETWORK
WIRELES NETWORKWIRELES NETWORK
WIRELES NETWORK
Ryma Chohan
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
Rajan Kumar
 
Lecture 11 wifi security
Lecture 11 wifi securityLecture 11 wifi security
Lecture 11 wifi security
rajakhurram
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
Cisco Mobility
 
From Fast To SPDY
From Fast To SPDYFrom Fast To SPDY
From Fast To SPDY
Mike Belshe
 
Wireless Hacking Talk
Wireless Hacking TalkWireless Hacking Talk
Wireless Hacking Talk
Mario B.
 
Mobile Phone Safety.pdf
Mobile Phone Safety.pdfMobile Phone Safety.pdf
Mobile Phone Safety.pdf
Rashad Heydarov
 
Non-technical presentation of Basic Computer Systems
Non-technical presentation of Basic Computer SystemsNon-technical presentation of Basic Computer Systems
Non-technical presentation of Basic Computer Systems
Daniel Moore
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
P1Security
 
Non technical presentation
Non technical presentationNon technical presentation
Non technical presentation
connorhowe131
 
Wireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaWireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit Bhatia
Arpit Bhatia
 
Ss7 tutorial
Ss7 tutorialSs7 tutorial
Ss7 tutorial
janardhanreddy30
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network Forensics
Savvius, Inc
 
Signaling system 7 (ss7)
Signaling system 7 (ss7)Signaling system 7 (ss7)
Signaling system 7 (ss7)
usman zulfqar
 
SS7
SS7SS7
SS7
denys.pozniak
 
07 2
07 207 2
07 2
a_b_g
 
Wireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP
 
Market Basket Analysis Algorithm with Map/Reduce of Cloud Computing
Market Basket Analysis Algorithm with Map/Reduce of Cloud ComputingMarket Basket Analysis Algorithm with Map/Reduce of Cloud Computing
Market Basket Analysis Algorithm with Map/Reduce of Cloud Computing
Jongwook Woo
 
Apache Hadoop India Summit 2011 talk "The Next Generation of Hadoop MapReduce...
Apache Hadoop India Summit 2011 talk "The Next Generation of Hadoop MapReduce...Apache Hadoop India Summit 2011 talk "The Next Generation of Hadoop MapReduce...
Apache Hadoop India Summit 2011 talk "The Next Generation of Hadoop MapReduce...
Yahoo Developer Network
 
Map Reduce
Map ReduceMap Reduce
Map Reduce
Sri Prasanna
 
WIRELES NETWORK
WIRELES NETWORKWIRELES NETWORK
WIRELES NETWORK
Ryma Chohan
 

Similar to Wireless hacking and security (20)

Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11b
guestd7b627
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11b
Sreekanth GS
 
Wireless security
Wireless securityWireless security
Wireless security
vinay chitrakathi
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
al-sari7
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
Mandeep Jadon
 
Hacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh JadonHacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh Jadon
OWASP Delhi
 
Shashank wireless lans security
Shashank wireless lans securityShashank wireless lans security
Shashank wireless lans security
Shashank Srivastava
 
Unit 3:Enterprise Security
Unit 3:Enterprise SecurityUnit 3:Enterprise Security
Unit 3:Enterprise Security
prachi67
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
mark scott
 
Wireless Security (1).ppt
Wireless Security (1).pptWireless Security (1).ppt
Wireless Security (1).ppt
EvaBlessed
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network Security
Briskinfosec Technology and Consulting
 
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
IDES Editor
 
Wireless lan security(10.8)
Wireless lan security(10.8)Wireless lan security(10.8)
Wireless lan security(10.8)
SubashiniRathinavel
 
WEP
WEPWEP
WEP
nashniv
 
WLAN Security-2new.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmm
WLAN Security-2new.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmmWLAN Security-2new.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmm
WLAN Security-2new.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmm
iit2022057
 
Wireless Security
Wireless SecurityWireless Security
Wireless Security
Università Degli Studi Di Salerno
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
AmanuelZewdie4
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
Hariraj Rathod
 
Wifi- technology_moni
Wifi- technology_moniWifi- technology_moni
Wifi- technology_moni
MD MONIRUZZAMAN
 
IPV6
IPV6IPV6
IPV6
Naza hamed Jan
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11b
guestd7b627
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11b
Sreekanth GS
 
Wireless security
Wireless securityWireless security
Wireless security
vinay chitrakathi
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
al-sari7
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
Mandeep Jadon
 
Hacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh JadonHacking Wireless Networks by Mandeep Singh Jadon
Hacking Wireless Networks by Mandeep Singh Jadon
OWASP Delhi
 
Shashank wireless lans security
Shashank wireless lans securityShashank wireless lans security
Shashank wireless lans security
Shashank Srivastava
 
Unit 3:Enterprise Security
Unit 3:Enterprise SecurityUnit 3:Enterprise Security
Unit 3:Enterprise Security
prachi67
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
mark scott
 
Wireless Security (1).ppt
Wireless Security (1).pptWireless Security (1).ppt
Wireless Security (1).ppt
EvaBlessed
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network Security
Briskinfosec Technology and Consulting
 
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
Attack Robustness and Security Enhancement with Improved Wired Equivalent Pro...
IDES Editor
 
Wireless lan security(10.8)
Wireless lan security(10.8)Wireless lan security(10.8)
Wireless lan security(10.8)
SubashiniRathinavel
 
WEP
WEPWEP
WEP
nashniv
 
WLAN Security-2new.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmm
WLAN Security-2new.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmmWLAN Security-2new.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmm
WLAN Security-2new.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmm
iit2022057
 
Wireless Security
Wireless SecurityWireless Security
Wireless Security
Università Degli Studi Di Salerno
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
AmanuelZewdie4
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
Hariraj Rathod
 
Wifi- technology_moni
Wifi- technology_moniWifi- technology_moni
Wifi- technology_moni
MD MONIRUZZAMAN
 
IPV6
IPV6IPV6
IPV6
Naza hamed Jan
 

Recently uploaded (20)

"Basics of Heterocyclic Compounds and Their Naming Rules"
"Basics of Heterocyclic Compounds and Their Naming Rules""Basics of Heterocyclic Compounds and Their Naming Rules"
"Basics of Heterocyclic Compounds and Their Naming Rules"
rupalinirmalbpharm
 
Engage Donors Through Powerful Storytelling.pdf
Engage Donors Through Powerful Storytelling.pdfEngage Donors Through Powerful Storytelling.pdf
Engage Donors Through Powerful Storytelling.pdf
TechSoup
 
Sinhala_Male_Names.pdf Sinhala_Male_Name
Sinhala_Male_Names.pdf Sinhala_Male_NameSinhala_Male_Names.pdf Sinhala_Male_Name
Sinhala_Male_Names.pdf Sinhala_Male_Name
keshanf79
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
To study Digestive system of insect.pptx
To study Digestive system of insect.pptxTo study Digestive system of insect.pptx
To study Digestive system of insect.pptx
Arshad Shaikh
 
SPRING FESTIVITIES - UK AND USA -
SPRING FESTIVITIES - UK AND USA -SPRING FESTIVITIES - UK AND USA -
SPRING FESTIVITIES - UK AND USA -
Colégio Santa Teresinha
 
GDGLSPGCOER - Git and GitHub Workshop.pptx
GDGLSPGCOER - Git and GitHub Workshop.pptxGDGLSPGCOER - Git and GitHub Workshop.pptx
GDGLSPGCOER - Git and GitHub Workshop.pptx
azeenhodekar
 
Grade 2 - Mathematics - Printable Worksheet
Grade 2 - Mathematics - Printable WorksheetGrade 2 - Mathematics - Printable Worksheet
Grade 2 - Mathematics - Printable Worksheet
Sritoma Majumder
 
Exercise Physiology MCQS By DR. NASIR MUSTAFA
Exercise Physiology MCQS By DR. NASIR MUSTAFAExercise Physiology MCQS By DR. NASIR MUSTAFA
Exercise Physiology MCQS By DR. NASIR MUSTAFA
Dr. Nasir Mustafa
 
How to Customize Your Financial Reports & Tax Reports With Odoo 17 Accounting
How to Customize Your Financial Reports & Tax Reports With Odoo 17 AccountingHow to Customize Your Financial Reports & Tax Reports With Odoo 17 Accounting
How to Customize Your Financial Reports & Tax Reports With Odoo 17 Accounting
Celine George
 
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public SchoolsK12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
dogden2
 
03#UNTAGGED. Generosity in architecture.
03#UNTAGGED. Generosity in architecture.03#UNTAGGED. Generosity in architecture.
03#UNTAGGED. Generosity in architecture.
MCH
 
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptxSCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
Ronisha Das
 
Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025
Mebane Rash
 
Real GitHub Copilot Exam Dumps for Success
Real GitHub Copilot Exam Dumps for SuccessReal GitHub Copilot Exam Dumps for Success
Real GitHub Copilot Exam Dumps for Success
Mark Soia
 
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar RabbiPresentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Md Shaifullar Rabbi
 
How to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odooHow to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odoo
Celine George
 
How to Manage Purchase Alternatives in Odoo 18
How to Manage Purchase Alternatives in Odoo 18How to Manage Purchase Alternatives in Odoo 18
How to Manage Purchase Alternatives in Odoo 18
Celine George
 
2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx
contactwilliamm2546
 
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulsepulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
sushreesangita003
 
"Basics of Heterocyclic Compounds and Their Naming Rules"
"Basics of Heterocyclic Compounds and Their Naming Rules""Basics of Heterocyclic Compounds and Their Naming Rules"
"Basics of Heterocyclic Compounds and Their Naming Rules"
rupalinirmalbpharm
 
Engage Donors Through Powerful Storytelling.pdf
Engage Donors Through Powerful Storytelling.pdfEngage Donors Through Powerful Storytelling.pdf
Engage Donors Through Powerful Storytelling.pdf
TechSoup
 
Sinhala_Male_Names.pdf Sinhala_Male_Name
Sinhala_Male_Names.pdf Sinhala_Male_NameSinhala_Male_Names.pdf Sinhala_Male_Name
Sinhala_Male_Names.pdf Sinhala_Male_Name
keshanf79
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
To study Digestive system of insect.pptx
To study Digestive system of insect.pptxTo study Digestive system of insect.pptx
To study Digestive system of insect.pptx
Arshad Shaikh
 
SPRING FESTIVITIES - UK AND USA -
SPRING FESTIVITIES - UK AND USA -SPRING FESTIVITIES - UK AND USA -
SPRING FESTIVITIES - UK AND USA -
Colégio Santa Teresinha
 
GDGLSPGCOER - Git and GitHub Workshop.pptx
GDGLSPGCOER - Git and GitHub Workshop.pptxGDGLSPGCOER - Git and GitHub Workshop.pptx
GDGLSPGCOER - Git and GitHub Workshop.pptx
azeenhodekar
 
Grade 2 - Mathematics - Printable Worksheet
Grade 2 - Mathematics - Printable WorksheetGrade 2 - Mathematics - Printable Worksheet
Grade 2 - Mathematics - Printable Worksheet
Sritoma Majumder
 
Exercise Physiology MCQS By DR. NASIR MUSTAFA
Exercise Physiology MCQS By DR. NASIR MUSTAFAExercise Physiology MCQS By DR. NASIR MUSTAFA
Exercise Physiology MCQS By DR. NASIR MUSTAFA
Dr. Nasir Mustafa
 
How to Customize Your Financial Reports & Tax Reports With Odoo 17 Accounting
How to Customize Your Financial Reports & Tax Reports With Odoo 17 AccountingHow to Customize Your Financial Reports & Tax Reports With Odoo 17 Accounting
How to Customize Your Financial Reports & Tax Reports With Odoo 17 Accounting
Celine George
 
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public SchoolsK12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
dogden2
 
03#UNTAGGED. Generosity in architecture.
03#UNTAGGED. Generosity in architecture.03#UNTAGGED. Generosity in architecture.
03#UNTAGGED. Generosity in architecture.
MCH
 
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptxSCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
Ronisha Das
 
Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025
Mebane Rash
 
Real GitHub Copilot Exam Dumps for Success
Real GitHub Copilot Exam Dumps for SuccessReal GitHub Copilot Exam Dumps for Success
Real GitHub Copilot Exam Dumps for Success
Mark Soia
 
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar RabbiPresentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Md Shaifullar Rabbi
 
How to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odooHow to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odoo
Celine George
 
How to Manage Purchase Alternatives in Odoo 18
How to Manage Purchase Alternatives in Odoo 18How to Manage Purchase Alternatives in Odoo 18
How to Manage Purchase Alternatives in Odoo 18
Celine George
 
2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx
contactwilliamm2546
 
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulsepulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
sushreesangita003
 

Wireless hacking and security

  • 1. Wireless LAN Hacking and Security
  • 2. Technical Presentation  Page Outline Introduction to WLAN Why Wireless Security ? Motivation Wired Equivalent Privacy (WEP) Hacking Wi-Fi Security Best Practices Summary & Conclusion
  • 3. Technical Presentation  Page Introduction To Wireless LAN Introduction What is Wireless Networking?! A wireless Network refers to a fully connected network that allows users to share resources without using any kind of Wiring. Resources Could be : Broadband Interent Network Printers Data files Examples: Wireless Personal Area Network (PAN) Wireless LAN ( Our Guy ) Wireless MAN Mobile Networks
  • 4. Technical Presentation  Page Wireless Advantages And Disadvantages Introduction To Wireless LAN Wireless Advantages Easy and Fast Installation Procedures No need for costy, Messy wiring. Easier to provide connectivity. Access to the Network can be anywhere with the range of the AP. Public places offers free or chargable access to wireless network. Wireless Disadvantages Many users = Bandwidth starvation. Unlicensed spectrum, which could lead to interfrence with other services. Frequent updates in the standards = replacing hardware = higher cost Shared medium introduces security issues.
  • 5. Technical Presentation  Page IEEE Network Specifications Introduction To Wireless LAN
  • 6. Technical Presentation  Page Most Important ones: Introduction To Wireless LAN
  • 7. Technical Presentation  Page Wireless LAN Technologies Narrow Band Picking a frequeny and transmitting over it. Very vulnerable to multi-path fading and interference. Spread Spectrum Uses more bandwidth by spreading the signal over a large range of fqs. More imune against multi-path fading and interference. FHSS Hops across Frequencies by a certain rate. Synchronizes Hopping pattern at Tx and Rx. DSSS Breaks data Into chuks. Represents each bits with *Chips*. Introduction To Wireless LAN
  • 8. Technical Presentation  Page WLAN Frequency Usage Wireless Channels in 802.11b As An Example The 802.11b standard defines 14 channels. Does it use all the 14 channels ?!  this depends on Countries North America : 11 channels Euope: 13 channels Japan: All the 14 channels Introduction To Wireless LAN
  • 9. Technical Presentation  Page WLAN Modes Ad-hoc Mode All workstations can directly communicaticate together. Good if you plan to quickly get setup your wireless network when there is no access to wired Infrastructure. Infrastructure Communication occurs through an AP. A basic wireless Infrastrucutre with a single AP is called a BSS. When more than once access point is connected it is called an ESS. Roaming is supported from one BSS to another. Roaming between APs can occur for many reasons. For examples: Stronger signals. Load balancing between two APs in the same geographical area. Introduction To Wireless LAN
  • 10. WLAN Modes Introduction To Wireless LAN
  • 11. Here comes your footer  Page Why Wireless Security ?! Motivation !! Accidental association Malicious association Ad-hoc networks Non-traditional networks Identity theft (MAC spoofing) Man-in-the-middle attacks Denial of service Network injection Caffe Latte attack And many more !!!
  • 12. Technical Presentation  Page Non Technical Example!! Why Wireless Security ?! [CEH V7 Official Course Material] Example Tools : wefi, jiwire,…
  • 13. Technical Presentation  Page Most Famous and Commonly Used Cryptos !! WEP : An old wireless encryption standard (will be discussed in more details) WPA : Uses a 48 IV, 32 bit CRC and TKIP encyption for wireless security. WPA2 Personal : Uses AES 128 bits and CCMP for wireless data encryption. WPA2 Enterprise : Integrates the standards of EAP with WPA enrption WEP -- Wireless Equivalent Privacy WPA -- WiFi Protected Access CCMP -- Counter Mode With Cipher Block Chaining Message Authentication Code Protocol Why Wireless Security ?!
  • 14. Here comes your footer  Page Wired Equivalent Privacy (WEP) Who am I ? Wasn‘t developed by experts. Part of the IEEE 802.11 standard. Was meant to provide confidentiality for messages on the network. Not Considered *The state of the art* any more. Was designed to achieve three main security goals: Confidentiality : Content is not readable to people outside the network. Integrity : A message can‘t be altered without altering detection. Access control : only authorized stations can access the network. Concept Encryption Decryption M C M K K As If
  • 15. Here comes your footer  Page Wired Equivalent Privacy (WEP) Sending Side (Encryption Block) Steps: Integrity Check sum = Plaintext || CRC 32(Plaintext). Chosen IV || shared key (key is 40 or 104 bits). Shorter keys, less privacy Output of last step will be input to RC4 to generate the key stream. XOR the result of the RC4 with the IC value to get the Cipher text. Finally, Cipher text and IV are concatenated and transmitted on the medium. [1] RC4 is a stream-cipher algorithm, this means that it generates an infinite sequence of pseudo random bits.
  • 16. Here comes your footer  Page Recieving Side (Decryption Block) Wired Equivalent Privacy (WEP) Steps: IV is extracted from received data. RC4 (IV || Shared key) = same key stream as before. RC4(IV || Shared key) XOR C. C is equal { RC4 ( IV || Shared key ) XOR Pc }. Finally, we Compare the IC value with the result of the integrity check. [1] Since the original plain text is not known by the receiver, you can’t tell if it is the real thing or not. So, we need to verify that they match.
  • 17. Here comes your footer  Page Wired Equivalent Privacy (WEP) Summary of Operation (Hawk’s Eye View)
  • 18. Here comes your footer  Page Wired Equivalent Privacy (WEP) On The Run Definitions !! Vulnerability : A Weakness in design that can Compromise the security of the system. Threat: An Action or an event that might compromise the secuity of the system. Exploit: A way to breach through the system security given existing vulnerabilities. Symetric Key Cryptography: Only one key is used to Encrpyt and Decrypt. The key should be distributed before transmission. Asymetric Key Cryptography: Using two keys (public, private). Public key is for encyption and private key for decryption. No need for key distribution
  • 19. Here comes your footer  Page Wired Equivalent Privacy (WEP) RC4 Inputs and Outputs of the RC4: The RC4 algorithm takes as in input the Pre-Shared Key and produced and pseudo random stream. The PSK and the IV and the Generators of the RC4. IV || PSK PRN The Algorithm Consists Of Two Parts: Key Scheduling algorithm (KSA) The key scheduling algorithm is to complete the initialization of the RC4 Pseudo Random Generator (PSRG) The PRGA is to produce the pseudo random number. RC4 Seed The RC4 is a symmetric key cryptography algorithm was developed by Ronald L. Rivest Also the “R” in the RSA Encyption Algorithm. RC4 stands for Ron’s Code 4.
  • 20. Here comes your footer  Page Wired Equivalent Privacy (WEP) Vulnerabilities and Threats in WEP !! The master Key is used directly as an input to the RC4 Algorithm Once one key is recovered, everything is compromised. A good idea is to create sub keys for a certain period of time. The Key size 64 bits -> 24 IV + 40 bit PSK . 40 bits is not enough to avoid Brute Forces. Vendors extended the key length to 104 to make the total size 128 bits. Key Management No algorithm for key exchange. Keys are exchanged manually. Small, and easy to remember keys are used  Higher attack probability. Use some key exchange algorithms. For example: “Diffie Hellman” CRC32 : Although it aims to provide message integrity. It doesn’t prevent the whole content from being changed. Can we fix that ?
  • 21. Here comes your footer  Page Wired Equivalent Privacy (WEP) Vulnerabilities and Threats in WEP - Continue!! The Incorrect Use of RC4 Strong correlation between the Input key and resulting stream. IV is 3 bytes and is transmitted in plain text. It is easy to sniff weak keys. If one bit is lost, the entire data packet is. It is not specified how IV’s are generated. So they might be reused. Reuse of IV’s is a direct Violation of the RC4 requirements. IV is Too Small And In Clear Text Only 24 bits and is sent in clear text, will eventually be repeated after 2^24. Used as a seed for the RC4 Algorithm. Not practical when used for crypt. The above mentioned vulnerabilities are just some good examples. There is still a lot of other vulnerabilities that wasn’t mentioned here. For more information surf to www.nvd.nist.gov and look up “WEP” in the vulnerabilities Search engine. wire shark
  • 22. Here comes your footer  Page Wired Equivalent Privacy (WEP) Exploiting Vulnerabilities and Threats (Attacking)!! Active Traffic Injections Using cryptanalysis, the attacker knows the exact plain text plain text version of an encrypted message. Use this information to construct messages Calculating CRC 32-values. Perform bit-flips on the original message to get the encrypted form. Now the attacker can send the packet to AP and will be correctly validated. Example of Tools that does this: AirePlay : Capture and re-inject WEPWedgie: Determines the 802.11 WEP key streams and then Injecting traffic with known keystreams.
  • 23. Here comes your footer  Page Exploiting Vulnerabilities and Threats (Attacking) - Continue!! Active attack from both sides An extension to the previous attack. The attacker make guesses about header content. Some bit flipping to change DA to rogue device. Resend the packet to AP Access point decrypt the message for forward it to gateway un-encyrpted Un-encrypted message is then forwarded to attacker’s machine A guess about TCP header, would allow the attacker to change current port number to port 80 (default port for web traffic) which is allowed almost in all firewalls. Wired Equivalent Privacy (WEP)
  • 24. Here comes your footer  Page Wired Equivalent Privacy (WEP) Exploiting Vulnerabilities and Threats (Attacking) - Continue!! Table Based Attack IV are repeated after a while due to their small size. Use some passive monitoring to know plain text. Compute the RC4 key stream by trying out different key values. Use this key stream to decrypt all packets with the same IV. Over time the attacker can build a complete table of IV’s and corresponding key streams. This allows the attacker to decrypt all packets sent. Passive attack decryption An attacker monitors traffic until an IV is reused. When collision is reused, the shared key and the IV results a key stream that has been previously used. Attacker XORs the cipher text with the keystream and he gets the plain text
  • 25. Here comes your footer  Page Securtiy Best Practices Counter Measures Against Encryption attacks Rotate the Keys Rotate the keys after a certain period of time. By rotating the key you get a new key. Introduce a secure key management methodology As previously mention, WEP is a symmetric key crypto. Key has to be stored in all machines. A problem in large companies. The Original 802.11 standard has no methodology or specification for key management One way is to use public key cryptography for exchanging keys. This way we don’t need to store the key on every singe machine, and thus making the scaling process much easier . Use Wi-Fi Protected Access (WPA) and WPA2
  • 26. Here comes your footer  Page Securtiy Best Practices Wi-Fi Protected Access (WPA) Everyone agreed that WEP is not a secure protocol anymore IEEE defined the 802.11i Only access point s that meets the standard can use this protocol. Addresses WEP problems but requires a change in hardware WPA saves the day by fixing WEP flows without needing to change hardware WPA uses: 802.1x port-access control to distribute per session keys. Provides a framework that allows use of upper layer authentication protocols line EAP. Temporal Key Integrity Protocol (TKIP) to provide key mixing and a longer initialization vector. It also provides Message Integrity check (MIC) that prevents wireless data from being modified in transit.
  • 27. Here comes your footer  Page Summary & Conclusion Summary We have talked about WLAN and it’s Advantages and Dis-Advantages Introduced the Wired Encryption Protocol We have discusses the vulnerabilities and threats in WEP We mentioned how to exploit those vulnerabilities Finally, we talked about some of the best practices and counter measures. Conclusion WEP is not secure anymore Many Security parameters should be taken into consideration when designing a security protocol. There is no Silver bullet. Never feel completely safe, always be suspicious 
  • 28. Here comes your footer  Page References Wired Equivalent Privacy (WEP) Functionality, Weak Points and Attacks: Gutjahr and Ludwigs ; University of Freiburg Enhancing RC4 algorithm for WLAN WEP Protocol; Yao, Chong, Xingwei; Northeastern University, Shenyang Security of the WEP algorithm; [email_address] . Hacking Wireless Networks For Dummies; Beaver and Davis.
  • 29. Technical Presenation  Page Questions Thank you!!

Editor's Notes

  • #25: Because I know the plain text for this cipher anc C= P + RC4 (IV || Key) then I can try different Keys and adding to C I will eventually get my Plain Text