802.11 security: wpa/wpa2 cracking - wayne state...
TRANSCRIPT
-
802.11 Security: WPA/WPA2 Cracking
Constan'nosKoliasGeorgeMasonUniversity
-
Wireless Communica>ons
• Transmissionofdatawithouttheuseofwires• Fewcmtoseveralkm
• Modula'onofradiowaves• modula'onistheprocessofvaryingoneormoreproper'esofaperiodicwaveform• withamodula'ngsignalthattypicallycontainsinforma'on
• FederalCommunica'onsCommission(FCC)regulatestheuseoftheradiospecturm• 9kHzto300Ghz• hHps://en.wikipedia.org/wiki/Radio_spectrum
• Partsoftheradiospectrumareallocatedfordifferentapplica'ons• Somepartsaresoldorlicensedtooperators• Somepartsarefree
-
Advantages & Disadvantages
• Makescommunica'onpossiblewherecablesdon’treach• Convenience
• Theairmediumisopentoeveryone• Theboundariesofatransmissioncannotbeconfined
-
WiFi
• CommercialnameoftheprotocolIEEE802.11• Itisoneofthemostubiquitouswirelessnetworks
• HomeNetworks• EnterpriseNetworks
• Communica'onisbasedonframes• Essen'allyissequenceofbits
• 802.11definesthemeaning• Vendorsimplementtheprotocol
• 2.4GhzIndustrialScien'ficMedical(ISM)and5Ghz• Rangedependsontransmissionpower,antennatype,thecountry,andtheenvironment• Typical100^
-
Channels
• Theequipmentcanbesetinonlyonechannelata'me• Eachcountryhasitsownrules
• Allowedbandwidth• Allowedpowerlevels
• Strongersignalispreferred
-
Modes of Opera>on
• Master• ActsasanAP
• Managed• Actsasaclient,thedefaultmode
• AdHoc• NoAP,directcommunica'on,nomul'-hop
• Mesh• NoAP,directcommunica'on,mul'-hop
• Repeater• Repeatsincomingsignals
• Promiscuous• Monitoralltrafficofanetwork,requiresassocia'on
• Monitor• Monitoralltraffic,noassocia'onrequired
-
Deployment Architectures
Infrastructure P2P/Ad-hoc
-
Frame Types
• Management• Ini'aliza'on,maintainandfinaliza'on
• Control• Managementofthedataexchange
• Data• Encapsula'onofinforma'on
• hHp://www.willhackforsushi.com/papers/80211_Pocket_Reference_Guide.pdf
-
Introduc>on
-
Beaconing
• TheAPadver'setheirpresence• Onceevery100ms• TheytransmitamessageoftypeBeacon
• Itcontainsthenameofthenetwork(SSID)• Capabili'es
-
802.11 Security Modes: Open Access
• OpenAccess• Noprotec'on(whitelists)
-
802.11 Security Modes:WEP
• BasedonRC4Encryp'on• Broken
-
802.11 Security Modes: WPA/WPA2
• BasedonAES• Muchmoresecure• Currentstandard
-
States of a Client
-
WPA2
-
Key Hierarchy
-
WPA/WPA2 Four Way Handshake
Client APPassphrase Passphrase
-
WPA/WPA2 Four Way Handshake
Client APPassphrase Passphrase
ComputePSKComputePSK
ComputePMK(=PSK) ComputePMK(=PSK)
-
Computa>on of PSK
• Passphraseisasecret“phrase”youchooseduringtheAPconfigura'on• 8-63characterslong
• Itisalsothesecretyouinsertinyourdevicewhenyouconnecttoanetwork• SSIDisthenameofnetwork• PBKDF2hashes3components4096'mes• Heavycomputa'on
PBKDF2
Passphrase SSID SSIDLength
PSK
-
WPA/WPA2 Four Way Handshake
Client APPassphrase Passphrase
ComputePSKComputePSK
Nonce_AComputePMK(=PSK) ComputePMK(=PSK)
-
WPA/WPA2 Four Way Handshake
Client APPassphrase Passphrase
ComputePSKComputePSK
Nonce_A
ComputePTK
ComputePMK(=PSK) ComputePMK(=PSK)
-
Computa>on of PTK
• PMKisderivedfromthePassphrase• Nonce_AisarandomnumberchosenbytheAPandreceivedthroughthefirstmessage• Nonce_Cisarandomnumberchosenbytheclient• MAC_AthehardwareaddressoftheAP• MAC_Cthehardwareaddressoftheclient
PMK
Nonce_A Nonce_C
PTK
MAC_A
MAC_C
-
WPA/WPA2 Four Way Handshake
Client APPassphrase Passphrase
ComputePSKComputePSK
Nonce_A
ComputePTK
ComputePMK(=PSK) ComputePMK(=PSK)
Nonce_C+MIC
-
WPA/WPA2 Four Way Handshake
Client APPassphrase Passphrase
ComputePSKComputePSK
Nonce_A
ComputePTK
ComputePMK(=PSK) ComputePMK(=PSK)
Nonce_C+MICVerifyMICAuthen'cateClient
-
WPA/WPA2 Four Way Handshake
Client APPassphrase Passphrase
ComputePSKComputePSK
Nonce_A
ComputePTK
ComputePMK(=PSK) ComputePMK(=PSK)
Nonce_C+MICVerifyMICAuthen'cateClient
KeyInstalla'on+MIC
-
WPA/WPA2 Four Way Handshake
Client APPassphrase Passphrase
ComputePSKComputePSK
Nonce_A
ComputePTK
ComputePMK(=PSK) ComputePMK(=PSK)
Nonce_C+MICVerifyMICAuthen'cateClient
KeyInstalla'on+MICVerifyMICAuthen'cateAP
-
WPA/WPA2 Four Way Handshake
Client APPassphrase Passphrase
ComputePSKComputePSK
Nonce_A
ComputePTK
ComputePMK(=PSK) ComputePMK(=PSK)
Nonce_C+MICVerifyMICAuthen'cateClient
KeyInstalla'on+MIC
KeyInstalled+MIC
VerifyMICAuthen'cateAP
-
Cracking WPA/WPA2
• IfaHackerispresentata4-wayhandshake• Nonce_A• Nonce_C• MAC_A• MAC_C• BUTNOTPMK• HemustcomputethePMK
• TocomputethePMK(=PSK)• SSID• SSIDlength• BUTNOTpassphrase
• Whatcanhedo???
-
Cracking WPA/WPA2
• Createadic'onaryofpossiblepassphrases• hHp://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists
• Chooseapassphrase• CreatethePMK• UsetoPMKtoproducePTK• UsethiskeytogeneratetheMICofmessage3• IftheMICsmatchthecorrectpassphrasewasused• Ifnot…repeat
-
Lab Setup
• Externalcard• AlphaAWUS036H• Providesstrongersignal
• AP• WNDR3700• WNR1000• LinksysWRT54GL
• OS• KaliLinuxonVM• So^warepen-tes'ngtools
-
Other AQacks
• Deauthen'ca'onFlooding• Makeeveryoneloosetheirconnec'on
• BeaconFlooding• Floodaclientwithfakenetworknames
• Authen'ca'onRequestFlooding• BurdentheAPwithinvalidauthen'ca'onrequests
• EvilTwin• CreateanetworkwiththesamenameinwhichtheaHackercanseeeverything
• Crackthekey(WEP)