distributed wpa cracking csci5673 - distributed systems spring 2011 university of colorado rodney...
TRANSCRIPT
Distributed WPA Cracking
CSCI5673 - Distributed Systems
Spring 2011University of Colorado
Rodney BeedeRyan KroissArpit Sud
2011-05-02
Topics
• The Team• Introduction• WPA 1/2• Architecture• Master Node• Worker Node• Test Methodology• Results & Conclusions• Future Work• Questions
Introduction
• Cracking WiFio WEP - easyo WPA - hard
• Brute Forceo Not practicalo 8 character minimum
• Dictionaryo Common passwords
• coWPAtty by Joshua Wrighto Generate rainbow tableo Search rainbow table
Introduction - Our Idea
• Distributed key generationo Already done
• Distributed table lookupo Not done
• Web service• Fast lookup• Modify existing code
WPA a.k.a. WPA1
• WPA stands for WiFi Protected Access• Meant to replace WEP
o WEP failed to meet its security goals• Comes in two flavours
o WPA-PSK* (Pre-Shared Key) which uses TKIP
o WPA-Enterprise more secure but requires RADIUS authentication server
* also known as WPA-Personal
WPA2
• Successor to WPA• Makes PSK more secure as it uses CCMP
instead of TKIP• Both WPA-PSK and WPA2-PSK are
susceptible to password cracking attacks• No known attacks against Enterprise flavors
o The Lesson is....
Attacking WPA-PSK
• Authentication handshake required for cracking WPA-PSK
• Authentication handshake happens when a client connects to AP (and also when the client "thinks" it is no longer authenticated)
• Packet capture is 3-step processo Place wireless card in monitor mode("listen all")o Start packet captureo Send a deauthentication packet to wireless client
to induce authentication handshake• A script is provided that performs the above 3
steps
Architecture
Master Node
• Java web application• Accepts jobs
o Upload .cap fileo SSID name
• Queues jobo Runs 1 at a time
• Tracks worker statuso NOT LOADEDo LOADEDo RUNNINGo FINISHEDo ERROR
Master Node (cont)
• Start / Kill worker clientso Remote ssho Hand out table offsets
• Records web app log• Job Run
1.User submits job2.Master saves to NFS share3.Master tells workers
1.When ready2.TCP packet3.Location of files and output destination
4.Master checks SOLUTION file
• Started by master• Loads rainbow table into memory
o 1000 files x 40MB = 40GB (5GB per worker)
• Giant byte array with pointers per SSID• Creates socket to listen for messages from
master• Possible message types
o STARTo STATUSo KILL
Worker Node
Worker Node (cont)
• STATUS - returns worker status• KILL - kills current job (if applicable)• START command creates new thread
o Looks up SSIDo Finds corresponding portion of rainbow
tableo Leverages coWPAtty for password look upo If password is found
Worker outputs solution to fileMaster tells other workers to stop
o Otherwise, workers report FINISHED after reading through table
Original coWPAtty
• Read records in rainbow table
• Records contain length, passphrase, and PMK
• PMK -> PTK (requires capture data)
• PTK -> MAC• Grab key MIC• Compare with MIC
found in capture data
Serial versus Distributed
• Serialo Run once and doneo Reads data from
disko Runs on one
machineo Quick start-up timeo Less opportunity
for optimizations
• Distributedo Runs as a serviceo Loads data into
memoryo Runs on N
machineso Slow start-up timeo More opportunity
for optimizations
Test Methodology
• 996,358 word rainbow tableo 1,000 SSIDso 40MB / SSIDo 40GB total size
• 8 worker nodes• 1 master node• Cisco C210 M1 (on loan from Cisco)
o Two Intel Xeon E5540 (2.5GHz)8 logical CPUs
o 72GB RAMo Sixteen 10K RPM SAS 6.0 gbps 146GB drives
RAID5
Test Methodology (cont)
• Packet capture data with SSID linksys available in SVN
• Test data created with the following keys:o First in Dictionary: !8zj39leo Middle in Dictionary: }ttringeo Last in Dictionary: korrelie
• Gathered data for time taken to find solution from Master and worker logs
• Compared to original coWPAtty running on a single node
• Results shown on next slide are average of times recorded by the 3 of us
Results & Conclusions
• First in dictionaryo Serial = 8 millisecondso Distributed = 5 milliseconds
• Middle in dictionaryo Serial = 3056 millisecondso Distributed = 742 milliseconds
• Last in dictionaryo Serial = 6014 millisecondso Distributed = 767 milliseconds
• Seemingly small
o Scalableo Ideal for web service
Future Work
• GUI client for data capture• Distribute table generation• Hybrid disk/memory approach• Thousands of heterogeneous clients
o Like SETI@HOME• Rewrite in Java or C++
o Simpler code• Improved data structures
Questions?
http://code.google.com/p/distributed-wpa-cracking/
Tips for a secure PSK wireless network:• Use a unique SSID (not linksys or home)• Have a long* & unique key; use special
characters
*max. 63 characters