discovering logical vulnerabilities in the wi fi
play

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using - PowerPoint PPT Presentation

Aug 16, 2022 •334 likes •531 views

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing Mathy Vanhoef, Domien Schepers, Frank Piessens imec-DistriNet, KU Leuven Asia CCS 2017 Introduction More and more Wi-Fi network use encryption: 2010 Most

  1. Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing Mathy Vanhoef, Domien Schepers, Frank Piessens imec-DistriNet, KU Leuven Asia CCS 2017

  2. Introduction More and more Wi-Fi network use encryption: 2010 Most rely on the Wi-Fi handshake to generate session keys 2

  3. How secure is the Wi-Fi handshake? Design: formally analyzed and proven correct (CCS 2005) Security of implementations?  Some works fuzz network discovery stage  Many stages are not tested, e.g. 4-way handshake.  But do not tests for logical implementation bugs  Objective: test implementations of the full Wi-Fi handshake for logical vulnerabilities 3

  4. Background: the Wi-Fi handshake Main purposes:  Network discovery  Mutual authentication & negotiation of pairwise session keys  Securely select cipher to encrypt data frames WPA-TKIP AES-CCMP Short-term solution that sacrificed Long-term solution based on some security, so it could run on modern cryptographic primitives old WEP-compatible hardware 4

  5. Wi-Fi handshake (simplified) 5

  6. Wi-Fi handshake (simplified) Defined using EAPOL frames 6

  7. EAPOL frame layout (simplified) … header key info replay counter MIC key data P M I S E R C A key version key info flags ≈ message ID 7

  8. EAPOL frame layout (simplified) … header key info replay counter MIC key data P M I S E R C A key version key info flags MD5/RC4 ≈ message ID or SHA1/AES 8

  9. How to test implementations? Model-based testing!  Test if program behaves according to some abstract model  Proved successful against TLS  Apply model-based approach on the Wi-Fi handshake 9

  10. Model-based testing: our approach Test generation rules Handshake Set of test A test case defines: model cases 1. Messages to send 2. Expected replies Correct & incorrect 3. Results in successful modifications Normal Set of test or failed connection? handshake cases For every test case Execute No (or unexpected reply) Test failed test case No Yes Reset Expected result? Successful connection? Expert determines exploitability! Inspect failed tests 10

  11. Test generation rules Test generation rules manipulating messages as a whole: 1. Drop a message 2. Inject/repeat a message Test generation rules that modify fields in messages: 1. Wrong selected cipher suite in message 2 2. Bad EAPOL replay counter 3. Bad EAPOL key info flags (used to identify message) 4. Bad EAPOL key version (switch SHA1/AES with MD5/RC4) 5. Bad EAPOL Message Integrity Check (MIC) 6. … 11

  12. Evaluation We tested 12 access points:  Open source: OpenBSD , Linux’s Hostapd  Leaked source: Broadcom, MediaTek (home routers)  Closed source: Windows, Apple, Telenet  Professional equipment: Aerohive, Aironet Discovered several issues! 12

  13. Missing downgrade checks 1. MediaTek & Telenet don’t verify selected cipher in message 2 13

  14. Missing downgrade checks 1. MediaTek & Telenet don’t verify selected cipher in message 2 2. MediaTek also ignores supported ciphers in message 3  MediaTek clients can be trivially downgraded 14

  15. Windows 7 targeted DoS Client AP Client 2 … 15

  16. Broadcom downgrade Broadcom cannot distinguish message 2 and 4  Can be abused to downgrade the AP to TKIP Hence message 4 is essential in preventing downgrade attacks  This highlights incorrect claims in the 802.11 standard  §11.6.6.8: 4-way handshake analysis mentions that: “ While Message 4 serves no cryptographic purpose , it serves as an acknowledgment to Message 3. It is required to ensure reliability and to inform the Authenticator that the Supplicant has installed the PTK and GTK and hence can receive encrypted frames. ” 16

  17. Other results: see paper!  Fingerprinting techniques!  Permanent DoS attack against OpenBSD & Broadcom  DoS attack against Windows 10, Broadcom, Aerohive  Inconsistent parsing of selected and supported cipher suite(s)  … 17

  18. Conclusion Overall advantages and disadvantages:  Black-box testing mechanism: no source code needed o But time consuming to implement & requires an expert Detected several issues, for example:  Missing checks allowing downgrade attacks  Several implementation-specific flaws  …  Fairly simple handshake, but still several logical bugs! 18

  19. Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing Mathy Vanhoef, Domien Schepers, Frank Piessens Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HotFuzz Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing

HotFuzz Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing

HotFuzz Discovering Algorithmic Denial-of-Service Vulnerabilities through Guided Micro-Fuzzing William Blair Andrea Mambretti Sajjad Arshad Michael Weissbacher Boston University Northeastern University Northeastern University Northeastern

172 views • 14 slides
The 3 rd Covenant Re-Discovering the Word of God within the words of the Bible Re-Discovering The

The 3 rd Covenant Re-Discovering the Word of God within the words of the Bible Re-Discovering The

The 3 rd Covenant Re-Discovering the Word of God within the words of the Bible Re-Discovering The Way within the Life of Jesus Christ A Spiritual Adventure of Re-Awakening You are Gods, Children of the Most High, all of you ~

690 views • 40 slides
NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security & Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
CONDITIONAL EXECUTION: PART 2 yes no x > y? max = y; max = x; logical AND logical OR

CONDITIONAL EXECUTION: PART 2 yes no x > y? max = y; max = x; logical AND logical OR

CONDITIONAL EXECUTION: PART 2 yes no x > y? max = y; max = x; logical AND logical OR logical NOT && || ! Fundamentals of Computer Science I Outline Review: The if-else statement The switch statement A look at

536 views • 25 slides
Basic Computation logical AND logical OR logical NOT && || ! public static void

Basic Computation logical AND logical OR logical NOT && || ! public static void

Basic Computation logical AND logical OR logical NOT && || ! public static void main(String [] args) Fundamentals of Computer Science Outline Data Types Variables Primitive Data Types The String Class Type

922 views • 55 slides
Discovering Gods Word (Part-2) Discovering Gods Word (Part-2) Hermeneutics = The science

Discovering Gods Word (Part-2) Discovering Gods Word (Part-2) Hermeneutics = The science

Discovering Gods Word (Part-2) Discovering Gods Word (Part-2) Hermeneutics = The science (principles) and art (task) by which the meaning of the Biblical text is determined. Discovering Gods Word (Part-2) This is That Joel

862 views • 38 slides
Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different operating systems Different vendors Client and server systems Vendors try to correct Attackers try to exploit Security professionals must

620 views • 11 slides
A Linear Logical A Linear Logical A Linear Logical Framework Framework Framework Iliano

A Linear Logical A Linear Logical A Linear Logical Framework Framework Framework Iliano

A Linear Logical A Linear Logical A Linear Logical Framework Framework Framework Iliano Cervesato - Frank Pfenning Department of Computer Science Carnegie Mellon University 11 th IEEE Symposium on Logic in Computer Science New

587 views • 30 slides
DISCOVERING OF CHILDREN NEEDS DISCOVERING OF CHILDREN NEEDS AND POTENTIALS: MAP SUPPORT IN

DISCOVERING OF CHILDREN NEEDS DISCOVERING OF CHILDREN NEEDS AND POTENTIALS: MAP SUPPORT IN

05-09 MAY 2014 Centre International Conferences Geneve Switzerland Geneve Switzerland DISCOVERING OF CHILDREN NEEDS DISCOVERING OF CHILDREN NEEDS AND POTENTIALS: MAP SUPPORT IN EMERGENCY SITUATIONS EMERGENCY SITUATIONS Milan Konecn,

762 views • 36 slides
Discovering Gods Word (Part-1) Discovering Gods Word The Inspired Word (Part-1) 2

Discovering Gods Word (Part-1) Discovering Gods Word The Inspired Word (Part-1) 2

Discovering Gods Word (Part-1) Discovering Gods Word The Inspired Word (Part-1) 2 Timothy 3:16,17 16 All Scripture is given by inspiration of God, and is profitable for doctrine, for reproof, for correction, for instruction in

348 views • 31 slides
What is the Logical Framework Approach? 1 LFA - DEFINITION The logical framework approach is an

What is the Logical Framework Approach? 1 LFA - DEFINITION The logical framework approach is an

Correspondence on The Logical Framework Approach Developed for SNV PARTNERS 14-18 July 2008 Supported by SNV Zimbabwe Compiled by: What is the Logical Framework Approach? 1 LFA - DEFINITION The logical framework approach is an

653 views • 34 slides
Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Rome, May 31, 2011 Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities > analysis of 5 years of field data Jonathan Pollet, CISSP , CAP , PCIP Red Tiger Security [on behalf of the DHS CSSP

413 views • 20 slides
HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Basic Vulnerabilities and their Exploitation Samuel Angebault HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel Angebault staphylo@lse.epita.fr http://lse.epita.fr/ July 18, 2013 Table

969 views • 57 slides
Logical Operators How do we form compound logical statements? IF there is a pandemic AND I am

Logical Operators How do we form compound logical statements? IF there is a pandemic AND I am

Logical Operators How do we form compound logical statements? IF there is a pandemic AND I am in public, THEN I'll wear a mask. IF it is raining OR it is cold, THEN I'll grab my jacket. IF it is NOT a COMP110 assignment, THEN I will

341 views • 6 slides
Logical Consequence: From Logical Terms to Semantic Constraints Gil Sagi Munich Center for

Logical Consequence: From Logical Terms to Semantic Constraints Gil Sagi Munich Center for

Logical Terms Semantic Constraints Logical Consequence: From Logical Terms to Semantic Constraints Gil Sagi Munich Center for Mathematical Philosophy August 21, 2014 Gil Sagi Logical Consequence Logical Terms The Thesis of the Centrality

850 views • 62 slides
HEP Applications with Globus Virtual Workspaces Ian Gable , A. Agarwal, A. Charbonneau, R.

HEP Applications with Globus Virtual Workspaces Ian Gable , A. Agarwal, A. Charbonneau, R.

HEP Applications with Globus Virtual Workspaces Ian Gable , A. Agarwal, A. Charbonneau, R. Desmarais, R. Enge, D. Grundy, A. Norton, D. Penfold-Brown, R. Seuster, R.J. Sobie, D. C. Vanderster National Research Council of Canada, Ottawa, Ontario,

244 views • 20 slides
Name of the Speaker : Karan kural Co-Speaker : Deepshikha Singh Company Name : Srijan

Name of the Speaker : Karan kural Co-Speaker : Deepshikha Singh Company Name : Srijan

Name of the Speaker : Karan kural Co-Speaker : Deepshikha Singh Company Name : Srijan Technologies Pvt. Ltd. Place: New Delhi. GitHub Pull Request Builder Plugin for Jenkins Tools We will going to use: What is Jenkins? Jenkins is an

219 views • 20 slides
Goals Today IT420: Database Management Reminder IT/CS Dinner Meal Registration and

Goals Today IT420: Database Management Reminder IT/CS Dinner Meal Registration and

Goals Today IT420: Database Management Reminder IT/CS Dinner Meal Registration and Organization Storing and Checking Passwords Sessions Session Control in PHP (Chapter 22 PHP and MySQL Web Development) Authentication Step 1:

392 views • 4 slides
Trustworthy Computing CSE443 - Spring 2012 Introduction to Computer and Network Security

Trustworthy Computing CSE443 - Spring 2012 Introduction to Computer and Network Security

Trustworthy Computing CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger Page Trust

521 views • 22 slides
Collisions for simplified variants of SHA-256 Krystian Matusiewicz and Josef Pieprzyk

Collisions for simplified variants of SHA-256 Krystian Matusiewicz and Josef Pieprzyk

Collisions for simplified variants of SHA-256 Krystian Matusiewicz and Josef Pieprzyk kmatus@ics.mq.edu.au, josef@ics.mq.edu.au Centre For Advanced Computing, Algorithms and Cryptography, Department of Computing, Macquarie University

822 views • 48 slides
Cryptography for Software and Web Developers Part 4: randomness, hashing, tokens Hanno B ock

Cryptography for Software and Web Developers Part 4: randomness, hashing, tokens Hanno B ock

Random numbers Hashes Cryptography for Software and Web Developers Part 4: randomness, hashing, tokens Hanno B ock 2014-05-28 1 / 13 Bad random numbers Random numbers Random fails Hashes Example: Factoring RSA keys Good / bad

811 views • 13 slides
. Vladimir Kolesnikov . . Payman Mohassel Mike Rosulek . .

. Vladimir Kolesnikov . . Payman Mohassel Mike Rosulek . .

fle XOR : flexible garbling for XOR gates that beats free- XOR . Vladimir Kolesnikov . . Payman Mohassel Mike Rosulek . . background 1 . . . Enc A C B Enc A C B Enc A C B Enc A C B . background: garbled

1.29k views • 92 slides
Koen Lindstrm Claessen, Alejandro Russo, John Hughes WG2.8, Park City, Utah, Chalmers

Koen Lindstrm Claessen, Alejandro Russo, John Hughes WG2.8, Park City, Utah, Chalmers

Koen Lindstrm Claessen, Alejandro Russo, John Hughes WG2.8, Park City, Utah, Chalmers University of Technology June 2008 Dictionary Passwords on UNIX systems attacks, offline attacks, ... Universal Access /etc/passwd RootAccess

775 views • 38 slides

More recommend