smashing wep in a passive attack
play

Smashing WEP in A Passive Attack POUYAN SEPEHRDAD PETR SUSIL - PowerPoint PPT Presentation

Mar 23, 2024 •216 likes •746 views

Smashing WEP in A Passive Attack POUYAN SEPEHRDAD PETR SUSIL SERGE VAUDENAY MARTIN VUAGNOUX 1 2 No one Uses WEP Any More. 2 Hotels No one Uses WEP Any More. Restaurants Airports 2 Wireless Networks in Singapore: 20% WEP Hotels No

  1. Smashing WEP in A Passive Attack POUYAN SEPEHRDAD PETR SUSIL SERGE VAUDENAY MARTIN VUAGNOUX 1

  2. 2

  3. No one Uses WEP Any More. 2

  4. Hotels No one Uses WEP Any More. Restaurants Airports 2

  5. Wireless Networks in Singapore: 20% WEP Hotels No one Uses WEP Any More. Restaurants Singapore is not alone. The same problem in most Asia. Airports 2

  6. RC4 3

  7. Reminder on RC4 RC4 3

  8. Reminder on RC4 RC4 RC4/WEP 3

  9. Reminder on RC4 RC4 RC4/WEP Tornado Attack on WEP 3

  10. Reminder on RC4 RC4 RC4/WEP Tornado Attack on WEP Challenges 3

  11. Reminder on RC4 Reminder on RC4 RC4 RC4/WEP Tornado Attack on WEP Challenges 3

  12. KSA PRGA Key S N-1 Keystream 4

  13. 1: for i = 0 to N − 1 do 2: S [ i ] ← i 3: end for 4: j ← 0 5: for i = 0 to N − 1 do 6: j ← j + S [ i ]+ K [ i mod L ] 7: swap ( S [ i ] , S [ j ]) 8: end for KSA 5

  14. 1: for i = 0 to N − 1 do 2: S [ i ] ← i 3: end for 4: j ← 0 5: for i = 0 to N − 1 do 6: j ← j + S [ i ]+ K [ i mod L ] 7: swap ( S [ i ] , S [ j ]) 8: end for KSA 0 1 2 3 4 5 6 7 8 9 10 11 12 ... 255 i j 5

  15. 1: for i = 0 to N − 1 do 2: S [ i ] ← i 3: end for 4: j ← 0 5: for i = 0 to N − 1 do 6: j ← j + S [ i ]+ K [ i mod L ] 7: swap ( S [ i ] , S [ j ]) 8: end for KSA 7 1 2 3 4 5 6 0 8 9 10 11 12 ... 255 i j 6

  16. 1: for i = 0 to N − 1 do 2: S [ i ] ← i 3: end for 4: j ← 0 5: for i = 0 to N − 1 do 6: j ← j + S [ i ]+ K [ i mod L ] 7: swap ( S [ i ] , S [ j ]) 8: end for KSA 7 1 2 3 4 5 6 0 8 9 10 11 12 ... 255 i j 7

  17. 1: for i = 0 to N − 1 do 2: S [ i ] ← i 3: end for 4: j ← 0 5: for i = 0 to N − 1 do 6: j ← j + S [ i ]+ K [ i mod L ] 7: swap ( S [ i ] , S [ j ]) 8: end for KSA 7 12 2 3 4 5 6 0 8 9 10 11 1 ... 255 i j 8

  18. 1: i ← 0 2: j ← 0 3: loop 4: i ← i + 1 5: j ← j + S [ i ] 6: swap ( S [ i ] , S [ j ]) 7: output z i = S [ S [ i ]+ S [ j ]] 8: end loop PRGA 9

  19. 1: i ← 0 2: j ← 0 3: loop 4: i ← i + 1 5: j ← j + S [ i ] 6: swap ( S [ i ] , S [ j ]) 7: output z i = S [ S [ i ]+ S [ j ]] 8: end loop PRGA 18 3 211 7 81 245 121 5 66 78 189 34 133 ... 32 i j 9

  20. 1: i ← 0 2: j ← 0 3: loop 4: i ← i + 1 5: j ← j + S [ i ] 6: swap ( S [ i ] , S [ j ]) 7: output z i = S [ S [ i ]+ S [ j ]] 8: end loop PRGA 18 7 211 3 81 245 121 5 66 78 189 34 133 ... 32 i j 10

  21. 1: i ← 0 2: j ← 0 3: loop 4: i ← i + 1 5: j ← j + S [ i ] 6: swap ( S [ i ] , S [ j ]) 7: output z i = S [ S [ i ]+ S [ j ]] 8: end loop PRGA 18 7 211 3 81 245 121 5 66 78 189 34 133 ... 32 i j Keystream byte = S[7+3]=S[10]=189 11

  22. Reminder on RC4 Reminder on RC4 RC4 RC4/WEP Tornado attack on WEP Challenges 12

  23. Reminder on RC4 RC4 RC4/WEP RC4/WEP Tornado attack on WEP Challenges 12

  24. RC4 z1 z2 z3 ... k[0] k[1] k[2] k[3] ... k[15] 13

  25. RC4 WEP z1 z2 z3 ... k[0] k[1] k[2] k[3] ... k[15] 13

  26. RC4 WEP z1 z2 z3 ... k[3] ... k[15] k[0] k[1] k[2] 13

  27. RC4 WEP z1 z2 z3 ... k[3] ... k[15] k[0] k[1] k[2] the same for each WEP is vulnerable. packet encryption. 13

  28. Reminder on RC4 RC4 RC4/WEP RC4/WEP Tornado Attack on WEP Challenges 14

  29. Reminder on RC4 RC4 RC4/WEP Tornado Attack on WEP Tornado Attack on WEP Challenges 14

  30. RC4 Key Keystream 15

  31. RC4 Key Keystream ? 15

  32.  Conditional biases: pairs of ¯ f j , p j with a predicate ¯ g j Pr [ ¯ K [ i ] = ¯ f j ( z , clue ) | ¯ g j ( z , clue )] = p j RC4 Key Keystream ? 15

  33.  Conditional biases: pairs of ¯ f j , p j with a predicate ¯ g j Pr [ ¯ K [ i ] = ¯ f j ( z , clue ) | ¯ g j ( z , clue )] = p j RC4 Key Keystream ? ¯ row reference ¯ f g p P 1 2 − σ i S t [ i ] = 0, z 2 = 0 i A u15 fixed − j 15

  34.  Conditional biases: pairs of ¯ f j , p j with a predicate ¯ g j Pr [ ¯ K [ i ] = ¯ f j ( z , clue ) | ¯ g j ( z , clue )] = p j 22 Biases RC4 Key Keystream ? ¯ row reference ¯ f g p P 1 2 − σ i S t [ i ] = 0, z 2 = 0 i A u15 fixed − j 15

  35. Roos, A.: A class of weak keys in RC4 stream cipher. 1995 Wagner, D.: Weak keys in RC4. 1995 Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: the insecurity of 802.11. 2001 Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. 2001 Stubblefield, A., Ioannidis, J., Rubin, A.D.: Using the Fluhrer, Mantin, and Shamir Attack to Break WEP. 2002 Korek: Next generation of WEP attacks? 2004 Devine, C., Otreppe, T.: Aircrack-ng 2004 Martin, J.I.S.: Weplab 2004 Mantin, I.: A practical attack on the fixed RC4 in the WEP mode. 2005 Klein, A.: Attacks on the RC4 stream cipher. 2006 Tews, E., Weinmann, R., Pyshkin, A.: Breaking 104 Bit WEP in Less Than 60 Seconds. 2007 Vaudenay, S., Vuagnoux, M.: Passive–only Key Recovery Attacks on RC4 2007 Beck, M., Tews, E. Practical Attacks Against WEP and WPA. 2009 Sepehrdad, P., Susil, P., Vaudenay, S., Vuagnoux, M.: Smashing WEP in a Passive Attack 2013

  36. Roos, A.: A class of weak keys in RC4 stream cipher. 1995 Wagner, D.: Weak keys in RC4. 1995 Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: the insecurity of 802.11. 2001 Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. 2001 Stubblefield, A., Ioannidis, J., Rubin, A.D.: Using the Fluhrer, Mantin, and Shamir Attack to Break WEP. 2002 5500,000 100,000 Korek: Next generation of WEP attacks? 2004 Devine, C., Otreppe, T.: Aircrack-ng 2004 Martin, J.I.S.: Weplab 2004 Mantin, I.: A practical attack on the fixed RC4 in the WEP mode. 2005 60,000 Klein, A.: Attacks on the RC4 stream cipher. 2006 40,000 Tews, E., Weinmann, R., Pyshkin, A.: Breaking 104 Bit WEP in Less Than 60 Seconds. 2007 32,700 Vaudenay, S., Vuagnoux, M.: Passive–only Key Recovery Attacks on RC4 2007 30,000 Beck, M., Tews, E. Practical Attacks Against WEP and WPA. 2009 19,800 Sepehrdad, P., Susil, P., Vaudenay, S., Vuagnoux, M.: Smashing WEP in a Passive Attack 2013

  37. Attack on WEP 1: compute the ranking L 15 for I = (15) and I 0 = { 0 , 1 , 2 } 2: truncate L 15 to its first ρ 15 terms 3: for each ¯ k 15 in L 15 do run recursive attack on input ¯ k 15 4: 5: end for 6: stop: attack failed recursive attack with input (¯ k 15 , ¯ k 3 , . . . , ¯ k i − 1 ) : 7: If input is only ¯ k 15 , set i = 3. 8: if i ≤ i max then compute the ranking L i for I = ( i ) and I 0 = { 0 , . . . , i − 1 , 15 } 9: truncate L i to its first ρ i terms 10: for each ¯ k i in L i do 11: run recursive attack on input (¯ k 15 , ¯ k 3 , . . . , ¯ k i − 1 , ¯ k i ) 12: end for 13: 14: else for each ¯ k i max +1 , . . . , ¯ k 14 do 15: test key (¯ k 3 , . . . , ¯ k 14 , ¯ k 15 ) and stop if correct 16: end for 17: 18: end if 17

  38. Attack on WEP 1: compute the ranking L 15 for I = (15) and I 0 = { 0 , 1 , 2 } 2: truncate L 15 to its first ρ 15 terms 3: for each ¯ k 15 in L 15 do run recursive attack on input ¯ k 15 4: Y x : counter for x 5: end for 6: stop: attack failed R(x): rank of x recursive attack with input (¯ k 15 , ¯ k 3 , . . . , ¯ k i − 1 ) : 7: If input is only ¯ k 15 , set i = 3. 8: if i ≤ i max then compute the ranking L i for I = ( i ) and I 0 = { 0 , . . . , i − 1 , 15 } 9: truncate L i to its first ρ i terms 10: for each ¯ k i in L i do 11: run recursive attack on input (¯ k 15 , ¯ k 3 , . . . , ¯ k i − 1 , ¯ k i ) 12: end for 13: 14: else for each ¯ k i max +1 , . . . , ¯ k 14 do 15: test key (¯ k 3 , . . . , ¯ k 14 , ¯ k 15 ) and stop if correct 16: end for 17: 18: end if 17

  39. Attack on WEP 1: compute the ranking L 15 for I = (15) and I 0 = { 0 , 1 , 2 } 2: truncate L 15 to its first ρ 15 terms 3: for each ¯ k 15 in L 15 do run recursive attack on input ¯ k 15 4: Y x : counter for x 5: end for 6: stop: attack failed R(x): rank of x recursive attack with input (¯ k 15 , ¯ k 3 , . . . , ¯ k i − 1 ) : 7: If input is only ¯ k 15 , set i = 3. 8: if i ≤ i max then compute the ranking L i for I = ( i ) and I 0 = { 0 , . . . , i − 1 , 15 } 9: truncate L i to its first ρ i terms 10: for each ¯ k i in L i do 11: run recursive attack on input (¯ k 15 , ¯ k 3 , . . . , ¯ k i − 1 , ¯ k i ) 12: end for 13: 14: else for each ¯ k i max +1 , . . . , ¯ k 14 do 15: test key (¯ k 3 , . . . , ¯ k 14 , ¯ k 15 ) and stop if correct 16: end for 17: 18: end if The parameters are all optimized 17

  40. Reminder on RC4 RC4 RC4/WEP Tornado Attack on WEP Tornado Attack on WEP Challenges 18

  41. Reminder on RC4 RC4 RC4/WEP Tornado Attack on WEP Challenges Challenges 18

  42. In our EUROCRYPT’11 Paper: We made a heuristic assumption that V ( Y good ) ⇥ V ( Y bad ) . In practice: V ( Y good ) ⇤ = V ( Y bad ) We made a heuristic approximation that ( Y good � Y i ) ’s are independent for all bad i ’s. In practice: ( Y good � Y i ) ’s are not independent. Assume the rank R of the correct counter to be normally distributed. In practice: R is not normally distributed. Assume R is following Poisson distribution. In practice E ( R ) ⇤ = V ( R ) . 19

  43. 0.25 Polya distribution with p = 0.9839 and r = 0.356 Experimental R 3 distribution for 5000 packets 0.2 0.15 Probability 0.1 0.05 0 0 10 20 30 40 50 R 3 Realization 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit by Aleph One Summer 2017 Roadmap 1 Process Memory Organization Text Fixed by program Includes code and read-only data

257 views • 22 slides
Smashing the Stack Protector for Fun and Profit 1 1996: Smashing The Stack for Fun and Profit

Smashing the Stack Protector for Fun and Profit 1 1996: Smashing The Stack for Fun and Profit

Smashing the Stack Protector for Fun and Profit 1 1996: Smashing The Stack for Fun and Profit ... overflow direction / higher addresses int main(int argc, char **argv) buf { stack growth char buf[0x10]; gets(buf); saved return address

911 views • 13 slides
luis@ringzero.net Luis Miras What Im Not Covering What I Will Be Covering Attack Passive

luis@ringzero.net Luis Miras What Im Not Covering What I Will Be Covering Attack Passive

luis@ringzero.net Luis Miras What Im Not Covering What I Will Be Covering Attack Passive (Sniffing) authentication data sensitive data Active (Injection) Denial of Service Execution of arbitrary commands RF

722 views • 71 slides
Smashing the Buffer Smashing the Buffer Miroslav tampar Miroslav tampar (mstampar@zsis.hr )

Smashing the Buffer Smashing the Buffer Miroslav tampar Miroslav tampar (mstampar@zsis.hr )

Smashing the Buffer Smashing the Buffer Miroslav tampar Miroslav tampar (mstampar@zsis.hr ) (mstampar@zsis.hr ) Summary BSidesVienna 2014, Vienna (Austria) November 22nd, 2014 2 Buffer overflow (a.k.a.)

462 views • 35 slides
Smashing the Stack Based on the paper by Aleph One Slides by Prof Yan Chen, Northwestern

Smashing the Stack Based on the paper by Aleph One Slides by Prof Yan Chen, Northwestern

Smashing the Stack Based on the paper by Aleph One Slides by Prof Yan Chen, Northwestern University Smashing the Stack for Fun and Profit Review: Process memory organization The problem: Buffer overflows How to exploit the problem

660 views • 46 slides
Reduce passive income, reduce taxes We help. You grow. What is passive income and why does it

Reduce passive income, reduce taxes We help. You grow. What is passive income and why does it

Reduce passive income, reduce taxes We help. You grow. What is passive income and why does it matter? Federal government changed rules, effective for tax years that begin after 2018. Canadian controlled private corporations (CPCC) Passive

193 views • 8 slides
Passive Gas System Design PRESENTED BY BRYAN WELDON P.E. Passive System Overview 01 Passive

Passive Gas System Design PRESENTED BY BRYAN WELDON P.E. Passive System Overview 01 Passive

Passive Gas System Design PRESENTED BY BRYAN WELDON P.E. Passive System Overview 01 Passive Components 02 Integrating and Upgrading 03 Questions 04 2 Passive System Overview ___ 3 Passive Gas System ___ 4 Passive Gas System Usually

332 views • 12 slides
Passive Fire Protection For the Oil & Gas Industry Passive Fire Protection What is purpose

Passive Fire Protection For the Oil & Gas Industry Passive Fire Protection What is purpose

Passive Fire Protection For the Oil & Gas Industry Passive Fire Protection What is purpose of fireproofing? To Save Lives To Preserve Assets To Prevent Escalation Passive Fire Protection Passive Fire Protection Passive Fire

311 views • 29 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
64-bit Linux stack smashing tutorial: Part 2 Written on April 21, 2015 This is part 2 of my

64-bit Linux stack smashing tutorial: Part 2 Written on April 21, 2015 This is part 2 of my

Techorganic About PGP Disclaimer Vulnerabilities Musings from the brainpan 64-bit Linux stack smashing tutorial: Part 2 Written on April 21, 2015 This is part 2 of my 64-bit Linux Stack Smashing tutorial. In part 1 we exploited a 64- bit

451 views • 9 slides
What Are Active and Passive Voice? Can you write definitions for active and passive

What Are Active and Passive Voice? Can you write definitions for active and passive

What Are Active and Passive Voice? Can you write definitions for active and passive voice? Active Voice In an active sentence, the subject performs the action (the verb) to the object . Passive Voice In a passive sentence, the thing

610 views • 14 slides
Passive Transport (no energy input required) Passive Transport Passive transport is the

Passive Transport (no energy input required) Passive Transport Passive transport is the

Passive Transport (no energy input required) Passive Transport Passive transport is the movement of ions and other molecules across cell membranes without the need of energy input (ATP) Ions or molecules move from an area of higher

650 views • 33 slides
Multivariate Solutions to Emerging Passive DNS Challenges Dr. Paul Vixie, CEO and Dr. Joe St

Multivariate Solutions to Emerging Passive DNS Challenges Dr. Paul Vixie, CEO and Dr. Joe St

Multivariate Solutions to Emerging Passive DNS Challenges Dr. Paul Vixie, CEO and Dr. Joe St Sauver, Scientist 1 Agenda Introduction Passive DNS, Including Times When Passive DNS May Not Work Well Overcoming Obfuscation Pillz

962 views • 47 slides
References Smashing the stack for fun and profit http://phrack.org/issues/49/14.html

References Smashing the stack for fun and profit http://phrack.org/issues/49/14.html

References Smashing the stack for fun and profit http://phrack.org/issues/49/14.html Exploiting format string vulnerabilities https://crypto.stanford.edu/cs155/papers/for matstring-1.2.pdf Once upon a free()

427 views • 19 slides
Active / Passive Voice Acquistion THE PASSIVE VOICE IS EVIL. Two exceptions:

Active / Passive Voice Acquistion THE PASSIVE VOICE IS EVIL. Two exceptions:

Active / Passive Voice Acquistion THE PASSIVE VOICE IS EVIL. Two exceptions: blame-shifting scientific writing Acquisition Active Voice: the subject performs the action of the verb Example: The dog attacked my neighbor.

595 views • 21 slides
Dimer Interpretations in Cluster Algebras: Smashing, Splitting, and Finding the Perfect Match

Dimer Interpretations in Cluster Algebras: Smashing, Splitting, and Finding the Perfect Match

Dimer Interpretations in Cluster Algebras: Smashing, Splitting, and Finding the Perfect Match Piriyakorn Piriyatamwong and Caledonia Wilson University of Minnesota Twin Cities REU in Combinatorics Monday July 30, 2018 Introduction Consider

463 views • 45 slides
On the Computational Complexities of Three Privacy Measures for Large Networks Under Active Attack

On the Computational Complexities of Three Privacy Measures for Large Networks Under Active Attack

On the Computational Complexities of Three Privacy Measures for Large Networks Under Active Attack Bhaskar DasGupta Department of Computer Science University of Illinois at Chicago Chicago, IL 60607, USA dasgupta@cs.uic.edu

477 views • 15 slides
Active Shooter Training Created by Security Strategies Today For The Hospitality Law Conference

Active Shooter Training Created by Security Strategies Today For The Hospitality Law Conference

Active Shooter Training Created by Security Strategies Today For The Hospitality Law Conference Houston, April 24-26, 2017 Proprietary-Security Strategies Today Steve Cocco Steve Cocco, President of Security Strategies Today, is a counter-

180 views • 14 slides
CADET EMILIANO GONZALEZ, USMA 2018 HOMELAND SECURITY INTERNSHIP RESEARCH PRESENTATION 2018

CADET EMILIANO GONZALEZ, USMA 2018 HOMELAND SECURITY INTERNSHIP RESEARCH PRESENTATION 2018

CADET EMILIANO GONZALEZ, USMA 2018 HOMELAND SECURITY INTERNSHIP RESEARCH PRESENTATION 2018 HOMELAND SECURITY INTERNSHIP Purpose To provide information on research conducted during my 2018 Homeland Security Internship and to provide

497 views • 48 slides
Pervasive Monitoring stephen.farrell@cs.tcd.ie June 2014 stephen.farrell@cs.tcd.ie 1/16 It's

Pervasive Monitoring stephen.farrell@cs.tcd.ie June 2014 stephen.farrell@cs.tcd.ie 1/16 It's

Pervasive Monitoring stephen.farrell@cs.tcd.ie June 2014 stephen.farrell@cs.tcd.ie 1/16 It's an attack The actions of NSA and their partners (nation-state or corporate, coerced or not) are a multi-faceted form of attack, or are

352 views • 16 slides
Resilient Power Grid Project Report Sahiti Bommareddy | Daniel Qian | Parv Saxena Spring 2020 1

Resilient Power Grid Project Report Sahiti Bommareddy | Daniel Qian | Parv Saxena Spring 2020 1

Resilient Power Grid Project Report Sahiti Bommareddy | Daniel Qian | Parv Saxena Spring 2020 1 Project Goal Extend the Spire intrusion-tolerant SCADA system Three dimensions: 1. Performance optimization for single site configuration 2.

622 views • 33 slides
Terrorist & Violent Intruder Preparedness/Response Simplifying Your

Terrorist & Violent Intruder Preparedness/Response Simplifying Your

Terrorist & Violent Intruder Preparedness/Response Simplifying Your Response Based on A6acker Objec<ve Commonali<es www.intruderresponse.com Vaughn Baker Co-Founder Strategos

884 views • 52 slides
BloodHound From Red to Blue 1.5 By Scoubi @ScoubiMTL BIO Sr Security Architect at Bell Canada

BloodHound From Red to Blue 1.5 By Scoubi @ScoubiMTL BIO Sr Security Architect at Bell Canada

BloodHound From Red to Blue 1.5 By Scoubi @ScoubiMTL BIO Sr Security Architect at Bell Canada Adversary Detection Team Lead Threat Hunting Team Lead First Presented at BSidesCharm French Canadian Dont pronounce S and H

1.37k views • 104 slides
Attack simulations of viable cities (smart facilities) Associate prof. Robert Lagerstrm KTH

Attack simulations of viable cities (smart facilities) Associate prof. Robert Lagerstrm KTH

Attack simulations of viable cities (smart facilities) Associate prof. Robert Lagerstrm KTH Royal Institute of Technology Sustainable cities, energy, transportation, Digital solutions will drive progress towards the sustainable

309 views • 30 slides

More recommend