the fragmentation attack in practice
play

The Fragmentation Attack in Practice Andrea Bittau - PowerPoint PPT Presentation

Dec 21, 2023 •377 likes •1k views

Introduction Theory Practice Conclusion 1/24 The Fragmentation Attack in Practice Andrea Bittau a.bittau@cs.ucl.ac.uk September 17, 2005 Aim Introduction Theory Practice Conclusion 2/24 Transmit arbitrary WEP data without knowing the

  1. Introduction Theory Practice Conclusion 1/24 The Fragmentation Attack in Practice Andrea Bittau a.bittau@cs.ucl.ac.uk September 17, 2005

  2. Aim Introduction Theory Practice Conclusion 2/24 Transmit arbitrary WEP data without knowing the key. Only requirement: Eavesdrop a single WEP packet.

  3. Outline Introduction Theory Practice Conclusion 3/24 Introduction 1 WEP Common Attacks Theory 2 PRGA & WEPWedgie Fragmentation Practice 3 Hardware & Software Limitations Real-life Attack Example Script-kiddie Tool Conclusion 4

  4. Wired Equivalent Privacy? Introduction Theory Practice Overview Conclusion 4/24 Bogus implementation of RC4 with a 40-bit shared key. Only data portion of data packets is encrypted. Initialization Vector (IV) prepended to key on each encryption. IV is transmitted in clear within WEP packets. Data frame format Frame Body 802.11 Header CRC IV User Data ICV { { 32-bit (IV 3 bytes) CRC32 of user data

  5. Wired Equivalent Privacy?? Introduction Theory Practice Encryption Conclusion 5/24 1 Seed: Choose IV (any 24-bit number) and prepend to key. 2 KSA: Run RC4 Key Scheduling Algorithm on seed. 3 PRGA: Run RC4 Pseudo-Random Generation Algorithm. 4 XOR: XOR user data with PRGA. WEP Encryption “PRGA” { IV + key RC4 0 1 0 1 ⊕ Plain text 1 1 0 0 = Cipher text 1 0 0 1

  6. Common Attacks Introduction Theory Practice Conclusion 6/24 1 Bruteforce 40-bit key! ASCII Passphrase. Microsoft Windows XP requires exactly 5 or 13 characters. 2 KSA The weak IV attack (aka FMS). Requires ≈ 300,000–3,000,000 unique IVs. Many networks don’t have much traffic. 13% probability IVs improve the attack a lot. aircrack is a good implementation. 3 PRGA WEP-wedgie: Shared key authentication networks. PRGA discovery: Bit-flipping, IV collisions, etc. Fragmentation: Not (yet) public!

  7. Common Attacks Introduction Theory Practice Conclusion 6/24 1 Bruteforce 40-bit key! ASCII Passphrase. Microsoft Windows XP requires exactly 5 or 13 characters. 2 KSA The weak IV attack (aka FMS). Requires ≈ 300,000–3,000,000 unique IVs. Many networks don’t have much traffic. 13% probability IVs improve the attack a lot. aircrack is a good implementation. 3 PRGA WEP-wedgie: Shared key authentication networks. PRGA discovery: Bit-flipping, IV collisions, etc. Fragmentation: Not (yet) public!

  8. Common Attacks Introduction Theory Practice Conclusion 6/24 1 Bruteforce 40-bit key! ASCII Passphrase. Microsoft Windows XP requires exactly 5 or 13 characters. 2 KSA The weak IV attack (aka FMS). Requires ≈ 300,000–3,000,000 unique IVs. Many networks don’t have much traffic. 13% probability IVs improve the attack a lot. aircrack is a good implementation. 3 PRGA WEP-wedgie: Shared key authentication networks. PRGA discovery: Bit-flipping, IV collisions, etc. Fragmentation: Not (yet) public!

  9. PRGA Introduction Theory Practice Conclusion 7/24 If we had PRGA for an IV: Sample PRGA Decrypt all packets which use that IV (cipher text ⊕ PRGA). 0 1 0 1 PRGA With PRGAs for different IVs, we can decrypt more packets 0 0 1 1 (IV dictionary). Plain text Encrypt user data with that IV (data ⊕ PRGA). 0 1 1 0 Cipher text Can always use same IV. If we intercept cipher text and somehow know the clear text: Discover PRGA for that IV (cipher text ⊕ clear text).

  10. PRGA Introduction Theory Practice Conclusion 7/24 If we had PRGA for an IV: Sample PRGA Decrypt all packets which use that IV (cipher text ⊕ PRGA). 0 1 0 1 PRGA With PRGAs for different IVs, we can decrypt more packets 0 0 1 1 (IV dictionary). Plain text Encrypt user data with that IV (data ⊕ PRGA). 0 1 1 0 Cipher text Can always use same IV. If we intercept cipher text and somehow know the clear text: Discover PRGA for that IV (cipher text ⊕ clear text).

  11. WEP-wedgie Introduction Theory Practice Greets to Anton Conclusion 8/24 Shared key authentication: 1 Access point (AP) sends 128 byte challenge. 2 Client replies with encrypted version of challenge.

  12. WEP-wedgie Introduction Theory Practice Greets to Anton Conclusion 8/24 Shared key authentication: 1 Access point (AP) sends 128 byte challenge. 2 Client replies with encrypted version of challenge. Have 128 bytes of PRGA! (challenge ⊕ encrypted challenge) reveals PRGA for IV client used. Can encrypt 128 − 4 (ICV) arbitrary bytes of data. Can decrypt first 128 bytes of packets which use that IV.

  13. WEP-wedgie Introduction Theory Practice Greets to Anton Conclusion 8/24 Shared key authentication: 1 Access point (AP) sends 128 byte challenge. 2 Client replies with encrypted version of challenge. Have 128 bytes of PRGA! (challenge ⊕ encrypted challenge) reveals PRGA for IV client used. Can encrypt 128 − 4 (ICV) arbitrary bytes of data. Can decrypt first 128 bytes of packets which use that IV. Optimization Force clients to disconnect by spoofing de-authentication requests—management frames not encrypted!

  14. PRGA Discovery Introduction Theory Practice How much clear text do we know? Conclusion 9/24 All data is Logical Link Control (LLC) encapsulated. Commonly (always) followed by SNAP. Most likely followed by IP. At times followed by ARP. LLC/SNAP header for IP packet 0xAA 0xAA 0x03 0x00 0x00 0x00 0x08 0x00 { { { { { Ether type DSAP SSAP CTRL ORG code ARP packets have 0x0806 as ethernet type! Distinguishable by fixed and short length. In general, we can recover at least 8 bytes of PRGA.

  15. Fragmentation Introduction Theory Practice Greets: Josh Lackey, h1kari, anton, abaddon Conclusion 10/24 802.11 supports fragmentation at a MAC layer. Each WEP fragment is encrypted independently.

  16. Fragmentation Introduction Theory Practice Greets: Josh Lackey, h1kari, anton, abaddon Conclusion 10/24 802.11 supports fragmentation at a MAC layer. Each WEP fragment is encrypted independently. The Fragmentation Attack Send arbitrarily long data in 8 byte fragments!

  17. Fragmentation Introduction Theory Practice Greets: Josh Lackey, h1kari, anton, abaddon Conclusion 10/24 802.11 supports fragmentation at a MAC layer. Each WEP fragment is encrypted independently. The Fragmentation Attack Send arbitrarily long data in 8 byte fragments! Some details: Each fragment needs ICV. Only 8 − 4 = 4 bytes for real data. Fragment No. field is 4 bits. Only 16 fragments possible. Max data length = 2 4 × 4 = 64. Can use IP fragmentation too. Can generate traffic for which response is known, revealing more PRGA.

  18. Outline of Attack Introduction Theory Practice Conclusion 11/24 1 Eavesdrop a WEP packet. 2 Recover 8 bytes of PRGA (clear ⊕ WEP). 3 Transmit data in 8 byte fragments using same IV.

  19. Outline of Attack Introduction Theory Practice Conclusion 11/24 1 Eavesdrop a WEP packet. 2 Recover 8 bytes of PRGA (clear ⊕ WEP). 3 Transmit data in 8 byte fragments using same IV. Speed up other attacks Pure PRGA attack 1 Send data which generates 1 Send data for which reply is traffic. known. 2 Collect weak IVs. 2 Recover PRGA for more IVs. 3 Perform KSA attacks 3 Slowly build an IV (FMS). dictionary.

  20. Outline of Attack Introduction Theory Practice Conclusion 11/24 1 Eavesdrop a WEP packet. 2 Recover 8 bytes of PRGA (clear ⊕ WEP). 3 Transmit data in 8 byte fragments using same IV. Speed up other attacks Pure PRGA attack 1 Send data which generates 1 Send data for which reply is traffic. known. 2 Collect weak IVs. 2 Recover PRGA for more IVs. 3 Perform KSA attacks 3 Slowly build an IV (FMS). dictionary.

  21. Hardware Introduction Theory Practice Conclusion 12/24 Prism2 (Intersil) based cards. Host-AP mode. Can send (almost) raw 802.11 frames. Monitor mode. Firmware passes all frames to kernel. Firmware overwrites 802.11 header fields such as fragment & sequence number!

  22. Hardware Introduction Theory Practice Conclusion 12/24 Prism2 (Intersil) based cards. Host-AP mode. Can send (almost) raw 802.11 frames. Monitor mode. Firmware passes all frames to kernel. Firmware overwrites 802.11 header fields such as fragment & sequence number! Re-write the fields via debug port! (greets to h1kari) 1 Queue the packet on the card for TX via the normal interface. 2 Locate the packet on the card’s memory via AUX port. 3 Instruct the card to begin TX. 4 After the firmware processed the header, but before it is sent, overwrite it. In practice, we always win the race!

  23. Software Introduction Theory Practice Conclusion 13/24 FreeBSD using wi driver. Added much of airjack’s (Linux driver) functionality.

  24. Software Introduction Theory Practice Conclusion 13/24 FreeBSD using wi driver. Added much of airjack’s (Linux driver) functionality. AUX overwrite implementation 1 Queue and locate packet with 2 random bytes in MAC addr. 2 Busy wait reading duration until it changes. 3 Overwrite header. 0x08 0x00 0x00 0x00 0x00 0xDE 0xFA 0xCE 0xD0 0x00 { { { Frame CTRL Duration Address 1

  25. Software Introduction Theory Practice Conclusion 13/24 FreeBSD using wi driver. Added much of airjack’s (Linux driver) functionality. AUX overwrite implementation 1 Queue and locate packet with 2 random bytes in MAC addr. 2 Busy wait reading duration until it changes. 3 Overwrite header. 0x08 0x00 0xD5 0x00 0x00 0xDE 0xFA 0xCE 0xD0 0x00 { { { Frame CTRL Duration Address 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice

The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice

The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice Director Global experts in cyber security & risk mitigation Agenda Space attack surface overview Attacks against terrestrial assets

310 views • 30 slides
Institutional challenges Outline Why Fragmentation? Overview on the reasons and levels of SSN

Institutional challenges Outline Why Fragmentation? Overview on the reasons and levels of SSN

Topic # 3 Fragmentation of Social Safety Nets: Institutional challenges Outline Why Fragmentation? Overview on the reasons and levels of SSN program fragmentation (Inas) Case studies of Pakistan (Shereen), Kenya (Stefanie), and

488 views • 18 slides
Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation Alexandra Boldyreva,

Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation Alexandra Boldyreva,

Ciphertext Fragmentation and Related Problems Formalizing Fragmentation Security Notions Constructions and Comparison Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation Alexandra Boldyreva, Jean Paul Degabriele , Kenny

924 views • 43 slides
CS 356: Computer Network Architectures Lecture 10: IP Fragmentation, ARP, and ICMP Xiaowei Yang

CS 356: Computer Network Architectures Lecture 10: IP Fragmentation, ARP, and ICMP Xiaowei Yang

CS 356: Computer Network Architectures Lecture 10: IP Fragmentation, ARP, and ICMP Xiaowei Yang xwy@cs.duke.edu Overview Homework 2-dimension parity IP fragmentation ARP ICMP Fragmentation and Reassembly (not required for

847 views • 42 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Fragmentation Considered Vulnerable Yossi Gilad & Amir Herzberg Computer Science Department,

Fragmentation Considered Vulnerable Yossi Gilad & Amir Herzberg Computer Science Department,

Fragmentation Considered Vulnerable Yossi Gilad & Amir Herzberg Computer Science Department, Bar Ilan University Overview IP fragmentation recap `Easy case fragment miss -association attacks Fragmentation attacks in tunnels

238 views • 23 slides
The LOGJAM attack Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian,

The LOGJAM attack Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian,

The LOGJAM attack Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thom e, Luke

674 views • 45 slides
Measurement of jet fragmentation at ATLAS Andy Buckley, University of Glasgow for the ATLAS

Measurement of jet fragmentation at ATLAS Andy Buckley, University of Glasgow for the ATLAS

Measurement of jet fragmentation at ATLAS Andy Buckley, University of Glasgow for the ATLAS Collaboration QCD@LHC, Buffalo, 16 July 2019 Jet fragmentation colour singlet In leading-order QCD, well-separated jets and partons are exactly

308 views • 18 slides
QCD Phenomenology at High Energy Bryan Webber CERN Academic Training Lectures 2008 Lecture 4:

QCD Phenomenology at High Energy Bryan Webber CERN Academic Training Lectures 2008 Lecture 4:

QCD Phenomenology at High Energy Bryan Webber CERN Academic Training Lectures 2008 Lecture 4: Jet Fragmentation and Hadron-Hadron Processes Jet Fragmentation Fragmentation functions Small-x fragmentation Average multiplicity

670 views • 34 slides
Fragmentation Data Message Alexandru Mancas CCSDS Spring Meetings 2019, NASA Ames, USA ESA

Fragmentation Data Message Alexandru Mancas CCSDS Spring Meetings 2019, NASA Ames, USA ESA

Fragmentation Data Message Alexandru Mancas CCSDS Spring Meetings 2019, NASA Ames, USA ESA UNCLASSIFIED - For Official Use Agenda 1. Need for a Fragmentation Data Message 2. Example of fragmentation data gathering March 2019 ASAT test 3.

1.1k views • 30 slides
CS 356: Computer Network Architectures Lecture 11: IP Fragmentation, ARP, and ICMP Xiaowei Yang

CS 356: Computer Network Architectures Lecture 11: IP Fragmentation, ARP, and ICMP Xiaowei Yang

CS 356: Computer Network Architectures Lecture 11: IP Fragmentation, ARP, and ICMP Xiaowei Yang xwy@cs.duke.edu Overview Wrapping up from last leture IP fragmentation ARP ICMP The longest prefix matching algorithm 1. Search

788 views • 52 slides
Jet Fragmentation and Fractal Observables Ben Elder Massachusetts Institute of Technology July

Jet Fragmentation and Fractal Observables Ben Elder Massachusetts Institute of Technology July

Jet Fragmentation and Fractal Observables Ben Elder Massachusetts Institute of Technology July 17, 2017 Based on work with: Massimiliano Procura, Jesse Thaler, Wouter Waalewijn, and Kevin Zhou Ben Elder (MIT) Jet Fragmentation and Fractal

474 views • 20 slides
Modifiable Nutritional and Lifestyle Factors in Sperm DNA Fragmentation Ciara Wright PhD DipNT

Modifiable Nutritional and Lifestyle Factors in Sperm DNA Fragmentation Ciara Wright PhD DipNT

Modifiable Nutritional and Lifestyle Factors in Sperm DNA Fragmentation Ciara Wright PhD DipNT mNTOI Director, Glenville Nutrition www.glenvillenutrition.ie Why test DNA fragmentation? Men with abnormal 15% of men semen analyses with a

428 views • 20 slides
Data protection by means of fragmentation Summer school on real-world crypto and privacy

Data protection by means of fragmentation Summer school on real-world crypto and privacy

Data protection by means of fragmentation Summer school on real-world crypto and privacy Katarzyna KAPUSTA Self introduction PhD Student at Telecom ParisTech Universite Paris-Saclay Supervisor: Gerard MEMMI Subject: data fragmentation

285 views • 10 slides
National Fragmentation Caspar van den Berg, PhD Leiden University, Campus The Hague European

National Fragmentation Caspar van den Berg, PhD Leiden University, Campus The Hague European

European Unification and National Fragmentation Caspar van den Berg, PhD Leiden University, Campus The Hague European Fragmentation An uneven distribution of benefits of European integration is partly normal and inevitable in a market

318 views • 7 slides
Neural Network Fragmentation Functions [V. Bertone et al. , Eur. Phys. J. C 77 (2017) no.8, 516]

Neural Network Fragmentation Functions [V. Bertone et al. , Eur. Phys. J. C 77 (2017) no.8, 516]

Neural Network Fragmentation Functions [V. Bertone et al. , Eur. Phys. J. C 77 (2017) no.8, 516] Valerio Bertone NIKHEF and VU Amsterdam REF 2017 November 15, 2017, Madrid Motivation Why bother about fragmentation functions Comparison

875 views • 55 slides
Envelopes and String Art Gregory Quenell 1 Activity: 1 Draw line segments connecting 0 . 8 (0

Envelopes and String Art Gregory Quenell 1 Activity: 1 Draw line segments connecting 0 . 8 (0

Envelopes and String Art Gregory Quenell 1 Activity: 1 Draw line segments connecting 0 . 8 (0 , x ) with (1 x, 0) 0 . 6 for x = 0 . 1 , 0 . 2 , . . . , 0 . 9. 0 . 4 Benefits: 0 . 2 Gives you something to do during calculus class 0 .

349 views • 34 slides
Nailgun: Breaking the Privilege Isolation on ARM Zhenyu Ning COMPASS Lab Wayne State University

Nailgun: Breaking the Privilege Isolation on ARM Zhenyu Ning COMPASS Lab Wayne State University

Nailgun: Breaking the Privilege Isolation on ARM Zhenyu Ning COMPASS Lab Wayne State University Sep 23, 2019 Nailgun: Breaking the Privilege Isolation on ARM 1 Outline I Background I Introduction I Obstacles for Misusing the Traditional

1.44k views • 116 slides
Advice-Based Exploration in Model-Based Reinforcement Learning Rodrigo Toro Icarte 1 , 2 Toryn Q.

Advice-Based Exploration in Model-Based Reinforcement Learning Rodrigo Toro Icarte 1 , 2 Toryn Q.

Advice-Based Exploration in Model-Based Reinforcement Learning Rodrigo Toro Icarte 1 , 2 Toryn Q. Klassen 1 Richard Valenzano 1 , 3 Sheila A. McIlraith 1 1 University of Toronto, Toronto, Canada { rntoro,toryn,rvalenzano,sheila } @cs.toronto.edu 2

604 views • 37 slides
Introduction to embodiment Language has function Language is situated Interpreting

Introduction to embodiment Language has function Language is situated Interpreting

Language and Conceptualization Introduction to embodiment Language has function Language is situated Interpreting language requires experiential, embodied understanding of the world linguistic capabilities are created as humans

601 views • 24 slides
Ring Models for Group Candidates William McCune August 2004 http://www.mcs.anl.gov/

Ring Models for Group Candidates William McCune August 2004 http://www.mcs.anl.gov/

Ring Models for Group Candidates William McCune August 2004 http://www.mcs.anl.gov/ mccune/projects/gtsax/

373 views • 9 slides
CS 557 Inter-Domain Routing Introduction to BGP Routing Tutorial slides from Tim Griffin, 2001

CS 557 Inter-Domain Routing Introduction to BGP Routing Tutorial slides from Tim Griffin, 2001

CS 557 Inter-Domain Routing Introduction to BGP Routing Tutorial slides from Tim Griffin, 2001 Spring 2013 Inter-domain Routing 2153 11537 1706 52 FRGP Level 3 ARIZONA ColoState Autonomous Systems (AS) Border Gateway Protocol

566 views • 30 slides
Rule #1: Have a takeaway. Rule #2: Keep It Simple. Rule #3: Repetition is Good. Rule #4: Be

Rule #1: Have a takeaway. Rule #2: Keep It Simple. Rule #3: Repetition is Good. Rule #4: Be

The 4 Rules of Public Speaking Rule #1: Have a takeaway. Rule #2: Keep It Simple. Rule #3: Repetition is Good. Rule #4: Be Prepared! But at the end of the day, we can have the most dedicated teachers, the most supportive parents, the best

395 views • 12 slides
NLO+PS, Uncertainties, and Shower Reweighting with the Herwig 7 Event Generator Simon Pltzer

NLO+PS, Uncertainties, and Shower Reweighting with the Herwig 7 Event Generator Simon Pltzer

NLO+PS, Uncertainties, and Shower Reweighting with the Herwig 7 Event Generator Simon Pltzer for the Herwig team IPPP, Department of Physics, Durham University & PPT, School of Physics and Astronomy, University of Manchester at the

341 views • 17 slides

More recommend