Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- - - PowerPoint PPT Presentation

Wifi

Wireless Encryption

• Unencrypted
• WEP
• WPA-2

Threat Model- Unencrypted

Threat Model- Unencrypted

SSID Hiding

• SSID - network name
• LoboGuest
• eduroam
• Default — broadcast SSID
• SSID hiding — do not broadcast SSID

MAC Filtering

• MAC address- uniquely identifies a device on a

network

• Blacklist MACs
• Whitelist MACs

RC4

• Stream Cipher

WEP

• 40 bit key
• 24 bit initialization vector

WEP Packet

IV Key ID Payload Checksum RC4 Encrypted http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

WEP: Passive Attack

• IP traffic is predictable/redundant
• Look for packets with the same IV
• Two packets P1 and P2 with same IV C1 = P1 xor RC4(k||IV)
• C1 = P1 xor RC4(k||IV)
• C2 = P2 xor RC4(k||IV)
• C1 xor C2 = P1 xor P2
• Use stats or known plaintext to find P1, P2

Implementation bug or design flaw?

• What if random IVs were used?
• IV space – 224 possibilities
• Collision after 4000 packets
• Rough estimate: a busy AP sends 1000 packets/sec
• Collision every 4s!
• Even with counting IV (best case), rollover every few

hours

WEP: Table Attack

• Small number of IVs
• Figure out plain text for one packet.
• Compute the RC4 key stream: RC4(k||IV)
• Do this for all IVs (15GB storage)
• Decrypt ALL the packets.

WPA-2

https://www.krackattacks.com/

WPA2: handshake frame

WPA2: handshake

KRACK attack

• KRACK: Key reinstallation attack
• Man-in-the middle between supplicant and

authenticator

• Replay old third message in handshake (rather

than relay the third message)

• Also resets packet counters: attacker can now

replay packets

KRACK attack

Key takeaway

• KRACK causes nonce reuse
• Nonce reuse causes pain (relay of packets,

decryption of packets, perhaps even forgery of packets)