Đăng ký Đăng nhập

Tài liệu Wifi security phần 1

.PDF
10
186
108

Mô tả:

Wi-Fi Security How to Break and Exploit Thesis for the degree Master of Science Hallvar Helleseth Department of Informatics University of Bergen June 2006 The NoWires Research Group http://www.nowires.org Preface This thesis explores security vulnerabilities in Wireless-Fidelity (Wi-Fi) networks. A thorough description of critical security holes and practical examples of attacks are given. First a guide to the necessary equipment and how to set it up as an attack platform is provided. Later it is demonstrated how the lack of security may aid a malicous hacker to exploit interesting targets beyond the realm of Wi-Fi. Enough detail is provided to enable duplication of the practical work done in parallell to writing this thesis. The aim is to give the reader a greater insight into how computer systems are utilized by hackers, and eventually enable the design of more secure systems. For this reason the targetted reader is one with an interest in computer security in general. Necassary knowlegde of wireless networks is provided. i Acknowledgments First of all, I would like to thank my supervisor, Professor Kjell Jørgen Hole, who got me very excited about writing a thesis on Wi-Fi security. I appreciate that he has taken the time to follow me up so closely and guiding me in making the right descissions in regard to this thesis. I thank my father for skillfully guiding me into a career I will enjoy. I would like to thank all present and previous members of friByte for some fun times in whatever computer labs we have occupied. Naturally, I appreciate my fellow friends from The NoWires Research Group who brought me along on monthly excursions to pubs and the interesting discussions that followed. iii Contents 1 Introduction 1.1 What is Wi-Fi Security? . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 How is Wi-Fi Used? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Structure of Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 How to Identify Wi-Fi Networks 2.1 Introduction . . . . . . . . . . . . . . . . . . . 2.2 Background . . . . . . . . . . . . . . . . . . . 2.2.1 What is a Wi-Fi Network? . . . . . . . 2.2.2 How does Wi-Fi Work? . . . . . . . . . 2.2.3 Availability . . . . . . . . . . . . . . . 2.3 Hardware Equipment . . . . . . . . . . . . . . 2.3.1 Mobile Computer Platform . . . . . . . 2.3.2 Wi-Fi Network Card . . . . . . . . . . 2.3.3 Antenna . . . . . . . . . . . . . . . . . 2.3.4 Amplifier . . . . . . . . . . . . . . . . 2.3.5 GPS Receiver . . . . . . . . . . . . . . 2.4 Analyzing Wi-Fi Network Traffic . . . . . . . 2.4.1 Information From All Frames . . . . . 2.4.2 Information From Data Frames . . . . 2.4.3 Information From Management Frames 2.4.4 Summary . . . . . . . . . . . . . . . . 2.5 Software Tools . . . . . . . . . . . . . . . . . . 2.5.1 Kismet . . . . . . . . . . . . . . . . . . 2.5.2 TCPDump . . . . . . . . . . . . . . . 2.5.3 Ethereal . . . . . . . . . . . . . . . . . 2.5.4 Netstumbler . . . . . . . . . . . . . . . 2.5.5 GPS Map Plotter . . . . . . . . . . . . 2.6 Results From Warbiking in Parts of Bergen . . 2.7 Conclusion . . . . . . . . . . . . . . . . . . . . v . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 2 3 5 5 6 6 6 8 8 8 9 10 12 13 14 14 15 16 17 17 18 19 20 20 21 21 21 3 Breaking the Security of Wi-Fi 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.1 Connection/Access Protocol in Wi-Fi Networks . . . . . . . . 3.3 Wired Equivalent Privacy (WEP) . . . . . . . . . . . . . . . . . . . . 3.3.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.2 Breaking Confidentiality . . . . . . . . . . . . . . . . . . . . . 3.3.2.1 Recover WEP Key—RC4 Key Scheduling Weakness 3.3.2.2 Recover a Passphrase Seeded WEP key . . . . . . . . 3.3.2.3 Double Encryption . . . . . . . . . . . . . . . . . . . 3.3.2.4 Inductive Chosen Plaintext Attack . . . . . . . . . . 3.3.2.5 IV and Key Sequence Database . . . . . . . . . . . . 3.3.2.6 Redirecting packets . . . . . . . . . . . . . . . . . . . 3.3.2.7 Brute-Force the WEP Key . . . . . . . . . . . . . . . 3.3.3 Breaking Authentication . . . . . . . . . . . . . . . . . . . . . 3.3.3.1 The Authentication Mechanism . . . . . . . . . . . . 3.3.3.2 One-Way Authentication . . . . . . . . . . . . . . . . 3.3.3.3 Anyone Can Get Authenticated . . . . . . . . . . . . 3.3.3.4 Circumvent by Spoofing . . . . . . . . . . . . . . . . 3.3.4 Packet Injection . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.4.1 Obtaining a Key Sequence . . . . . . . . . . . . . . . 3.3.5 “IV Acceleration” . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.5.1 Retransmission . . . . . . . . . . . . . . . . . . . . . 3.3.5.2 Forcing Re-authentication . . . . . . . . . . . . . . . 3.3.5.3 Utilizing a Known Key Sequence . . . . . . . . . . . 3.3.5.4 Inducing Traffic in an Empty Network . . . . . . . . 3.3.5.5 Results . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.6 Summary on Software Tools . . . . . . . . . . . . . . . . . . . 3.4 Wi-Fi Protected Access (WPA) . . . . . . . . . . . . . . . . . . . . . 3.4.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.1.1 WPA-PSK . . . . . . . . . . . . . . . . . . . . . . . 3.4.2 Breaking Confidentiality . . . . . . . . . . . . . . . . . . . . . 3.4.2.1 Recovering a Passphrase Seeded WPA Key . . . . . . 3.5 Security Supplements . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5.1 Bypassing Medium Access Control (MAC) Address Filters . . 3.5.1.1 Avoiding Interference . . . . . . . . . . . . . . . . . . 3.5.2 Defeating Captive Portals . . . . . . . . . . . . . . . . . . . . 3.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 23 24 24 25 25 26 27 30 31 33 36 36 37 38 38 39 39 40 40 41 42 42 44 44 45 45 46 47 47 47 47 48 50 50 50 52 52
- Xem thêm -

Tài liệu liên quan