![Page 1: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/1.jpg)
• Description: 802.11 Wifi Security
• Lecturer: Guillaume Jeanne
All your Wireless belongs to us
SecurIMAG
2012-03-01
WARNING: SecurIMAG is a security club at
Ensimag. Thoughts, ideas and opinions are not
related to Ensimag. The authors assume no
liability including for errors and omissions.
¡¡_ (in)security we trust _!!
Grenoble INP
Ensimag
![Page 2: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/2.jpg)
Presentation : Guillaume Jeanne
2 SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
• Parcours :
• Prepa MP* au lycée Claude-Fauriel (Saint-Etienne, 42)
• 1A ENSIMAG
• Why SecurIMAG ? (the ultimate question)
• I've always been fascinated by computer
security and how we could divert an object from
its normal use. (hacking)
• Contact :
• guillaume.jeanne{(_a\.t_)}ensimag.fr
![Page 3: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/3.jpg)
Outline
3 SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
802.11b WEP - How it works - WEP Security Problems 1/ Reuse the byte sequence 2/ Fluhrer, Mantin and Shamir attack - Demo
WPA - Changes - WPA Security Problems 1/ Dictionary attack - Demo
![Page 4: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/4.jpg)
Reminder of French Law
4
Art.323-1
« Le fait d’accéder ou de se maintenir, frauduleusement,
dans tout ou partie d’un système de traitement automatisé
de données est puni de deux ans d’emprisonnement et
de 30 000 euros d’amende.
Lorsqu’il en est résulté soit la suppression ou la
modification de données contenues dans le système, soit
une altération du fonctionnement de ce système, la peine
est de trois ans d’emprisonnement et de 45 000 euros
d’amende. »
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 5: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/5.jpg)
802.11b, Wired Equivalent Privacy (WEP)
5
• 802.11: a (1999), b(1999), g(2003), n (2009)
• Security (1999):
• Data encryption: Wireless Equivalent Privacy “WEP”
• Authentication: o Shared Key Authentication “SKA” (WEP is used during
authentication)
o Open System Authentication (no authentication occurs)
• Beginning: 40bits keys (U.S. law), WEP2 : 104bits
• Severely criticized for its lack of security
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 6: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/6.jpg)
WEP, How it works ? Emission
6
• Message M (unencrypted)
• Control Function : CRC32 (to check integrity)
• RC4 Encryption :
IV (Initialization vector) (24 bits) + WEP key (104 bits)
RC4( )=
M
M CRC(M)
IV WEP Key RC4(Seed)
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 7: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/7.jpg)
WEP, How it works ? Emission
7
⊕
=
M CRC(M)
RC4(Seed)
IV (24 bits) encrypted message C
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 8: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/8.jpg)
WEP, How it works ? Reception
8
• exactly the same thing !
• retrieves the IV, concatenates it with wep key, encrypt
with RC4, xor with the encrypted message. calculates
the checksum and check it.
RC4( )
=
⊕
=
IV WEP Key
RC4(Seed)
encrypted message C
M
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 9: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/9.jpg)
Shared Key Authentication “SKA”
9
• Four Way Handshake using the WEP password (secret
key)
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 10: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/10.jpg)
Outline
10 SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
802.11b WEP - How it works - WEP Security Problems 1/ Reuse the byte sequence 2/ Fluhrer, Mantin and Shamir attack - Demo
WPA - Changes - WPA Security Problems 1/ dictionary attack - Demo
![Page 11: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/11.jpg)
WEP, Security problems
1/ Reuse the byte sequence
11
1/ Reuse the byte sequence Principle:
• A = M1 ⊕ RC4(Seed)
• B = M2 ⊕ RC4(Seed)
• A ⊕ B = M1 ⊕ RC4(Seed) ⊕ M2 ⊕ RC4(Seed) =
M1 ⊕ M2
• If you know M1, you can deduce M2 : (and vice versa)
M2 = M1 ⊕ M2 ⊕ M1
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 12: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/12.jpg)
WEP, Security problems
1/ Reuse the byte sequence
12
• Question : how to know M1…?
easy; M1 is a internet packet. known structure.
social engineering : send an email; contents will be
encrypted by the wep key…
BUT
• The aim of the IV is to encrypt the packets differently,
then the principle explained above will not work…
except if…
• the same IV is reused ! It’s easy to detect because IVs
are not encrypted.
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 13: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/13.jpg)
WEP, Security problems
1/ Reuse the byte sequence
13
• You shall not reuse the same IV !
• But…IVs are only 24 bits so IVs are necessarily reused.
• There is a 50% chance IV will be reused after 4823
packets !
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 14: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/14.jpg)
Annex : Birthday Paradox
14
• Problem : how many people are needed in order that the
probability of 2 of them being born on the same day is
1/2 ?
• …
• Only 23
• Explanations :
(23*22)/2=253 pairs
failure rate for each pair :
1-1/365=99,726%
(1-1/365)^253=49,9%
=> 50,1% success
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
(this is not a lie! )
![Page 15: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/15.jpg)
Annex : Birthday Paradox table
15
n p(n)
10 11.7%
20 41.1%
23 50.1%
30 70.6%
50 97.0%
57 99.0%
100 99.99997%
200 99.9999999999999999999999999998%
300 (100 − (6×10−80))%
350 (100 − (3×10−129))%
365 (100 − (1.45×10−155))%
366 100% SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 16: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/16.jpg)
WEP, Security problems
1/ Reuse the byte sequence
16
Application here
• ½ (4823 x 4822 ) = 11 628 253 pairs
• failure rate for each pair : 1- ½^24
• [1-(½^24)]^ 11 628 253 = 50,00%
50% success
4,823s (8Mbit/s, 1ko)
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 17: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/17.jpg)
Outline
17 SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
802.11b WEP - How it works - WEP Security Problems 1/ Reuse the byte sequence 2/ Fluhrer, Mantin and Shamir attack - Demo
WPA - Changes - WPA Security Problems 1/ Dictionary attack - Demo
![Page 18: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/18.jpg)
WEP, Security problems
2/ Fluhrer, Mantin and Shamir attack
18
2/ Fluhrer, Mantin and Shamir attack
• The most famous WEP attack.
• published in a 2001 paper titled “Weaknesses in the Key
Scheduling Algorithm of RC4” (1)
• implemented in AirSnort and Aircrack.
• exploits the weaknesses of the RC4 key generation
algorithm and IVs.
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 19: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/19.jpg)
WEP, Security problems
2/ Fluhrer, Mantin and Shamir attack
19
RC4 key generation algorithm
• Generate two tables S and K of a size of 256 bytes
• Initialize the table S by the integers from 0 to 255 (state
table)
• Fill-in the table K with the secret key
• Pseudo-randomly permute the table S using the secret
key
• Pseudo-randomly permute the table S with itself
• Xor the sequence obtained of the table S with the flow of
data
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 20: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/20.jpg)
WEP, Security problems
2/ Fluhrer, Mantin and Shamir attack
20
The attack
• Some IVs provide information about the secret key via
their first byte, these IVs are called low IVs and are of
the form (A+3, N-1, X) (3 bytes) where :
• A is the byte of the key to attack
• N = 256 because RC4 is modulo 256
• X is between 0 and 255
For each byte of the key, there are 256 low IVs.
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 21: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/21.jpg)
WEP, Security problems
2/ Fluhrer, Mantin and Shamir attack
21
• The first byte of a 802.11b packet matches the SNAP
header and it is almost always 0xAA.
output = 0xAA ⊕ FirstByte
• Now you can attack, here is the algorithm : (KSA)
begin ksa(with int keylength, with byte K[keylength]) for i from 0 to 255 S[i] := i endfor j := 0 for i from 0 to 255 j := (j + S[i] + K[i mod keylength]) mod 256 swap(S[i],S[j]) endfor End
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 22: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/22.jpg)
WEP, Security problems
2/ Fluhrer, Mantin and Shamir attack
22
Explanation:
• First Key Byte : low IVs (A=0) [3,15,2,1,2,3,4,5] (mod 16)
• K[] =
• S[] =
• KSA :
1) i=0, j=0+0+3=3, S[] =
2) i =1, j=3+1+15=3, S[] =
3) i=2, j=3+2+2=7, S[] =
First byte = output – j – S[i] = 9 – 7 – 1 = 1
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
3 15 2 X X X X X 3 15 2 X X X X X
3 1 2 0 …
3 0 2 1 4 5 …
3 0 7 1 4 5 6 2 8 9 10 11 12 13 14 15
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 23: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/23.jpg)
WEP, Security problems
2/ Fluhrer, Mantin and Shamir attack
23 SecurIMAG - title - author - date
• Second Byte, [4,15,9,1,2,3,4,5]
• K[] =
• S[] =
• KSA :
1) j=4, S[]=
2) j=4, S[]=
3) j=15,S[]=
4) j=3, S[]=
Second Byte = 6 – 3 – 1 = 2
4 15 9 1 X X X X 4 15 9 1 X X X X
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 1
15 2
4 0
![Page 24: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/24.jpg)
WEP, Security problems
2/ Fluhrer, Mantin and Shamir attack
24
• but in reality : a 5% chance that the byte is true (for 1 IV)
• => repeat this for several IVs (X varies)
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 25: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/25.jpg)
WEP, Security problems
2/ Fluhrer, Mantin and Shamir attack
25
• Consequences
• Ability to modify the packets (integrity loss)
• Ability to authenticate
• « Solutions »
• increasing the size of the WEP key (and/or the
possible space of the IV) is not enough (B’day
paradox)
• we should rely on another kind of cipher (eg: block
cipher, see WPA)
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 26: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/26.jpg)
WEP, Security problems
2/ Fluhrer, Mantin and Shamir attack
26
Furthermore
• Breaking 104 bit WEP in less than 60 seconds (2)
• In 2007, Erik Tews, Andrei Pychkine, and Ralf-Philipp
Weinmann were able to extend Klein's 2005 attack and
optimize it for usage against WEP. With the new attack it
is possible to recover a 104-bit WEP key with probability
50% using only 40,000 captured packets.
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 27: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/27.jpg)
DEMO
27 SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 28: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/28.jpg)
28
Outline
28 SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
802.11b WEP - How it works - WEP Security Problems 1/ Reuse the byte sequence 2/ Fluhrer, Mantin and Shamir attack - Demo
WPA - Changes - WPA Security Problems 1/ Dictionary attack - Demo
![Page 29: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/29.jpg)
802.11i, Wi-Fi Protected Access (WPA & WPA2)
29
• WPA became available around 1999.
• WPA2 around 2004
• Following serious weaknesses researchers had found in
the previous system (WEP).
• Changes: • Temporary Key Integrity Protocol (TKIP)
o still RC4 but:128 bits key/packet
o rekeying mechanism (frequently change, avoiding collisions)
o the ICV field is replaced by
– a MICHAEL integrity check (64 bits)
– sequence number for each packet (replay protection)
• AES (block cipher), optionnal in WPA o Mandatory in WPA2
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 30: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/30.jpg)
WPA, Security problems
dictionary attack
30
Dictionary attack
• test all the words in a dictionary
• It’s the only wpa attack which allows to recover the key
existing in aircrack
• Concretely you should disconnect a station from the
network and you then capture the packet it sends to
reconnect (Handshake)
• Then you can launch the attack
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 31: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/31.jpg)
Problem 1 : Storage
31
• dictionaries are very heavy to store
• 5 characters key (uppercase lowercase numbers): 458 Mo
• 10 characters key :
8392993 To
• 63 characters key :
5,25e+99 Po SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 32: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/32.jpg)
Problem 1 : Solution
32
• generate the dictionary on the fly !
• Crunch (3.2)
http://sourceforge.net/projects/crunch-wordlist/
• Pipe « | » on aircrack
/pentest/passwords/crunch/./crunch 10 10 0123456789abc[…]xyz –o wordlist.txt
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 33: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/33.jpg)
Problem 2 : Time
33
• Dictionary attack is very long
• Time = O(n²)
• double the length => time will be
squared
• Question : how to speed up the attack?
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 34: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/34.jpg)
Accelerate the attack
34 SecurIMAG - title - author - date
ElcomSoft Distributed Password Recovery (3)
• Support for NVIDIA CUDA cards, ATI Radeon and
Tableau TACC1441 hardware accelerators.
• Allows up to 64 CPUs or CPU cores and up to 32 GPUs
per processing node
• Distributed password recovery over LAN,
Internet or both.
![Page 35: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/35.jpg)
Accelerate the attack
35 SecurIMAG - title - author - date
Application family
Applications Extensions Type of
recovery Password
types Hardware
Acceleration
Microsoft Office 2007
Word, Excel, PowerPoint, Project
.DOCX,
.XLSX,
.PPTX, password
file opening password
NVIDIA ATI
Tableau
Microsoft Office 2007
Access .ACCDB password file opening password
Microsoft Office 2010
Word, Excel, Access, PowerPoint
.DOCX,
.XLSX, .PPTX password
file opening password
NVIDIA ATI
Tableau
Microsoft Office
XP/2003 Word, Excel, PowerPoint
.DOC, .XLS,
.PPT password
"open" password only
Microsoft Office
97/2000 Word, Excel .DOC, .XLS password
"open" password only
Microsoft Office
97/2000 Word, Excel .DOC, .XLS key
"open" password only - guaranteed decryption
![Page 36: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/36.jpg)
OpenDoc word processing (text) documents
.ODT, .OTT,
.SXW, .STW password NVIDIA
OpenDoc spreadsheets .ODS, .OTS, .SXC, .STC
password NVIDIA
OpenDoc presentations .ODP, .OTP, .SXI, .STI
password NVIDIA
OpenDoc graphics/drawing .ODG, .OTG, .SXD, .STD
password NVIDIA
OpenDoc formulae, mathematical equations
.ODF, .SXM password NVIDIA
Microsoft Money .MNY password
Intuit Quicken1 .QDF password
PGP and Open-Key Passwords
PGP zip archives1 .PGP password
PGP and Open-Key Passwords
PGP secret key rings .SKR password
![Page 37: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/37.jpg)
37 SecurIMAG - title - author - date
Adobe Acrobat
PDF with 256-bit encryption
.PDF password "user" and "owner" password
Adobe Acrobat
PDF with 128-bit encryption
.PDF password "user" and "owner" password
Adobe Acrobat
PDF with 40-bit encryption
.PDF password "user" and "owner" password
Adobe Acrobat
PDF with 40-bit encryption
.PDF key
"user" password - guaranteed decryption
System Passwords
Microsoft Windows NT, 2000, XP, 2003, Vista
password logon passwords (LM/NTLM)
NVIDIA2
System Passwords
Microsoft Windows password SYSKEY startup passwords
System Passwords
Microsoft Windows password
DCC (Domain Cached Credentials) passwords
NVIDIA2
![Page 38: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/38.jpg)
38
System Passwords
UNIX password users’ passwords
System Passwords
Wireless networks Password
WPA and WPA2 passwords
NVIDIA ATI
Tableau
iPhone/iPod/iPad backup
iTunes password NVIDIA
ATI Tableau
BlackBerry backup
BlackBerry Desktop Software (old)
.IPD, .BBB password AES-NI3
Mozilla, FireFox, Thunderbird
password master passwords
BlackBerry backup
BlackBerry Desktop Software (6.0+ for Windows, 2.0+ for Mac)
password NVIDIA
ATI Tableau
Apple iWork
Pages, Numbers, Keynote .pages, .numbers, .key
password password to open
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 39: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/39.jpg)
Performance comparison
39
• 10x faster on Nvidia 8800GT than on Core2Duo 3,3Ghz
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 40: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/40.jpg)
But … it is relative
40
• 5 characters WPA key brut force attack:
1 day and 18 hours vs 16 days and 4 hours
• 10 characters WPA key brut force attack:
1 551 683 291 days (4251 millennium)
…a WPA2 key can have 63 characters
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 41: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/41.jpg)
Full CUDA on Backtrack
41
• CUDA natively used by Backtrack (and more particularly
crunch and aircrack)
http://www.offensive-security.com/
documentation/backtrack-4-cuda-
guide.pdf
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 42: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/42.jpg)
WPA & WPA2 Conclusion
42
• How to improve the attack :
• Use Rainbow tables
• here 120Go hash of LanManager of Windows:
http://www.korben.info/UserFiles/File/hak5_rtables_lm_
all_1-7.torrent
• How to protect yourselves :
• Use key > 10 characters
• Use special characters
• Change the default password
SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 43: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/43.jpg)
Annex : Rainbow table
43 SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 44: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/44.jpg)
DEMO
44 SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 45: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/45.jpg)
References
45
• (1) http://aboba.drizzlehosting.com/IEEE/rc4_ksaproc.pdf
• http://en.wikipedia.org/wiki/Fluhrer,_Mantin_and_Shamir_
attack
• http://en.wikipedia.org/wiki/RC4
• http://en.wikipedia.org/wiki/Birthday_problem
• Jon Erickson ”Hacking: The Art of Exploitation”
• (2) Breaking 104 bit WEP in less than 60
seconds :http://eprint.iacr.org/2007/120.pdf
• http://jwis2009.nsysu.edu.tw/location/paper/A%20Practica
l%20Message%20Falsification%20Attack%20on%20WPA
• (3) http://www.elcomsoft.com/edpr.html SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01
![Page 46: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/46.jpg)
References
46
• http://www.offensive-
security.com/documentation/backtrack-4-cuda-guide.pdf
• http://sourceforge.net/projects/crunch-wordlist/
![Page 47: All your Wireless belongs to us - ENSIMAG...2012/03/01 · All your Wireless belongs to us SecurIMAG 2012-03-01 WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and](https://reader034.vdocuments.net/reader034/viewer/2022042311/5ed92f776714ca7f47694dcb/html5/thumbnails/47.jpg)
Questions ?
47 SecurIMAG - Wifi Security – Guillaume J. – 2012/03/01