Shark: A Wireless Internet Security Test Bed

Senior Design Project May07-09

Stephen Eilers

Jon Murphy

Alex Pease

Jessica Ross

Faculty Advisor and team

• Dr. Steve Russell– Associate Professor

• Electrical and Computer Engineering

• sfr@iastate.edu

• Adrienne Huffman– Graduate Student

• Computer Engineering• adnihuff@iastate.edu

• Jon Murphy• Computer Engineering• jwmurph@iastate.edu

• Steve Eilers• Computer Engineering• seilers@iastate.edu

• Alex Pease• Computer Engineering• Alex.pease@iastate.edu

• Jessica Ross• Computer Engineering

and Mathematics• rossjr@iastate.edu

Definitions

• ARP – Address Resolution Protocol• IV – Initialization Vector• L2TP – Layer 2 Tunneling Protocol• PPTP – Point to Point Tunneling Protocol• Radius – Remote Authentication Dial In User

Service• SSL – Secure Socket Layer• WEP – Wired Equivalency Privacy• WPA – Wi-Fi Protected Access• VPN – Virtual Private Network

What is SHARK?

• SHARK is a wireless security network to be used to study security related issues on wireless networks

• Tool to teach interested students about wireless security

• Report statistics about attackers and methods used to researchers at ISU

• Deployable to any remote location

Why SHARK?

• Client’s Last Semester as Professor, wants project finished

• Educated college students about 802.11 security

• Give students something fun to do

Limitations

• SHARK must be portable and extendable

• Initial build of the SHARK system must consist of three or fewer computers

• SHARK must be built within a $150 budget

• Must use public domain software• Must be capable of collecting research

data

Intended Users

• Primary– College students in computer related fields– Know the basics of wireless networking

• Secondary– Interested community members– People looking for a free access point

Intended Uses

• Primary– Learning tool for students– Study methods of wireless attacks– Study basic network security– Legal and ethical way for students to

participate in hacking exercises

SHARK Node

SharkUbuntuSquid

Void11ApacheMysql

WireShark

SHARK – Software• Ubuntu• Squid

– Web proxy cache• Direct traffic to appropriate places

• Apache– Used to create local web-server login/registration

• Keep track of users

• MySQL– Database

• WireShark/Ethereal– Network Protocol Analyzer

• Captures all traffic on SHARK Network

Levels of Security

• SHARK has five levels of security– Guppy

• No security, used for basic registering on network– Clownfish

• WEP security– Swordfish

• Rotating WEP security– Barracuda

• WPA security– SHARK

• RADIUS security

• Provides statistical data on hacking patterns

Wired Equivalent Privacy (WEP)

• 64-bit WEP 128-bit WEP• Same 24bit IV Stream• Flaws in WEP

– Repeating IV– Short– Stream Cipher

• XOR is bad

• Aircrack, airodump, airdecap• http://www.linux-wlan.org/docs/wlan_adapters.html.gz

• No magic number of IV’s– 250,000 – 400,000 for 40 bit– 750,000 – 2M + for 104 bit

• More users = more IV’s sent = More IV’s that are re-used

• Can read packets if IV is re-used but key not broken yet

Breaking WEP Down

WPA

• Software update to WEP (closely related to rotating WEP)– Re-keying– No more weak IV packets

• Pre-shared Key– Only as strong a pasephrase

• Extensible Authentication Protocol (EAP) – User authentication – Radius

Traffic Generator – Baiting the Hook

• Breaking WEP and WPA encryption– Attackers must analyze thousands of packets

7-of-9

• Off-the-Shelf wireless access point– Provides generic internet access– Traffic is captured and compared to

SHARK traffic

Network View Analysis Subnet

Internet

Sharkweb

smallboxvirtualnet

hub

D-Linkrouter

Network Pros/Cons

• Pros– One external IP– Firewall– branches

• Cons– extensive

forwarding

Machine Breakdown

VirtualNetUbuntu

Xen

SmallBoxSUSESnort

WireSharkMysql

Apache

SharkwebFreeBSDApacheMysqlphp

SmallBox

• Captures traffic on SHARK• Stores and Analyzes data

– Packet Capture WireShark– Filter Snort– Webserver Apache

Sharkweb

When attackers break into SHARK, are forwarded here

• Logged into database

– Webserver Apache– Web Utilities MySQL, PHP

Virtualnet

• Simulates additional machines running services without adding cost of physical machines

– OS Ubuntu– Virtual Machine Manager Xen

Virtual Machines

• VM 1– Mimicking a standard server

• VM 2– Tarpit

• Delays incoming connections for as long as possible

• VM 3– HoneyD

• Confuse attackers to think it has open ports

Secure Tunneling•VPN

–Provide secure communications over unsecured networks

•Benefits–Provides the level of security we desire

•Downsides –If SHARK is compromised, they have direct access to our network

•Solution –Scripting for “on-the-fly” configuration

Secure Tunneling – VPN• One of the only ways to

provide a secure and extensible way to access the SHARK machines

• Need the ability to create multiple VPN sessions, so a VPN server is required

• Multiple solutions available

– PPTP

– L2TP

– SSL

Status of SHARK

• Completed– All computers have main software packages installed and

configured– Order for parts has been placed– Xen server fully configured– Portal redirect

• In Progress– Open access point for registering– Virtual machines up and running

• In Concept– VPN– Radius Server– Data Statistics and Heuristics

Testing

• Target Audience CPRE 537 wireless Security Class

• CONTEST– Open Registration week 1– WEP weeks 2,3– WPA week 4– Rotating WEP week 5– RADIUS week 6– Results week 7– Basic Analysis week 8

Hours and Resources

Hours (current) Cost ($10.50/hr)Steve Eilers 60 $630.00

Alex Pease 86 $903.00

Jon Murphy 58 $609.00

Jessica Ross 50 $525.00

Wireless AP $49.99

Router $39.99

Hub Donated (2)

Computers Donated (3)

Wireless Cards $39.99

Total 254 $2796.97

Future Uses

• Make the automation of tasks smoother• Better documentation• Increase the number of fields for

registration.

Commercialization

• This project is a research project and is not intended for commercialization.

Questions?