Scrutinizing Wpa2 Password Generating Algorithms In-Books Pdf

Scrutinizing WPA2 Password Generating Algorithms in
03 Mar 2020 | 41 views | 0 downloads | 13 Pages | 463.38 KB

Share Pdf : Scrutinizing Wpa2 Password Generating Algorithms In

Download and Preview : Scrutinizing Wpa2 Password Generating Algorithms In

Report CopyRight/DMCA Form For : Scrutinizing Wpa2 Password Generating Algorithms In



Transcription

cos and Internet Service Providers ISPs in The Nether ment 2 These guidelines propose that the correspond. lands directly supply their customers with an ASDL or ing vendors be informed six months prior to full disclo. Cable Internet modem Nowadays almost all modems sure giving them ample time to resolve the issues in. have the wireless router functionality embedded into the form their customers and hence preventing widespread. device Therefore these routers are currently massively abuse We informed the Dutch government as well as. deployed and used in The Netherlands all major Telcos and ISPs in the Netherlands in an early. We discovered that the tested routers generate wireless stage about the finding in our research Consequently we. passwords by applying insecure proprietary obfuscation are currently coordinating a national notification to the. algorithms The algorithms utilized in Dutch routers gen general public together with the Dutch National Cyber. erate easy to predict network names and weak wireless Security Centre NCSC formerly known as GovCERT. passwords The output is derived from public or pre which is part of the Dutch Ministry of Security and Jus. dictable information such as broadcast messages and in tice. cremental serial numbers Moreover we verified with. practical experiments that the WPA2 password of routers Overview The remainder of this paper is organized as. that utilize such password generating functions can be follows The related work is outlined in Section 2 Sec. recovered within minutes tion 3 presents the technical background which intro. duces the techniques used later in this paper Next we. Impact We have carried out invasive attacks to reverse present a general router security analysis methodology in. engineer several wireless routers and concluded that the Section 4 Five concrete use cases of router security anal. default wireless keys are trivial to recover taken into ac ysis are presented in Section 5 Then we evaluate several. count that an adversary has access to the algorithm In mitigating measures and possible solutions in Section 6. the research we have successfully recovered the propri Finally the conclusion of our study is given in Section 7. etary algorithms from several major Dutch Telcos and. ISPs An adversary can mount practical attacks against 2 Related work. those wireless networks to recover the password within This section contains the related work to our research. minutes and use the compromised internet connection for We have not limited ourselves to refer only to the aca. fraudulent activity Possible abuses include stealing sen demic literature The reason for this is purely practi. sitive information manipulating online electronic bank cal Most of the related research is published in blog. activity infect client s computers with malware or sim posts which are scattered over the Internet This section. ply commit digital crimes through the Internet connec starts with a general overview of wireless security issues. tion of the customer such as downloading child pornog Then it addresses related research about password gen. raphy erating algorithms Finally it gives a quick overview of. Although we have limited our research to analyzing related reverse engineering projects which also analyzed. the security of Dutch wireless routers we have strong in the security of wireless routers. dications that many more routers are affected worldwide. Especially since the same routers are being used by a 2 1 Wireless security. number of other Telcos and ISPs in various countries There are several protection mechanisms introduced in. the last few decades including the well known and, Contribution The contribution of this paper is mani. widely deployed techniques Wired Equivalent Privacy. fold First we show how a malicious adversary can in. WEP Wi Fi Protected Access WPA and Wi Fi Pro, stantly force a client to re authenticate with the router. tected Access II WPA2 The first two techniques are. This allows the interception of a complete successful au. known to be vulnerable to several attacks 3 4 5 6 7 8. thentication trace Such a trace can be used to offline ver. 9 10 11 12 13 14 15 Recently there are also some, ify a router password candidate and quickly eliminates. issues identified regarding WPA2 16 17 18 However, false positives Then we present a general methodol. as far as the authors know there is currently no practical. ogy how we recovered custom and proprietary hash al. password recovery attack proposed in the literature that. gorithms from several Dutch routers We expect that our. can be mounted against the WPA2 protocol, method enables fellow researches and computer security.
Some wireless routers support the Wi Fi Protected, experts to perform a similar risk analysis of the wireless. Setup WPS authentication protocol It enables a com. router infrastructure in their country Finally we present. puter to connect with the wireless network by entering a. use cases which practically demonstrate the insecurity of. single 8 digits PIN code instead of a long wireless pass. a number routers which are currently deployed by mil. word The WPS protocol itself is vulnerable to a on. lions of users, line practical brute force attack Suck attack can retrieve. Responsible Disclosure We have strictly followed the the PIN code from a WPS enabled router within a few. responsible disclosure guidelines of the Dutch govern hours 19 or in a few seconds when weak Pseudo Ran. dom Number Generators PRNG are used to initialize Such methods include the JTAG debugger 48 and serial. the credentials 20 However modern routers have ef communication peripherals 49 Most of these firmware. fective countermeasures against such attacks Examples recovery techniques can be carried out by using the Bus. include a physical button that enables WPS for only one Pirate 50 shown in Figure 2 which is an off the shelf. minute and a limited number of sequential failed authen open hardware device that costs only USD 30 It sup. tication attempts ports a variety of communication buses and hardware. protocols such as I2C SPI 1WIRE UART and JTAG, 2 2 Password generating algorithms. There were a number of incidents in the last decade 3 Introduction to WPA2. that concerned insecure WPA2 password generating al The WPA2 protocol can be set up in Enterprise or Per. gorithms in routers However there is no general study sonal mode Enterprise mode uses a 802 1x RADIUS. published in the literature that addresses this issue specif server for the authentication process whereas WPA2 per. ically Most of the incidents were made public in Internet sonal uses a pre shared key PSK Domestic networks. blog posts or in Common Vulnerabilities and Exposures normally use WPA2 personal Unlike RADIUS server s. CVE reports online authentication WPA2 personal does not rely on. The publication of the Thomson routers 21 had a se a Diffie Hellman key exchange however the shared se. rious impact for major ISP that is active in The Nether cret must be previously established between the two par. lands In 2008 the ISP had massively deployed the ties using a separate channel In this section we first. vulnerable Thomson Speedtouch 780 router After pro introduce the key derivation of the WPA2 PSK proto. actively informing their customers the ISP has now re col Then we explain how the mutual authentication is. placed most of these vulnerable routers performed Finally we describe the deauthentication re. Similar issues exist with routers from ADB Pirelli quest that is included in the WPA2 protocol. Several recent studies 22 23 24 25 26 27 show that. it is trivial to recover the default WPA2 password Fur 3 1 WPA2 key derivation. thermore issues were found in Comtrend routers 28 WPA2 PSK uses the key derivation function called. that are used by a large Spanish ISP The researchers PBKDF2 Password Based Key Derivation Function. claim to have notified the manufacturer and ISP about 2 51 to compute the shared secret key PMK The. these issues more than five years ago However it seems PBKDF2 function requires the following input. that these vulnerable routers are still actively being used. Derived Key PBKDF2, in Spain Then issues exist within Arcadyan routers. pseudo random function, A forum post from 2011 29 points out that the pass.
word generating function is actually published in the. form of a patent 30 After the discovery several vari. iterations, ants of this algorithm were identified in other Arcadyan. derived key length, routers 31 32 33 Finally a number of consumer. routers exist containing weak password generating algo. rithms 34 35 36 37 38 39 40 Most of these con, sumer routers are currently still being sold in common PBKDF2 combines the password pw and the wireless. consumer electronics stores network identifier ssid as cryptographic salt to iterate a. certain amount of times until obtain a derived key called. 2 3 Reverse engineering routers Pairwise Master Key PMK WPA2 applies the function. We identified several publicly available blog posts 4096 iterations to generate a 256 bits key by computing. that specifically focus on reverse engineering wireless a HMAC SHA1 of the passphrase and ssid. routers 41 42 37 32 We have generalized their tech. niques and approaches in our methodology and use them PMK PBKDF2 HMAC SHA1 pw ssid 4096 256. to structure our analysis phase, In this study we use non invasive to invasive meth 3 2 WPA2 authentication. ods 43 44 to recover the firmwares of the routers Once this PMK is generated with the shared secret in. The methods we used are de both sides of the communication a 4 way handshake. scribed in detail in Section 4 1 which performs mutual authentication that proofs both. Furthermore publicly avail sides have access to the shared secret PMK see 52 for. able tutorials demonstrate how more details A simplified overview of the authentication. to interface embedded hard procedure is shown in Figure 3. ware without requiring expen Once authenticated the WPA2 protocol uses the Ad. sive lab equipment 45 46 47 Figure 2 Bus Pirate vanced Encryption Standard AES 53 in CCM encryp. Computer C Router R, of the shared secret PMK The only requirement is that.
Authentication challenge C the adversary needs to spoof the network MAC address. Authentication challenge R response C, of the router which is a trivial exercise Additionally. the MAC address of the client has to be known since it. Authentication response R, is used as the destination address of the deauthentica. Authentication Acknowledge, tion packet However some clients will even accept the. Authenticated Authenticated packet in case it is sent to the broadcast address. Encrypted communication After receiving the packet a client will immedi. ately terminate the connection to the router The client. will then automatically re connect and authenticate it. self again The adversary now simply records the 4 way. Figure 3 Simplified WPA2 authentication 52 handshake This handshake can be used later to perform. an offline key recovery attack, tion mode 54 55 as specified in 52 to protect the. There are currently a few open source attack tools. confidentiality and authenticity of the messages that are. available that can forge and inject a deauthentication. transmitted between the computer and the router, packet into an active wireless connection between a com.
3 3 WPA2 deauthentication puter and a router 58 59 60 Furthermore there are. The WPA2 protocol suffers just like many other 802 11 several publicly available tutorials show how such an at. based networks from a serious security weakness These tack can be executed in practice with the use of only or. protocols support a deauthentication and deassociation dinary consumer hardware 61 62 63 64 65. request which allows an entity to gracefully disconnect. from the wireless network Moreover to let computers to. 4 Methodology, disconnect which do not have the correct cryptographic In this section we will go over the steps of obtaining the. credentials or became out of sync the deauthentication WPA2 default key generating algorithm from a router. packet is not cryptographically protected in any kind 4 1 Obtaining the firmware. Such a feature can be convenient to use from an engi There are a number of ways to recover the embedded. neering perspective However it also introduces a seri firmware of a router They mostly vary in invasiveness. ous security issue since it allows an adversary to mount and difficulty. a deauthentication attack to instantly gather all the infor. mation that is required to recover the wireless password 4 1 1 Downloading from the manufacturer s web. The problem was first discussed in 56 and later further site. analyzed in 57 Figure 4 shows a simplified procedure Obtaining the firmware can be as simple as visiting the. that an adversary would perform to mount a deauthenti manufacturer s website selecting the router model and. cation attack downloading the image Though this is typically not. the case for routers deployed by ISPs For such routers. Computer C Adversary A Router R there seems to be a general reluctance against offering. Encrypted communication firmware images for download Though this may ham. Deauthentication notification per an adversary in obtaining the firmware and eventually. the WPA2 default key generating algorithm it is not to be. Deauthenticated, considered a proper defense strategy as will be demon<. Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers Eduardo Novella Lorente Carlo Meijer The Kerckhoffs Institute The Kerckhoffs Institute Radboud University The Netherlands Radboud University The Netherlands ednolo alumni upv es carlo youcontent nl Roel Verdult Institute for Computing and Information Sciences

Related Books

ARTHURIAN LEGEND A Z

ARTHURIAN LEGEND A Z

the knights had equal status Squire A knight in training who assisted the knight with his armor weapons and horses Artie and his friends aren t technically squires but since they re all new to this knight thing they spend a lot of time training And who needs a squire when you have Bercilak to show off all the cool weapons

785 6 0

 785 6 0

Tadano Mantis cranes are engineered as VERSATILE heavy duty machines We match massive steel fabrications with diesel engines and state of the art hydraulics to provide a POWERFUL crane that meets the toughest demands in full load pick and carry as well as lift applications MANTIS the one DEPENDABLE crane that does it all on your jobsite ACC ESS W ALK WAYS AUGER KIT AND POLE C LAW LIGHT BAR

False Sense of Security A Study on the Effectivity of

False Sense of Security A Study on the Effectivity of

For instance for the most recent version of iOS 12 1 which has been released on October 30 2018 a jailbreak has been announced 5 and publicly demonstrated on the latest iPhone 6 only a week after However rooting or jailbreaking a device is a privilege escalation attack that also involves the removal of essential security measures of the underlying operating system and thus opens

Security Audit Report Threema 2019

Security Audit Report Threema 2019

Security Audit Report Threema 2019 Fabian Ising M Sc Damian Poddebniak M Sc Prof Dr Sebastian Schinzel Date 2019 03 28 Executive Summary 2 Table of Contents Executive Summary 1 Introduction 4 2 Context and Scope 5 3 Findings 6 Appendix A Detailed Findings 7 Detailed Findings Android App 7 Detailed Findings iOS App 11 Detailed Findings Threema Safe 12

Retired Air Force Fire Chief s Network QUARTERLY NETWORK NEWS

Retired Air Force Fire Chief s Network QUARTERLY NETWORK NEWS

aviation fuel pump house ripping the fuselage open sheering off the right wing causing an explosion with burning fuel fire around the aircraft The fire crews quickly setup with CO2 and protein foam fire extinguishing agent to cut a rescue path for injured aircrew members Three air crewmembers where trapped and injured inside the B 52 The

Liberal Party Victoria HQ hotline 03 9654 2255 Liberal

Liberal Party Victoria HQ hotline 03 9654 2255 Liberal

Liberal Party Victoria HQ SMS photos videos to 0498 210 218 Booth Captains Report any of the following to the Booth Returning Officer Within 6 meters of an entrance of a polling booth Canvassing for votes or Soliciting the vote of any elector or Inducing any elector not to vote for any particular candidate or Inducing any elector not to vote at the election

UNTANGLING THE WEB OF MUSIC COPYRIGHTS

UNTANGLING THE WEB OF MUSIC COPYRIGHTS

down 4 Consumers are ripping and burning CDs with little regard for music copyright 5 Associate Professor Law Lewis and Clark Law School I thank Case Western Reserve University School of Law for the opportunity to develop and present the ideas in this Paper at

The Pentaclagon Burning Con 2013 drozdal files wordpress com

The Pentaclagon Burning Con 2013 drozdal files wordpress com

The Pentaclagon Burning Con 2013 440 Studios October 18 19 20 hosted by Jason Morningstar Jared Sorensen John Harper Vincent Baker Luke Crane Daniel levine Small liveS System Apocalypse World Players 4 Hack No Life on The Sliver is tough Between the frozen sea to the West and the depths of the forest to the East you keep what friends what trust what love what happiness you can Now

PRZYK ADOWY ROZDZIA Z DJ SPIS TRE CI T Helion

PRZYK ADOWY ROZDZIA Z DJ SPIS TRE CI T Helion

Tytu orygina u Burning Down The House Ripping Recording Remixing and More Format B5 stron 304 Zamie peceta w studio nagra Technologia cyfrowa stanowi wspania e narz dzie dla ka dego kto zwi zany jest z muzyk artyst w wydawnictw fonograficznych stacji radiowych i fan w Technologia cyfrowa uwolni a muzyk z dotychczasowych wi z w Dzi ki niej niemal ka dy mo e

you ever made a New Year s Res What s the 11th

you ever made a New Year s Res What s the 11th

Burning down the house Your home is on fire Grab five items assume all people and animals are safe What did you grab Day 31 Date Burnt Remember yesterday when your home was on fire and you got to save five items That means you left a lot of stuff behind What are the things you wish you could have taken but had to leave behind Day 32

A Principled Leader bowdoin edu

A Principled Leader bowdoin edu

Burning Down the House ripping recording remixing and more This how to by Eliot Van Buskirk 95 a senior editor at Cnet com makes good on the Bowdoin writing award he won in 1992 with rave reviews from Rolling Stone to The New York Daily News Learn the perfect way to rip copy record and burn your favorite songs