802.11 Security: WPA/WPA2 Cracking

Constan'nosKoliasGeorgeMasonUniversity

kkolias@gmu.edu

Wireless Communica>ons

•  Transmissionofdatawithouttheuseofwires•  Fewcmtoseveralkm

• Modula'onofradiowaves•  modula'onistheprocessofvaryingoneormoreproper'esofaperiodicwaveform•  withamodula'ngsignalthattypicallycontainsinforma'on

•  FederalCommunica'onsCommission(FCC)regulatestheuseoftheradiospecturm•  9kHzto300Ghz•  hHps://en.wikipedia.org/wiki/Radio_spectrum

•  Partsoftheradiospectrumareallocatedfordifferentapplica'ons•  Somepartsaresoldorlicensedtooperators•  Somepartsarefree

Advantages & Disadvantages

• Makescommunica'onpossiblewherecablesdon’treach• Convenience

•  Theairmediumisopentoeveryone•  Theboundariesofatransmissioncannotbeconfined

WiFi

•  CommercialnameoftheprotocolIEEE802.11•  Itisoneofthemostubiquitouswirelessnetworks

•  HomeNetworks•  EnterpriseNetworks

•  Communica'onisbasedonframes•  Essen'allyissequenceofbits

•  802.11definesthemeaning•  Vendorsimplementtheprotocol

•  2.4GhzIndustrialScien'ficMedical(ISM)and5Ghz•  Rangedependsontransmissionpower,antennatype,thecountry,andtheenvironment•  Typical100^

Channels

•  Theequipmentcanbesetinonlyonechannelata'me•  Eachcountryhasitsownrules

•  Allowedbandwidth•  Allowedpowerlevels

•  Strongersignalispreferred

Modes of Opera>on

•  Master•  ActsasanAP

•  Managed•  Actsasaclient,thedefaultmode

•  AdHoc•  NoAP,directcommunica'on,nomul'-hop

•  Mesh•  NoAP,directcommunica'on,mul'-hop

•  Repeater•  Repeatsincomingsignals

•  Promiscuous•  Monitoralltrafficofanetwork,requiresassocia'on

•  Monitor•  Monitoralltraffic,noassocia'onrequired

Deployment Architectures

Infrastructure P2P/Ad-hoc

Frame Types

• Management•  Ini'aliza'on,maintainandfinaliza'on

• Control•  Managementofthedataexchange

• Data•  Encapsula'onofinforma'on

•  hHp://www.willhackforsushi.com/papers/80211_Pocket_Reference_Guide.pdf

Introduc>on

Beaconing

•  TheAPadver'setheirpresence• Onceevery100ms•  TheytransmitamessageoftypeBeacon

•  Itcontainsthenameofthenetwork(SSID)•  Capabili'es

802.11 Security Modes: Open Access

• OpenAccess•  Noprotec'on(whitelists)

802.11 Security Modes:WEP

• BasedonRC4Encryp'on• Broken

802.11 Security Modes: WPA/WPA2

• BasedonAES• Muchmoresecure• Currentstandard

States of a Client

WPA2

Key Hierarchy

WPA/WPA2 Four Way Handshake

Client APPassphrase Passphrase

WPA/WPA2 Four Way Handshake

Client APPassphrase Passphrase

ComputePSKComputePSK

ComputePMK(=PSK) ComputePMK(=PSK)

Computa>on of PSK

•  Passphraseisasecret“phrase”youchooseduringtheAPconfigura'on•  8-63characterslong

•  Itisalsothesecretyouinsertinyourdevicewhenyouconnecttoanetwork•  SSIDisthenameofnetwork•  PBKDF2hashes3components4096'mes•  Heavycomputa'on

PBKDF2

Passphrase SSID SSIDLength

PSK

WPA/WPA2 Four Way Handshake

Client APPassphrase Passphrase

ComputePSKComputePSK

Nonce_AComputePMK(=PSK) ComputePMK(=PSK)

WPA/WPA2 Four Way Handshake

Client APPassphrase Passphrase

ComputePSKComputePSK

Nonce_A

ComputePTK

ComputePMK(=PSK) ComputePMK(=PSK)

Computa>on of PTK

•  PMKisderivedfromthePassphrase•  Nonce_AisarandomnumberchosenbytheAPandreceivedthroughthefirstmessage•  Nonce_Cisarandomnumberchosenbytheclient• MAC_AthehardwareaddressoftheAP• MAC_Cthehardwareaddressoftheclient

PMK

Nonce_A Nonce_C

PTK

MAC_A

MAC_C

WPA/WPA2 Four Way Handshake

Client APPassphrase Passphrase

ComputePSKComputePSK

Nonce_A

ComputePTK

ComputePMK(=PSK) ComputePMK(=PSK)

Nonce_C+MIC

WPA/WPA2 Four Way Handshake

Client APPassphrase Passphrase

ComputePSKComputePSK

Nonce_A

ComputePTK

ComputePMK(=PSK) ComputePMK(=PSK)

Nonce_C+MICVerifyMICAuthen'cateClient

WPA/WPA2 Four Way Handshake

Client APPassphrase Passphrase

ComputePSKComputePSK

Nonce_A

ComputePTK

ComputePMK(=PSK) ComputePMK(=PSK)

Nonce_C+MICVerifyMICAuthen'cateClient

KeyInstalla'on+MIC

WPA/WPA2 Four Way Handshake

Client APPassphrase Passphrase

ComputePSKComputePSK

Nonce_A

ComputePTK

ComputePMK(=PSK) ComputePMK(=PSK)

Nonce_C+MICVerifyMICAuthen'cateClient

KeyInstalla'on+MICVerifyMICAuthen'cateAP

WPA/WPA2 Four Way Handshake

Client APPassphrase Passphrase

ComputePSKComputePSK

Nonce_A

ComputePTK

ComputePMK(=PSK) ComputePMK(=PSK)

Nonce_C+MICVerifyMICAuthen'cateClient

KeyInstalla'on+MIC

KeyInstalled+MIC

VerifyMICAuthen'cateAP

Cracking WPA/WPA2

•  IfaHackerispresentata4-wayhandshake•  Nonce_A•  Nonce_C•  MAC_A•  MAC_C•  BUTNOTPMK•  HemustcomputethePMK

•  TocomputethePMK(=PSK)•  SSID•  SSIDlength•  BUTNOTpassphrase

• Whatcanhedo???

Cracking WPA/WPA2

• Createadic'onaryofpossiblepassphrases•  hHp://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists

• Chooseapassphrase• CreatethePMK• UsetoPMKtoproducePTK• UsethiskeytogeneratetheMICofmessage3•  IftheMICsmatchthecorrectpassphrasewasused•  Ifnot…repeat

Lab Setup

•  Externalcard•  AlphaAWUS036H•  Providesstrongersignal

• AP• WNDR3700• WNR1000•  LinksysWRT54GL

• OS•  KaliLinuxonVM•  So^warepen-tes'ngtools

Other AQacks

• Deauthen'ca'onFlooding•  Makeeveryoneloosetheirconnec'on

• BeaconFlooding•  Floodaclientwithfakenetworknames

• Authen'ca'onRequestFlooding•  BurdentheAPwithinvalidauthen'ca'onrequests

•  EvilTwin•  CreateanetworkwiththesamenameinwhichtheaHackercanseeeverything

• Crackthekey(WEP)