1 / 22

WEP C racked with Aircrack

WEP C racked with Aircrack. Advisor: Dr. Quincy Wu Speaker: Hui - Hsiung Chung Date: 2010-09-21. Outline. WEP RC4 How to Crack WEP Reference. WEP. WEP Wired Equivalent Privacy 64 bits and 128 bits 24 bits IV(Initialization Vector) 128 bits

marsha
Download Presentation

WEP C racked with Aircrack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEP Cracked with Aircrack • Advisor: Dr. Quincy Wu • Speaker: Hui - Hsiung Chung • Date: 2010-09-21

  2. Outline • WEP • RC4 • How to Crack WEP • Reference

  3. WEP • WEP • Wired Equivalent Privacy • 64 bits and 128 bits • 24 bits IV(Initialization Vector) • 128 bits • 26 hexadecimal characters or 13 ASCII characters • 64 bits • 10 hexadecimal characters or 5 ASCII characters • CRC • WPA • Wi-Fi Protected Access

  4. RC4 • Rivest Cipher 4 • Designed By Ron Rivest • RSA • Ron Rivest • Adi Shamir • Leonard Adleman • KSA and PRGA

  5. The Algorithms of RC4 (1/2) • KSA • Key Schedule Algorithm K[] =Key Array Initialization: For i = 0 to N-1 S[i]=i j = 0 Scatter: For i = 0 to N-1 j =j + S[i] + K[ i mod L ] Swap ( S[i] , S[j] )

  6. The Algorithms of RC4 (2/2) • PRGA • Pseudo Random Generation Algorithm Loop: i = i + 1 j = j + S[i] Swap( S[i],S[j] ) Output: S[ S[i]+S[j] ] Initialization: i = 0 j = 0

  7. CRC • Cyclic Redundancy Check • Based on Binary Division • Calculate Data Checksum before Transmit ,and then Check the Data is the same after Transmit • Example

  8. Encryption

  9. Shortcomings of WEP • Repeated Use the Key Stream • Small IV Value • 2^24 = 1,677,216 • Every 5134 Packets Happened Collision(Birthday Paradox) • IV Value is a Plain Text • Unreliable Checksum Value

  10. WEP and WPA

  11. WEP Cracking Procedures(1/2) • IV Collision • Collecting IV Packets • Find Two Same IV Packets • Use SNAP Header’s First Byte and XOR Operation to Find the Key

  12. WEP Cracking Procedures(2/2)

  13. Aircrack GUI

  14. Configure Capturing • A wireless NIC with monitor mode AP channel

  15. Beginning to Capture IV Packets APs Packets with IVs

  16. Configure Cracking IVs APs Target AP

  17. Successfully Cracking Spending Time IVs

  18. Conclusion • WEP Encryption • 64-bits • 250,000 IVs • Less than 3 hours • 128-bits • 580,000 IVs • Less than 6 hours

  19. Reference • Scott Fluhrer, Itsik Mantin and Adi Shamir, Weaknesses in the Key Scheduling Algorithm of RC4,Selected Areas in Cryptography 2001, pp1 – 24 • 戴志坤,  楊中皇,無線網路安全技術之分析與偵測分析系統之設計與實現,TANET 2006 • 黃定宇、林韓禹、鄭家明、 葉義雄 , Optimized WEP Protocol , NCS 2007

  20. CRC Example Quotient ………. 1001,1011,1101,1000 Back

  21. Birthday Paradox • What Probability Does Every Q(H) People Have the Same Birthday? • Let Probability is 50% ( Collision Rate) • Let H is equal to 365 • Formula: • Q(H):23.9 Back

  22. SNAP • SubNetwork Access Protocol • IEEE Defined • Support the Coexistence of Multiple Standard on 802.2 LLC(Logical Link Control) High-Level Protocol High-Level Protocol LLC LLC MAC MAC Physical Layer Physical Layer Back

More Related