Date post: | 19-Dec-2015 |
Category: |
Documents |
View: | 214 times |
Download: | 1 times |
WIRELESS SECURITY ANALYZER
Final Presentation
Presented By:
Gal Leibovich
Liran Manor
Supervisor:
Hai Vortman
Background
Network security is one of the most challenging aspects of the data communication area, especially in wireless networks
A rapid growth in the number of wireless networks in the last few years
The importance of taking measurements in order to secure the wireless networks is very high
A need for a tool which reports: Diagnosis of security properties of nearby wireless networks Offers recommendations for security improvement Offers general recommendations about the wireless infrastructure (Bonus)
Project Definitions & Goals Getting familiar with 802.11 protocol and its security mechanisms
Determine network properties and current security status
Recommend on security improvements
Gaining programming experience in .NET 3.5 environment (C#)
Object Oriented Design
Developing a GUI
802.11 Protocol Wireless Modes:
Infrastructure Peer to Peer (Ad-Hoc)
Three types of frames: 1. Data frames 2. Control frames:
○ Request To Send○ Clear To Send○ Acknowledgment ○ Etc…
3. Management frames:○ Beacon○ Probe Request○ Probe Response○ Association Request○ Etc…
802.11 SecurityAuthentication
Joining an infrastructure unsecured network
Old standard defines two authentication mechanisms:
1. Open System
2. Shared Key Authentication (WEP)
Open System is better than Shared Key Authentication if data encryption exists
802.11 Security – cont. 802.1X Authentication (EAP-TLS for mutual authentication)
Firewalls, VPNs, OTP systems – higher layer authentication techniques
802.11 SecurityEncryption
WEP – Wired Equivalent Privacy (40/ 104 bits key) Uses static keys – statistical attacks can reveal the key rapidly Doesn’t use cryptographic integrity protection
TKIP (WPA) Solves the problems of WEP: - Uses temporal keys
- Implements message integrity check (MICHAEL)
WPA is used in two authentication methods: - WPA Pre Shared Key (WPA Personal) - 802.1X + WPA (WPA Enterprise)
CCMP (WPA2) Strongest security mechanism available today
Based on Advanced Encryption Standard (AES) as its block cipher
WPA2 is used in two authentication methods: - WPA2 Pre Shared Key (WPA2 Personal) - 802.1X + WPA2 (WPA2 Enterprise)
Modes of NIC Operation Local Mode: NIC receives only packets which are targeted to its address.
This mode doesn’t require an association with an AP.
Promiscuous Mode: Allows the user to view all wireless packets on a network to which he has been associated.
Monitor Mode (RFMON): Allows to monitor all traffic in the air, transmitted in all wireless networks.
Local Mode Local Mode: NIC receives only packets which are targeted to its address.
This mode doesn’t require an association with an AP.
Restrictions:• No MAC filtering discovery• No “trigger-packets” for hidden networks
But…Using CommView drivers for future extensions for the project(When the drivers API will be exposed)
Wireless Security Analyzer (WSA) Reflects our 802.11 security study Targeted at standard users, with basic computer
skills but without previous knowledge in security Can also be helpful for system administrators Software engineering considerations were taken
into account (GUI)
WSA Architecture Based on Managed Wi-Fi library
A .NET class library allows you to control wireless network adapters installed on your Windows machine
The library wraps the “Native Wi-Fi API”, which:• Contains functions, structures, and enumerations that support
wireless network connectivity and wireless profile management• Designed for C/C++ developers
Available since Windows Vista and Windows XP SP2 (only after applying a hotfix provided in KB article 918997)
WSA Architecture – Cont. Four classes are used to implement WSA
ConverterStatic Class
Fields
MacDictionary
Methods
BuildRateStringCompareConvertBSSTypeToStringConvertToChannelConvertToMbsCreateAuthenticationStringFormatMacGetCompanyForMACGetStringForSSIDLoadMacDictionary
NetworkClass
Fields
_authentication_channel_encryption_frequency_macAddress_networkType_rates_routerCompany_signalQuality_ssid
Properties
AuthenticationChannelEncryptionFrequencyMacAddressNetworkTypeRatesRouterCompanySignalQualitySSID
RecommenderStatic Class
Fields
MaxNetworksPerChannelNumOfChannels
Methods
CheckChannelCollisionsGetGeneralRecommendations
DSSecurity
DataSetClass
Fields
_schemaSerializationModerelationDT_Authentication_DT_EnterpriseSecurityRecommendationsrelationDT_Authentication_DT_PersonalSecurityRecommendationsrelationDT_Encryption_DT_EnterpriseSecurityRecommendationsrelationDT_Encryption_DT_PersonalSecurityRecommendationstableDT_AuthenticationtableDT_EncryptiontableDT_EnterpriseSecurityRecommendationstableDT_PersonalSecurityRecommendations
Properties
DT_AuthenticationDT_EncryptionDT_EnterpriseSecurityRecommendationsDT_PersonalSecurityRecommendationsRelationsSchemaSerializationModeTables
Methods
Nested Types
DSSecurity Dataset
Two basic tables define the authentication and encryption algorithms
Only relevant combinations are held in two dedicated tables Only one recommendation table will be used according to the user’s
input – different recommendations for different user types Easy updating
Future DevelopmentAssuming monitor mode is available in Windows:
1. MAC filtering detection
2. Discover hidden networks (by packet injection)
3. “Attack and Defense” – Disassociation/Deauthentication packets, nonstandard drivers
4. WEP/WPA-PSK cracking