Cyber SecurityVipul Chudasama Assistant Professor

Computer Science and EngineeringNU

Cyber Security Agenda

To understand how Wi-Fi network works To understand working of spam To understand Denial of Service Attack

Wi-Fi NetworkThis wireless technology is called Wi-Fi. It is not a single standard. It refers to an entire family

of standards based on the 802.11 networking protocol.

There are multiple 802.11 standards: the now little-used 802.11a; 802.11b; the higher-speed 802.11g; and the highest-speed (as of this writing) 802.11n.

802.11n standard had not been formally adopted, but some "pre-n" Wi-Fi equipment was being sold.

With all of Wi-Fi's convenience comes dangers. The same technology that lets you browse the Web from your back porch can let invaders hop onto your network from outside your house or apartment.

Threat of Wi – Fi network Wi-Fi is an open technology. A wireless router

broadcasts its presence to any device with a Wi-Fi adapter within its range, and if the router is unprotected, anyone who wants to can connect to it and use the network.

A common kind of intruder is called a war driver. This person drives through areas of cities and suburbs known for having Wi-Fi networks and searches for unprotected networks he can break in to.

He uses software that makes it easy to find unprotected networks. Some war drivers use high-power antennas so they can find as many networks as possible.

Software built directly in to Windows XP, for example, lets anyone easily find and connect to an unprotected network.

When war drivers target a business network, they may be looking for proprietary business information or be looking to do malicious damage. When they target a home network, they might look for personal information, such as credit card numbers, or be looking to damage computers.

Wi-Fi network Access point or

router AP is bridge

between Ethernet network or the internet

Station (PC+wifi adap)

Basic Service Set(BSS)

Working Station sends probe

request frames to AP Stations communicate

with AP using method called( CSMA/CA)

Station sends RTS to AP

AP sends CTS replay to station

Station sends Ack to AP

Exteded Service Set (ESS)

How Hacker Invade Wi Fi Network

War driving – software like NetStumbler or cain and able which detets WiFi networks

NS detects network ID,cannel ,encryption is used

Video :

Windows XP automatically finds and connects to nearby wireless networks

Some networks protected by Wi Fi encryption technologies

WEP ,WPA,WPA2 Hacker use sniffer to

capture all the data

Wi Fi Hotspot Wi Fi hotspot allows

people with laptops , PDAS or other devices

Food restaurants, hotels and airports , free

Connected to a network and vulnerable to other people ex file sharing feature

Use of sniffer to capture packets of others

Hacker at hotspot can plant spy ware and Trojans

Hacker sees username , passwords or credit card information

InXP you can design ad hoc network

Use of evil twin hack

Evil twin hack, hacker creates a twin of existing hotspot to fool the people. (SSID)

He uses special tool (hotspotter) Hotspotter passively monitors the network for

probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name.

Hotspotter will act as an access point to allow the client to authenticate and associate

Wired Equivalent Privacy (WEP)

• Wired Equivalent Privacy (WEP) algorithm, which is part of the 802.11 standard.

• The 802.11 standard describes the communication that occurs in wireless local area networks (LANs).

• The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping.

• A secondary function of WEP is to prevent unauthorized access to a wireless network; this function is not an explicit goal in the 802.11 standard, but it is frequently considered to be a feature of WEP.

WEP encryption WEP uses the RC4 encryption algorithm, which

is known as a stream cipher. A stream cipher operates by expanding a short

key into an infinite pseudo-random key stream. The sender XORs the key stream with the

plaintext to produce ciphertext. The receiver has a copy of the same key, and

uses it to generate identical key stream. XORing the key stream with the ciphertext

yields the original plaintext.

Problems in WEP To ensure that a packet has not been modified

in transit, it uses an Integrity Check (IC) field in the packet.

To avoid encrypting two ciphertexts with the same key stream, an Initialization Vector (IV) is used to augment the shared secret key and produce a different RC4 key for each packet.

The IV is also included in the packet. However, both of these measures are implemented incorrectly, resulting in poor security.

Problems in WEPThe initialization vector in WEP is a 24-bit

field, which is sent in the cleartext part of a message.

Such a small space of initialization vectors guarantees the reuse of the same key stream.

A busy access point, which constantly sends 1500 byte packets at 11Mbps, will exhaust the space of IVs after 1500*8/(11*10^6)*2^24 = ~18000 seconds, or 5 hours

WEP security flaws could be summarized as follows

• RC4 encryption • IVs are too short• no proper integrity check• no built-in method of updating keys.

Wireless Protection Use Encryption methods (WPA,WPA 2) Networks can also allow only computers

whose network adapter have specific MAC addresses to connect to the Network

Use of Intrusion detection system. (Honeypot)

Position network antennas so signal does not reach outside the building

Wi Fi encryption WPA encryption can

be used in home or corporation.

Station use EAP to authenticate .

Station needs to send password , id

AP pass the id to authentication server

If id is valid the authentication server send a master TKIP key to both

When computer tries to get on the network or read any data passing across the network an it does not have valid key or its key has been rejected by authentication server