WEP Poses Serious Risks to Retail
Download
Report
Transcript WEP Poses Serious Risks to Retail
Connection handshake in WiFi
WiFi State Machine
-Amit Vartak
WWW.SecurityTube.net
WiFi Jargons
AP (Access Point)
Client/Station
SSID
WEP
Infrastructure
AdHoc
Authentication
Association
MAC address
IP address
TKIP/ CCMP/ AES …
WWW.SecurityTube.net
Some Questions….
What all you should know for getting
connected to AP?
How Station comes to know the existence of
AP?
How Station and AP negotiate the capabilities?
Can AP check the credentials of Station and
vice versa?
Does all this happen at layer #2 or layer #3?
Since my AP is connected to ethernet jack…
Does ethernet and wireless frames share
same structure?
WWW.SecurityTube.net
Solution to above Questions…
WiFi State Machine
Courtesy: IEEE 802.11-1999 standard
WWW.SecurityTube.net
Important Frames in Association (OPEN case)
Beacon
Probe Request
Probe Response
Authentication (From Client to AP)
Authentication (Success/failure) (From AP to
Client)
Association Request
Association Response
WWW.SecurityTube.net
Importance of each frames
Beacon
Announce the existence
Synchronization
Probe request/ response
Wireless credentials handshake
Authentication
Check the genuineness
Association
Can you server my needs?
WWW.SecurityTube.net
Shared key Authentication
A shared secret between AP and Station
Authentication phase now consists of 3 way
handshake
AP authenticates the Station but Station
DOESNOT authenticate AP
A simple challenge-response type of
authentication
If you are using WEP… your first 128 byte key
stream for the IV is known to all..
WWW.SecurityTube.net
WEP Association – any extra frame?
NO, there is shared secret between AP and Station.
Either party will use that secret for encryption
Are you using WEP?
First step is change it to WPA or WPA-2
SecurityTube.net has videos for cracking WEP key
and flaws in WEP protocol… BUT first change your
security level… WEP is broken… its
Worst Ever Privacy…
WWW.SecurityTube.net
-Thank You
-Amit Vartak
[email protected]
WWW.SecurityTube.net