TMCnet News
Thursday TECHtionary.com Friday TECH-Tip – Bit Flipping and Replay Attacks – WiFiThursday TECHtionary.com Friday TECH-Tip – Bit Flipping and Replay Attacks – WiFi Security The animated TECH-Tip tutorial is available at http://www.techtionary.com Summary Bit Flipping sometimes referred to as Message Forgery is where the WiFi attacker flips (changes or forges) arbitrary bits in an encrypted message and correctly adjusts the CRC-Cyclic Redundancy Check (a value or checksum of the total number of bits sent) to appear as a valid message. For more details see the animated explanation. Details Replay, Instant Replay or Playback attacks is where the attacker eavesdrops (listens) and records (saves) encrypted messages into a database (files). The messages are analyzed (decrypted) to find Weak (easy-to-discover) IV-Initialization Vectors (hence Weak-IV attacks) to discover key and attack system. Here are the steps in the attack: - Attacker intercepts WEP-Wired Equivalent Privacy encrypted packet. - Attacker flips bits in packet and recalculates with valid ICV-Integrity Check Value CRC32-bit. - Attacker transmits to AP-Access Point bit-flipped frame with known IV-Initialization Vector. - AP-Access Point receives and compares modified frame and accepts frame based on valid CRC value. - AP-Access Point forwards frame to Layer 3 router. Data is rejected because of data error and sends retransmit response. - AP-Access Point encrypts response and sends it to Attacker. - Attacker uses response to derive key or stream cipher-data as a stream of bits rather than divided into blocks. - Attacker gains access. Pairwise Keys The AP-Access Point uses PK-Pairwise Keys for unicast communication. The AP-Access Point uses a GK-Group Key to send broadcast and multicast packets to all stations that are communicating with an access point or communicating within an IBSS. If no Pairwise Key has been set, a Group Key can also be used to send and receive unicast packets. An animated explanation follows. Details The AP-Access Point uses a GK-Group Key to send broadcast and multicast packets to all stations that are communicating with an access point or communicating within an IBSS. If no Pairwise Key has been set, a Group Key can also be used to send and receive unicast packets. The EAP Authentication type utilizes keys to provide key authentication before encryption occurs. The AS-Authentication Server and Client (STAtion) each must possess mutually authenticated keys. To begin, the AS sends a PMK-Pairwise Master Key (a large random number) is an authorization token. The PMK creates a subset of three additional keys called the PTK-Pairwise Transient Key: 1 - KCK-Key Confirmation Key – which binds the PTK in the client and the AP-Access Point and verify PMK 2 - KEK-Key Encryption Key – used to distribute GTK-Group Transient Key 3 - TK-Temporal Key - secures data traffic Here are the steps in the process (see animation for details): Step 1: Use RADIUS to send (push) PMK-Pairwise Master Key from AS-Authentication Server to AP-Access Point Step 2: Use PMK and 4-Way Handshake to derive, bind, and verify PTK-Pairwise Temporal Key Both the client and AP have the PMK. Now derive (get/resolve) PTK-Pairwise Temporal Key to start encryption. Step 2A - 4-Way Handshake using EAPoL-Extensible Authentication Protocol Over LAN Message 1 - Authenticator to Client - EAPoL-Key(Reply Required, Unicast, Nonce-random number) Message 2 - Client to Authenticator - EAPoL-Key(Unicast, Nonce, MIC) - Derive PTK-Pairwise Transient Key Message 3 - Authenticator to Client - EAPoL-Key - Install PTK-Pairwise Transient Key Message 4 - Client to Authenticator - EAPoL-Key(MIC) - Install PTK-Pairwise Transient Key Step 3: Use Group Key Handshake to send GTK-Group Transient Key from AP to Client About TECHtionary.com – 303-444-6226 TECHtionary Corporation founded in 2001 and headquartered in Boulder, Colorado is the World's First and Largest Animated (rich media) Library/Magazine on Technology. Get the analysis and more than 2,600+ FREE tutorials on data, internet, wireless, VoIP-Voice over Internet Protocol (internet telephony), PBX systems, central office switching, protocols, telephony, telecommunications, networking, routing, power systems, broadband, WiFi-Wireless Fidelity and other technologies, TECHtionary.com provides "just enough – just-in-time" critical success information. TECHtionary produces web infomercials proven to "increase revenues, decrease customer support costs and increase customer satisfaction." |