IRP

Document Sample
IRP Powered By Docstoc
					Shark: A Wireless Internet
   Security Test Bed

 Senior Design Project May07-09

           Stephen Eilers
            Jon Murphy
             Alex Pease
           Jessica Ross
    Faculty Advisor and team
• Dr. Steve Russell              • Jon Murphy
  – Associate Professor                • Computer Engineering
     • Electrical and Computer         • jwmurph@iastate.edu
       Engineering               • Steve Eilers
     • sfr@iastate.edu                 • Computer Engineering
• Adrienne Huffman                     • seilers@iastate.edu
  – Graduate Student             • Alex Pease
     • Computer Engineering            • Computer Engineering
     • adnihuff@iastate.edu            • Alex.pease@iastate.edu
                                 • Jessica Ross
                                       • Computer Engineering
                                         and Mathematics
                                       • rossjr@iastate.edu
                Definitions
•   ARP – Address Resolution Protocol
•   IV – Initialization Vector
•   L2TP – Layer 2 Tunneling Protocol
•   PPTP – Point to Point Tunneling Protocol
•   Radius – Remote Authentication Dial In User
    Service
•   SSL – Secure Socket Layer
•   WEP – Wired Equivalency Privacy
•   WPA – Wi-Fi Protected Access
•   VPN – Virtual Private Network
          What is SHARK?
• SHARK is a wireless security network to be
  used to study security related issues on
  wireless networks
• Tool to teach interested students about
  wireless security
• Report statistics about attackers and
  methods used to researchers at ISU
• Deployable to any remote location
          Why SHARK?

• Client’s Last Semester as Professor,
  wants project finished
• Educated college students about 802.11
  security
• Give students something fun to do
            Limitations
• SHARK must be portable and
  extendable
• Initial build of the SHARK system must
  consist of three or fewer computers
• SHARK must be built within a $150
  budget
• Must use public domain software
• Must be capable of collecting research
  data
            Intended Users
• Primary
  – College students in computer related fields
  – Know the basics of wireless networking

• Secondary
  – Interested community members
  – People looking for a free access point
            Intended Uses
• Primary
  – Learning tool for students
  – Study methods of wireless attacks
  – Study basic network security
  – Legal and ethical way for students to
    participate in hacking exercises
SHARK Node




     Shark
    Ubuntu
     Squid
    Void11
    Apache
     Mysql
   WireShark
          SHARK – Software
• Ubuntu
• Squid
  – Web proxy cache
     • Direct traffic to appropriate places
• Apache
  – Used to create local web-server login/registration
     • Keep track of users
• MySQL
  – Database
• WireShark/Ethereal
  – Network Protocol Analyzer
     • Captures all traffic on SHARK Network
          Levels of Security
• SHARK has five levels of security
  – Guppy
     • No security, used for basic registering on network
  – Clownfish
     • WEP security
  – Swordfish
     • Rotating WEP security
  – Barracuda
     • WPA security
  – SHARK
     • RADIUS security
• Provides statistical data on hacking patterns
Wired Equivalent Privacy (WEP)
• 64-bit WEP         128-bit WEP
• Same 24bit IV Stream
• Flaws in WEP
  – Repeating IV
  – Short
  – Stream Cipher
    • XOR is bad
        Breaking WEP Down
• Aircrack, airodump, airdecap
     • http://www.linux-wlan.org/docs/wlan_adapters.html.gz
• No magic number of IV’s
  – 250,000 – 400,000 for 40 bit
  – 750,000 – 2M + for 104 bit
• More users = more IV’s sent = More IV’s that are
  re-used
• Can read packets if IV is re-used but key not
  broken yet
                    WPA
• Software update to WEP (closely related
  to rotating WEP)
  – Re-keying
  – No more weak IV packets
• Pre-shared Key
  – Only as strong a pasephrase
• Extensible Authentication Protocol (EAP)
  – User authentication
  – Radius
 Traffic Generator – Baiting the
             Hook




• Breaking WEP and WPA encryption
  – Attackers must analyze thousands of packets
                  7-of-9

• Off-the-Shelf wireless
  access point
  – Provides generic internet access
  – Traffic is captured and compared to
    SHARK traffic
Network View Analysis Subnet
 virtualnet     smallbox




                                    Sharkweb




              hub


                           D-Link
                           router

                                       Internet
         Network Pros/Cons
• Pros                • Cons
  – One external IP     – extensive
  – Firewall              forwarding
  – branches
       Machine Breakdown




              SmallBox
                          Sharkweb
                SUSE
VirtualNet                FreeBSD
                Snort
 Ubuntu                    Apache
              WireShark
   Xen                      Mysql
                Mysql
                             php
               Apache
              SmallBox
• Captures traffic on SHARK
• Stores and Analyzes data

  – Packet Capture    WireShark
  – Filter            Snort
  – Webserver         Apache
               Sharkweb
  When attackers break into SHARK, are
  forwarded here
• Logged into database

  – Webserver         Apache
  – Web Utilities     MySQL, PHP
              Virtualnet
• Simulates additional machines running
  services without adding cost of
  physical machines

  – OS                        Ubuntu
  – Virtual Machine Manager   Xen
             Virtual Machines
• VM 1
  – Mimicking a standard server
• VM 2
  – Tarpit
    • Delays incoming connections for as long as
      possible
• VM 3
  – HoneyD
    • Confuse attackers to think it has open ports
           Secure Tunneling
•VPN
   –Provide secure
   communications
   over unsecured
   networks
•Benefits
   –Provides the level
   of security we desire
•Downsides
   –If SHARK is
   compromised, they
   have direct access to
   our network
•Solution
   –Scripting for “on-
   the-fly” configuration
      Secure Tunneling – VPN
• One of the only ways to
  provide a secure and
  extensible way to access
  the SHARK machines

• Need the ability to create
  multiple VPN sessions, so
  a VPN server is required

• Multiple solutions available
   – PPTP
   – L2TP
   – SSL
            Status of SHARK
• Completed
  – All computers have main software packages installed and
    configured
  – Order for parts has been placed
  – Xen server fully configured
  – Portal redirect

• In Progress
  – Open access point for registering
  – Virtual machines up and running

• In Concept
  – VPN
  – Radius Server
  – Data Statistics and Heuristics
                Testing
• Target Audience CPRE 537 wireless
  Security Class
• CONTEST
  – Open Registration   week 1
  – WEP                 weeks 2,3
  – WPA                 week 4
  – Rotating WEP        week 5
  – RADIUS              week 6
  – Results             week 7
  – Basic Analysis      week 8
   Hours and Resources
                         Hours (current)   Cost ($10.50/hr)
 Steve Eilers                  60          $630.00
 Alex Pease                    86          $903.00
 Jon Murphy                    58          $609.00
Jessica Ross                   50          $525.00
 Wireless AP                               $49.99
   Router                                  $39.99
     Hub                                   Donated (2)
 Computers                                 Donated (3)
Wireless Cards                             $39.99
                 Total         254         $2796.97
             Future Uses
• Make the automation of tasks smoother
• Better documentation
• Increase the number of fields for
  registration.
          Commercialization
• This project is a research project and is
  not intended for commercialization.
Questions?

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:3/4/2013
language:Latin
pages:32