Docstoc

Weaknesses of WEP and WPA

Document Sample
Weaknesses of WEP and WPA Powered By Docstoc
					Use of Chopchop attack to break wireless networks
I.   Presentation of WEP and WPA



II. Principle of Chopchop



III. Results(Simulation & Real case)
   RC4 ciphering            RC4 ciphering
                             Key Mixing
                             Use of Temporal Keys
   Master Key directly      Per Packet Keys
                             MIC (Integrity Control)
    used in RC4
                             Resistant to statistic
   Prone to statistics       attacks (for now)
    attacks due to RC4       Resistant to packet
                              injections
    weaknesses

            WEP                         WPA
By listening to the network we can catch any encrypted packet
We send a modified message obtained by guessing the value of
                       the last byte
If the send packet has not a valid CRC, the AP send an error
And so on until no error is detected. We have guessed one byte
           of the keystream (and of the message)
   Decrypt any packet           Decrypt any packet
   Recover keystreams           Recover keystreams

                                 Injects 7 chosen
   Injects any packet
                                  packets (because of a
                                  packet counter)
 Create ARP requests
 Generate a lot of traffic      That is it…(But it is a
=> RECOVER KEY!!!                 lot!)

            WEP                            WPA
 Number of read packets
dependind on the kind of
        traffic

   => Very useful for
statistic attacks against
          RC4!!!
   To crack WEP, what takes the most time is
    typing commands…




   WPA is weakened but not broken

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:26
posted:10/7/2011
language:English
pages:16