Advisor: Dr. Quincy Wu Speaker: Hui - Hsiung Chung Date: 2010-09-21 1
WEP C racked with Aircrack
Jan 12, 2016
WEP C racked with Aircrack. Advisor: Dr. Quincy Wu Speaker: Hui - Hsiung Chung Date: 2010-09-21. Outline. WEP RC4 How to Crack WEP Reference. WEP. WEP Wired Equivalent Privacy 64 bits and 128 bits 24 bits IV(Initialization Vector) 128 bits - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
-
Advisor: Dr. Quincy WuSpeaker: Hui - Hsiung ChungDate: 2010-09-21*
-
WEPRC4How to Crack WEPReference*
-
WEPWired Equivalent Privacy64 bits and 128 bits24 bits IV(Initialization Vector)128 bits 26 hexadecimal characters or 13 ASCII characters 64 bits10 hexadecimal characters or 5 ASCII charactersCRCWPAWi-Fi Protected Access
*
-
Rivest Cipher 4Designed By Ron RivestRSARon RivestAdi ShamirLeonard AdlemanKSA and PRGA
*
-
KSAKey Schedule Algorithm*K[] =Key ArrayInitialization For i = 0 to N-1 S[i]=ij = 0ScatterFor i = 0 to N-1j =j + S[i] + K[ i mod L ]Swap ( S[i] , S[j] )
-
PRGAPseudo Random Generation Algorithm
*Initializationi = 0j = 0Loopi = i + 1j = j + S[i]Swap( S[i],S[j] )Output: S[ S[i]+S[j] ]
-
Cyclic Redundancy CheckBased on Binary DivisionCalculate Data Checksum before Transmit ,and then Check the Data is the same after TransmitExample*
-
*
-
Repeated Use the Key StreamSmall IV Value2^24 = 1,677,216Every 5134 Packets Happened Collision(Birthday Paradox)IV Value is a Plain TextUnreliable Checksum Value*
-
*
WEPWPAKey64-bits or 128-bits128-bitsEncryption AlgorithmRC4RC4IV24-bits48-bitsKey ManagementNone802.1x
-
IV CollisionCollecting IV Packets Find Two Same IV PacketsUse SNAP Headers First Byte and XOR Operation to Find the Key *
-
*
-
*
-
*A wireless NIC with monitor mode
AP channel
-
*APsPackets with IVs
-
*APsIVsTarget AP
-
*Spending TimeIVs
-
WEP Encryption64-bits250,000 IVsLess than 3 hours128-bits580,000 IVsLess than 6 hours
*
-
Scott Fluhrer, Itsik Mantin and Adi Shamir,Weaknesses in the Key Scheduling Algorithm of RC4, Selected Areas in Cryptography2001, pp1 24, ,,TANET 2006 , Optimized WEP Protocol , NCS 2007
*
-
*Quotient.1001,1011,1101,1000Back
-
What Probability Does Every Q(H) People Have the Same Birthday?Let Probability is 50% ( Collision Rate)Let H is equal to 365Formula:Q(H):23.9*Back
-
SubNetwork Access ProtocolIEEE DefinedSupport the Coexistence of Multiple Standard on 802.2 LLC(Logical Link Control)*Physical LayerPhysical LayerMACLLCHigh-Level ProtocolMACLLCHigh-Level ProtocolBack
*L: key (5 10 or 1326)*,CRC,,,,,**The same part of the key is used with numerous different exposed values *LLC:LLCMACdata
LLC LLC MAC LLC (Service Access Point SAP) LLC LLC LLC data unit LLC PDU(Destination Service Access Point, DSAP) (Source Service Access PointSSAP) DSAP SSAP (Connection) SSAP LLC DSAP DSAP SSAP MAC *
Related Documents
