APAKAH WPA/WPA2 BENAR-BENAR AMAN? DEKRIPSI PAKET DATA TERENKRIPSI PADA WPA/WPA2

WPA2 is considered as the most secure configuration for  Wi-Fi network and widely used to secure private and enterprise Wi-Fi network. The early protocol, WEP uses RC4 stream cipher algorithm without key management and WPA uses Temporal Key Integrity Protocol (TKIP) with hash function to scramble the key, while WPA2 use Advanced Encryption Standard (AES) algorithm to encrypt data. One of parameter for generate encryption key in WPA/WPA2 is preshared key. In 2008, Beck and Tews have proposed a practical attack on WPA by exploiting the preshared key. In this paper, we propose exploitation preshared key to decrypt WPA/WPA2 encrypted data. As a result we propose some prevention and anticipation methods from users that utilize wireless network to protecting data during transmission in wireless network with WPA/WPA2 protocol

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

Evil-twin framework: a Wi-Fi intrusion testing framework for pentesters

In today’s world there is no scarcity of Wi-Fi hotspots. Although users are always recommended to join protected networks to ensure they are secure, this is by far not their only concern. The convenience of easily connecting to a Wi-Fi hotspot has left security holes wide open for attackers to abuse. This stresses the concern about the lack of security on the client side of Wi-Fi capable technologies. The Wi-Fi communications security has been a concern since it was first deployed. On one hand protocols like WPA2 have greatly increased the security of the communications between clients and access points, but how can one know if the access point is legitimate in the first place? Nowadays, with the help of open-source software and the great amount of free information it is easily possible for a malicious actor to create a Wi-Fi network with the purpose of attracting Wi-Fi users and tricking them into connecting to a illegitimate Wi-Fi access point. The risk of this vulnerability becomes clear when studying client side behaviour in Wi-Fi communications where these actively seek out to access points in order to connect to them automatically. In many situations they do this even if there is no way of verifying the legitimacy of the access point they are connecting to. Attacks on the Wi-Fi client side have been known for over a decade but there still aren’t any effective ways to properly protect users from falling victims to these. Based on the presented issues there is a clear need in both, securing the Wi-Fi client side communications as well as raising awareness of the Wi-Fi technologies everyday users about the risks they are constantly facing when using them. The main contribution from this project will be a Wi-Fi vulnerability analysis and exploitation framework. The framework will focus on client-side vulnerabilities but also on extensibility for any type of Wi-Fi attack. The tool is intended to be used by auditors (penetration testers - pentesters) when performing intrusion tests on Wi-Fi networks. It also serves as a proof-of-concept tool meant to teach and raise awareness about the risks involved when using Wi-Fi technologies.Actualmente existem inúmeros pontos de acesso Wi-Fi. Apesar dos utilizadores serem sempre recomendados a utilizar redes protegidas, esta não é a única preocupação que devem ter. A conveniência de nos ligarmos facilmente a um ponto de acesso deixou grandes falhas de segurança em aberto para atacantes explorarem. Isto acentua a preocupação em relação à carência de segurança do lado cliente em tecnologias Wi-Fi. A segurança nas comunicações Wi-Fi foi uma preocupação desde os dias em que esta tecnologia foi primeiramente lançada. Por um lado, protocolos como o WPA2 aumentaram consideravelmente a segurança das comunicações Wi-Fi entre os pontos de acesso e os seus clientes, mas como saber, em primeiro lugar, se o ponto de acesso é legítimo? Hoje em dia, com a ajuda de software de código aberto e a imensa quantidade de informação gratuita, é fácil para um atacante criar uma rede Wi-Fi falsa com o objetivo de atrair clientes. O risco desta vulnerabilidade torna-se óbvio ao estudar o comportamento do lado do cliente Wi-Fi. O cliente procura activamente redes conhecidas de forma a ligar-se automaticamente a estas. Em muitos casos os clientes ligam-se sem interação do utilizador mesmo em situações em que a legitimidade do ponto de acesso não é verificável. Ataques ao lado cliente das tecnologias Wi-Fi já foram descobertos há mais de uma década, porém continuam a não existirem formas eficazes de proteger os clientes deste tipo de ataques. Com base nos problemas apresentados existe uma necessidade clara de proteger o lado cliente das comunicações Wi-Fi e ao mesmo tempo sensibilizar e educar os utilizadores de tecnologias Wi-Fi dos perigos que advêm da utilização destas tecnologias. A contribuição mais relevante deste projeto será a publicação de uma ferramenta para análise de vulnerabilidades e ataques em comunicações WiFi. A ferramenta irá focar-se em ataques ao cliente mas permitirá extensibilidade de funcionalidades de forma a possibilitar a implementação de qualquer tipo de ataques sobre Wi-Fi. A ferramenta deverá ser utilizada por auditores de segurança durante testes de intrusão Wi-Fi. Tem também como objetivo ser uma ferramenta educacional e de prova de conceitos de forma a sensibilizar os utilizadores das tecnologias Wi-Fi em relação aos riscos e falhas de segurança destas

Evil twins and WPA2 Enterprise: A coming security disaster?

WPA2 Enterprise is a suite of protocols for secure communication in a wireless local network and has become an essential component of virtually every enterprise. In many practical deployments of this technology, a device that authenticates with username and password is at risk of leaking credentials to fraudulent access points claiming to be the enterprise network (evil twins) that may be placed virtually anywhere. While this kind of vulnerability is well known to practitioners, we believe these issues deserve a fresh look because the current technological landscape has magnified the corresponding risks. Convergence of organizations toward single sign-on architectures in which a single set of credentials unlock access to all services of the organizations, coupled with the huge diffusion of wifi-enabled personal devices which often contain enterprise credentials and that connect to wifi networks automatically, have made attacks aimed at stealing network credentials particularly attractive to attackers and hard to detect. In this paper we intend to draw the attention of the research and technological community on this important yet, in our opinion, widely underestimated risk. We also suggest a direction for investigating practical solutions able to offer stronger security without requiring any overhaul of existing protocols

MITM Attack Automation Using Single-Board Solution

Práca je zameraná na návrh MiTM útokov s využitím moderných prístupov pri návrhu IT infraštruktúri. Špecificky sa zameriava na možnosti využitia jednodoskových počítačov a na možnosti ako zjednodušiť ich kofiguráciu pre účely penetračného testovania. Navrhnuté a implementované riešenie umožnuje použitie komplikovaných útokov personálom, ktorý je len zaškolený, pričom neobmedzuje použitie skúseným personálom. Zatiaľ čo dnešné prístupy by sa dali považovať sa monolitické a centrické, navrhnuté riešenie berie samotný MiTM útok len ako časť riešenia pričom sa zameriava aj na ostatné aspekty ako napríklad exfiltrácia dát, alebo crackovanie hesiel.Thesis is focused on design of MiTM attack with use of modern approaches in IT infrastructure. Especially it's focused on how to simplify configuration of single-board computer for penetration testing purposes by creating scalable infrastructure for device configuration and control. Proposed solution allows the usage of complicated attacks by trained staff while not limiting users with experience in network security. While today, applications capable of MiTM attacks are monolithic and device-centric, proposed solution considers the device providing MiTM just as one part of the solution and also focuses on other problems like data exfiltration or hash cracking.

Análise de segurança em redes sem fio e proposta de solução para o Laboratório da Engenharia de Redes de Comunicação

Trabalho de conclusão de curso (graduação)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2015.Este projeto foi feito com o propósito de servir como um guia para se ter uma configuração segura quando se trata de WLAN. Especialmente nesse caso, é proposta uma solução segura para o Laboratório da Engenharia de Redes de Comunicação. Ainda que se tenham hoje soluções suficientemente seguras, é comum encontrar nos mais diversos locais, seja empresarial ou domiciliar, configurações de rede que tenham brechas para sofrer ataques e comprometer a rede. Sendo assim, neste projeto tem-se a análise de soluções para redes sem fio e, também, a análise de ataques conhecidos que podem ser lançados contra as mesmas. Para a análise da segurança dos tipos de redes, é usada a distribuição Kali Linux, a mais usada atualmente para testes de intrusão e auditoria em segurança. Busca-se aqui mostrar o que pode ser atingido quando se tem uma quantidade mínima de recursos, mostrando os riscos que se corre ainda que não haja atacantes com equipamentos sofisticados. Como resultado final, é apresentada a solução que melhor se protege contra os tipos mais comuns de ataques.This project was made with the purpose to be a guide about secure configuration in WLAN. Although nowadays there is enough secure solutions, it is common to find in several places, either be residential or enterprise, network configurations that have flaws exploitable, compromising the network. Therefore, in this project, the analysis of wireless network solutions is made, and the analysis of known attack that can be launched against it. For the analysis of wireless security types, it is used the Kali Linux distribution, the most used currently for intrusion tests and security auditing. It is sought here to show what can be achieved when there is a minimal amount of resources, highlighting existent risks even if there is not sophisticated devices to perform attacks. As a result, it is presented the solution that bests mitigate the most common types of attacks

Modelling and verification of security requirements and stealthiness in security protocols

Traditionally, formal methods are used to verify security guarantees of a system by proving that the system meets its desired specifications. These guarantees are achieved by verifying the system's security properties, in a formal setting, against its formal specifications. This includes, for example, proving the security properties of confidentiality and authentication, in an adversarial setting, by constructing a complete formal model of the protocol. Any counterexample to this proof implies an attack on the security property. All such proofs are usually based on an ordered set of actions, generated by the protocol execution, called a trace. Both the proofs and their counterexamples can be investigated further by analysing the behaviour of these protocol traces. The attack trace might either follow the standard behaviour as per protocol semantics or show deviation from it. In the latter case, however, it should be easy for an analyst to spot any attack based on its comparison from standard traces. This thesis makes two key contributions: a novel methodology for verifying the security requirements of security protocols by only modelling the attacks against a protocol specification, and, secondly, a formal definition of ‘stealthiness’ in a protocol trace which is used to classify attacks on security protocols as either ‘stealthy’ or ‘non-stealthy’. Our first novel proposal tests security properties and then verifies the security requirements of a protocol by modelling only a subset of interactions that constitute the attacks. Using this both time and effort saving methodology, without modelling the complete protocol specifications, we demonstrate the efficacy of our technique using real attacks on one of the world's most used protocols-WPA2. We show that the process of modelling the complete protocol specifications, for verifying security properties, can be simplified by modelling only a subset of protocol specifications needed to model a given attack. We establish the merit of our novel simplified approach by identifying the inadequacy of security properties apart from augmenting and verifying the new security properties, by modelling only the attacks versus the current practice of modelling the complete protocol which is a time and effort intensive process. We find that the current security requirements for WPA2, as stated in its specification, are insufficient to ensure security. We then propose a set of security properties to be augmented to the specification to stop these attacks. Further, our method also allows us to verify if the proposed additional security requirements, if enforced correctly, would be enough to stop attacks. Second, we seek to verify the ‘stealthiness’ of protocol attacks by introducing a novel formal definition of a ‘stealthy’ trace. ‘Stealthy’ actions by a participating entity or an adversary in a protocol interaction are about camouflaging fraudulent actions as genuine ones by fine-tuning their actions to make it look like honest ones. In our model, protocols are annotated to indicate what each party will log about each communication. Given a particular logging strategy, our framework determines whether it is possible to find an attack that produces log entries indistinguishable from normal runs of the protocol, or if any attack can be detected from the log entries alone. We present an intuitive definition of when an attack is ‘stealthy’, which cannot be automatically checked directly, with regard to some logging strategy. Next, we introduce session IDs to identify unique sessions. We show that our initial intuitive definition is equivalent to a second definition using these session IDs, which can also be tested automatically in TAMARIN. We analyse various attacks on known vulnerable protocols to see, for a range of logging strategies, which can be made into stealth attacks, and which cannot. This approach compares the stealthiness of various known attacks against a range of logging strategies

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Cyber-security training: A comparative analysis of cyber-ranges and emerging trends

Οι επιθέσεις στον κυβερνοχώρο γίνονται όλο και πιο προηγμένες και δύσκολα ανιχνεύσιμες, προέρχονται από ποικίλες πήγες και πραγματοποιούνται λαμβάνοντας πολλαπλές διαστάσεις και παίρνοντας διάφορες μορφές. Η ανάγκη οικοδόμησης και πειραματισμού σε προηγμένους μηχανισμούς ασφάλειας στον κυβερνοχώρο, καθώς και η συνεχής κατάρτιση με τη χρήση σύγχρονων μεθοδολογιών, τεχνικών και ενημερωμένων ρεαλιστικών σεναρίων είναι ζωτικής σημασίας. Τα Cyber Ranges μπορούν να προσφέρουν το περιβάλλον μέσα στο οποίο οι ιδικοί και επαγγελματίες στον τομέα της ασφάλειας στον κυβερνοχώρο μπορούν να εφαρμόσουν τεχνικές και δεξιότητες και να εκπαιδεύονται σε προσομοιώσεις σύνθετων δικτύων μεγάλης κλίμακας, προκειμένου να ανταποκριθούν σε πραγματικά σενάρια επίθεσης στον κυβερνοχώρο. Επιπλέον, μπορούν να προσομοιώσουν ένα περιβάλλον για τους επαγγελματίες της ασφάλειας πληροφοριών, να αξιολογήσουν τις διαδικασίες χειρισμού και αντιμετώπισης περιστατικών και να δοκιμάσουν νέες τεχνολογίες, προκειμένου να βοηθήσουν στην πρόληψη επιθέσεων στον κυβερνοχώρο. Κύριος σκοπός της παρούσας εργασίας είναι να περιγράψει τις λειτουργίες διαφόρων Cyber Ranges και να τονίσει τα κύρια δομικά στοιχεία και γνωρίσματα τους, να παρουσιάσει την υψηλού επιπέδου αρχιτεκτονική ενός υπερσύγχρονου Cyber Range και ταυτόχρονα να ταξινομήσει τα χαρακτηριστικά των υπό ανάλυση Cyber Ranges σύμφωνα με τα χαρακτηριστικά του προτεινόμενου.Cyber-attacks are becoming stealthier and more sophisticated can stem from various sources, using multiple vectors and taking different forms. The need for building and experimenting on advanced cyber-security mechanisms, as well as continuous training using state-of-the-art methodologies, techniques and up-to-date realistic scenarios is vital. Cyber Ranges can provide the environment where cyber-security experts and professionals can practice technical and soft skills and be trained on emulated large-scale complex networks in the way to respond to real-world cyber-attack scenarios. Furthermore, they can simulate an environment for information security professionals, to evaluate incident handling and response procedures and to test new technologies, in order to help prevent cyber-attacks. The main objective of this paper is to describe the functionalities of various Cyber Ranges and to highlight their key components and characteristics, to demonstrate a high-level architecture of a state-of-the-art Cyber Range while classifying the features of the reviewed Cyber Ranges according to the attributes of the proposed one