Subscribe:Posts Comments

You Are Here: Home » Computer Science Presentation Topics, Computer Science Seminar Topics, Computer Seminar Topics, Paper Presentation Topics, Presentation Topics for IT, Security Systems, Seminar Topics for IT, Wireless Communication » Recent Issue with Wireless Security Seminar Topics for IT

Seminar Topics for IT on Recent Issues with Wireless (802.11) Security

Introduction

My goal for this Seminar topics for IT project is to present recent information about developments within wireless security. When I say wireless in this paper I am referring to the 802.11 standard that is also known as Wi-Fi. I won’t be mentioning topics that include Bluetooth, cell phones, RFID or other wireless categories.

Many media outlets have already covered the security problems with WEP, so those methods will only be mentioned to re-establish where wireless security was, to compare where it is today. It might have been thought that the end of WEP was the end of the security problems with wireless, but I will attempt to show that even as recent as November 2008, researchers are finding more problems with current standards.

The following sections will include some background information about how wireless security was done. Then the first recent issue I will talk about is the encryption method of TKIP within WPA and how the use of it creates an insecure environment.  The second topic I will talk about is Jasager and how it exploits a problem with how some Wi-Fi software allows authentication with access points. Following that is a section describing some solutions for the security issues, and ways to protect a wireless connection from the different attacks.

Recent Security issues

These next sections explain some other methods that researchers have recently discovered or created to show other aspects where wireless is weak.  It’s good that they expose these techniques, because even though it could allow for malicious individuals or groups to break the wireless, it helps the developers who create the standards work on better methods to protect future versions of the standard.

TKIP within WPA

A paper released by Martin Beck and Erik Tews (2008) exposes a flaw within TKIP while within WPA.  TKIP stands for Temporal Key Integrity Protocol.  TKIP was created to allow older hardware to use a better form of encryption than WEP and to keep the wireless connection more secure (Berghel 2005).

With older hardware in mind, TKIP still uses some features that WEP used, such as the stream cipher, a 4-byte CRC checksum, a RC4 stream cipher, and every packet sends a 32bit CRC32 checksum (called ICV).  Using an attack method that was used with WEP, called the ChopChop attack, and knowing the IPv4 address of the network, the attacker can decrypt an ARP (Address Resolution Protocol) request.  Johnny Cache and Vincent Liu (2007), state:

“ChopChop works by systematically modifying an encrypted packet one byte at a time and replaying it to the AP.  By monitoring if the AP accepts the modified packet, ChopChop can slowly decrypt any packet protected by WEP [in this case WPA], regardless of key or key size.”

So according to Beck and Tews (2008), when the Attacker captures a packet “he truncates the packet by one byte, guesses [the last byte of the trailing checksum], corrects the checksum and sends the packet to the access point to find out if the guess was correct”. “Packets with an incorrect checksum are silently discarded”, but if the checksum is correct then “the access point will generate an error message”.  The attacker is then able to slowly increment the values of the checksum.

The difference between TKIP and WEP is that TKIP has some countermeasures in place to try to keep this from happening. In WEP the Attacker could increment the guessed checksum fairly quickly, but with TKIP the Attacker needs to wait 60 seconds before trying again, because of the countermeasures. Then to know the exact sender and receiver IP address the attacker uses last 12 bytes of the packet to compare with more guesses made by the attacker (Beck and Tews 2008).

The attacker manipulating the ARP traffic could cause problems when the attacker responds to the ARP request and sends a fake ARP reply with an incorrect address to the client, which could then re-route some traffic to a hazardous address.  This is an example of ARP poisoning or ARP spoofing.   ARP is a protocol used by many routers and Ethernet devices to find the hardware address of a device when it only knows the IP address. There are other protocols that may be used, but because of how simple ARP is, it is fairly common to see.

Even though the complete TKIP PSK is not recovered, this does show that partial data manipulation is possible and could potentially lead to a full PSK recovery, similar to the way that WEP was broken (Beck and Tews 2008).

Jasager

Jasager is a piece of software that is written to run on an OpenWrt device called a Fon. A Fon router is a small device that was originally created to provide wireless internet access.  OpenWrt is an operating system for small hardware such as the Linksys WRT-54G wireless router and others including the Fon. OpenWrt provided a way for developers to write software without having to worry about the firmware. The reason the Fon was used is because of its small size and ability to be inconspicuous if left in the open.

Seminar topics for IT

Fig 1 – Fon Router

Figure 1 shows the small size of the Fon Router that I was able to use for my tests with Jasager.

According to the program’s author, Digi Ninja (2008), Jasager means “Yes Man” in German. When a computer stores a wireless network SSID and settings are configured in a way (such as “connect to these networks even if SSID is not broadcasting” within Windows), the computer will send out a beacon broadcast asking a wireless access point within range using that beacon if it belongs to that SSID. When Jasager receives that beacon broadcast, it will respond to the beacon that it is the owner of that SSID. This makes the user computer think that the Fon/Jasager is the desired access point. The DHCP and DNS settings for the users computer are controlled by the Attackers computer.

Seminar topics for IT

Fig 2

Figure 2 is showing the standard method of connecting to a wireless access point and to the internet. The user’s traffic is getting sent wirelessly to the router/modem which is also an access point.  This does not show RADIUS servers, which will be talked about in section 4.4, or other switches and routers that may be in place at a corporate environment, but the idea is basically the same.

I was able to purchase a Fon online and the process of installing Jasager took about 2 hours. I then configured my laptop with internet connection sharing and hooked the Fon to the laptop and, created a test network with several computers. With the operating systems Windows XP, Windows 7 beta and Mac OS X I found the quickest way for the clients to connect through Jasager was for the clients to try to connect to an access point they have not connected to before.  Only with Windows XP did the setting “connect to these networks even if SSID is not broadcasting” turned on allow for the computer to connect to Jasager.  The other operating systems only connected to it, if the access point was new and didn’t have any settings stored.

When some computers try to access a SSID that it knows about in range, it doesn’t always send out a beacon request, which makes it difficult for an Attacker to force the user to connect to Jasager.  Once there is at least one connected user then the next part of the attacks can take place.

When viewing the configuration page of Jasager, black-listing or white-listing SSIDs are a few different options that Jasager allows.  White-listing is useful if the Attacker only wants to obtain users that are trying to connect to the “Coffee_Shop” SSID. While black-listing is to attain anyone but the people trying to connect to that SSID.  The Attacker can also filter out MAC addresses.  When a user computer has connected, there is a table that lists the ‘date’, ‘SSID’, ‘IP’, and ‘MAC addresses’.

Darren Kitchen (2008) mentioned that because of the small size of the Fon, it would be possible to create a battery pack, and maybe attach another Fon to the Jasager/Fon to forward any intercepted traffic to another location. Another option would be to connect the Jasager/Fon to a Cell Phone and do the same.  Properly hidden these options would create a small, portable, and automated MITM device.

Related Topics On Seminar Topics for Computer Science

  • IEEE Seminar Topics for Computer Science doc
  • latest seminar topics for computer science
  • seminar topics for computer science with ppt
  • technical seminar topics for computer science with ppts
  • seminar topics for computer science 2013
  • ieee seminar topics for computer science
  • computer science seminar topics with reports
  • seminar topics for computer science engineering
  • IEEE Seminar Topics for IT doc
  • latest seminar topics for IT
  • seminar topics for IT with ppt
  • technical seminar topics for IT with ppts
  • seminar topics for IT 2013
  • ieee seminar topics for IT
  • IT topics with reports
  • Seminar topics for IT 2013
  • seminar topics for Information Technology
  • Engineering Seminar Topics
  • Mechanical Seminar Topics
  • Topics for Presentation

Click here to Download Full Report for Seminar topics for IT on Recent Issues with Wireless Security

JJ

This is Mr.Jose John, 21 yrs old guy, currently pursuing final year mechanical engineering, now become an enthusiastic blogger and a successful entrepreneur.
Connect with him on:

Facebook Twitter LinkedIn Google+ 

email
Related Posts Plugin for WordPress, Blogger...

Leave a Reply

© 2012 Latest Seminar Topics | Mechanical Mini Projects | Electronics Presentation | Engineering Presentations for Download · Subscribe:PostsComments · Designed by Theme Junkie · Powered by WordPress