Enhancing WiFi Security and Password Protection for IoT Devices

Slide Note
Embed
Share

Explore the importance of securing WiFi networks and IoT devices to mitigate privacy and security risks. Learn about encryption, hashing, salting, and ways to strengthen passwords to prevent unauthorized access. Discover common password attack methods and how to safeguard against them.


Uploaded on Oct 08, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. WEP/WPA2 WiFi Password Security & Exploiting IP Based Surveillance Cameras By Basiru Mohammed Rajkumar Ramadhin Alexander Martin

  2. Introduction With growing advancement in the "Internet of Things" we must take a look at the security of networks and their associated devices and determine the threats associated with this rapidly growing field of technology. Surveillance cameras, baby monitors, household appliances, and other network devices are all connected through wireless networks. As these devices grow in popularity, so too does the threat they pose to privacy and security. Hardening the security of networks and IOT devices is vital in ensuring the safe use of these convenient and helpful appliances.

  3. Basic Password Definitions Encryption- Scrambling information so that only someone with a corresponding key (cipher) can decrypt that information. The intent of Encryption is to protect data with the intent to later decrypt that data. Hashing- Uses an algorithm to map data of any size to a fixed length known as a hash value. Different than encryption in that it is not meant to be decrypted and there is no cipher. Each hash value is unique. Salting- Typically unique to password hashing. Salting adds extra data to the known data before it is hashed. This adds an extra layer of complexity from brute force decryption.

  4. Salting

  5. Increasing total Password Size and Character Types used makes a more secure password Total characters in alphabet = 26 characters Every character makes it 26x stronger EX: a-z _ _ _ _ = 264= 456,976 password possibilities EX2: a-z _ _ _ _ _ = 265= 11,881,376 password possibilities Capital and Lower Cases = 52 characters Combination of Upper and Lower case letters EX: _ _ _ _ of upper and lowers = 524combination = 7,311,616 Add Special Characters and Numbers (!@#$ etc.) = 75 characters EX: _ _ _ _ of Numbers, Upper and Lower Letters, and Special Characters = 75^4 = 31,640,625

  6. Different Ways to Attack Passwords Password Guessing Default passwords, common passwords, Sports teams, Cars. Sometimes will require research on user background. Shoulder Surfing - Watching Password Input from behind user. Social Engineering - Ask or demand employee to reveal password. Often attacker will pose as a technician or authority to pressure user into giving password. Dictionary Attack - Attacker uses every word in dictionary in sequence to crack password. Brute Force Attack Attacker uses every letter/character in sequence to eventually crack password. Reverse Engineer Password Hashes Intercepting password hashes between system and server using a sniffer. Hash is reverse engineered to reveal password using precomputation. Precomputation (rainbow table) Uses a rainbow table A rainbow table is a table of common passwords with their hash equivalent. Very time consuming to generate a rainbow table. Simply compare the target hash to your table of hashes to figure out password. Defeated by salting which adds additional hash info and defeats ability to match that information together.

  7. What we want to accomplish Research the encryption methods used in WEP and WPA2 Distinguish what makes WPA2 more secured than WEP Attempt to crack the password of WEP Possible tool: Kali Linux Airmon-NG and AirCrack to crack the password Attempt to crack the password of WPA2 Possible tool : Kali Linux Airmon-NG and AirCrack to crack the password Implement these attacks in a real world situation Set up a test environment with WEP then WPA2 Tools: IP camera and ALFA card(?)

  8. What is WEP? Wired Equivalent Privacy meant to provide the security of wired LAN Introduced in 1997, implemented as 1999 Uses RC4 algorithm Started with a 40-bit long key with 24-bit initialization vector Other failed attempts to fix WEP includes WEP2 and WEP+

  9. What is WPA2? Introduced in 2004 Full implementation of 802.11i Substituted WPA-TKIP with WPA2-AES Backward compatibility with WPA Utilizes AES-CCMP Advanced Encryption Standard Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

  10. Pros and Cons of WPA2 Not susceptible to the attacks of WEP Becomes vulnerable due to backward compatibility Vulnerability to Man-In-The-Middle attacks Vulnerable to KRACK attack due to affected 802.11i standard

  11. Goals of project Our group will attempt to demonstrate four different exploits 1. The cracking of WEP WiFi password protection. 2. The cracking of WPA2 WiFi password protection. 3. Performing a de-authentication attack to "kick" a device off of a desired network, thus disabling it. 4. Demonstrating the importance in updating a IP based surveillance camera default username and password.

  12. What we plan to do? 1. Set up a test environment with WEP and WPA2 password protected wireless routers. 2. Crack WEP security using Wifite, or Kali Linux tool suite AirCrack. 3. Crack WPA2 security using Kali Linux tool suite AirCrack and perhaps using Hashcat for dictionary list attack. 4. Attempt a de-authentication attack taking a device offline using a bash script.

  13. Citations 1. https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/ 2. https://null-byte.wonderhowto.com/how-to/hack-wi-fi-hunting-down-cracking-wep-networks- 0183712/ 3. https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-passwords-using-new- pmkid-hashcat-attack-0189379/ 4. https://hackernoon.com/forcing-a-device-to-disconnect-from-wifi-using-a-deauthentication- attack-f664b9940142 5. https://www.tomsguide.com/us/cheap-security-cameras-poor-passwords,news-27495.html 6. https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/ 7. https://julianoliver.com/output/log_2015-12-18_14-39 8. https://tools.kali.org/wireless-attacks/wifite 9. http://www.ivanescobar.com/wep%20vs%20wpa.pdf

Related


More Related Content