Presented at
DEF CON 15 (2007),
Aug. 4, 2007, 6 p.m.
(50 minutes).
We thought The Emperor has No Cloak story was a pure fiction until we came across an announcement three weeks ago. Marketing can sell anything. The question is can an invisible cloak be sold in modern times when most of us can see through it?
The WEP cloaking technique works (or rather, as we argue, does not work) by injecting spoofed WEP encrypted data frames ("Chaff") into the air. These chaff packets may contain random data or encrypted with a key different from the actual WEP key in use and may use only weak IVs. Unmodified WEP cracking tools fail to crack the original WEP key in a chaff-contaminated packet trace. Apart from the fact that WEP cloaking does not address any of the other weaknesses in WEP (such as message modification, replay attacks, shared authentication flaws, packet decoding using ICV etc); there are multiple ways to beat WEP cloaking, which we will disclose during our talk.
We also plan to release a set of tools including a patch for Aircrack which will keep WEP cracking the simple job it's always been - even in the presence of WEP Cloaking. Final verdict on WEP Cloaking: WEP was, is, will remain broken. It cannot be secured by obscuring its flaws.
Presenters:
-
Vivek Ramachandran
- Senior Wireless Security Researcher, AirTight Networks
Vivek Ramachandran is a member of security research team at AirTight Networks. His current focus is on 802.11 security -- both threats and countermeasures. In 2006, Vivek was featured in the "India Top 10" list of the Microsoft Security Shootout contest (web application security) among a reported 65,000 participants. He has delivered talks and tutorials in security conferences and workshops, and has published case studies and original research papers in DDoS mitigation and arp spoofing detection. Vivek is a graduate in Electronics and Communications from the Indian Institute of Technology, Guwahati.
Links:
Similar Presentations: