Download - Shark: A Wireless Internet Security Test Bed
![Page 1: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/1.jpg)
Shark: A Wireless Internet Security Test Bed
Senior Design Project May07-09
Stephen Eilers
Jon Murphy
Alex Pease
Jessica Ross
![Page 2: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/2.jpg)
Faculty Advisor and team
• Dr. Steve Russell– Associate Professor
• Electrical and Computer Engineering
• Adrienne Huffman– Graduate Student
• Computer Engineering• [email protected]
• Jon Murphy• Computer Engineering• [email protected]
• Steve Eilers• Computer Engineering• [email protected]
• Alex Pease• Computer Engineering• [email protected]
• Jessica Ross• Computer Engineering
and Mathematics• [email protected]
![Page 3: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/3.jpg)
![Page 4: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/4.jpg)
Definitions
• ARP – Address Resolution Protocol• IV – Initialization Vector• L2TP – Layer 2 Tunneling Protocol• PPTP – Point to Point Tunneling Protocol• Radius – Remote Authentication Dial In User
Service• SSL – Secure Socket Layer• WEP – Wired Equivalency Privacy• WPA – Wi-Fi Protected Access• VPN – Virtual Private Network
![Page 5: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/5.jpg)
What is SHARK?
• SHARK is a wireless security network to be used to study security related issues on wireless networks
• Tool to teach interested students about wireless security
• Report statistics about attackers and methods used to researchers at ISU
• Deployable to any remote location
![Page 6: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/6.jpg)
Why SHARK?
• Client’s Last Semester as Professor, wants project finished
• Educated college students about 802.11 security
• Give students something fun to do
![Page 7: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/7.jpg)
Limitations
• SHARK must be portable and extendable
• Initial build of the SHARK system must consist of three or fewer computers
• SHARK must be built within a $150 budget
• Must use public domain software• Must be capable of collecting research
data
![Page 8: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/8.jpg)
Intended Users
• Primary– College students in computer related fields– Know the basics of wireless networking
• Secondary– Interested community members– People looking for a free access point
![Page 9: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/9.jpg)
Intended Uses
• Primary– Learning tool for students– Study methods of wireless attacks– Study basic network security– Legal and ethical way for students to
participate in hacking exercises
![Page 10: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/10.jpg)
SHARK Node
SharkUbuntuSquid
Void11ApacheMysql
WireShark
![Page 11: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/11.jpg)
SHARK – Software• Ubuntu• Squid
– Web proxy cache• Direct traffic to appropriate places
• Apache– Used to create local web-server login/registration
• Keep track of users
• MySQL– Database
• WireShark/Ethereal– Network Protocol Analyzer
• Captures all traffic on SHARK Network
![Page 12: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/12.jpg)
Levels of Security
• SHARK has five levels of security– Guppy
• No security, used for basic registering on network– Clownfish
• WEP security– Swordfish
• Rotating WEP security– Barracuda
• WPA security– SHARK
• RADIUS security
• Provides statistical data on hacking patterns
![Page 13: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/13.jpg)
Wired Equivalent Privacy (WEP)
• 64-bit WEP 128-bit WEP• Same 24bit IV Stream• Flaws in WEP
– Repeating IV– Short– Stream Cipher
• XOR is bad
![Page 14: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/14.jpg)
• Aircrack, airodump, airdecap• http://www.linux-wlan.org/docs/wlan_adapters.html.gz
• No magic number of IV’s– 250,000 – 400,000 for 40 bit– 750,000 – 2M + for 104 bit
• More users = more IV’s sent = More IV’s that are re-used
• Can read packets if IV is re-used but key not broken yet
Breaking WEP Down
![Page 15: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/15.jpg)
WPA
• Software update to WEP (closely related to rotating WEP)– Re-keying– No more weak IV packets
• Pre-shared Key– Only as strong a pasephrase
• Extensible Authentication Protocol (EAP) – User authentication – Radius
![Page 16: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/16.jpg)
Traffic Generator – Baiting the Hook
• Breaking WEP and WPA encryption– Attackers must analyze thousands of packets
![Page 17: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/17.jpg)
7-of-9
• Off-the-Shelf wireless access point– Provides generic internet access– Traffic is captured and compared to
SHARK traffic
![Page 18: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/18.jpg)
Network View Analysis Subnet
Internet
Sharkweb
smallboxvirtualnet
hub
D-Linkrouter
![Page 19: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/19.jpg)
Network Pros/Cons
• Pros– One external IP– Firewall– branches
• Cons– extensive
forwarding
![Page 20: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/20.jpg)
Machine Breakdown
VirtualNetUbuntu
Xen
SmallBoxSUSESnort
WireSharkMysql
Apache
SharkwebFreeBSDApacheMysqlphp
![Page 21: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/21.jpg)
SmallBox
• Captures traffic on SHARK• Stores and Analyzes data
– Packet Capture WireShark– Filter Snort– Webserver Apache
![Page 22: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/22.jpg)
Sharkweb
When attackers break into SHARK, are forwarded here
• Logged into database
– Webserver Apache– Web Utilities MySQL, PHP
![Page 23: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/23.jpg)
Virtualnet
• Simulates additional machines running services without adding cost of physical machines
– OS Ubuntu– Virtual Machine Manager Xen
![Page 24: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/24.jpg)
Virtual Machines
• VM 1– Mimicking a standard server
• VM 2– Tarpit
• Delays incoming connections for as long as possible
• VM 3– HoneyD
• Confuse attackers to think it has open ports
![Page 25: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/25.jpg)
Secure Tunneling•VPN
–Provide secure communications over unsecured networks
•Benefits–Provides the level of security we desire
•Downsides –If SHARK is compromised, they have direct access to our network
•Solution –Scripting for “on-the-fly” configuration
![Page 26: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/26.jpg)
Secure Tunneling – VPN• One of the only ways to
provide a secure and extensible way to access the SHARK machines
• Need the ability to create multiple VPN sessions, so a VPN server is required
• Multiple solutions available
– PPTP
– L2TP
– SSL
![Page 27: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/27.jpg)
Status of SHARK
• Completed– All computers have main software packages installed and
configured– Order for parts has been placed– Xen server fully configured– Portal redirect
• In Progress– Open access point for registering– Virtual machines up and running
• In Concept– VPN– Radius Server– Data Statistics and Heuristics
![Page 28: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/28.jpg)
Testing
• Target Audience CPRE 537 wireless Security Class
• CONTEST– Open Registration week 1– WEP weeks 2,3– WPA week 4– Rotating WEP week 5– RADIUS week 6– Results week 7– Basic Analysis week 8
![Page 29: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/29.jpg)
Hours and Resources
Hours (current) Cost ($10.50/hr)Steve Eilers 60 $630.00
Alex Pease 86 $903.00
Jon Murphy 58 $609.00
Jessica Ross 50 $525.00
Wireless AP $49.99
Router $39.99
Hub Donated (2)
Computers Donated (3)
Wireless Cards $39.99
Total 254 $2796.97
![Page 30: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/30.jpg)
Future Uses
• Make the automation of tasks smoother• Better documentation• Increase the number of fields for
registration.
![Page 31: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/31.jpg)
Commercialization
• This project is a research project and is not intended for commercialization.
![Page 32: Shark: A Wireless Internet Security Test Bed](https://reader037.vdocuments.mx/reader037/viewer/2022103006/568134d6550346895d9c01b2/html5/thumbnails/32.jpg)
Questions?