Professional Documents
Culture Documents
BACHELOR OF TECHNOLOGY
in
Submitted By
Assistant Professor
2020-2024
KAKINADA INSTITUTE OF ENGINEERING & TECHNOLOGY
(Approved by AICTE & Affiliated to JNT University Kakinada)
Yanam Road, Korangi-533461, E.G. Dist. (A.P) Phone no: 0884-
234050, 2303400 Fax no: 0884-2303869
DEPARTMENT OF CSE – CYBER SECURITY
BONAFIDE CERTIFICATE
EXTERNAL EXAMINER
ACKNOWLEDGEMENT
I would like to take the privilege of the opportunity to express my gratitude for
the Project work of “ATTACKING WIRELESS AND NETWORK SECURITY”
which enabled us to express our special thanks to our honorable Chairman of the
institution Sri. P.V. Viswam.
I am thankful to Principal Dr. M. M. S. Prasad, Ph.D, who has shown keen
interest in us and encouraged us by providing all the facilities to complete my project
successfully.
I express my gratitude to our beloved Head of the Department of CSE – CS,
Mr. V V SUBHASH, M.Tech for assisting me in completing my project work.
I am extremely thankful to our Project Review Committee who has been a
source of inspiration for us throughout my project and for their valuable advice in
making my project a success.
I express my sincere thanks to my beloved supervisor Mahalakshmi Rao,
Assistant Professor, Dept. of CSE - CS who has been a source of inspiration for me
throughout my project and for his valuable pieces of advice in making my project a
success.
I wish to express my sincere thanks to all teaching and non-teaching staff of the
CSE – Cyber Secuirty Department. I wish to express my special thanks to all the
faculty members of our college for their concern in subjects and their help throughout
my course.
I am very thankful to my parents, and all my friends who had given me good
cooperation and suggestions throughout this project and helped me in successful
completion.
DECLARATION
I hereby declare that the project work entitled “ATTACKING WIRELESS AND
NETWORK SECURITY” Submitted to the Kakinada Institute of Engineering and
Technology affiliated to JNTU Kakinada, a record of an original work done by me under
the guidance of Mr. B. Mahalakshmi Rao, M.Tech., Assistant Professor in the
Department of CSE - CS and this project work is submitted to the partial fulfillment of
the requirements for the award of the degree of Bachelor of Technology in CSE - CS. The
results embodied in this project have not been submitted to any other University or
Institute for the award of any Degree or Diploma.
Place:
Date:
ATTACKING WIRELESS AND NETWORK
SECURITY
DoS attacks are not like your typical malware attacks. They don’t require special
programs to run. Instead, they seek to exploit the inherent vulnerability in the target
network.
Let’s say you’re looking to buy your favorite pair of sneakers from your favorite
ecommerce website. Typically, your device sends a small packet of information asking
the server for authentication. Once the server authenticates and your network
acknowledges the approval, you can access the website.
However, in a DoS attack, the process is rigged. Bad actors send several packets of
information asking the server for authentication. The problem is the return address is
faulty, thereby making it impossible for servers to send the authentication approval.
Security Vulnerabilities in Wireless Devices:
Explanation: Investigate common security vulnerabilities found in wireless routers,
access points, and client devices. Discuss how these vulnerabilities can be exploited by
attackers to compromise the security of the entire network.
Introduction to PSKracker:
PSKracker is a powerful tool designed for testing and assessing the security of wireless
networks by attempting to crack their pre-shared keys (PSKs). PSKs are the passwords
used to authenticate users and secure access to WPA/WPA2-protected wireless networks.
This tool is primarily intended for use by security professionals, network administrators,
and ethical hackers to evaluate the strength of their own wireless networks' security
measures and identify potential vulnerabilities. PSKracker utilizes various techniques,
including dictionary attacks, brute force attacks, and rainbow table attacks, to
systematically guess or crack the PSK used to protect a wireless network.
It's important to emphasize that PSKracker should only be used for ethical and legal
purposes, with proper authorization obtained before testing the security of any network.
Unauthorized or malicious use of PSKracker to gain unauthorized access to wireless
networks is illegal and unethical.
This documentation provides comprehensive guidance on installing, configuring, and
responsibly using PSKracker, as well as recommendations for securing wireless networks
against potential attacks. By following the guidelines outlined in this documentation,
users can effectively leverage PSKracker as part of their network security toolkit while
maintaining ethical and legal standards.
Features:
1. Dictionary Attack: PSKracker employs a dictionary attack by attempting to crack
the PSK using a predefined list of commonly used passwords or words.
2. Brute Force Attack: This feature allows PSKracker to systematically try all
possible combinations of characters until the correct PSK is found, providing a
comprehensive method for cracking.
3. Hybrid Attack: PSKracker can combine dictionary and brute force attacks
intelligently, leveraging the advantages of both methods to increase the likelihood
of success.
4. Mask Attack: Users can specify a pattern or mask for the PSK, allowing
PSKracker to focus its cracking efforts on a specific subset of possible passwords,
thereby reducing the search space.
5. Rule-Based Attack: PSKracker supports rule-based attacks, allowing users to
apply custom transformation rules to manipulate dictionary words or brute force
attempts, such as appending numbers or special characters.
6. Custom Wordlists: Users can provide their own custom wordlists or dictionaries
for PSKracker to use during dictionary attacks, enabling tailored password
guessing based on specific criteria or context.
7. Rainbow Table Attack: PSKracker may incorporate rainbow table attacks, which
use precomputed tables to speed up the cracking process by matching hash values
to plaintext passwords, although this may not be as relevant for WPA/WPA2
PSKs due to the use of salting.
8. Optimized Performance: PSKracker includes optimizations such as parallel
processing, GPU acceleration, or distributed computing to improve performance
and reduce the time required to crack PSKs.
9. Progress Reporting: PSKracker provides real-time feedback on the progress of the
cracking process, including information such as the number of passwords tested,
success rate, and estimated time remaining.
10. Logging and Reporting: PSKracker logs all cracking attempts and results,
allowing users to review and analyze the outcome of the cracking process, as well
as generate reports for documentation purposes.
11. Compatibility: PSKracker is compatible with various wireless network
configurations and encryption protocols, including WPA and WPA2, supporting
both personal (PSK) and enterprise (802.1X/EAP) authentication methods
12. User-Friendly Interface: PSKracker offers an intuitive command-line interface
(CLI) or graphical user interface (GUI) that makes it easy for users to configure
and run cracking operations, as well as adjust settings and parameters as needed.
13. Error Handling: PSKracker includes robust error handling mechanisms to
gracefully handle unexpected errors, interruptions, or failures during the cracking
process, ensuring reliability and stability.
14. Ethical Usage Guidelines: PSKracker promotes ethical usage by providing clear
warnings against using the tool for unauthorized purposes, as well as guidance on
obtaining proper authorization before testing the security of any network.
Install:
Required Arguments:
Optional Arguments:
Required Arguments:
Optional Arguments:
-b, --bssid : BSSID of target
-W, --wps : Output possible WPS pin(s) only
-G, --guest : Output possible guest WPA key(s) only
-s, --serial : Serial number
-f, --force : Force full output
-h, --help : Display help/usage
Usage Example:
pskracker -t <target> -s <serial number> -b <bssid>
Targeted Example:
$ pskracker -t nvg599
...
aaae7uas5wrj
aaae7v3qrvbu
...
$ pskracker -t dpc3941 -b 112233445566
PSK: 5756C3915966657704
d) Mask Attacks:
Explanation: Mask attacks allow users to specify a pattern or mask for the PSK,
indicating the possible characters and their positions. PSKracker then iterates
through all possible combinations based on the specified mask, reducing the
search space and speeding up the cracking process.
Usage: Mask attacks are useful when users have some knowledge or hints about
the structure or format of the PSK, such as the length or the presence of certain
characters. By focusing the cracking efforts on specific patterns, PSKracker can
crack PSKs more efficiently.Description of how each attack method works and its
effectiveness.
Best Practices for Ethical Usage:
2. Privacy: Respect user privacy by collecting only the data necessary for the
intended purpose and ensuring it's securely stored and used responsibly.
3. Fairness: Ensure that AI systems are designed and trained to be fair and unbiased,
without discriminating against individuals or groups based on factors like race,
gender, or socioeconomic status.
11. Education and Awareness: Educate users and stakeholders about the ethical
implications of AI and empower them to make responsible decisions regarding its
development and use.
Security Recommendations:
1. Strong Authentication: Implement strong authentication mechanisms, such as
multi-factor authentication, to ensure that only authorized users can access
PSKRACKER.
3. Access Control: Enforce strict access controls to limit privileges and restrict
access to sensitive functionality or data within PSKRACKER. Use role-based
access control (RBAC) where appropriate.
4. Regular Updates and Patching: Keep PSKRACKER up-to-date with the latest
security patches and updates to address any known vulnerabilities and protect
against potential exploits.
8. Data Encryption: Encrypt sensitive data at rest and in transit to protect it from
unauthorized access or disclosure. Utilize strong encryption algorithms and key
management practices.
10. Incident Response Plan: Have an incident response plan in place to effectively
respond to security breaches or incidents involving PSKRACKER. This plan
should include procedures for containing, investigating, and remedying security
incidents.
12. User Education and Awareness: Educate users about security best practices, such
as creating strong passwords, recognizing phishing attempts, and reporting
suspicious activities. Foster a security-conscious culture within the organization.
Resources:
Cybersecurity Websites and Forums: Websites like Cybersecurity and Infrastructure
Security Agency (CISA), Krebs on Security, and forums like Reddit's r/cybersecurity can
provide a wealth of information on various cybersecurity topics, including password
security and cracking.
Online Courses and Tutorials: Platforms like Coursera, Udemy, and Cybrary offer
courses on cybersecurity fundamentals, ethical hacking, and password security.
Books: There are numerous books available on cybersecurity and password cracking.
Some notable titles include "Hacking: The Art of Exploitation" by Jon Erickson, "The
Web Application Hacker's Handbook" by Dafydd Stuttard and Marcus Pinto, and
"Password Cracking: A Hands-On Guide to Penetration Testing" by Matt Walker.Open
Source Tools: Tools like John the Ripper, Hashcat, and Hydra are commonly used for
password cracking and can provide insights into the techniques and methodologies
involved.
Conferences and Events: Attending cybersecurity conferences and events, such as DEF
CON, Black Hat, and RSA Conference, can offer opportunities to learn about the latest
trends and developments in password security and cracking.
Online Communities: Engaging with online communities like Stack Exchange's
Information Security community or joining cybersecurity-focused Discord servers can
provide access to experts and enthusiasts who can offer insights and guidance.
References to relevant books, articles, and websites.
Version History:
6. WEP/WPA Cracking
Attackers exploit vulnerabilities in older wireless security protocols like Wired
Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) to gain unauthorized
access to encrypted wireless networks.
8. Deauthentication/Disassociation Attacks
Attackers send forged deauthentication or disassociation frames to wireless devices,
forcing them to disconnect from the network, leading to service disruptions or potential
vulnerabilities when devices automatically reconnect.
The network security tool can examine all the traffic across a network.
Traffic monitoring helps the organization proactively identify the issues
and threats before it turns into significant damage to the organization.
Network security tools send real-time alerts for any unusual behavior to
prevent any breaches.
1. Wireshark
Features
Pros
Cons
Lack of support
2. Nexpose
Nexpose is a network security software that provides real-time
information about vulnerabilities and reduces the threats in a network.
In addition, Nexpose permits the users to allot a risk score to the
detected vulnerabilities so that they may be prioritized as per the
security levels.
Features
Pros
Easy to use
Cons
Features
Pros
Easy to use
Cons
4. Nagios
Nagios is a network security tool that helps to monitor hosts, systems,
and networks. It sends alerts in real-time. You can select which specific
notifications you would like to receive.
It can track network resources like HTTP, NNTP, ICMP, POP3, and SMTP.
It is a free tool.
Features
Pros
User friendly
Cons
Tor is a network security tool that ensures the privacy of users while
using the internet. It helps in preventing cybersecurity threats and is
useful in safeguarding information security.
Tor works on the concept of onion routing, and the layers are layered one
over the other similar to the onion. All the layers function smartly so that
there is no need to reveal any IP and geographical location of the user.
Therefore, limiting the visibility of any sites, you are visiting.
Features
It helps to block the third-party trackers, and ads can't follow you
It aims to make all users look the same and is difficult for trackers
Pros
User-friendly interface
Cons
6. Nessus Professional
Features
Pros
Cons
Features
Pros
Cons
8. Kali Linux
Kali Linux is a penetration testing tool used to scan IT systems and
network vulnerabilities. The organization can monitor and maintain its
network security systems on just one platform.
It offers a security auditing operating system and tools with more than
300 techniques to make sure that your sites and Linux servers stay safe.
Features
Pros
Cons
Limited customization
Features
Pros
10. Forcepoint
Pros
Good support
Cons
1) 1) 2)
Min-kyu Choi , Rosslin John Robles , Chang-hwa Hong , Tai-hoon
1)
Kim
School of Multimedia, Hannam University, Daejeon, Korea
puremiroa@naver.com, rosslin_john@yahoo.com, taihoonn@hannam.ac.kr
Abstract
1. Introduction
Wireless networking presents many advantages Productivity
improves because of increased accessibility to information
resources. Network configuration and reconfiguration is easier,
faster, and less expensive. However, wireless technology also
creates new threats and alters the existing information security
risk profile. For example, because communications takes place
"through the air" using radio frequencies,
the risk of interception is greater than with wired networks. If the
message is not encrypted, or encrypted with a weak algor ithm, the
attacker can read it, thereby compromising confidentiality.
Although wireless networking alters the risks associated with
various threats to security, the overall security objectives remain
the same as with wired networks: preserving confidentiality,
ensuring integrity, and maintaining availability of the information
and information systems. The objective of this paper is to assist
managers in making such decisions by providing them with a
basic
understanding of the nature of the various threats associated with
wireless networking and available countermeasures.
convenience, cost
efficiency, and ease of integration with other networks and network
components. The majority of computers sold to consumers today come pre-
equipped with all necessary wireless Networks technology. The benefits of
wireless Networks include: Convenience, Mobility, Productivity,
Deployment, Expandability and Cost.
Denial of service:
The best method for dealing with the threat of rogue access points is to use
802.1x on the
wired network to authenticate all devices that are plugged into the network.
Using 802.1x will prevent any unauthorized devices from connecting to the
network.
Organizations also need to ensure that all authorized wireless access points
are securely
configured. It is especially important to change all default settings because
they are
wellknown and can be exploited by attackers.
The most effective way to secure your wireless network from intruders is to
encrypt, or
scramble, communications over the network. Most wireless routers, access
points, and
stations have a built-in encryption mechanism. If your wireless router
doesn’t have an
encryption feature, consider getting one that does. Manufacturers often
deliver wireless
routers with the encryption feature turned off. You must turn it on.
connected
the Internet. Install anti-virus and anti-spyware software, and keep them up-
to-date. If your firewall was shipped in the “off” mode, turn it on.
sends out a
signal to any device in the vicinity announcing its presence. You don’t need
to broadcast
information if the person using the network already knows it is there.
Hackers can use
identifier broadcasting to home in on vulnerable wireless networks. Disable
the identifier
broadcasting mechanism if your wireless router allows it.
by the
manufacturer to all hardware of that model. Even if your router is not
broadcasting its
identifier to the world, hackers know the default IDs and can use them to try
to access your network. Change your identifier to something only you
know, and remember to configure the same unique ID into your wireless
router and your computer so they can communicate. Use a password that’s at
least 10 characters long: The longer your password, the harder it is for
hackers to break.
defaultpassword
that allows you to set up and operate the router. Hackers know these default
passwords, so change it to something only you know. The longer the
password, the tougher it is to crack.
own unique
Media Access Control (MAC) address. Wireless routers usually have a
mechanism to allow only devices with particular MAC addresses access to
the network. Some hackers have mimicked MAC addresses, so don’t rely on
this step alone.
6.7 Turn off your wireless network when you know you won’t use it
Hackers cannot access a wireless router when it is shut down. If you turn the
router off
when you’re not using it, you limit the amount of time that it is susceptible
to a hack.
Many cafés, hotels, airports, and other public establishments offer wireless
networks for
their customers’ use.
8. Network Auditing
The network
needs to be regularly audited for rouge hardware. In this method the network
is scanned and mapped for all access points and WLAN nodes. Then this is
compared with previous network map. Commonly available network
mapping tools like netstumbler and wavelan-tool can be used to do this.
Specialized tools such as Airsnort can be used for WEP cracking and
auditing the network for weak keys, key reuse and WEP security settings.
These methods include the same tests as those carried out by hackers for
breaking into the network.
Conclusion
Station: Stations (STA) comprise all devices and equipment that are
connected to the wireless LAN. It can be of two types:
Wireless Access Point (WAP): WAPs or simply access points
(AP) are wireless routers that bridge connections for base
stations.
Client: Examples include computers, laptops, printers, and
smartphones.
Access Point: It is a device that can be classified as a station because of its
functionalities and acts as a connection between wireless medium and
distributed systems.
Distribution System: A system used to interconnect a set of BSSs and
integrated LANs to create an ESS.
Frame: It is a MAC protocol data unit.
SSID (Service Set Identifier): It’s the network name for a particular
WLAN. All-access points and devices on a specific WLAN must use the same
SSID to communicate.
SDU: It is a data unit that acts as an input to each layer. These can be
fragmented or aggregated to form a PDU.
PDU: It is a data unit projected as an output to communicate with the
corresponding layer at the other end. They contain a header specific to the
layer.
Network Interface Controller: It is also known as network interface card.
It is a hardware component that connects devices to the network.
Portal: Serves as a gateway to other networks.
IEEE 802.11 Architecture and Services
In the year 1990, IEEE 802.11 Committee formed a new working group, the
IEEE 802.11 standard which defines protocols for Wireless Local Area
Networks (WLANs). Just like how Ethernet provides services for wired
media, IEEE 802.11 architecture is designed to provide features for
wireless networks.
An AP supports both wired and wireless connections. The 802.11 standard
calls the upstream wired network the distribution system (DS). The AP
bridges the wireless and wired L2 Ethernet frames, allowing traffic to flow
from the wired to the wireless network and vice versa. Each wireless
network has a unique SSID.
The 802.11 architecture provides some basic services for WLANs whose
implementation is supported by MAC layer:
Basic Service Set
The Basic Service Set configuration consists of a group of stations and
relies on an Access Point (AP), which serves as a logical hub. Stations from
different BSSs interact through the AP, which functions as a bridge, linking
multiple WLAN cells or channels.
Operating Modes
Depending upon the mode of operation, BSS can be categorized into the
following types:
Infrastructure BSS: Communication between stations takes
place through access points. The AP and its associated wireless
clients define the coverage area and form the BSS.
NOTE:
MSDU: Information that is delivered as a unit between MAC users.
MPDU: The unit of data exchanged between two peer MAC entities using the
services of the physical layer.
Frame Format of IEEE 802.11
IEEE 802.11 MAC layer data frame consists of 9 fields:
Frame Control
It is 2 bytes long and defines type of frame and control information. The
types of fields present in FC are:
Version: Indicates the current protocol version.
Type: Determines the function of frame i.e. management(00),
control(01) or data(10).
Subtype: Indicates subtype of frame like 0000 for association
request, 1000 for beacon.
To DS: When set indicates that the destination frame is for
DS(distribution system).
From DS: When set indicates frame coming from DS.
More frag (More fragments): When set to 1 means frame is
followed by other fragments.
Retry: If the current frame is a re-transmission of an earlier
frame, this bit is set to 1.
Power Mgmt (Power Management): It indicates the mode of a
station after successful transmission of a frame. Set to ‘1’ field
indicates that the station goes into power-save mode. If the field
is set to 0, the station stays active.
More data: It is used to indicate to the receiver that a sender has
more data to send than the current frame.
WEP: It indicates that the standard security mechanism of 802.11
is applied.
Order: If this bit is set to 1 the received frames must be
processed in strict order.
Duration / ID
It contains the value indicating the period of time in which the medium is
occupied (in µs).
Address 1 to 4
These fields contain standard IEEE 802 MAC addresses (48 bit each). The
meaning of each address is defined by DS bits in the frame control field.
SC (Sequence Control)
It consists of 2 sub-fields i.e. sequence number (12 bits) and fragment
number (4 bits). Sequence number is used to filter duplicate frames.
Data
It is a variable length field which contains information specific to individual
frames which is transferred transparently from a sender to the receiver.
CRC (Cyclic Redundancy Check)
It contains 32 bit CRC error detection sequence to ensure error free frame.
Note: To know more about the features of IEEE 802.11 MAC frame visit
this article.
Wi-Fi Alliance
Wi-Fi Alliance is a global non-profit organization that performs the task of
monitoring products from different manufacturers which are certified on
the basis of IEEE 802.11 standard. There is always a concern whether
products from different vendors will successfully interoperate. Early
802.11 products suffered from interoperability problems because the
Institute of Electrical and Electronics Engineers (IEEE) had no provision
for testing equipment for compliance with its standards. Hence, Wi-Fi
Alliance’s main objective is to establish a single global standard for high-
speed wireless LANs and ensure interoperability among 802.11 devices.
Before 1999, Wi-Fi Alliance was known as Wireless Ethernet Compatibility
Alliance (WECA). It created a test-suite to certify interoperability for
802.11 products and launched the Wi-Fi CERTIFIED program in March of
2020. This program offers a renowned designation of quality and
interoperability, ensuring that certified products provide the best quality
and user experience.
Conclusion
IEEE 802.11, widely recognized as Wi-Fi, revolutionized wireless
communication by establishing protocols for WLANs. With an intricate
architecture supporting both localized and expansive networks, it ensures
seamless roaming and secure connections. Despite challenges like potential
interference and marginally slower speeds than wired networks, Wi-Fi’s
broad applications, from home setups to public hotspots, underscore its
transformative impact on modern connectivity, making it indispensable in
today’s digital age.
Security Problems Addressed
TKIand PN in CCMP)
TKIP.
No keystream in CCMP.
encrypted.
Summary
1. Wireless networks and mobile devices are subject to more attacks than
wired network or static devices .
3. 802.11 originally used Wired Equivalent Privacy (WEP) which used RC4
for encryption and CRC-32 for MAC. Both were trivial to attack.
4. TKIP or WPA provides per-packet key and 64-bit MIC using RC4.