Cracking wpa2 psk in the cloud
-
Upload
fotios-lindiakos -
Category
Technology
-
view
5.255 -
download
3
Transcript of Cracking wpa2 psk in the cloud
![Page 1: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/1.jpg)
CRACKING WPA2-PSK IN THE CLOUDA Cost Effective Solution For Brute Force AttacksBy Fotios Lindiakos and Ed Rowland
![Page 2: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/2.jpg)
WPA2-PSKWi-Fi Protected Access II – Pre-shared Key
Replaced WPA in 2004 as 802.11i standard Added security replacing TKIP with CCMP (AES) Required for devices with Wi-Fi trademark
Two modes Enterprise – requires a Radius Server (802.1x) Personal – 256 bit key created from a string of
64 digits or 8-63 character passphrase Key calculation
Passphrase PBKDF2(f) salted w/SSID 4096 iterations of HMAC-SHA1
![Page 3: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/3.jpg)
WPA2-PSK/802-11i 4 Way Handshake
• Goal - derive Passphrase from PMK• Correct Passphrase “guessed” if tool
can calculate the same Message Integrity Code (MIC)
Hacking Exposed - Stuart McClure, Joel Scambray, George Kurtz
![Page 4: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/4.jpg)
Tools Used
Amazon’s EC2 cloud Multiple types of instances running 64
bit Ubuntu 10.04 LTS Aircrack-ng v1.1 Custom web front end Custom code to parallelize
processing Laptop/mobile device running
aircrack-ng to capture and send capture file to cloud
![Page 5: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/5.jpg)
About The EC2 Cloud One of many proprietary web services
Amazon offers providing PAAS, IAAS & SAAS
Elastic Compute Cloud (EC2) virtualizes compute cycles into EC2 compute units (ECU)
One ECU provides the equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or Xeon processor
Access to an EC2 instance is via SSH leveraging PKI to encrypt a session key
![Page 6: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/6.jpg)
To the cloud!
![Page 7: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/7.jpg)
Cracking Statistics
Micro (~2) Small (1) Large (4) Medium (5) X-Large (20)0
500
1000
1500
2000
2500
3000
3500
$-
$0.10
$0.20
$0.30
$0.40
$0.50
$0.60
$0.70
$0.80
$0.0888 $0.0944 $0.0833$0.0455 $0.0585
Key Rate (k/s) Cost ($/hr) Cost Per Million Keys
Instance Type (Number of ECU's)
![Page 8: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/8.jpg)
But what about cracking…
One Hundred MILLION
keys!
![Page 9: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/9.jpg)
Time to Crack 100,000,000
1 5 10 1000
5
10
15
20
25
30
$0.00
$10.00
$20.00
$30.00
$40.00
$50.00
$60.00
$70.00
$80.00
X-Large Time Medium Time Medium Cost X-Large Cost
Number of Instances
![Page 10: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/10.jpg)
Optimized for “Bang for your buck”
0:50:00 1:50:000
5
10
15
20
25
30
35
$0.00
$1.00
$2.00
$3.00
$4.00
$5.00
$6.00
$7.00
$8.00
X-Large Instances Medium Instances Medium Cost X-Large Cost
Target Cracking Time
![Page 11: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/11.jpg)
About Custom Code
Written in Ruby Front end is a Sinatra web application Back end is a wrapper around aircrack-
ng Library handles communicating with
EC2 Only 234 lines of code
![Page 12: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/12.jpg)
Front End
Accepts PCAP from the user Also gets SSID and how many instances
to run Creates a “message” for each
instance This message is put on a queue waiting
for client to come online It contains all the information the client
needs Starts cracking instances Waits for results and reports them to
the user After a key is found, terminates all
clients
![Page 13: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/13.jpg)
Back End
Pops a message off the queue at boot time
Gets the PCAP and full dictionary file Creates smaller wordlists
First, makes a list based on “chunk” assigned
Breaks that into smaller chunks for reporting purposes
Runs aircrack-ng against each chunk Reports progress or the key after every
iteration
![Page 14: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/14.jpg)
Demo
![Page 15: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/15.jpg)
Future Work
Utilize other EC2 Instance types High End Cluster with GPU
33.5 ECU and 2 x NVIDIA Tesla “Fermi” M2050 GPUs
Optimize cracking client for architecture Fully utilize multiple CPU/core Fully utilize 64 bit capabilities Fully utilize GPU acceleration
Look at other cracking tools coWPAtty, Hydra, custom code
![Page 16: Cracking wpa2 psk in the cloud](https://reader035.fdocuments.net/reader035/viewer/2022062303/5562c53ad8b42aaf178b4e7e/html5/thumbnails/16.jpg)
Conclusion
It’s certainly inexpensive and easy to leverage cloud computing to hack WPA2-PSK efficiently As long as you have an adequate dictionary
The attack can be prioritized based on Cost
Use cheaper instances, regardless of time Time
Use most powerful instances, regardless of cost