Page 128 - StudyBook.pdf
P. 128

112    Chapter 3 • Communication Security: Remote Access and Messaging



              NOTE
                  Ciphers are covered in greater detail in Chapter 9.




                 This mode of operation makes stream ciphers vulnerable to attacks. If an eaves-
             dropper intercepts two ciphertexts encrypted with the same key stream, they can
             obtain the eXclusive OR (XOR) of the two plaintexts. Knowledge of this XOR
             can enable statistical attacks to recover the plaintexts.
                 One particular vulnerability was discovered by the Fluhrer, Mantin, and Shamir
             group.The attack (known as the Fluhrer, Mantin, and Shamir attack) is exploited
             because of the key scheduling algorithm of RC4.There are certain weak keys, that
             allow for statistical determination of the keys when those keys are used.The
             Fluhrer, Mantin, and Shamir attack involves guesswork and creativity, since you
             have to guess the first byte of plaintext data being transmitted.When data is
             encrypted before transmission, a piece of data called the initialization vector (IV) is
             added to the secret key. Fluhrer, Mantin, and Shamir discovered that the IV was
             transmitted in the clear, and they recovered the 128-bit secret key used in a pro-
             duction network.
                 There are also tools available for download on the Internet, which can be used
             to exploit the vulnerabilities of WEP.Two of the most common tools are AirSnort
             and WEPCrack.

             AirSnort

             AirSnort (http://sourceforge.net/projects/airsnort or http://airsnort.shmoo.com/)
             is a tool used to recover encryption keys.AirSnort passively monitors transmissions
             and recreates the encryption key once it has collected enough packets. For AirSnort
             to be effective, it must collect between 5 and 10 million packets. Collecting this
             many packets takes time. In an 8-hour day, the average person produces approxi-
             mately 250,000 packets.To collect the minimum of 5 million packets would take
             about three weeks. Once AirSnort has enough packets, it recreates the encryption
             password in less than one second. In more busy networks, 10 million packets could
             be collected in a matter of a few hours.

             AirCrack and WepLab

             Variations of AirSnort and a short lived tool called Chopper,AirCrack, and WepLab
             provide the same functionality as AirSnort, but require less packets to do so.




          www.syngress.com
   123   124   125   126   127   128   129   130   131   132   133