Simulation of MITM in PEAP with hostap
application of EAP state machines from hostap for MITM simulation
- Track: Security devroom
- Room: H.1308 (Rolin)
- Day: Sunday
- Start: 12:00
- End: 12:20
It's a talk about MITM in Tunneled Authentication Protocols and its consequent implementation with a help of hostap project. The research is not original and you may find a deeper overview in the paper: Pieter Robyns, Bram Bonné, Peter Quax, Wim Lamotte, Exploiting WPA2-enterprise vendor implementation weaknesses through challenge response oracles, July 2014.
There is a lot of information about hijacking internet connection. The most trivial case is unencrypted (open) wireless connection. But it is still possible if the network is protected with WPA/WPA2-Enteprise.
Three days work was sufficient to modify the behaviour of MSCHAPv2 and a bit of PEAP methods in EAP state machine within hostap. In the end, proof-of-concept simulation demonstrates the attack flow.
It is reasonable, since this code base is widely spread and up-to-date, what's even more important. Hence, it is a very good sandbox for EAP attacks.
Speakers
 |
Siarhei Siniak |