Methods and systems for wired equivalent privacy and Wi-Fi protected access protection
First Claim
Patent Images
1. A method of disrupting attempts to break encryption or authentication associated with a wireless network, the method comprising the steps of:
- monitoring the wireless network to detect weak initialization vectors, wherein the weak initialization vectors are weak due to reuse over a specified time period on the wireless network;
monitoring the wireless network to detect known wired equivalent privacy keys being used; and
transmitting random wired equivalent privacy encrypted frames on the wireless network responsive to the monitoring steps, the random wired equivalent privacy encrypted frames are operable to confuse unauthorized devices attempting to capture wired equivalent privacy encrypted frames to break the wired equivalent privacy key, wherein the random wired equivalent privacy encrypted frames each comprise random data encrypted with a different wired equivalent privacy key and random initialization vectors generated at a rate derived in response to monitored traffic, and wherein the random initialization vectors are different from monitored initialization vectors but logically correct and in sequence, wherein the random initialization vectors are invalid packets and are configured to pass validity checks while preventing an attacker to filter out the invalid packets thereby preventing decryption of the wired equivalent privacy key;
wherein the monitoring step is performed by a plurality of distributed monitoring devices, the plurality of monitoring devices are connected to one or more servers; and
wherein the servers are operable to receive and correlate data, events, and statistics from the distributed monitoring devices and to direct the distributed monitoring devices to perform the transmitting step responsive to any of a periodic interval, an intrusion alarm, a manual request, and an automatic request based on policy.
9 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for disrupting potential attacks on a wireless network through transmission of random data are disclosed. Specifically, this disclosure relates to systems and methods for disrupting the breaking of the secret key or passphrase by an adversary or rogue device for Wi-Fi networks using wired equivalent privacy (WEP) and Wi-Fi protected access (WPA).
329 Citations
17 Claims
-
1. A method of disrupting attempts to break encryption or authentication associated with a wireless network, the method comprising the steps of:
-
monitoring the wireless network to detect weak initialization vectors, wherein the weak initialization vectors are weak due to reuse over a specified time period on the wireless network; monitoring the wireless network to detect known wired equivalent privacy keys being used; and transmitting random wired equivalent privacy encrypted frames on the wireless network responsive to the monitoring steps, the random wired equivalent privacy encrypted frames are operable to confuse unauthorized devices attempting to capture wired equivalent privacy encrypted frames to break the wired equivalent privacy key, wherein the random wired equivalent privacy encrypted frames each comprise random data encrypted with a different wired equivalent privacy key and random initialization vectors generated at a rate derived in response to monitored traffic, and wherein the random initialization vectors are different from monitored initialization vectors but logically correct and in sequence, wherein the random initialization vectors are invalid packets and are configured to pass validity checks while preventing an attacker to filter out the invalid packets thereby preventing decryption of the wired equivalent privacy key; wherein the monitoring step is performed by a plurality of distributed monitoring devices, the plurality of monitoring devices are connected to one or more servers; and wherein the servers are operable to receive and correlate data, events, and statistics from the distributed monitoring devices and to direct the distributed monitoring devices to perform the transmitting step responsive to any of a periodic interval, an intrusion alarm, a manual request, and an automatic request based on policy. - View Dependent Claims (2, 3, 4, 5, 6, 15, 16)
-
-
7. A method of thwarting an attack designed to obtain a secret passphrase of a Wi-Fi protected access wireless network, the method comprising the steps of:
-
monitoring the wireless network to detect a rogue device monitoring the Wi-Fi protected access wireless network for keys; transmitting challenge-response frames on the wireless network responsive to the monitoring step, the challenge-response frames are operable to thwart attacks designed to obtain the secret passphrase, and wherein the challenge-response frames comprise a fake handshake using SNonce and ANonce transmissions during a four way handshake and key exchange designed to obfuscate actual challenge-response frames from the rogue device monitoring the wireless network; and periodically simulating fake handshakes when authorized devices are already connected with proper handshakes; wherein the monitoring step is performed by a plurality of distributed monitoring devices, the plurality of monitoring devices are connected to one or more servers; and wherein the servers are operable to receive and correlate data, events, and statistics from the distributed monitoring devices and to direct the distributed monitoring devices to perform the transmitting step responsive to any of a periodic interval, an intrusion alarm, a manual request, and an automatic request based on policy. - View Dependent Claims (8, 9)
-
-
10. A method of disrupting attempts to break encryption or authentication associated with a wireless network, the method comprising the steps of:
-
receiving a protection request from a monitoring device responsive to detecting weakness due to reuse over a specified time period on the wireless network, the protection request comprising an instruction to protect a wireless network from any of a plurality of wireless attacks; transmitting random protection frames on the wireless network based upon the protection request, the random protection frames being operable to confuse unauthorized devices attempting to collect information from the wireless network, wherein the random protection frames comprising one of random wired equivalent privacy encrypted frames and forged Wi-Fi protected access handshake frames; wherein the random wired equivalent privacy encrypted frames each comprise simulated data with a different wired equivalent privacy key and random initialization vectors generated at a rate derived in response to monitored traffic, and wherein the random initialization vectors are different from monitored initialization vectors but logically correct and in sequence, and wherein the random initialization vectors are invalid packets and are configured to pass validity checks while preventing an attacker to filter out the invalid packets thereby preventing decryption; and wherein weak initialization vectors are reused during a streaming cipher. - View Dependent Claims (11, 12, 13, 14, 17)
-
Specification