Yanfei Fan,Bin Lin,Yixin Jiang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2008.ecp.891

2008-01-01

Abstract:In this paper, we propose an efficient privacy-preserving scheme for secure packet transmission at wireless link layer. The proposed scheme is constructed by using hash values in reverse hash chains as interface identifiers. It can successfully and efficiently resist the Media Access Control (MAC) address based attacks, such as flow tracking and traffic analysis, which are launched by either outside or even inside attackers. In addition, some optimization techniques are also introduced to further improve the efficiency of the proposed scheme. The extensive analysis and simulations demonstrate the enhanced security and efficiency of the proposed scheme.

Zang Li,Wenyuan Xu,Robert D. Miller,Wade Trappe

DOI: https://doi.org/10.1145/1161289.1161297

2006-01-01

Abstract:Although conventional cryptographic security mechanisms are essential to the overall problem of securing wireless networks, these techniques do not directly leverage the unique properties of the wireless domain to address security threats. The properties of the wireless medium are a powerful source of domain-specific information that can complement and enhance traditional security mechanisms. In this paper, we propose to utilize the fact that the radio channel decorre-lates rapidly in space, time and frequency in order to to establish new forms of authentication and confidentiality that operate at the physical layer and can be used to facilitate cross-layer security paradigms. Specifically, for authentication services, we illustrate two channel probing techniques that can be used to verify the authenticity of a transmitter. Similarly, for confidentiality, we examine several strategies for establishing shared secrets/keys between two communicators using the wireless medium. These strategies range from extracting keys from channel state information, to utilizing the channel variability to secretly disseminate keys. We then validate the feasibility of using physical layer techniques for securing wireless systems by presenting results from experiments involving the USRP/GNURadio software defined radio platform.

Wade Trappe,Wenyuan Xu

DOI: https://doi.org/10.7282/t3rj4jw7

2007-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming attacks, which effectively cause a denial of service (DoS) of either transmission or reception functionalities. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this thesis, we examine the issue of jamming wireless networks, and sensor networks in particular, by studying both the attack and defense side of the problem. On the attack side, we present four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. For detection, we show that single measurement statistics are not enough to reliably classify the presence of a jamming attack, and propose multimodal detection methods. To cope with jamming, we propose a technique, channel surfing, which involves evading the interferer in the spectral domain. Several different channel surfing models are presented, and we evaluate their effectiveness using a testbed of MICA2 motes. Beyond channel surfing, we overview a second defense strategy whereby it is possible to establish a low data rate jamming resistant communication channel by modulating the interarrival times between jammed packets.

Yixin Jiang,Chuang Lin,Hao Yin,Zhen Chen

DOI: https://doi.org/10.1002/wcm.448

2006-01-01

Wireless Communications and Mobile Computing

Abstract:IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.

邢新景,张朝阳,王匡

DOI: https://doi.org/10.3969/j.issn.1003-8329.2003.04.009

2003-01-01

Wireless Communication Technology

Abstract:The WEP security algorithm used in IEEE 802.11 wireless LAN is introduced. Under the basis of a systematical analysis, flaws embedded in WEP are pointed out, and correspondingly, several attacking methods are provided to prove the weakness of WEP. The upgraded version of WEP algorithm-TKIP was also introduced and analyzed. At last, some potential solutions to the security problems are also proposed in using existing IEEE 802.11 equipments.

Xian-Shi Zhang,Ge-Wen Kang,Xin-Heng Wang

2009-01-01

Abstract:An analysis of WLAN security mechanisms of wired equivalent privacy (WEP) and Wi-Fi protected access (WPA) discovers that the current literature is not totally creditable in its judgment on the security value of WEP and WPA. Based on the respective performances of WEP and WPA under certain typical attacks, this paper substantiates the judgment that WEP has quite a few vulnerabilities concerning confidentiality and integrity, but at the same time challenges the judgment on WPA with that WPA is robust enough to confront potential typical attacks and is not so unreliable as the current literature believes, although it has some vulnerabilities in its message integrity code (MIC).

Wenyuan Xu,Wade Trappe,Yanyong Zhang,Timothy Wood

DOI: https://doi.org/10.1145/1062689.1062697

2005-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to launch jamming-style attacks. These attacks can be easily accomplished by an adversary emitting radio frequency signals that do not follow an underlying MAC protocol. Jamming attacks can severely interfere with the normal operation of wireless networks and, consequently, mechanisms are needed that can cope with jamming attacks. In this paper, we examine radio interference attacks from both sides of the issue: first, we study the problem of conducting radio interference attacks on wireless networks, and second we examine the critical issue of diagnosing the presence of jamming attacks. Specifically, we propose four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. We then discuss different measurements that serve as the basis for detecting a jamming attack, and explore scenarios where each measurement by itself is not enough to reliably classify the presence of a jamming attack. In particular, we observe that signal strength and carrier sensing time are unable to conclusively detect the presence of a jammer. Further, we observe that although by using packet delivery ratio we may differentiate between congested and jammed scenarios, we are nonetheless unable to conclude whether poor link utility is due to jamming or the mobility of nodes. The fact that no single measurement is sufficient for reliably classifying the presence of a jammer is an important observation, and necessitates the development of enhanced detection schemes that can remove ambiguity when detecting a jammer. To address this need, we propose two enhanced detection protocols that employ consistency checking. The first scheme employs signal strength measurements as a reactive consistency check for poor packet delivery ratios, while the second scheme employs location information to serve as the consistency check. Throughout our discussions, we examine the feasibility and effectiveness of jamming attacks and detection schemes using the MICA2 Mote platform.

Wu Liu,HaiXin Duan,Ping Ren,Jianping Wu

DOI: https://doi.org/10.1109/ICGCS.2010.5543034

2010-01-01

Abstract:As the rapid development of Internet and information technology, more and more people now access Internet via Wireless Local Area Network (WLAN) with many features such as: mobility, convenience and low-cost, but the security flaws existed in RC4, WEP and WPA lead to security issues in WLAN. In this paper, we present several serious security flaws in these protocols, stemming from misapplication of cryptographic primitives and discuss in detail each of the flaws, the underlying security principle violations, and implement relative attacks to show the weakness of WLAN protocols. © 2010 IEEE.

严宏,何晨

DOI: https://doi.org/10.3321/j.issn:1006-2467.2004.05.008

2004-01-01

Shanghai Jiaotong Daxue Xuebao/Journal of Shanghai Jiaotong University

Abstract:The essential causes of wired equivalent privacy (WEP) vulnerability in standard 802.11 for wireless LAN were analyzed. Based on it, an efficient improvement was proposed, which introduces synchronized per-packet encryption keys and Michael keys into the original WEP algorithm. The analysis and simulation show that this improvement can correct the design flaws of WEP stated in some previous papers and promote significantly the security performance of wireless LAN.

Wu Yue,Yi Ping,Li Jianhua

2011-01-01

China Communications

Abstract:The properties of broadcast nature, high densities of deployment and severe resource limitations of sensor and mobile networks make wireless networks more vulnerable to various attacks, including modification of messages, eavesdropping, network intrusion and malicious forwarding. Conventional cryptography-based security may consume significant overhead because of low-power devices, so current research shifts to the wireless physical layer for security enhancement. This paper is mainly focused on security issues and solutions for wireless communications at the physical layer. It first describes the RSSI-based and channel based wireless authentication methods respectively, and presents an overview of various secrecy capacity analyses of fading channel, MIMO channel and cooperative transmission, and then examines different misbehavior detection methods. Finally it draws conclusions and introduces the direction of our future work.

Le Wang,Alexander M. Wyglinski

DOI: https://doi.org/10.1002/wcm.2527

2014-10-01

Wireless Communications and Mobile Computing

Abstract:Abstract Compared with a wired network, a wireless network is not protected by the cable transmission medium. Information is broadcasted over the air and it can be intercepted by anyone within the transmission range. Even though the transmissions could potentially be protected by security authentication mechanisms, malicious users can still intercept the information by mimicking the characteristics of normal user or a legitimate access point. This scenario is referred as a man‐in‐the‐middle (MITM) attack. In the MITM attack, the attackers can bypass the security mechanisms, intercept the unprotected transmission packets, and sniff the information. Because of several vulnerabilities in the IEEE 802.11 protocol, it is difficult to defend against a wireless MITM attack. In this paper, a received signal strength indicator (RSSI)‐based detection mechanism for MITM attacks is proposed. RSSI information is an arbitrary integer that indicates the power level being received by the antenna. The random RSSI values are processed via a sliding window, yielding statistic information about the signal characteristics such as mean and standard deviation profiles. By analyzing those profiles, the detection mechanism can detect if a rogue access point, the key component of an MITM attack, is launched. Our proposed approach has been validated via hardware experimentation using Backtrack 5 tools and MATLAB software suite. Copyright © 2014 John Wiley & Sons, Ltd.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhaoyang Wang,Quan Gan,Hong Wen,Wenjing Hou,Huanhuan Song,Wenxin Lei

DOI: https://doi.org/10.1117/12.3009296

2023-01-01

Abstract:Wi-Fi is a widely used wireless local area network (WLAN) technology, and its security issues have always been a matter of concern. The counter with CBC-MAC protocol (CCMP) is a commonly employed security protocol for Wi-Fi. However, vulnerabilities in the 4-way handshake process can allow attackers to carry out man-in-the-middle (MitM) attacks. In a successful attack, the targeted station (STA) connects to a rogue access point (AP) established by the MitM, which can have severe consequences for Wi-Fi users. This paper focuses on MitM attacks in the context of WPA2, CCMP, and WLAN security. We analyze and implement a MitM attack scenario, and based on this scenario, we summarize the potential hazards resulting from a successful attack. Furthermore, we present solutions to help prevent falling victim to such attacks.

Yubo Song,Chen Xi,Hu Aiqun

DOI: https://doi.org/10.1109/MINES.2009.209

2009-01-01

Abstract:The WAI (WLAN Authentication Infrastructure), which is composed of mutual certificate authentication and key agreement, is the authentication protocol in the Chinese Wireless LAN standard. In this paper, we analyze the WAI protocol using a finite-state verification tool Mur¿ and find that the authentication protocol can't resist the denial of service attack. Attackers can forge the messages to produce inconsistent keys in peers. Three Denial-of-Service attacks are discussed in this paper. Two of those attacks are occurred in the mutual certificate authentication phase and one is found in the key agreement phase. Furthermore, several amendments are discussed in this paper.

Jun Lei,Xiaoming Fu,Dieter Hogrefe,Jianrong Tan

DOI: https://doi.org/10.1016/j.cose.2007.01.001

IF: 5.105

2007-01-01

Computers & Security

Abstract:IEEE 802.11 wireless LAN has become one of the hot topics on the design and development of network access technologies. In particular, its authentication and key exchange (AKE) aspects, which form a vital building block for modern security mechanisms, deserve further investigation. In this paper we first identify the general requirements used for WLAN authentication and key exchange (AKE) methods, and then classify them into three levels (mandatory, recommended, and additional operational requirements). We present a review of issues and proposed solutions for AKE in 802.11 WLANs. Three types of existing methods for addressing AKE issues are identified, namely, the legacy, layered and access control-based AKE methods. Then, we compare these methods against the identified requirements. Based on the analysis, a multi-layer AKE framework is proposed, together with a set of design guidelines, which aims at a flexible, extensible and efficient security as well as easy deployment.

吴越,史小红,曹秀英,毕光国

DOI: https://doi.org/10.3969/j.issn.0255-8297.2003.02.018

2003-01-01

Journal of Applied Sciences

Abstract:This paper describes the vulnerability of the wired equivalent privacy(WEP) protocol in current IEEE802. 11 WLAN standard, such as key sequence reuse, key management and refreshment, message authentication and integrity, etc. It also presents a security solution for WLAN based on IP Security (IPSec) and discusses the fundamental principles of data origin authentication, integrity protection, anti-replay protection and key exchange, Finally it describes their software implementations, makes a security analysis of the solution and looks into the future research.

Ifeyinwa Angela Ajah

DOI: https://doi.org/10.48550/arXiv.1409.2261

2014-09-08

Abstract:Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used to find them are mobile and easy to access. Securing wireless networks can be difficult because these networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to compromise it. In recent years, a range of technologies and mechanisms have helped make networking more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related authentication, confidentiality and integrity problems. It discovered that strength of each solution depends on how well the encryption, authentication and integrity techniques work. The work suggested using a Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth comparative analysis of each of the security mechanisms is driven by review of related work in WLAN security solutions.

Cryptography and Security,Networking and Internet Architecture

Peng Zhao,Xuewu Cao,Ping Luo

DOI: https://doi.org/10.1109/icct.2003.1209069

2003-01-01

Abstract:Notice of Violation of IEEE Publication Principles "Attack on RADIUS Authentication Protocol" by Peng Zhao, Xuewu Cao, and Ping Luo, in the 2003 Proceedings of the International Conference on Communication Technology, pp. 208-212 After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE's Publication Principles. This paper contains significant portions of original text from the paper cited below. The original text was copied without attribution (including appropriate references to the original author(s) and/or paper title) and without permission. Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following article: "An Analysis of the RADIUS Authentication Protocol" by Joshua Hill, on Bugtraq mailing list, 12 November 2001The RADIUS protocol has a set of vulnerabilities that are either caused by the protocol, or caused by poor client implementation and exacerbated by the protocol. For security reasons, it would be advantageous to push for at least minimal revisions of the widely used RADIUS protocol. This paper mainly deals with some of the characteristics of the base RADIUS protocol and of the user-password attribute.

Kaigui Bian,Jung-Min Park

DOI: https://doi.org/10.4108/icst.wicon2008.4976

2008-01-01

Abstract:Cognitive Radio (CR) is seen as one of the enabling technologies for realizing a new spectrum access paradigm, viz. Opportunistic Spectrum Sharing (OSS). IEEE 802.22 is the world's first wireless standard based on CR technology. It defines the air interface for a wireless regional area network (WRAN) that uses fallow segments of the licensed (incumbent) TV broadcast bands. CR technology enables unlicensed (secondary) users in WRANs to utilize licensed spectrum bands on a non-interference basis to incumbent users. The coexistence between incumbent users and secondary users is referred to as incumbent coexistence. On the other hand, the coexistence between secondary users in different WRAN cells is referred to as self-coexistence. The 802.22 draft standard prescribes several mechanisms for addressing incumbent- and self-coexistence issues. In this paper, we describe how adversaries can exploit or undermine such mechanisms to degrade the performance of 802.22 WRANs and increase the likelihood of those networks interfering with incumbent networks. The standard includes a security sublayer to provide subscribers with privacy, authentication, and confidentiality. Our investigation, however, revealed that the security sublayer falls short of addressing all of the key security threats. We also discuss countermeasures that may be able to address those threats.

Yousri Daldoul

DOI: https://doi.org/10.48550/arXiv.2302.00338

2023-02-01

Abstract:The evil twin attack is a major security threat to WLANs. An evil twin is a rogue AP installed by a malicious user to impersonate legitimate APs. It intends to attract victims in order to intercept their credentials, to steal their sensitive information, to eavesdrop on their data, etc. In this paper, we study the security mechanisms of wireless networks and we introduce the different authentication methods, including 802.1X authentication. We show that 802.1X has improved security through the use of digital certificates but does not define any practical technique for the user to check the network certificate. Therefore, it remains vulnerable to the evil twin attack. To repair this vulnerability, we introduce Robust Certificate Management System (RCMS) which takes advantage of the digital certificates of 802.1X to protect the users against rogue APs. RCMS defines a new verification code to allow the user device to check the network certificate. This practical verification combined with the reliability of digital certificates provides a perfect protection against rogue APs. RCMS requires a small software update on the user terminal and does not need any modification of IEEE 802.11. It has a significant flexibility since trusting a single AP is enough to trust all the APs of the extended network. This allows the administrators to extend their networks easily without the need to update any database of trusted APs on the user devices.

Cryptography and Security,Networking and Internet Architecture

Yuyang XUE,Hao ZHOU,Baohua ZHAO

DOI: https://doi.org/10.3321/j.issn:0253-987X.2009.10.011

2009-01-01

Abstract:Aimed at the problem that the vulnerable wireless local area network (WLAN) 802.1X protocol is not susceptible to replay and DoS (denial of service) attacks, etc, an informal method is introduced to analyze the security properties of 802.1X protocol. The method classifies attack behaviors according to the ability of attackers, and from the aspect of the role which attackers can play in the protocols (i.e., imitating normal protocol behavior or breaking normal communication). Then a new method, WLAN active testing, is proposed. Attacks to the protocol running mainbody are implemented by simulating the actions of the attacker which can be used to make up protocol messages. The results are used to determine whether the protocol security vulnerabilities exist or not. Testing results show that the method combines characteristics of both the attacker and the tester to cover some known protocol security vulnerabilities, and has the ability to reveal some potential problems.