Wade Trappe,Wenyuan Xu

DOI: https://doi.org/10.7282/t3rj4jw7

2007-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming attacks, which effectively cause a denial of service (DoS) of either transmission or reception functionalities. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this thesis, we examine the issue of jamming wireless networks, and sensor networks in particular, by studying both the attack and defense side of the problem. On the attack side, we present four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. For detection, we show that single measurement statistics are not enough to reliably classify the presence of a jamming attack, and propose multimodal detection methods. To cope with jamming, we propose a technique, channel surfing, which involves evading the interferer in the spectral domain. Several different channel surfing models are presented, and we evaluate their effectiveness using a testbed of MICA2 motes. Beyond channel surfing, we overview a second defense strategy whereby it is possible to establish a low data rate jamming resistant communication channel by modulating the interarrival times between jammed packets.

Hossen A. Mustafa,Wenyuan Xu

DOI: https://doi.org/10.1109/CNS.2014.6997491

2014-01-01

Abstract:Wireless hotspots allow users to use Internet via Wi-Fi interface, and many shops, cafés, parks, and airports provide free wireless hotspot services to attract customers. However, there is no authentication mechanism of Wi-Fi access points (APs) available in such hotspots, which makes them vulnerable to evil twin AP attacks. Such attacks are harmful because they allow to steal sensitive data from users. Today, there is no client-side mechanism that can effectively detect an evil twin AP attack without additional infrastructure supports. In this paper, we propose a mechanism CETAD leveraging public servers to detect such attacks. CETAD only requires installing an app at the client device and does not require to change the hotspot APs. CETAD explores the similarities between the legitimate APs and discrepancies between evil twin APs, and legitimate ones to detect an evil twin AP attack. Through our implementation and evaluation, we show that CETAD can detect evil twin AP attacks in various scenarios effectively.

Wenyuan Xu,Timothy Wood,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1145/1023646.1023661

2004-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to launch denial of service (DoS) attacks. One form of denial of service is targeted at preventing sources from communicating. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this paper we present two strategies that may be employed by wireless devices to evade a MAC/PHY-layer jamming-style wireless denial of service attack. The first strategy, channel surfing, is a form of spectral evasion that involves legitimate wireless devices changing the channel that they are operating on. The second strategy, spatial retreats, is a form of spatial evasion whereby legitimate mobile devices move away from the locality of the DoS emitter. We study both of these strategies for three broad wireless communication scenarios: two-party radio communication, an infrastructured wireless network, and an ad hoc wireless network. We evaluate several of our proposed strategies and protocols through ns-2 simulations and experiments on the Berkeley mote platform.

Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1145/3536423

2022-01-01

ACM Transactions on Sensor Networks

Abstract:The broadcast nature of wireless media makes WLANs easily attacked by rogue Access Points (APs) . Rogue AP attacks can potentially cause severe privacy leakage and financial loss. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP but also depend on the client, significantly limiting their application scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint . These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model, and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication in typical indoor environments. We have also proposed a threshold-improved authentication scheme to improve the robustness of our system in dynamic environments. Our schemes can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 18 million WiFi packets. Results show that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate. Moreover, the threshold-improved authentication scheme can further reduce the false alarm rate by 13.0%-44.8% for dynamic environments.

Wu Liu,HaiXin Duan,Ping Ren,Jianping Wu

DOI: https://doi.org/10.1109/ICGCS.2010.5543034

2010-01-01

Abstract:As the rapid development of Internet and information technology, more and more people now access Internet via Wireless Local Area Network (WLAN) with many features such as: mobility, convenience and low-cost, but the security flaws existed in RC4, WEP and WPA lead to security issues in WLAN. In this paper, we present several serious security flaws in these protocols, stemming from misapplication of cryptographic primitives and discuss in detail each of the flaws, the underlying security principle violations, and implement relative attacks to show the weakness of WLAN protocols. © 2010 IEEE.

Sondy Kumajas,Julius Sasukul,Alexander Siwi,Hellena Saruan

DOI: https://doi.org/10.62711/ijite.v1i2.41

2022-03-24

Abstract:This study discusses the security analysis of Wireless Local Area Network (Wireless LAN) in the Community against external attacks on the Wireless Protected Access (WPA), Web Proxy, and Virtual Private Network (VPN) protocols, used to attack LAN. Three types of software are used as attackers, namely, Network Stumbler, Aircrack and Wireshark attackers. The software is used on the laptop at a distance of 5m to 25m from the Wireless LAN access point. From the experimental results, it can be seen that the fastest response time by the WPA Protocol was given by the Network Stumbler attacker, followed by Aircrack and Wireshark.

Efstratios Chatzoglou,Georgios Kambourakis,Constantinos Kolias

DOI: https://doi.org/10.1155/2022/1833062

IF: 1.968

2022-02-12

Security and Communication Networks

Abstract:This work provides an answer to the following key question: Are the Web-based management interfaces of the contemporary off-the-shelf wireless access points (WAP) free of flaws and vulnerabilities? The short answer is not very much. That is, after performing a vulnerability assessment on the Web interfaces of six different WAPs by an equal number of diverse renowned vendors, we reveal a significant number of assorted medium-to-high severity vulnerabilities that are straightforwardly or indirectly exploitable. Overall, 13 categories of vulnerabilities translated to 28 zero-day attacks are exposed. Our findings range from legacy path traversal, cross-site scripting, and clickjacking attacks to HTTP request smuggling and splitting, replay, denial of service, and information leakage among others. In the worst-case scenario, the attacker can acquire the administrator’s (admin) credentials and the WAP’s Wi-Fi passphrases or permanently lock the admin out of accessing the WAP’s Web interface. On top of everything else, we identify the already applied hardening measures by these devices and elaborate on extra countermeasures that are required to tackle the identified weaknesses. To our knowledge, this work contributes the first wholemeal appraisal of the security level of this kind of Web-based interfaces that go hand in glove with the myriads of WAPs out there, and it is therefore anticipated to serve as a basis for further research in this timely and challenging field.

computer science, information systems,telecommunications

Tamara Radivilova,Hassan Ali Hassan

DOI: https://doi.org/10.1109/UkrMiCo.2017.8095429

2018-05-17

Abstract:In this work the wireless networks security algorithms were analyzed. The fundamentals of the WPA and WPA2 safety algorithms, their weaknesses and ways of attacking WPA and WPA2 Enterprise Wireless Networks are described. Successful attack on the WPA2-PSK and WPA2-Enterprise was carried out during the performance of work. The progress of this attack and its results were described.

Cryptography and Security,Networking and Internet Architecture

邢新景,张朝阳,王匡

DOI: https://doi.org/10.3969/j.issn.1003-8329.2003.04.009

2003-01-01

Wireless Communication Technology

Abstract:The WEP security algorithm used in IEEE 802.11 wireless LAN is introduced. Under the basis of a systematical analysis, flaws embedded in WEP are pointed out, and correspondingly, several attacking methods are provided to prove the weakness of WEP. The upgraded version of WEP algorithm-TKIP was also introduced and analyzed. At last, some potential solutions to the security problems are also proposed in using existing IEEE 802.11 equipments.

V. C. K. P. Arul Oli,Elayaraja Ponram,V.C.K.P. Arul Oli

DOI: https://doi.org/10.48550/arXiv.1405.1019

2014-03-26

Networking and Internet Architecture

Abstract:This paper describes about how you can secure your Wireless Network from hackers about various threats to wireless networks, How hackers makes most use of it and what are the security steps one should take to avoid becoming victim of such attacks. There are plenty of opportunities to connect to public Wi-Fi hotspots when you're on the go these days. Coffee shops, hotels, restaurants and airports are just some of the places where you can jump online, but often these networks are open and not secure. Whether you're using a laptop, tablet or smartphone, you'll want to connect your device securely to protect your data as much as possible. Otherwise an unsecured Wi-Fi connection makes it easier for hackers to access your private files and information, and it allows strangers to use your internet connection. Here are some simple steps you can take to help make sure your data is safe on open public Wi-Fi.

Ifeyinwa Angela Ajah

DOI: https://doi.org/10.48550/arXiv.1409.2261

2014-09-08

Abstract:Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used to find them are mobile and easy to access. Securing wireless networks can be difficult because these networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to compromise it. In recent years, a range of technologies and mechanisms have helped make networking more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related authentication, confidentiality and integrity problems. It discovered that strength of each solution depends on how well the encryption, authentication and integrity techniques work. The work suggested using a Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth comparative analysis of each of the security mechanisms is driven by review of related work in WLAN security solutions.

Cryptography and Security,Networking and Internet Architecture

Xuewei Feng,Qi Li,Kun Sun,Yuxiang Yang,Ke Xu

DOI: https://doi.org/10.1109/sp46215.2023.10179441

2023-01-01

Abstract:Modern Wi-Fi networks are commonly protected by the security mechanisms, e.g., WPA, WPA2 or WPA3, and thus it is difficult for an attacker (a malicious supplicant) to hijack the traffic of other supplicants as a man-in-the-middle (MITM). In traditional Evil Twins attacks, attackers may deploy a bogus wireless access point (AP) to hijack the victim supplicants' traffic (e.g., stealing credentials). In this paper, we uncover a new MITM attack that can evade the security mechanisms in Wi-Fi networks by spoofing the legitimate AP to send a forged ICMP redirect message to a victim supplicant and thus allow attackers to stealthily hijack the traffic from the victim supplicant without deploying any bogus AP. The core idea is to misuse the vulnerability of cross-layer interactions between WPAs and ICMP protocols, totally evading the link layer security mechanisms enforced by WPAs. We resolve two requirements to successfully launch our attack. First, when the attacker spoofs the legitimate AP to craft an ICMP redirect message, the legitimate AP cannot recognize and filter out those forged ICMP redirect messages. We uncover a new vulnerability (CVE-2022-25667) of the Network Processing Units (NPUs) in AP routers that restrict the AP routers from blocking fake ICMP error messages passing through the router. We test 55 popular wireless routers from 10 well-known AP vendors, and none of these routers can block the forged ICMP redirect messages due to this vulnerability. Second, we develop a new method to ensure the forged ICMP redirect message can evade the legitimacy check of the victim supplicant and then poison its routing table. We conduct an extensive measurement study on 122 real-world Wi-Fi networks, covering all prevalent Wi-Fi security modes. The experimental results show that 109 out of the 122 (89%) evaluated Wi-Fi networks are vulnerable to our attack. Besides notifying the vulnerability to the NPU manufacturers and the AP vendors, we develop two countermeasures to throttle the identified attack.

Li Song,Qiongxiao Wang,Shijie Jia,Jingqiang Lin,Linli Lu,Yanduo Fu

DOI: https://doi.org/10.1109/TrustCom56396.2022.00045

2022-01-01

Abstract:WPA2-Enterprise networks offer access to the Internet widely for multifarious client devices. Certificate-based authentication is adopted on the client-side to authenticate the server during network connection. Due to a lack of professional knowledge, client users commonly fully trust the devices, which may result in insecure network connection and user credential leakage. Previous works commonly focus on the security vulnerabilities due to the design weaknesses of the user interfaces from mainstream operating systems, while the built-in certificate validation implementations, which act as a block box for users to validate the received certificates, are not taken into consideration. In this paper, we design a series of comprehensive testings to evaluate the built-in certificate validation implementations of mainstream client devices for the first time. Moreover, we investigate the configuration options provided by the devices from different vendors, which may downgrade the security of the certificate validation. We select both Windows and Android (from vendors with the largest five market share) devices as our empirical study target. The results show that more than one security vulnerability exists in the built-in certificate validation implementations of the selected devices, and all the selected devices provide a certain option which may downgrade the security of certificate validation. We also conduct a real Evil Twin attack, which reveals that the user credentials can be cracked due to the discovered security vulnerabilities. Our findings have been responsibly disclosed to the relevant device vendors, and we received an assortment of responses, meanwhile many vendors (e.g., Huawei) have already positively acknowledged our findings.

Gerbert Roitburd,Matthias Ortmann,Matthias Hollick,Jiska Classen

DOI: https://doi.org/10.48550/arXiv.2202.05573

2022-02-11

Cryptography and Security

Abstract:Corporate Virtual Private Networks (VPNs) enable users to work from home or while traveling. At the same time, VPNs are tied to a company's network infrastructure, forcing users to install proprietary clients for network compatibility reasons. VPN clients run with high privileges to encrypt and reroute network traffic. Thus, bugs in VPN clients pose a substantial risk to their users and in turn the corporate network. Cisco, the dominating vendor of enterprise network hardware, offers VPN connectivity with their AnyConnect client for desktop and mobile devices. While past security research primarily focused on the AnyConnect Windows client, we show that Linux and iOS are based on different architectures and have distinct security issues. Our reverse engineering as well as the follow-up design analysis and fuzzing reveal 13 new vulnerabilities. Seven of these are located in the Linux client. The root cause for privilege escalations on Linux is anchored so deep in the client's architecture that it only got patched with a partial workaround. A similar analysis on iOS uncovers three AnyConnect-specific bugs as well as three general issues in iOS network extensions, which apply to all kinds of VPNs and are not restricted to AnyConnect.

Sarankumar Balakrishnan,Pu Wang,Arup Bhuyan,Zhi Sun

DOI: https://doi.org/10.1109/icc.2018.8422192

2018-01-01

Abstract:Next generation wireless communication networks utilizing 60 GHz millimeter wave (mmWave) frequency bands are expected to achieve multi-gigabit throughput with the use of highly directional phased-array antennas. These directional signal beams provide enhanced security to the legitimate networks due to the increased difficulties of eavesdropping. However, there still exists significant possibility of eavesdropping since (i) the reflections of the signal beam from ambient reflectors enables opportunistic stationary eavesdropping attacks; and (ii) carefully designed beam exploration strategy enables active nomadic eavesdropping attack. This paper discusses eavesdropper attack strategies for 802.11ad mmWave systems and provides the first analytical model to characterize the success possibility of eavesdropping in both opportunistic stationary attacks and active nomadic attacks.

Yubo Song,Chen Xi,Hu Aiqun

DOI: https://doi.org/10.1109/MINES.2009.209

2009-01-01

Abstract:The WAI (WLAN Authentication Infrastructure), which is composed of mutual certificate authentication and key agreement, is the authentication protocol in the Chinese Wireless LAN standard. In this paper, we analyze the WAI protocol using a finite-state verification tool Mur¿ and find that the authentication protocol can't resist the denial of service attack. Attackers can forge the messages to produce inconsistent keys in peers. Three Denial-of-Service attacks are discussed in this paper. Two of those attacks are occurred in the mutual certificate authentication phase and one is found in the key agreement phase. Furthermore, several amendments are discussed in this paper.

Di Gao,Hao Lin,Zhenhua Li,Feng Qian,Qi Alfred Chen,Zhiyun Qian,Wei Liu,Liangyi Gong,Yunhao Liu

DOI: https://doi.org/10.1145/3447993.3448620

2021-01-01

Abstract:Carrying over 75% of the last-mile mobile Internet traffic, WiFi has inevitably become an enticing target for various security threats. In this work, we characterize a wide variety of real-world WiFi threats at an unprecedented scale, involving 19 million WiFi access points (APs) mostly located in China, by deploying a crowdsourced security checking system on 14 million mobile devices in the wild. Leveraging the collected data, we reveal the landscape of nationwide WiFi threats for the first time. We find that the prevalence, riskiness, and breakdown of WiFi threats deviate significantly from common understandings and prior studies. In particular, we detect attacks at around 4% of all WiFi APs, uncover that most WiFi attacks are driven by an underground economy, and provide strong evidence of web analytics platforms being the bottleneck of its monetization chain. Further, we provide insightful guidance for defending against WiFi attacks at scale, and some of our efforts have already yielded real-world impact---effectively disrupted the WiFi attack ecosystem.

Yixin Jiang,Chuang Lin,Hao Yin,Zhen Chen

DOI: https://doi.org/10.1002/wcm.448

2006-01-01

Wireless Communications and Mobile Computing

Abstract:IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.

Arun Raghuramu,Parth H. Pathak,Hui Zang,Jinyoung Han,Chang Liu,Chen-Nee Chuah

DOI: https://doi.org/10.1016/j.comcom.2016.04.011

IF: 5.047

2016-01-01

Computer Communications

Abstract:This paper presents a measurement study that analyzes large-scale traffic data gathered from two different wireless scenarios: cellular and Wi-Fi networks. We first analyze packet traces and security event logs generated by over 2 million devices in a major US-based cellular network, and show that 0.17% of mobile devices are affected by security threats. We then analyze the aggregate network footprint of malicious and benign traffic in the cellular network, and demonstrate that statistical network features (e.g., uplink data transfer volume, IP entropy) can be effectively used to distinguish such malicious and benign traffic. We next investigate over 2.4 TB of Wi-Fi traffic data, which are generated by 27 K distinct users, in a university campus network. Based on the lessons learned from a comprehensive exploration of a large feature space consisting of over 500 statistical attributes derived from network traffic to/from malicious and benign domains, we propose a novel, in-house traffic screening method, which has the capability of effectively identifying potential malicious domains. Our method achieves over 90% accuracy with only using a small set of simple statistical network features, without using any additional specialized datasets (e.g., geo-location database) or resource-intensive solutions (e.g., DPI boxes to collect HTTP traffic.). (C) 2016 Elsevier B.V. All rights reserved.

Sarankumar Balakrishnan,Pu Wang,Arupjyoti Bhuyan,Zhi Sun

DOI: https://doi.org/10.1109/access.2019.2919674

IF: 3.9

2019-01-01

IEEE Access

Abstract:Next generation wireless communication networks utilizing 60 GHz millimeter wave (mmWave) frequency bands are expected to achieve multi-gigabit throughput with the use of highly directional phased-array antennas. These directional signal beams provide enhanced security to the legitimate networks due to the increased difficulties of eavesdropping. However, there still exists significant possibility of eavesdropping since 1) the reflections of the signal beam from ambient reflectors enables opportunistic stationary eavesdropping attacks, and; 2) carefully designed beam exploration strategy enables active nomadic eavesdropping attack. This paper discusses eavesdropper attack strategies for 802.11ad mmWave systems and provides the first analytical model to characterize the success possibility of eavesdropping in both opportunistic stationary attacks and active nomadic attacks. We derive the success probability of eavesdropping considering the ambient reflectors in the environment and errors introduced in the beam exploration strategies of the proposed eavesdropping attacker models. We study the success probability for both opportunistic stationary attack scenario and active nomadic attack scenario through numerical simulations. In addition to numerical simulations, we also evaluate the proposed attacker models using an 802.11ad test bed consisting of commercially available off-the-shelf devices.