A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK

Nowadays Wireless local area networks (WLANs) are growing very rapidly. Due to the popularity of 802.11 networks, possibilities of various attacks to the wireless network have also increased. In this paper, a special type of attack De-Authentication/disassociation attack has been investigated. In a normal scenario, a wireless client or user sends a de-authentication frame when it wants to terminate the connection. These frames are in plain text and are not encrypted. These are not authenticated by the access point. Attackers take advantage of this, and spoof these packets and disable the communication between the connected client and access point. In this paper, an algorithm based on radio-tap header information is suggested to identify whether there is a De-Authentication attack on the client or not

Multi-layer Defense Against Malware Attacks on Smartphone Wi-Fi Access Channel

AbstractWith increase in Smartphone users, uses have also increased such as email, gaming, internet banking etc. which requires it to always remain connected with Wi-Fi, thus making it vulnerable to numerous attacks. The endeavour in this paper is to explore Smartphone malware and combat challenges associated with it. Authors have proposed a novel three layer security model which detect and defence against the malware attack in network traffic and communication access point. Fine grained channel permission system is used to grant the permission to access the Wi-Fi access point thus providing security when any communication session takes place between Smartphone user and server though SSL handshake protocol. It also helps in detection of the interval time between packets sent and received which give impetus for threshold value used by TMM-HDT algorithm

Evil Twin Attacks on Smart Home IoT Devices for Visually Impaired Users

Securing the Internet of Things (IoT) devices in a smart home has become inevitable due to the recent surge in the use of smart devices by the visually impaired. The visually impaired users rely heavily on these IoT devices and assistive technologies for guidance, medical usage, mobility help, voice recognition, news feeds and emergency communications. However, cyber attackers are deploying Evil Twin and Man-in-the-middle (MITM) attacks, among others, to penetrate the network, establish rogue Wi-Fi access points and trick victims into connecting to it, leading to interceptions, manipulation, exploitation, compromising the smart devices and taking command and control. The paper aims to explore the Evil Twin attack on smart devices and provide mitigating techniques to improve privacy and trust. The novelty contribution of the paper is three-fold: First, we identify the various IoT device vulnerabilities and attacks. We consider the state-of-the-art IoT cyberattacks on Smart TVs, Smart Door Lock, and cameras. Secondly, we created a virtual environment using Kali Linux (Raspberry Pi) and NetGear r7000 as the home router for our testbed. We deployed an Evil Twin attack to penetrate the network to identify the vulnerable spots on the IoT devices. We consider the Kill Chain attack approach for the attack pattern. Finally, we recommend a security mechanism in a table to improve security, privacy and trust. Our results show how vulnerabilities in smart home appliances are susceptible to attacks. We have recommended mitigation techniques to enhance the security for visually impaired users

Development of a Client-Side Evil Twin Attack Detection System for Public Wi-Fi Hotspots based on Design Science Approach

Users and providers benefit considerably from public Wi-Fi hotspots. Users receive wireless Internet access and providers draw new prospective customers. While users are able to enjoy the ease of Wi-Fi Internet hotspot networks in public more conveniently, they are more susceptible to a particular type of fraud and identify theft, referred to as evil twin attack (ETA). Through setting up an ETA, an attacker can intercept sensitive data such as passwords or credit card information by snooping into the communication links. Since the objective of free open (unencrypted) public Wi-Fi hotspots is to provide ease of accessibility and to entice customers, no security mechanisms are in place. The public’s lack of awareness of the security threat posed by free open public Wi-Fi hotspots makes this problem even more heinous. Client-side systems to help wireless users detect and protect themselves from evil twin attacks in public Wi-Fi hotspots are in great need. In this dissertation report, the author explored the problem of the need for client-side detection systems that will allow wireless users to help protect their data from evil twin attacks while using free open public Wi-Fi. The client-side evil twin attack detection system constructed as part of this dissertation linked the gap between the need for wireless security in free open public Wi-Fi hotspots and limitations in existing client-side evil twin attack detection solutions. Based on design science research (DSR) literature, Hevner’s seven guidelines of DSR, Peffer’s design science research methodology (DSRM), Gregor’s IS design theory, and Hossen & Wenyuan’s (2014) study evaluation methodology, the author developed design principles, procedures and specifications to guide the construction, implementation, and evaluation of a prototype client-side evil twin attack detection artifact. The client-side evil twin attack detection system was evaluated in a hotel public Wi-Fi environment. The goal of this research was to develop a more effective, efficient, and practical client-side detection system for wireless users to independently detect and protect themselves from mobile evil twin attacks while using free open public Wi-Fi hotspots. The experimental results showed that client-side evil twin attack detection system can effectively detect and protect users from mobile evil twin AP attacks in public Wi-Fi hotspots in various real-world scenarios despite time delay caused by many factors

Masquerading Techniques in IEEE 802.11 Wireless Local Area Networks

The airborne nature of wireless transmission offers a potential target for attackers to compromise IEEE 802.11 Wireless Local Area Network (WLAN). In this dissertation, we explore the current WLAN security threats and their corresponding defense solutions. In our study, we divide WLAN vulnerabilities into two aspects, client, and administrator. The client-side vulnerability investigation is based on examining the Evil Twin Attack (ETA) while our administrator side research targets Wi-Fi Protected Access II (WPA2). Three novel techniques have been presented to detect ETA. The detection methods are based on (1) creating a secure connection to a remote server to detect the change of gateway\u27s public IP address by switching from one Access Point (AP) to another. (2) Monitoring multiple Wi-Fi channels in a random order looking for specific data packets sent by the remote server. (3) Merging the previous solutions into one universal ETA detection method using Virtual Wireless Clients (VWCs). On the other hand, we present a new vulnerability that allows an attacker to force the victim\u27s smartphone to consume data through the cellular network by starting the data download on the victim\u27s cell phone without the victim\u27s permission. A new scheme has been developed to speed up the active dictionary attack intensity on WPA2 based on two novel ideas. First, the scheme connects multiple VWCs to the AP at the same time-each VWC has its own spoofed MAC address. Second, each of the VWCs could try many passphrases using single wireless session. Furthermore, we present a new technique to avoid bandwidth limitation imposed by Wi-Fi hotspots. The proposed method creates multiple VWCs to access the WLAN. The combination of the individual bandwidth of each VWC results in an increase of the total bandwidth gained by the attacker. All proposal techniques have been implemented and evaluated in real-life scenarios

The Identification of Rogue Access Points Using Channel State Information

Today\u27s wireless networks (Wi-Fi) handle more significant numbers of connections, deploy efficiently, and provide increased reliability and high speeds at low cost. The ability of rogue access points (RAPs) to mimic legitimate APs makes them the most critical threat to wireless security. APs are found in coffee shops, supermarkets, stadiums, buses, trains, airports, hospitals, theaters, and shopping malls. Rogue access points (RAP) are unauthorized devices that connect to legitimate access points and networks and bypass authorized security procedures. RAP detection has been attempted using hardware and software-based solutions requiring the developing of dedicated tools or beacon frame modification. (Arisandi, 2021). The effectiveness of software-based tools such as Aircrack-ng, Kismet, and InSSIDER is diminished as customized configurations are required for each environment. (VanSickle, 2019). Channel State Information (CSI) are characteristics of the communication link between a Wi-Fi transmitter and receiver and facilitates reliable communication in multi-antenna systems. The data contained in CSI can be analyzed and used to detect motion and activity based on interference in the line of sight (LoS) between the transmitter and receiver. CSI has been used to recognize human activity (Wang, 2015) and recognize differences in gaits based on the speed of motion (Wang, 2016). This paper proposes identifying RAPs by detecting differences in CSI characteristics due to interference in the (LoS) path between the Wi-Fi transmitter and the receiver

A robust scheme to defend against disassociation and deauthentication DoS attacks in WLAN networks

Wireless 802.11 (also known as WLAN) has many flaws that expose the medium to numerous types of attacks. WLAN control frame consists of three major parts; data, management and control frames. Data frame is whereby data carried on, in the meantime, management and control frames are both responsible for maintaining the communication between the clients and the access point. The absence of encryption at both of these two frames exposes the medium to inevitable various types of DoS attacks at Data Link Layer. The attacker might spoof the unencrypted Deauthentication/Disassociation message together with the MAC address of the targeted access point and keep retransmitting it to all clients causing a continuous disconnection in WLAN networks. Wireless 802.11w standards has succeeded mitigating the flaw by encrypting the frames, yet only when WPA2 encryption is enforced. In this paper, we developed an enhanced proposed WLAN scheme to mitigate Deauthentication and Disassociation DoS attacks on WLAN networks. The proposed scheme is based on modifying the last twenty bits of the management frame in 802.11n standard using an enhanced version of Linear Congruential Algorithm called MAX algorithm. This is to provide a layer of authentication with no need to enforce WPA2 encryption. The proposed scheme is evaluated using CommeView Simulator and showed to be robust by slowing the attacks in an average of 3551 second on both encrypted and unencrypted networks

Empirical Techniques To Detect Rogue Wireless Devices

Media Access Control (MAC) addresses in wireless networks can be trivially spoofed using off-the-shelf devices. We proposed a solution to detect MAC address spoofing in wireless networks using a hard-to-spoof measurement that is correlated to the location of the wireless device, namely the Received Signal Strength (RSS). We developed a passive solution that does not require modification for standards or protocols. The solution was tested in a live test-bed (i.e., a Wireless Local Area Network with the aid of two air monitors acting as sensors) and achieved 99.77%, 93.16%, and 88.38% accuracy when the attacker is 8–13 m, 4–8 m, and less than 4 m away from the victim device, respectively. We implemented three previous methods on the same test-bed and found that our solution outperforms existing solutions. Our solution is based on an ensemble method known as Random Forests. We also proposed an anomaly detection solution to deal with situations where it is impossible to cover the whole intended area. The solution is totally passive and unsupervised (using unlabeled data points) to build the profile of the legitimate device. It only requires the training of one location which is the location of the legitimate device (unlike the misuse detection solution that train and simulate the existing of the attacker in every possible spot in the network diameter). The solution was tested in the same test-bed and yield about 79% overall accuracy. We build a misuseWireless Local Area Network Intrusion Detection System (WIDS) and discover some important fields in WLAN MAC-layer frame to differentiate the attackers from the legitimate devices. We tested several machine learning algorithms and found some promising ones to improve the accuracy and computation time on a public dataset. The best performing algorithms that we found are Extra Trees, Random Forests, and Bagging. We then used a majority voting technique to vote on these algorithms. Bagging classifier and our customized voting technique have good results (about 96.25 % and 96.32 %respectively) when tested on all the features. We also used a data mining technique based on Extra Trees ensemble method to find the most important features on AWID public dataset. After selecting the most 20 important features, Extra Trees and our voting technique are the best performing classifiers in term of accuracy (96.31 % and 96.32 % respectively)