Masquerading Techniques in IEEE 802.11 Wireless Local Area Networks

The airborne nature of wireless transmission offers a potential target for attackers to compromise IEEE 802.11 Wireless Local Area Network (WLAN). In this dissertation, we explore the current WLAN security threats and their corresponding defense solutions. In our study, we divide WLAN vulnerabilities into two aspects, client, and administrator. The client-side vulnerability investigation is based on examining the Evil Twin Attack (ETA) while our administrator side research targets Wi-Fi Protected Access II (WPA2). Three novel techniques have been presented to detect ETA. The detection methods are based on (1) creating a secure connection to a remote server to detect the change of gateway\u27s public IP address by switching from one Access Point (AP) to another. (2) Monitoring multiple Wi-Fi channels in a random order looking for specific data packets sent by the remote server. (3) Merging the previous solutions into one universal ETA detection method using Virtual Wireless Clients (VWCs). On the other hand, we present a new vulnerability that allows an attacker to force the victim\u27s smartphone to consume data through the cellular network by starting the data download on the victim\u27s cell phone without the victim\u27s permission. A new scheme has been developed to speed up the active dictionary attack intensity on WPA2 based on two novel ideas. First, the scheme connects multiple VWCs to the AP at the same time-each VWC has its own spoofed MAC address. Second, each of the VWCs could try many passphrases using single wireless session. Furthermore, we present a new technique to avoid bandwidth limitation imposed by Wi-Fi hotspots. The proposed method creates multiple VWCs to access the WLAN. The combination of the individual bandwidth of each VWC results in an increase of the total bandwidth gained by the attacker. All proposal techniques have been implemented and evaluated in real-life scenarios

Security technologies for wireless access to local area networks

In today’s world, computers and networks are connected to all life aspects and professions. The amount of information, personal and organizational, spread over the network is increasing exponentially. Simultaneously, malicious attacks are being developed at the same speed, which makes having a secure network system a crucial factor on every level and in any organization. Achieving a high protection level has been the goal of many organizations, such as the Wi-Fi Alliance R , and many standards and protocols have been developed over time. This work addresses the historical development of WLAN security technologies, starting from the oldest standard, WEP, and reaching the newly released standard WPA3, passing through the several versions in between,WPA, WPS, WPA2, and EAP. Along with WPA3, this work addresses two newer certificates, Enhanced OpenTM and Easy ConnectTM. Furthermore, a comparative analysis of the previous standards is also presented, detailing their security mechanisms, flaws, attacks, and the measures they have adopted to prevent these attacks. Focusing on the new released WPA3, this work presents a deep study on both WPA3 and EAP-pwd. The development of WPA3 had the objective of providing strong protection, even if the network’s password is considered weak. However, this objective was not fully accomplished and some recent research work discovered design flaws in this new standard. Along with the above studies, this master thesis’ work builds also a network for penetration testing using a set of new devices that support the new standard. A group of possible attacks onWi-Fi latest security standards was implemented on the network, testing the response against each of them, discussing the reason behind the success or the failure of the attack, and providing a set of countermeasures applicable against these attacks. Obtained results show that WPA3 has overcome many of WPA2’s issues, however, it is still unable to overcome some major Wi-Fi vulnerabilities.No mundo de hoje, os computadores e as redes estão conectados praticamente a todos os aspectos da nossa vida pessoal e profissional. A quantidade de informações, pessoais e organizacionais, espalhadas pela rede está a aumentar exponencialmente. Simultaneamente, também os ataques maliciosos estão a aumentar à mesma velocidade, o que faz com que um sistema de rede seguro seja um fator crucial a todos os níveis e em qualquer organização. Alcançar altos níveis de proteção tem sido o objetivo de trabalho de muitas organizações, como a Wi-Fi Alliance R , tendo muitos standards e protocolos sido desenvolvidos ao longo do tempo. Este trabalho aborda o desenvolvimento histórico das tecnologias de segurança para WLANs, começando pelo standard mais antigo, WEP, e acabando no recém-chegado WPA3, passando pelas várias versões intermedias, WPA, WPS, WPA2 e EAP. Juntamente com o WPA3, este trabalho aborda os dois certificados mais recentes, Enhanced OpenTM e Easy ConnectTM. Além disso, também é apresentada uma análise comparativa dos standards anteriores, detalhando os seus principais mecanismos de segurança, falhas, ataques a que são susceptíveis e medidas adotadas para evitar esses ataques. Quanto ao novo WPA3 e EAP-pwd, este trabalho apresenta um estudo aprofundado sobre os seus modos "Personal" e "Enterprise". O desenvolvimento do WPA3 teve por objetivo fornecer proteção forte, mesmo que a password de rede seja considerada fraca. No entanto, esse objetivo não foi totalmente alcançado e alguma investigação realizada recentemente detectou falhas de desenho nesse novo padrão. Juntamente com os estudo dos standards acima referidos, o trabalho realizado para esta tese de mestrado também constrói uma rede para testes de penetração usando um conjunto de novos dispositivos que já suportam o novo standard. São aplicados vários ataques aos mais recentes padrões de segurança Wi-Fi, é testada a sua resposta contra cada um deles, é discutindo o motivo que justifica o sucesso ou a falha do ataque, e são indicadas contramedidas aplicáveis a esses ataques. Os resultados obtidos mostram que o WPA3 superou muitos dos problemas do WPA2 mas que, no entanto, ainda é incapaz de superar algumas das vulnerabilidades presentes nas redes Wi-Fi.First, I would like to express my deepest appreciation to those who gave me the possibility to complete my study and get my Master degree, the Aga Khan Foundation, who has supported me financiall

Securearray: Improving WiFi security with fine-grained physical-layer information

Despite the important role that WiFi networks play in home and enterprise networks they are relatively weak from a security standpoint. With easily available directional antennas, attackers can be physically located off-site, yet compromise WiFi security protocols such as WEP, WPA, and even to some extent WPA2 through a range of exploits specific to those protocols, or simply by running dictionary and human-factors attacks on users' poorly-chosen passwords. This presents a security risk to the entire home or enterprise network. To mitigate this ongoing problem, we propose SecureArray, a system designed to operate alongside existing wireless security protocols, adding defense in depth against active attacks. SecureArray's novel signal processing techniques leverage multi-antenna access point (AP) to profile the directions at which a client's signals arrive, using this angle-of-arrival (AoA) information to construct highly sensitive signatures that with very high probability uniquely identify each client. Upon overhearing a suspicious transmission, the client and AP initiate an AoA signature-based challenge-response protocol to confirm and mitigate the threat. We also discuss how SecureArray can mitigate direct denial-of-service attacks on the latest 802.11 wireless security protocol. We have implemented SecureArray with an eight-antenna WARP hardware radio acting as the AP. Our experimental results show that in a busy office environment, SecureArray is orders of magnitude more accurate than current techniques, mitigating 100% of WiFi spoofing attack attempts while at the same time triggering false alarms on just 0.6% of legitimate traffic. Detection rate remains high when the attacker is located only five centimeters away from the legitimate client, for AP with fewer numbers of antennas and when client is mobile

Developing a Systematic Process for Mobile Surveying and Analysis of WLAN security

Wireless Local Area Network (WLAN), familiarly known as Wi-Fi, is one of the most used wireless networking technologies. WLANs have rapidly grown in popularity since the release of the original IEEE 802.11 WLAN standard in 1997. We are using our beloved wireless internet connection for everything and are connecting more and more devices into our wireless networks in every form imaginable. As the number of wireless network devices keeps increasing, so does the importance of wireless network security. During its now over twenty-year life cycle, a multitude of various security measures and protocols have been introduced into WLAN connections to keep our wireless communication secure. The most notable security measures presented in the 802.11 standard have been the encryption protocols Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). Both encryption protocols have had their share of flaws and vulnerabilities, some of them so severe that the use of WEP and the first generation of the WPA protocol have been deemed irredeemably broken and unfit to be used for WLAN encryption. Even though the aforementioned encryption protocols have been long since deemed fatally broken and insecure, research shows that both can still be found in use today. The purpose of this Master’s Thesis is to develop a process for surveying wireless local area networks and to survey the current state of WLAN security in Finland. The goal has been to develop a WLAN surveying process that would at the same time be efficient, scalable, and easily replicable. The purpose of the survey is to determine to what extent are the deprecated encryption protocols used in Finland. Furthermore, we want to find out in what state is WLAN security currently in Finland by observing the use of other WLAN security practices. The survey process presented in this work is based on a WLAN scanning method called Wardriving. Despite its intimidating name, wardriving is simply a form of passive wireless network scanning. Passive wireless network scanning is used for collecting information about the surrounding wireless networks by listening to the messages broadcasted by wireless network devices. To collect our research data, we conducted wardriving surveys on three separate occasions between the spring of 2019 and early spring of 2020, in a typical medium-sized Finnish city. Our survey results show that 2.2% out of the located networks used insecure encryption protocols and 9.2% of the located networks did not use any encryption protocol. While the percentage of insecure networks is moderately low, we observed during our study that private consumers are reluctant to change the factory-set default settings of their wireless network devices, possibly exposing them to other security threats

Planning and realization of a WiFi 6 network to replace wired connections in an enterprise environment

WiFi (Wireless Fidelity) is a popular wireless LAN technology. It provides broadband wireless connectivity to all the users in the unlicensed 2.4 GHz and 5 GHz frequency bands. Given the fact that the WiFi technology is much easier and cost-efficient to deploy, it is rapidly gaining acceptance as an alternative to a wired local area network. Nowadays the Wireless access to data is a necessity for everyone in the daily life. Considering the last 30 years, the unlimited access to information has transformed entire industries, fueling growth, productivity and profits.The WiFi technology, which is governed by the IEEE 802.11 standards body, has played a key role in this transformation. In fact, thanks to WiFi, users can benefit of low cost access to high data rate wireless connectivity. The first version of the IEEE 802.11 protocol was released in 1997. IEEE 802.11 has been improved with different versions in order to enhance the throughput and support new technologies. WiFi networks are now experiencing the bandwidth-demanding media content as well as multiple WiFi devices for each user. As a consequence of this, WiFi 6, which is based on the IEEE 802.11ax standard, is focused on improving the efficiency of the radio link. However, there is a relatively modest increase in peak data rate too. In this thesis we have planned and realized a WiFi 6 network to replace wired connections in an enterprise environment. To do this the optimal access point placement problem has been taken into account, resulting in an improvement of the coverage. Subsequently, after the configuration from the controller, the performance of the new network has been tested in order to study if WiFi 6 can be used instead of wired connections.WiFi (Wireless Fidelity) is a popular wireless LAN technology. It provides broadband wireless connectivity to all the users in the unlicensed 2.4 GHz and 5 GHz frequency bands. Given the fact that the WiFi technology is much easier and cost-efficient to deploy, it is rapidly gaining acceptance as an alternative to a wired local area network. Nowadays the Wireless access to data is a necessity for everyone in the daily life. Considering the last 30 years, the unlimited access to information has transformed entire industries, fueling growth, productivity and profits.The WiFi technology, which is governed by the IEEE 802.11 standards body, has played a key role in this transformation. In fact, thanks to WiFi, users can benefit of low cost access to high data rate wireless connectivity. The first version of the IEEE 802.11 protocol was released in 1997. IEEE 802.11 has been improved with different versions in order to enhance the throughput and support new technologies. WiFi networks are now experiencing the bandwidth-demanding media content as well as multiple WiFi devices for each user. As a consequence of this, WiFi 6, which is based on the IEEE 802.11ax standard, is focused on improving the efficiency of the radio link. However, there is a relatively modest increase in peak data rate too. In this thesis we have planned and realized a WiFi 6 network to replace wired connections in an enterprise environment. To do this the optimal access point placement problem has been taken into account, resulting in an improvement of the coverage. Subsequently, after the configuration from the controller, the performance of the new network has been tested in order to study if WiFi 6 can be used instead of wired connections

IEEE 802.11 i Security and Vulnerabilities

Despite using a variety of comprehensive preventive security measures, the Robust Secure Networks (RSNs) remain vulnerable to a number of attacks. Failure of preventive measures to address all RSN vulnerabilities dictates the need for enhancing the performance of Wireless Intrusion Detection Systems (WIDSs) to detect all attacks on RSNs with less false positive and false negative rates

Enhancing WPA2-PSK four-way handshaking after re-authentication to deal with de-authentication followed by brute-force attack a novel re-authentication protocol

The nature of wireless network transmission and the emerging attacks are continuously creating or exploiting more vulnerabilities. Despite the fact that the security mechanisms and protocols are constantly upgraded and enhanced, the Small Office/Home Office (SOHO) environments that cannot afford a separate authentication system, and generally adopt the IEEE 802.11 Wi-Fi-Protected-Access-2/Pre-Shared-Key (WPA2-PSK) are still exposed to some attack categories such as de-authentication attacks that aim to push wireless client to re-authenticate to the Access Point (AP) and try to capture the keys exchanged during the handshake to compromise the network security. This kind of attack is impossible to detect or prevent in spite of having an Intrusion Detection and Prevention System (IDPS) installed on the client or on the AP, especially when the attack is not repetitive and is targeting only one client. This paper proposes a novel method which can mitigate and eliminate the risk of exposing the PSK to be captured during the re-authentication process by introducing a novel re-authentication protocol relying on an enhanced four-way handshake which does not require any hardware upgrade or heavy-weight cryptography affecting the network flexibility and performances

Intrusion detection in wi-fi networks by modular and optimized ensemble of classifiers

4noopenWith the breakthrough of pervasive advanced networking infrastructures and paradigms such as 5G and IoT, cybersecurity became an active and crucial field in the last years. Furthermore, machine learning techniques are gaining more and more attention as prospective tools for mining of (possibly malicious) packet traces and automatic synthesis of network intrusion detection systems. In this work, we propose a modular ensemble of classifiers for spotting malicious attacks on Wi-Fi networks. Each classifier in the ensemble is tailored to characterize a given attack class and is individually optimized by means of a genetic algorithm wrapper with the dual goal of hyper-parameters tuning and retaining only relevant features for a specific attack class. Our approach also considers a novel false alarm management procedure thanks to a proper reliability measure formulation. The proposed system has been tested on the well-known AWID dataset, showing performances comparable with other state of the art works both in terms of accuracy and knowledge discovery capabilities. Our system is also characterized by a modular design of the classification model, allowing to include new possible attack classes in an efficient way.openAccademicoGiuseppe Granato; Alessio Martino; Luca Baldini; Antonello RizziGranato, Giuseppe; Martino, Alessio; Baldini, Luca; Rizzi, Antonell

Enhancing WPA2-PSK four-way handshaking after re-authentication to deal with de-authentication followed by brute-force attack a novel re-authentication protocol

The nature of wireless network transmission and the emerging attacks are continuously creating or exploiting more vulnerabilities. Despite the fact that the security mechanisms and protocols are constantly upgraded and enhanced, the Small Office/Home Office (SOHO) environments that cannot afford a separate authentication system, and generally adopt the IEEE 802.11 Wi-Fi-Protected-Access-2/Pre-Shared-Key (WPA2-PSK) are still exposed to some attack categories such as de-authentication attacks that aim to push wireless client to re-authenticate to the Access Point (AP) and try to capture the keys exchanged during the handshake to compromise the network security. This kind of attack is impossible to detect or prevent in spite of having an Intrusion Detection and Prevention System (IDPS) installed on the client or on the AP, especially when the attack is not repetitive and is targeting only one client. This paper proposes a novel method which can mitigate and eliminate the risk of exposing the PSK to be captured during the re-authentication process by introducing a novel re-authentication protocol relying on an enhanced four-way handshake which does not require any hardware upgrade or heavy-weight cryptography affecting the network flexibility and performances