Enhancing WPA2-PSK four-way handshaking after re-authentication to deal with de-authentication followed by brute-force attack a novel re-authentication protocol

The nature of wireless network transmission and the emerging attacks are continuously creating or exploiting more vulnerabilities. Despite the fact that the security mechanisms and protocols are constantly upgraded and enhanced, the Small Office/Home Office (SOHO) environments that cannot afford a separate authentication system, and generally adopt the IEEE 802.11 Wi-Fi-Protected-Access-2/Pre-Shared-Key (WPA2-PSK) are still exposed to some attack categories such as de-authentication attacks that aim to push wireless client to re-authenticate to the Access Point (AP) and try to capture the keys exchanged during the handshake to compromise the network security. This kind of attack is impossible to detect or prevent in spite of having an Intrusion Detection and Prevention System (IDPS) installed on the client or on the AP, especially when the attack is not repetitive and is targeting only one client. This paper proposes a novel method which can mitigate and eliminate the risk of exposing the PSK to be captured during the re-authentication process by introducing a novel re-authentication protocol relying on an enhanced four-way handshake which does not require any hardware upgrade or heavy-weight cryptography affecting the network flexibility and performances

Enhancing WPA2-PSK four-way handshaking after re-authentication to deal with de-authentication followed by brute-force attack a novel re-authentication protocol

The nature of wireless network transmission and the emerging attacks are continuously creating or exploiting more vulnerabilities. Despite the fact that the security mechanisms and protocols are constantly upgraded and enhanced, the Small Office/Home Office (SOHO) environments that cannot afford a separate authentication system, and generally adopt the IEEE 802.11 Wi-Fi-Protected-Access-2/Pre-Shared-Key (WPA2-PSK) are still exposed to some attack categories such as de-authentication attacks that aim to push wireless client to re-authenticate to the Access Point (AP) and try to capture the keys exchanged during the handshake to compromise the network security. This kind of attack is impossible to detect or prevent in spite of having an Intrusion Detection and Prevention System (IDPS) installed on the client or on the AP, especially when the attack is not repetitive and is targeting only one client. This paper proposes a novel method which can mitigate and eliminate the risk of exposing the PSK to be captured during the re-authentication process by introducing a novel re-authentication protocol relying on an enhanced four-way handshake which does not require any hardware upgrade or heavy-weight cryptography affecting the network flexibility and performances

Parallel Active Dictionary Attack On Wpa2-Psk Wi-Fi Networks

Wi-Fi network offers an inexpensive and convenient way to access the Internet. It becomes even more important nowadays as we are moving from the traditional computer age to the current mobile devices and Internet-of-Things age. Wi-Fi Protected Access II (WPA2) - Pre-shared key (PSK) is the current security standard used to protect small 802.11 wireless networks. Most of the available dictionary password-guessing attacks on WPA2-PSK are based on capturing the four-way handshaking frames between an authorized wireless client and the Access Point (AP). These attacks will fail if an attacker is unable to capture the four-way handshaking frames of a legitimate client. An attacker also can apply an active dictionary attack by sending a pass-phrase to the AP and waiting for the response. However, this attack approach could only achieve a low attack intensity of testing a few pass-phrases per minute. In this paper, we develop a new scheme to speed up the active pass-phrase guessing trials intensity based on two novel ideas: First, the scheme mimics multiple Wi-Fi clients connecting to the AP at the same time-each emulated Wi-Fi client has its own spoofed MAC address; Second, each emulated Wi-Fi client could try many pass-phrases using a single wireless session without the need to pass the 802.11 authentication and association stages for every pass-phrase guess. We have developed a working prototype and our experiments show that the proposed scheme can improve active dictionary pass-phrase guessing speed by 100-fold compared to the traditional single client attack

Efficient Implementation of IEEE 802.11i Wi-Fi Security (WPA2-PSK) Standard Using FPGA

The rationale behind the thesis was to design efficient implementations of cryptography algorithms used for Wi-Fi Security as per IEEE 802.11i Wi-Fi Security (WPA2-PSK) standard. The focus was on software implementation of Password-Based Key Derivation Function 2 (PBKDF2) using Keyed-Hash Message Authentication Code (HMAC)-SHA1, which is used for authentication, and, hardware implementation of AES-256 cipher, which is used for data confidentiality. In this thesis, PBKDF2 based on HMAC-SHA1 was implemented on software using C programming language, and, AES-256 was implemented on hardware using Verilog HDL. The overall implementation was designed and tested on Nexys4 FPGA board. The performance of the implementation was compared with other existing designs. Latency (us) was used as the performance metric for PBKDF2, whereas, throughput (Gb/s), resource utilization (Number of Slices), efficiency (Kb/s per slice) and latency (ns) were used as performance metrics for AES-256. MRF24WG0MA PMOD Wi-Fi module was the 2.4 GHz Wi-Fi module which was interfaced with Nexys4 FPGA board for wireless communication. When the correct security credentials were entered in the implemented system interfaced to the Wi-Fi module, it was successfully authenticated by a 2.4 GHz wireless router (or mobile hotspot) configured to work in WPA2-PSK security mode. Once this system was authenticated, the implemented AES-256 cipher within the system was used to provide a layer of encryption over the data being communicated in the network

The latest advances in wireless communication in aviation, wind turbines and bridges

Present-day technologies used in SHM (Structural Health Monitoring) systems in many implementations are based on wireless sensor networks (WSN). In the context of the continuous development of these systems, the costs of the elements that form the monitoring system are decreasing. In this situation, the challenge is to select the optimal number of sensors and the network architecture, depending on the wireless system’s other parameters and requirements. It is a challenging task for WSN to provide scalability to cover a large area, fault tolerance, transmission reliability, and energy efficiency when no events are detected. In this article, fundamental issues concerning wireless communication in structural health monitoring systems (SHM) in the context of non-destructive testing sensors (NDT) were presented. Wireless technology developments in several crucial areas were also presented, and these include engineering facilities such as aviation and wind turbine systems as well as bridges and associated engineering facilities

Masquerading Techniques in IEEE 802.11 Wireless Local Area Networks

The airborne nature of wireless transmission offers a potential target for attackers to compromise IEEE 802.11 Wireless Local Area Network (WLAN). In this dissertation, we explore the current WLAN security threats and their corresponding defense solutions. In our study, we divide WLAN vulnerabilities into two aspects, client, and administrator. The client-side vulnerability investigation is based on examining the Evil Twin Attack (ETA) while our administrator side research targets Wi-Fi Protected Access II (WPA2). Three novel techniques have been presented to detect ETA. The detection methods are based on (1) creating a secure connection to a remote server to detect the change of gateway\u27s public IP address by switching from one Access Point (AP) to another. (2) Monitoring multiple Wi-Fi channels in a random order looking for specific data packets sent by the remote server. (3) Merging the previous solutions into one universal ETA detection method using Virtual Wireless Clients (VWCs). On the other hand, we present a new vulnerability that allows an attacker to force the victim\u27s smartphone to consume data through the cellular network by starting the data download on the victim\u27s cell phone without the victim\u27s permission. A new scheme has been developed to speed up the active dictionary attack intensity on WPA2 based on two novel ideas. First, the scheme connects multiple VWCs to the AP at the same time-each VWC has its own spoofed MAC address. Second, each of the VWCs could try many passphrases using single wireless session. Furthermore, we present a new technique to avoid bandwidth limitation imposed by Wi-Fi hotspots. The proposed method creates multiple VWCs to access the WLAN. The combination of the individual bandwidth of each VWC results in an increase of the total bandwidth gained by the attacker. All proposal techniques have been implemented and evaluated in real-life scenarios

The Cloud-to-Thing Continuum

The Internet of Things offers massive societal and economic opportunities while at the same time significant challenges, not least the delivery and management of the technical infrastructure underpinning it, the deluge of data generated from it, ensuring privacy and security, and capturing value from it. This Open Access Pivot explores these challenges, presenting the state of the art and future directions for research but also frameworks for making sense of this complex area. This book provides a variety of perspectives on how technology innovations such as fog, edge and dew computing, 5G networks, and distributed intelligence are making us rethink conventional cloud computing to support the Internet of Things. Much of this book focuses on technical aspects of the Internet of Things, however, clear methodologies for mapping the business value of the Internet of Things are still missing. We provide a value mapping framework for the Internet of Things to address this gap. While there is much hype about the Internet of Things, we have yet to reach the tipping point. As such, this book provides a timely entrée for higher education educators, researchers and students, industry and policy makers on the technologies that promise to reshape how society interacts and operates