Developing a Systematic Process for Mobile Surveying and Analysis of WLAN security

Wireless Local Area Network (WLAN), familiarly known as Wi-Fi, is one of the most used wireless networking technologies. WLANs have rapidly grown in popularity since the release of the original IEEE 802.11 WLAN standard in 1997. We are using our beloved wireless internet connection for everything and are connecting more and more devices into our wireless networks in every form imaginable. As the number of wireless network devices keeps increasing, so does the importance of wireless network security. During its now over twenty-year life cycle, a multitude of various security measures and protocols have been introduced into WLAN connections to keep our wireless communication secure. The most notable security measures presented in the 802.11 standard have been the encryption protocols Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). Both encryption protocols have had their share of flaws and vulnerabilities, some of them so severe that the use of WEP and the first generation of the WPA protocol have been deemed irredeemably broken and unfit to be used for WLAN encryption. Even though the aforementioned encryption protocols have been long since deemed fatally broken and insecure, research shows that both can still be found in use today. The purpose of this Master’s Thesis is to develop a process for surveying wireless local area networks and to survey the current state of WLAN security in Finland. The goal has been to develop a WLAN surveying process that would at the same time be efficient, scalable, and easily replicable. The purpose of the survey is to determine to what extent are the deprecated encryption protocols used in Finland. Furthermore, we want to find out in what state is WLAN security currently in Finland by observing the use of other WLAN security practices. The survey process presented in this work is based on a WLAN scanning method called Wardriving. Despite its intimidating name, wardriving is simply a form of passive wireless network scanning. Passive wireless network scanning is used for collecting information about the surrounding wireless networks by listening to the messages broadcasted by wireless network devices. To collect our research data, we conducted wardriving surveys on three separate occasions between the spring of 2019 and early spring of 2020, in a typical medium-sized Finnish city. Our survey results show that 2.2% out of the located networks used insecure encryption protocols and 9.2% of the located networks did not use any encryption protocol. While the percentage of insecure networks is moderately low, we observed during our study that private consumers are reluctant to change the factory-set default settings of their wireless network devices, possibly exposing them to other security threats

Automated analysis of security protocol implementations

Security protocols, or cryptographic protocols, are crucial to the functioning of today’s technology-dependant society. They are a fundamental innovation, without which much of our online activity, mobile communication and even transport signalling would not be possible. The reason for their importance is simple, communication over shared or publicly accessible networks is vulnerable to interception, manipulation, and impersonation. It is the role of security protocols to prevent this, allowing for safe and secure communication. Our reliance on these protocols for such critical tasks, means it is essential to engineer them with great care, just like we do with bridges or a safety-critical aircraft engine control system, for example. As with all types of engineering, there are two key elements to this process – design and implementation. In this thesis we produce techniques to analyse the latter. In particular, we develop automated tooling which helps to identify incorrect or vulnerable behaviour in the implementations of security protocols. The techniques we present follow a theme of trying to infer as much as we can about the protocol logic implemented in a system, with as little access to it’s inner workings as possible. In general, we do this through observations of protocol messages on the network, executing the system, but treating it as a black-box. Within this particular framework, we design two new techniques – one which identifies a specific vulnerability in TLS/SSL, and another, more general approach, which systematically extracts a protocol behaviour model from protocols like the WiFi security handshakes. We then argue that it his framework limits the potential of model extraction, and proceed to develop a solution to this problem by utilising grey-box insights. Our proposed approach, which we test on a variety of security protocols, represents a paradigm shift in the well established model learning field. Throughout this thesis, as well as presenting general results from testing the efficacy of our tools, we also present a number of vulnerabilities we discover in the process. This ranges from major banking apps vulnerable to Man-In-The-Middle attacks, to CVE assigned ciphersuite downgrades in popular WiFi routers

IEEE 802.11 i Security and Vulnerabilities

Despite using a variety of comprehensive preventive security measures, the Robust Secure Networks (RSNs) remain vulnerable to a number of attacks. Failure of preventive measures to address all RSN vulnerabilities dictates the need for enhancing the performance of Wireless Intrusion Detection Systems (WIDSs) to detect all attacks on RSNs with less false positive and false negative rates

Static and Dynamic 4-Way Handshake Solutions to Avoid Denial of Service Attack in Wi-Fi Protected Access and IEEE 802.11i

This paper focuses on WPA and IEEE 802.11i protocols that represent two important solutions in the wireless environment. Scenarios where it is possible to produce a DoS attack and DoS flooding attacks are outlined. The last phase of the authentication process, represented by the 4-way handshake procedure, is shown to be unsafe from DoS attack. This can produce the undesired effect of memory exhaustion if a flooding DoS attack is conducted. In order to avoid DoS attack without increasing the complexity of wireless mobile devices too much and without changing through some further control fields of the frame structure of wireless security protocols, a solution is found and an extension of WPA and IEEE 802.11 is proposed. A protocol extension with three "static" variants and with a resource-aware dynamic approach is considered. The three enhancements to the standard protocols are achieved through some simple changes on the client side and they are robust against DoS and DoS flooding attack. Advantages introduced by the proposal are validated by simulation campaigns and simulation parameters such as attempted attacks, successful attacks, and CPU load, while the algorithm execution time is evaluated. Simulation results show how the three static solutions avoid memory exhaustion and present a good performance in terms of CPU load and execution time in comparison with the standard WPA and IEEE 802.11i protocols. However, if the mobile device presents different resource availability in terms of CPU and memory or if resource availability significantly changes in time, a dynamic approach that is able to switch among three different modalities could be more suitable

A review and comparative analysis of vulnerability scanning tools for wireless LANs

The 21st century has been characterized by the widespread proliferation and use of wireless networks, notably, Wireless LANs, that enhanced access to information and resources to businesses and the society at large. However, WLANs are vulnerable to a range of security issues such as replay and KRACK attacks. In addition, the underlying security protocols used within WLANs, including Wired-Equivalent Privacy and the different versions of the Wi-Fi Protected Access have had security vulnerabilities that led to deprecation of few previous versions. As such, in the process of hardening security of such networks, vulnerability assessment is important and for this, various vulnerability scanners are available on the market. This paper critically reviews and analyses key vulnerability scanners for the context of WLANs. As part of the investigation, four tools, notably Nessus Vulnerability Scanner, OpenVAS, Nexpose and GFI LanGuard are reviewed, and insights are provided following practical utilization. As key findings, different vulnerability scanners were found to address different kinds and number of vulnerabilities, where some of them can be more granular than others, even in terms of output provided to the user. Moreover, the scan duration was not consistent across tools and does not corelate with the number of vulnerabilities detected

Wi-Fi Security: Do We Still Have to Look Back?

Wi-Fi is a wireless communication technology that has been around since the late nineties. Nowadays, it is the most adopted wireless short-range communication technology in various IoT (Internet of Things) applications and on many wireless AI (Artificial Intelligent) systems. Although Wi-Fi security has significantly improved throughout the past years, it is still having some limitations. Some vulnerabilities still exist allowing attackers to generate different types of attacks. These attacks can breach the authentication, confidentiality, and data integrity of Wi-Fi systems. At the same time, many vulnerabilities have been fixed or patched, and the attacks that were relying on those vulnerabilities would fail on modern Wi-Fi systems. Therefore, it is important for security engineers, in general, and for wireless intelligent system designers, in particular, to be aware of the existing vulnerabilities and feasible attacks on modern Wi-Fi systems and their respective countermeasures. That would help them to not have to look back and care about attacks that can no longer be generated on today’s Wi-Fi systems. In this light, we devote this paper to extensively review the attacks on Wi-Fi. We group the attacks into feasible and unfeasible. Also, for each attack, we discuss the possible countermeasures to mitigate it

Security in Wireless Local Area Networks (WLANs)

Major research domains in the WLAN security include: access control & data frame protection, lightweight authentication and secure handoff. Access control standard like IEEE 802.11i provides flexibility in user authentication but on the other hand fell prey to Denial of Service (DoS) attacks. For Protecting the data communication between two communicating devices—three standard protocols i.e., WEP (Wired Equivalent Privacy), TKIP (Temporal Key Integrity Protocol) and AES-CCMP (Advanced Encryption Standard—Counter mode with CBC-MAC protocol) are used. Out of these, AES-CCMP protocol is secure enough and mostly used in enterprises. In WLAN environment lightweight authentication is an asset, provided it also satisfies other security properties like protecting the authentication stream or token along with securing the transmitted message. CAPWAP (Control and Provisioning of Wireless Access Points), HOKEY (Hand Over Keying) and IEEE 802.11r are major protocols for executing the secure handoff. In WLANs, handoff should not only be performed within time limits as required by the real time applications but should also be used to transfer safely the keying material for further communication. In this chapter, a comparative study of the security mechanisms under the above-mentioned research domains is provided

APAKAH WPA/WPA2 BENAR-BENAR AMAN? DEKRIPSI PAKET DATA TERENKRIPSI PADA WPA/WPA2

WPA2 is considered as the most secure configuration for  Wi-Fi network and widely used to secure private and enterprise Wi-Fi network. The early protocol, WEP uses RC4 stream cipher algorithm without key management and WPA uses Temporal Key Integrity Protocol (TKIP) with hash function to scramble the key, while WPA2 use Advanced Encryption Standard (AES) algorithm to encrypt data. One of parameter for generate encryption key in WPA/WPA2 is preshared key. In 2008, Beck and Tews have proposed a practical attack on WPA by exploiting the preshared key. In this paper, we propose exploitation preshared key to decrypt WPA/WPA2 encrypted data. As a result we propose some prevention and anticipation methods from users that utilize wireless network to protecting data during transmission in wireless network with WPA/WPA2 protocol

Token-based Fast Authentication for Wireless Network

Wireless Networks based on WIFI or WIMAX become popular and are used in many places as compliment network to wired LAN to support mobility. The support of mobility of clients, the continuous access anywhere and anytime make WLAN preferable network for many applications. However, there are some issues associated with the usage of WLAN that put some restriction on adapting this technology everywhere. These issues are related to using the best routing algorithm to achieve good performance of throughput and delay, and to securing the open access to avoid attacks at the physical and MAC layer. IEEE 802.1x, suggested a solution to address the security issue at the MAC layer and but there are varieties of implementations address this solution and they differ in performance. IEEE 802.1af tried to address other security issue remained at the MAC layer but it is still at early stage and need verification for easy deployment. In this paper a new technique for securing wireless network using fast token-based authentication has been invented to address the vulnerability inherited by the wireless network at the MAC layer using fast authentication process. This technique is based on an authentication server distributing a security token, public authentication key, and network access key parameter to eligible mobile client MCs during registration. All messages will be encrypted during registration using temporary derived token key, but it will use derived valid token key during authentication. Authenticated MCs will then use derived group temporal key generated from the network access parameter key to encrypt all messages exchanged over the wireless network. The token, the authentication key and the access network parameter key will be only distributed during registration. This makes the security parameters known only to authentication server, authenticator and MC. Hence, this technique will protect the wireless network against attack since attackers are unable to know the token and other security keys. Moreover, it will avoid the exchange of public keys during authentication such as the one used in other existing technologies, and consequently speedup the authentication phase which is very critical to wireless technologies