Detection of Man-in-the-middle Attacks Using Physical Layer Wireless Security Techniques

In a wireless network environment, all the users are able to access the wireless channel. Thus, if malicious users exploit this feature by mimicking the characteristics of a normal user or even the central wireless access point (AP), they can intercept almost all the information through the network. This scenario is referred as a Man-in-the-middle (MITM) attack. In the MITM attack, the attackers usually set up a rogue AP to spoof the clients. In this thesis, we focus on the detection of MITM attacks in Wi-Fi networks. The thesis introduces the entire process of performing and detecting the MITM attack in two separate sections. The first section starts from creating a rogue AP by imitating the characteristics of the legitimate AP. Then a multi-point jamming attack is conducted to kidnap the clients and force them to connect to the rogue AP. Furthermore, the sniffer software is used to intercept the private information passing through the rogue AP. The second section focuses on the detection of MITM attacks from two aspects: jamming attacks detection and rogue AP detection. In order to enable the network to perform defensive strategies more effectively, distinguishing different types of jamming attacks is necessary. We begin by using signal strength consistency mechanism in order to detect jamming attacks. Then, based on the statistical data of packets send ratio (PSR) and packets delivery ratio (PDR) in different jamming situations, a model is built to further differentiate the jamming attacks. At the same time, we gather the received signal strength indication (RSSI) values from three monitor nodes which process the random RSSI values employing a sliding window algorithm. According to the mean and standard deviation curve of RSSI, we can detect if a rogue AP is present within the vicinity. All these proposed approaches, either attack or detection, have been validated via computer simulations and experimental hardware implementations including Backtrack 5 Tools and MATLAB software suite

Security technologies for wireless access to local area networks

In today’s world, computers and networks are connected to all life aspects and professions. The amount of information, personal and organizational, spread over the network is increasing exponentially. Simultaneously, malicious attacks are being developed at the same speed, which makes having a secure network system a crucial factor on every level and in any organization. Achieving a high protection level has been the goal of many organizations, such as the Wi-Fi Alliance R , and many standards and protocols have been developed over time. This work addresses the historical development of WLAN security technologies, starting from the oldest standard, WEP, and reaching the newly released standard WPA3, passing through the several versions in between,WPA, WPS, WPA2, and EAP. Along with WPA3, this work addresses two newer certificates, Enhanced OpenTM and Easy ConnectTM. Furthermore, a comparative analysis of the previous standards is also presented, detailing their security mechanisms, flaws, attacks, and the measures they have adopted to prevent these attacks. Focusing on the new released WPA3, this work presents a deep study on both WPA3 and EAP-pwd. The development of WPA3 had the objective of providing strong protection, even if the network’s password is considered weak. However, this objective was not fully accomplished and some recent research work discovered design flaws in this new standard. Along with the above studies, this master thesis’ work builds also a network for penetration testing using a set of new devices that support the new standard. A group of possible attacks onWi-Fi latest security standards was implemented on the network, testing the response against each of them, discussing the reason behind the success or the failure of the attack, and providing a set of countermeasures applicable against these attacks. Obtained results show that WPA3 has overcome many of WPA2’s issues, however, it is still unable to overcome some major Wi-Fi vulnerabilities.No mundo de hoje, os computadores e as redes estão conectados praticamente a todos os aspectos da nossa vida pessoal e profissional. A quantidade de informações, pessoais e organizacionais, espalhadas pela rede está a aumentar exponencialmente. Simultaneamente, também os ataques maliciosos estão a aumentar à mesma velocidade, o que faz com que um sistema de rede seguro seja um fator crucial a todos os níveis e em qualquer organização. Alcançar altos níveis de proteção tem sido o objetivo de trabalho de muitas organizações, como a Wi-Fi Alliance R , tendo muitos standards e protocolos sido desenvolvidos ao longo do tempo. Este trabalho aborda o desenvolvimento histórico das tecnologias de segurança para WLANs, começando pelo standard mais antigo, WEP, e acabando no recém-chegado WPA3, passando pelas várias versões intermedias, WPA, WPS, WPA2 e EAP. Juntamente com o WPA3, este trabalho aborda os dois certificados mais recentes, Enhanced OpenTM e Easy ConnectTM. Além disso, também é apresentada uma análise comparativa dos standards anteriores, detalhando os seus principais mecanismos de segurança, falhas, ataques a que são susceptíveis e medidas adotadas para evitar esses ataques. Quanto ao novo WPA3 e EAP-pwd, este trabalho apresenta um estudo aprofundado sobre os seus modos "Personal" e "Enterprise". O desenvolvimento do WPA3 teve por objetivo fornecer proteção forte, mesmo que a password de rede seja considerada fraca. No entanto, esse objetivo não foi totalmente alcançado e alguma investigação realizada recentemente detectou falhas de desenho nesse novo padrão. Juntamente com os estudo dos standards acima referidos, o trabalho realizado para esta tese de mestrado também constrói uma rede para testes de penetração usando um conjunto de novos dispositivos que já suportam o novo standard. São aplicados vários ataques aos mais recentes padrões de segurança Wi-Fi, é testada a sua resposta contra cada um deles, é discutindo o motivo que justifica o sucesso ou a falha do ataque, e são indicadas contramedidas aplicáveis a esses ataques. Os resultados obtidos mostram que o WPA3 superou muitos dos problemas do WPA2 mas que, no entanto, ainda é incapaz de superar algumas das vulnerabilidades presentes nas redes Wi-Fi.First, I would like to express my deepest appreciation to those who gave me the possibility to complete my study and get my Master degree, the Aga Khan Foundation, who has supported me financiall

Automated Man-in-the-Middle Attack Against Wi‑Fi Networks

Currently used wireless communication technologies suffer security weaknesses that can be exploited allowing to eavesdrop or to spoof network communication. In this paper, we present a practical tool that can automate the attack on wireless security. The developed package called wifimitm provides functionality for the automation of MitM attacks in the wireless environment. The package combines several existing tools and attack strategies to bypass the wireless security mechanisms, such as WEP, WPA, and WPS. The presented tool can be integrated into a solution for automated penetration testing. Also, a popularization of the fact that such attacks can be easily automated should raise public awareness about the state of wireless security

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

Darma: Defeating And Reconnaissance Manna-Karma Attacks In 802.11 With Multiple Detections And Prevention

The vast growing usage of mobile phones increases Wi-Fi technology. At present, the pattern of human interaction with the internet is not a desktop or laptop anymore. The assimilation of tools for surfing, working, and communication is now shifting to mobile phones. Thus, this is the motivation to expand Wi-Fi technology so that it will be the primary medium for internet connectivity. Hence, increasing the security risk for it attracts attackers despite its popularity among users. The DOS attack in 802.11 management frames is widely known as an initial process before Man-in-the-middle (MiTM) attacks in 802.11 takes part. Karma and Manna's attacks are an unprecedented attack in the 802.11 management frames. This paper proposed a mechanism called Defeating and Reconnaissance Manna-karma Attack (DARMA), which is client-side multiple detection techniques to defeat and prevent karma-manna attack. The proposed mechanism consisted of 4 layers of processes inclusive of monitors, detection, confirmation, and preventions. The effectiveness of the detection is base of the current real-time behaviour of the packets

Some ethical hacking possibilities in Kali Linux environment

This paper deals with the problem of ethical hacking and security of computer systems. When we talk about security of an information system, we actually mean the primary three attributes of the system: confidentiality, integrity and availability. There are various approaches with aim to identify existing security weaknesses and security assessment. One of them is using Kali Linux operating system with its integrated effective tools specially adapted to the realization of various types of attacks. The paper gives a general overview of some Kali attacking possibilities on client and server side and highlights their specificities. The undoubted benefit of this operating system is a large collection of different hacking tools in one place which significantly facilitates vulnerability assessment and security testing

MITM Attack Automation Using Single-Board Solution

Práca je zameraná na návrh MiTM útokov s využitím moderných prístupov pri návrhu IT infraštruktúri. Špecificky sa zameriava na možnosti využitia jednodoskových počítačov a na možnosti ako zjednodušiť ich kofiguráciu pre účely penetračného testovania. Navrhnuté a implementované riešenie umožnuje použitie komplikovaných útokov personálom, ktorý je len zaškolený, pričom neobmedzuje použitie skúseným personálom. Zatiaľ čo dnešné prístupy by sa dali považovať sa monolitické a centrické, navrhnuté riešenie berie samotný MiTM útok len ako časť riešenia pričom sa zameriava aj na ostatné aspekty ako napríklad exfiltrácia dát, alebo crackovanie hesiel.Thesis is focused on design of MiTM attack with use of modern approaches in IT infrastructure. Especially it's focused on how to simplify configuration of single-board computer for penetration testing purposes by creating scalable infrastructure for device configuration and control. Proposed solution allows the usage of complicated attacks by trained staff while not limiting users with experience in network security. While today, applications capable of MiTM attacks are monolithic and device-centric, proposed solution considers the device providing MiTM just as one part of the solution and also focuses on other problems like data exfiltration or hash cracking.

Overview of the Course in “Wireless and Mobile Security”

This paper provides an overview of “Wireless and Mobile Security” course. The course offers practical study of security issues and features concerning wireless security. The program of the course effciently interleaves systematic theoretical knowledge and practical work. The theoretical part of the course includes basic information about the architecture of wireless networks, as well as available in this area to modern standards and protection mechanisms built into the equipment for wireless networks. It is also proposed an effective method for integrating a wireless network with the existing network infrastructure, taking into account all aspects of security. More than 50 percent of teaching time is devoted to practical work on the protection of wireless networks. During the course skills to work with software NetStumbler, Kismet, AirSnort, Aircrack, and other monitoring wireless and network tools will be acquired. Particular attention is paid to the use of the most common tools of audit wireless networks, both commercial, and open source. In conclusion, a comprehensive approach to wireless security will be offered for each wireless technology

Block the Root Takeover: Validating Devices Using Blockchain Protocol

This study addresses a vulnerability in the trust-based STP protocol that allows malicious users to target an Ethernet LAN with an STP Root-Takeover Attack. This subject is relevant because an STP Root-Takeover attack is a gateway to unauthorized control over the entire network stack of a personal or enterprise network. This study aims to address this problem with a potentially trustless research solution called the STP DApp. The STP DApp is the combination of a kernel /net modification called stpverify and a Hyperledger Fabric blockchain framework in a NodeJS runtime environment in userland. The STP DApp works as an Intrusion Detection System (IPS) by intercepting Ethernet traffic and blocking forged Ethernet frames sent by STP Root-Takeover attackers. This study’s research methodology is a quantitative pre-experimental design that provides conclusive results through empirical data and analysis using experimental control groups. In this study, data collection was based on active RAM utilization and CPU Usage during a performance evaluation of the STP DApp. It blocks an STP Root-Takeover Attack launched by the Yersinia attack tool installed on a virtual machine with the Kali operating system. The research solution is a test blockchain framework using Hyperledger Fabric. It is made up of an experimental test network made up of nodes on a host virtual machine and is used to validate Ethernet frames extracted from stpverify