Masquerading Techniques in IEEE 802.11 Wireless Local Area Networks

The airborne nature of wireless transmission offers a potential target for attackers to compromise IEEE 802.11 Wireless Local Area Network (WLAN). In this dissertation, we explore the current WLAN security threats and their corresponding defense solutions. In our study, we divide WLAN vulnerabilities into two aspects, client, and administrator. The client-side vulnerability investigation is based on examining the Evil Twin Attack (ETA) while our administrator side research targets Wi-Fi Protected Access II (WPA2). Three novel techniques have been presented to detect ETA. The detection methods are based on (1) creating a secure connection to a remote server to detect the change of gateway\u27s public IP address by switching from one Access Point (AP) to another. (2) Monitoring multiple Wi-Fi channels in a random order looking for specific data packets sent by the remote server. (3) Merging the previous solutions into one universal ETA detection method using Virtual Wireless Clients (VWCs). On the other hand, we present a new vulnerability that allows an attacker to force the victim\u27s smartphone to consume data through the cellular network by starting the data download on the victim\u27s cell phone without the victim\u27s permission. A new scheme has been developed to speed up the active dictionary attack intensity on WPA2 based on two novel ideas. First, the scheme connects multiple VWCs to the AP at the same time-each VWC has its own spoofed MAC address. Second, each of the VWCs could try many passphrases using single wireless session. Furthermore, we present a new technique to avoid bandwidth limitation imposed by Wi-Fi hotspots. The proposed method creates multiple VWCs to access the WLAN. The combination of the individual bandwidth of each VWC results in an increase of the total bandwidth gained by the attacker. All proposal techniques have been implemented and evaluated in real-life scenarios

Exposing Vulnerabilities in Mobile Networks: A Mobile Data Consumption Attack

Smartphone carrier companies rely on mobile networks for keeping an accurate record of customer data usage for billing purposes. In this paper, we present a vulnerability that allows an attacker to force the victim's smartphone to consume data through the cellular network by starting the data download on the victim's cell phone without the victim's knowledge. The attack is based on switching the victim's smartphones from the Wi-Fi network to the cellular network while downloading a large data file. This attack has been implemented in real-life scenarios where the test's outcomes demonstrate that the attack is feasible and that mobile networks do not record customer data usage accurately.Comment: 5 pages, 6 figures, presented on IEEE MASS 201

Parallel Active Dictionary Attack On Ieee 802.11 Enterprise Networks

One of the greatest challenges facing 802.11 wireless local area network (WLAN) is to provide equivalent security to wired local area network (LAN). Wi-Fi Protected Access II (WPA-II), also referred to as IEEE 802.11i standard, is the current security mechanism for enterprise wireless networks. IEEE 802.11i standard depends upon IEEE 802.1X standard to authenticate and generate the main cryptographic key used to secure wireless network traffic. In a WPA-II enterprise network, capturing wireless frames during the authentication phase between the Access Point (AP) and an authorized wireless client will not compromise the security of the WLAN. However, an attacker can apply active dictionary attack by guessing the credentials used to access the wireless network. In this case, the attacker communicates directly with the Authentication Server (AS). The main downside of this attack is the low intensity of password guessing trials that the attacker can achieve, thus security community usually does not pay attention to such an attack. In this paper, we present a new attack scheme that can increase the intensity of guessing trials against WPA-II enterprise. The new scheme is based on using one wireless interface card to create multiple virtual wireless clients (VWCs), each VWC communicates with the Authentication Server as a standalone wireless client. We have developed a working prototype and our experiments show that the proposed scheme can improve the active dictionary guessing speed by more than 1700% compared to the traditional single wireless client attack

Circumvent Traffic Shaping Using Virtual Wireless Clients In Ieee 802.11 Wireless Local Area Network

Accessing the Internet through Wi-Fi networks offers an inexpensive alternative for offloading data from mobile broadband connections. Businesses such as fast food restaurants, coffee shops, hotels, and airports, provide complimentary Internet access to their customers through Wi-Fi networks. Clients can connect to the Wi-Fi hotspot using different wireless devices. However, network administrators may apply traffic shaping to control the wireless client\u27s upload and download data rates. Such limitation is used to avoid overloading the hotspot, thus providing fair bandwidth allocation. Also, it allows for the collection of money from the client in order to have access to a faster Internet service. In this paper, we present a new technique to avoid bandwidth limitation imposed by Wi-Fi hotspots. The proposed method creates multiple virtual wireless clients using only one physical wireless interface card. Each virtual wireless client emulates a standalone wireless device. The combination of the individual bandwidth of each virtual wireless client results in an increase of the total bandwidth gained by the attacker. Our proposed technique was implemented and evaluated in a real-life environment with an increase in data rate up to 16 folds

User-Side Wi-Fi Evil Twin Attack Detection Using Random Wireless Channel Monitoring

Free open wireless Internet access is a complimentary Wi-Fi service offered by most coffee shops, fast food restaurants and airports to their customers. For ease of access, these Wi-Fi networks are inherently insecure where no authentication/encryption is used to protect customers wireless data. An attacker can easily deceive a wireless customer (WC) by setting up a rogue access point (RAP) impersonating the legitimate access point (LAP). The WC connecting to the RAP becomes an easy target to the Man-In-the-Middle Attack (MIMA) and data traffic snooping. In this paper, we present a real-time client-side detection scheme to detect evil twin attack (ETA) when the attacker relies on the LAP to direct WC data to the Internet. The WC can detect ETA by monitoring multiple Wi-Fi channels in a random order looking for specific data packets sent by a dedicated sever on the Internet. Once an ETA is detected, our scheme can clearly identify whether a specific AP is a LAP or a RAP. The effectiveness of the proposed detection method was mathematically modeled, prototyped and evaluated in real life environment with a detection rate approximates to 100%

Sps: An Sms-Based Push Service For Energy Saving In Smartphone\u27S Idle State

Despite of all the advances in smartphone technology in recent years, smartphones still remain limited by their battery life. Unlike other power hungry components in a smartphone, the cellular data and Wi-Fi interfaces often continue to be used even when the phone is in its idle state in order to accommodate background (necessary or unnecessary) data traffic produced by some applications. In addition, bad reception has been proven to greatly increase energy consumed by the radio, which happens frequently when smartphone users are inside buildings. In this paper, we present a Short message service Push based Service (SPS) system to save unnecessary power consumption when smartphones are in idle state, especially in bad reception areas. First, SPS disables a smartphone\u27s data interfaces whenever the phone is in idle state. Second, to preserve the real-time notification functionality required by some apps, such as new email arrivals and social media updates, when a notification is needed, a push server will deliver a wakeup text message to the phone (which does not rely on data interfaces), and then SPS enables the phone\u27s data interfaces to connect to the corresponding server to retrieve notification data via the normal data network. Once the notification data has been retrieved, SPS will disable the data interfaces again if the phone is still in idle state. We have developed a complete SPS prototype for Android smartphones. Our experiments show that SPS consumes less energy than the current approaches. In areas with bad reception, the SPS prototype can double the battery life of a smartphone

Gateway Independent User-Side Wi-Fi Evil Twin Attack Detection Using Virtual Wireless Clients

Complimentary open Wi-Fi networks offered by most coffee shops, fast food restaurants and airports are inherently insecure. An attacker can easily deceive a wireless client (WC) by setting up a rogue access point (RAP) impersonating the legitimate access point (LAP), which is usually referred as Evil Twin Attack (ETA). To pass a victim\u27s wireless data through to the Internet, an attacker may use the same LAP\u27s gateway, or use a different gateway, such as broadband cellular connection. Most of the existing ETA detection techniques assume that the attacker will use a specific wireless network gateway to pass victim\u27s wireless data. In this paper, we present a real-time client-side detection scheme to detect ETA regardless of the attacker\u27s gateway selection. The proposed ETA detection system considers both ETA scenarios in parallel by creating two Virtual Wireless Clients (VWCs). The first VWC monitors multiple Wi-Fi channels in a random order looking for specific data packets sent by a server on the Internet. Meanwhile, the second VWC warns the WC when the wireless network uses two different gateways by switching from one AP to another in the middle of a secure connection. The effectiveness of the proposed detection method has been mathematically modeled, prototyped and evaluated in real-life environment with a detection rate close to 100%

Parallel Active Dictionary Attack On Wpa2-Psk Wi-Fi Networks

Wi-Fi network offers an inexpensive and convenient way to access the Internet. It becomes even more important nowadays as we are moving from the traditional computer age to the current mobile devices and Internet-of-Things age. Wi-Fi Protected Access II (WPA2) - Pre-shared key (PSK) is the current security standard used to protect small 802.11 wireless networks. Most of the available dictionary password-guessing attacks on WPA2-PSK are based on capturing the four-way handshaking frames between an authorized wireless client and the Access Point (AP). These attacks will fail if an attacker is unable to capture the four-way handshaking frames of a legitimate client. An attacker also can apply an active dictionary attack by sending a pass-phrase to the AP and waiting for the response. However, this attack approach could only achieve a low attack intensity of testing a few pass-phrases per minute. In this paper, we develop a new scheme to speed up the active pass-phrase guessing trials intensity based on two novel ideas: First, the scheme mimics multiple Wi-Fi clients connecting to the AP at the same time-each emulated Wi-Fi client has its own spoofed MAC address; Second, each emulated Wi-Fi client could try many pass-phrases using a single wireless session without the need to pass the 802.11 authentication and association stages for every pass-phrase guess. We have developed a working prototype and our experiments show that the proposed scheme can improve active dictionary pass-phrase guessing speed by 100-fold compared to the traditional single client attack

Adp: An Adaptive Feedback Approach For Energy-Efficient Wireless Sensor Networks

A broad range of applications has led to various wireless sensor networks (WSNs) with different design considerations. Limited battery power is one of the most challenging aspects of WSN protocol design, and, therefore, energy efficiency has long been the focus of research. One of the most common approaches for energy conservation is to alternate each sensor node between sleep and wake-up states. In this paper, we propose ADP, an adaptive energy efficient approach that meets the requirement of low energy consumption and, at the same time, considers the underlying dynamic traffic load. ADP enhances energy efficiency by dynamically adjusting sensor nodes\u27 sleep and wake-up cycles. ADP utilizes a cost function intended to strike a balance between the conflicting goals of conserving energy (waking up as rarely as possible) and at the same time minimizing sensed events\u27 reporting latency (waking up as frequently as possible). It also incorporates a feedback mechanism that constantly monitors residual energy level and the importance of the event to be reported, as well as predicts the next sensing event occurrence time. Simulation experiments with different traffic loads have shown that ADP improves energy efficiency while keeping latency low

User-Side Wi-Fi Evil Twin Attack Detection Using Ssl/Tcp Protocols

Evil Twin Attack (ETA) refers to a rogue Wi-Fi Access Point (AP) that appears to be a legitimate one but actually has been set up to eavesdrop on wireless communications [1]. Most of existing detection techniques assume that the attacker will use the same legitimate wireless network gateway to pass through victim\u27s wireless data. These detection methods will fail if the attacker uses a different gateway, such as using his own broadband cellular connection through his own smartphone. In this paper, we present a new client-side detection method to detect such an ETA that uses a different gateway from the legitimate one. It relies on SSL/TCP connection to an arbitrary remote web server to avoid attacker\u27s misleading message, and trying to detect the changing of gateway\u27s public IP address by switching from one AP to another in the middle of the SSL/TCP connection. The detection method is on the client side which makes it more convenient for users to deploy and ensure their security