Uploaded by Hong Bui

18A

advertisement
See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/327005883
Enterprise WLAN Security Flaws: Current Attacks and relative Mitigations
Conference Paper · August 2018
DOI: 10.1145/3230833.3230836
CITATION
READS
1
384
2 authors, including:
Marianne A. Azer
National Telecommunication Institute, Egypt
100 PUBLICATIONS 540 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
Cyber Security Attacks Against Industrial control Systems View project
Survey and taxonomy of information-centric vehicular networking security attacks View project
All content following this page was uploaded by Marianne A. Azer on 20 November 2021.
The user has requested enhancement of the downloaded file.
Enterprise WLAN Security Flaws
Current Attacks and relative Mitigations
Mohamed A. Abo-Soliman
Faculty of Communication and Information Technology, Nile University, Cairo, Egypt, moh.soliman@nu.edu.eg;
Marianne A. Azer
National Telecommunication Institute, Nile University, Cairo, Egypt, mazer@nu.edu.eg
ABSTRACT
The Increasing number of mobiles and handheld devices
that allow wireless access to enterprise data and services
is considered a major concern for network designers,
implementers and analysts. Enhancements of wireless
technologies also accelerate the adoptions of enterprise
wireless networks that are widely deployed solely or as an
extension to existing wired networks. Bring Your Own
Device is an example of the new challenging wireless
trends. BYOD environments allow the use of personal
mobile computing devices like smart phones, tablets, and
laptops for business activities. BYOD has become popular
in work places since they keep users in their comfort zone
leading to higher productivity and cost reduction for
businesses. Nevertheless, business data and services are
consequentially subject to several wireless attacks,
whether they are hosted on a cloud or on premises,
especially when travelling through the open air.
Corporates usually apply network-access-control systems
for securing enterprise wireless LANs. However, the
security systems may be compromised due to detected
flaws posing the enterprise critical information to leakage
or the entire network to interruption or complete failure.
In this paper, we study the impact of wireless attacks on
enterprise wireless LANs. The study helps in evaluating
the real risks that threaten wireless technologies. In
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or
distributed for profit or commercial advantage and that copies bear this notice and
the full citation on the first page. Copyrights for components of this work owned
by others than ACM must be honored. Abstracting with credit is permitted. To
copy otherwise, or republish, to post on servers or to redistribute to lists, requires
prior specific permission and/or a fee. Request permissions from
permissions@acm.org.
© 2018 Association for Computing Machinery. ACM acknowledges that this
contribution was authored or co-authored by an employee, contractor or affiliate of
a national government. As such, the Government retains a nonexclusive, royaltyfree right to publish or reproduce this article, or to allow others to do so, for
Government purposes only.
ARES 2018, August 27--30 2018, Hamburg, Germany
© 2018 ACM. 978-1-4503-6448-5/18/08...$15.00
https://doi.org/10.1145/3230833.3230836
additions, recommended mitigations and practices to
overcome the detected vulnerabilities and security flaws
are proposed.
CCS CONCEPTS
Networks → Network properties →
Network security → Mobile and wireless security
KEYWORDS
EAP, Enterprise WLAN attacks, Mobile Security, Network
Access Control, WPA2.
ACM Reference format:
Mohamed A. Abo-Soliman and Marianne A. Azer. 2018. Enterprise
WLAN Security Flaws: Current Attacks and relative Mitigations. In
Proceedings of International Conference on Availability, Reliability and
Security (ARES 2018). ACM, New York, NY, USA, 10 pages.
https://doi.org/10.1145/3230833.3230836
1 INTRODUCTION
Wireless communication plays a prominent role in human’s
daily activities. Almost all digital devices adopt at least one
wireless technology. Wi-Fi, Bluetooth, ZigBee, NFC and UWB
are different short-range communication technologies that help
establishing connectivity between two or more devices. Among
these technologies, Wi-Fi standard is the earliest and most
common technique not only for personal and home usage but
also for organizations and business needs [1]. Wi-Fi is built on
802.11 standard, which defines physical layer specifications for
creating Local Area Network through the unlicensed spectrum
2.4, 5, and 60 GHz radio frequency ISM band. The standard
released in several consecutive versions where each version
includes amendments and adaptations to solve issues of the
previous version through time to ensure quality of service and
security [2]. However, wireless LAN users are subject to
different types of wireless attacks, which are always updated to
exploit detected vulnerabilities of wireless communication
systems [3]. Most of wireless attacks target personal WLANs,
which depend on pre-shared key (PSK) cryptography. Some
other attacks target enterprise WLANs that depend on digital
certificates for devices validation. Another type of attacks can
penetrate both WLAN security modes; personal and enterprise;
ARES 2018, August 27--30 2018, Hamburg, Germany
M. Abo-Soliman et al.
regardless the applied cryptographic materials. In this paper, we
focus on active and effective attacks that threaten enterprise
WLANs protected by WPA2-Enterprise. WPA2 is still considered
the latest and most secure 4-way handshake protocol for
wireless security that comply with 802.11i [4]. However, recent
attacking techniques compromise the different implementations
of WPA2 security standard. The remainder of this paper is
organized as follows: Section 2 introduces enterprise WLAN
security. Section 3 introduces the three main categories of
wireless attacks. Attacks are profoundly surveyed in section 4.
Experimental work is presented in section 5. Section 6 discusses
the current detected vulnerabilities and proposes recommended
mitigations. Conclusion and future work are presented in section
7.
2 ENTERPRISE WLAN SECURITY
Although corporate users are seeking usability and mobility to
achieve their business objectives, the criticality of business data
urges for robust protection especially when travelling through
the open air. WPA2/enterprise mode is always implemented for
large networks in 802.1x [5] architecture to ensure optimum
network access control. WPA2 typically uses AES [6] for
encryption and either CCMP [7] or GCMP [8] for data integrity
[9]. Per-session security keys are agreed on and distributed
during the 4-way handshake by Tunnel-Based Extensible
Authentication Protocol (EAP) [10], [11]. In this scenario
authentication takes place through public key environment that
ensures identity validation for the communicating devices [12].
Tunneled-based EAP methods are normally a combination of
two subset EAP methods: Outer authentication EAP method that
creates a secure tunnel based on Transport Layer Security (TLS)
RFC5246 [13], and inner EAP method that performs user/device
authentication. A dedicated server is used to manage
authentication and key agreements by exporting the randomly
generated cryptographic keys. Transport Layer Security (TLS)
[14], Tunneled TLS (TTLS) [15], and Protected Extended
Authentication Protocol (PEAP) [16] are most common examples
of EAP. Transmitted EAP messages between device and access
point are encapsulated in EAP over LAN (EAPOL) frames [17]
while Messages between access point and authentication server
are usually encapsulated in RADIUS format [18]. Figure 1
depicts the architecture of WPA2-enterprise WLANs. In
WPA2/enterprise, the supplicant refers to the client;
authenticator refers to the network Access Point while
authentication server refers to the database server that host
client access secrets.
Figure 1: Authentication in Enterprise WLANs
3 MAIN CATEGORIES OF WIRELESS ATTACKS
Three main aspects are usually considered for wireless security:
authentication,
confidentiality
and
availability
[19].
Authentication ensures that only authorized entities can access
the network. Confidentiality protects transmitted data from
monitoring and decryption. Availability aims to preserve
network functionality and stability. Based on these wireless
security aspects, Wireless attacks may be classified into the
following three main categories.
3.1 Authentication attacks
Authentication attacks target stealing access credentials to reuse
later for accessing the network, among these attacks are brute
force [20] and dictionary attacks [21]. Single sign on (SSO)
architecture that enables same credentials for both network
access and intranet service encourages attackers to crack
wireless access secrets. This allows the attacker to gain access,
not only to layer two Wi-Fi network, but also to all authorized
resources of the cracked account.
3.2 Confidentiality attacks
Unlike authentication attacks, exporting authentication values is
not an objective for confidentiality attacks. It rather targets
confidentiality of data, by intercepting the transmitted data flow
between communicating devices. Confidentiality attacks are
real-time stealthy attacks that monitor, decrypt and analyze
wireless transmitted information without the need to gain
network access credentials, such as evil twin attack [22] and key
reinstallation attacks [23].
3.3 Availability attacks
Availability attacks’ objective is to stop or interrupt normal
communication of an active wireless client or even the entire
network such as Wireless Denial of Service (WDoS), flooding
and Jamming attacks. Attacks main categories are summarized in
Figure 2.
2
Enterprise WLAN Security Flaws
Figure 2: Main Categories of Wi-Fi Attacks with examples
4 ENTERPRISE WIRELESS LAN ATTACKS
Wireless attacks are always updated to exploit detected
vulnerabilities of wireless communicating systems. The
robustness of WPA2 provides a strong shield against several
wireless attacks. However, the increasing computation and
processing power, continuous efforts by attackers, penetration
testers, network evaluators and researchers led to the emerging
of new advanced attacking techniques that may exploit detected
vulnerabilities of WPA2 secure network. In this section, we list
the effective attacks that threaten WPA2 secure networks.
ARES 2018, August 27--30 2018, Hamburg, Germany
offline dictionary attack on the captured packets. The
authentication codes in WPA2-enterprise are always username
and password.
4.2.2 Active Dictionary Attack. In active dictionary attack, the
network access trials target a running in-production access point
directly requesting to join the network. If the access point
responds with successful authentication for one attempt, then
the guessed authentication value is correct. Parallel active
dictionary attacks [21] can crack WPA-PSK protected network in
100 times faster than traditional one client attack. Based on
Virtual Wireless Client (VWC), the attackers use virtual multiple
clients with spoofed MAC addresses to accelerate penetration
time. In WPA2/enterprise, device/user identity must be exported
first by monitoring authentication messages. The exported
identity is then concatenated with the proposed password trial
as shown in Figure 3.
4.1 Brute Force attacks
Based on a generated large number of consecutive guesses, the
cracker’s software applies a trial-and-error method to obtain
authentication information such as passphrases, access
credentials or personal identification number (PIN). This attack
is applied offline on a captured handshake or online to access an
actively running network by applying several authentication
attempts until the success of one attempt. Brute force is
effective with short authentication values because the resources
required for a brute-force attack grow exponentially with
increasing key size [24].
4.2 Dictionary attacks
In order to crack a wireless network authentication key, pin,
code, password or passphrase, intruders can test accessing the
target network several successive times with different guessed
values until one succeeds. Authentication values are stored in a
custom dictionary files generated based on business type, devices
default passwords, humans’ common phrases, language and
location. Dictionary files are continuously increasing in size and
the possibility of success since they are shared and distributed
through the internet. Dictionary attacks are launched in two
different mechanisms: Passive/offline dictionary attack and
active dictionary attacks.
4.2.1 Passive Dictionary Attack. Passive (offline) dictionary
attacks are amongst the most common attacks against wireless
communication [25]. The broadcast nature of wireless
communication allows malicious intruders to collect WLAN
authentication information such as EAPOL messages in WPA2
WLANs. Authentication codes are later retrieved by running an
Figure 3: Dictionary attack for enterprise wireless network
4.3 The Evil Twin Attack
The evil twin attack [22], [26] is launched by a rogue access
point and an authentication server that are planted in the
covered vicinity of a victim. Based on roaming client
misconfiguration or user misbehavior that accept invalid server
certificate, the evil twin attack allows any corporate device to
access a fake network with SSID similar to legitimate enterprise
SSID. This enables the attackers to monitor transmitted data in
addition to stealing access credentials.
4.4 Key Reinstallation Attacks
Key reinstallation attacks [23] target all WPA/WPA2 protected
WLANs by Exploiting WPA/WPA2 state machine vulnerability.
Key reinstallation attacks enforce the reuse of already-in-use key
in a communicating session by resetting key parameters such as
nonce and replay counter. There are three main types of key
reinstallation attacks.
4.4.1 Four-Way Handshake Key-Reinstallation Attack. Mutual
Authentication takes place in all WPA2 secure networks based
on a shared secret called Pairwise Master Key (PMK) that is
3
ARES 2018, August 27--30 2018, Hamburg, Germany
used to generate session keys called Pairwise Transient Key
(PTK). PMK is produced based on two random numbers called
SNonce and ANonce. SNonce is generated at the Access Point
while ANonce is generated at the client. Practically, attackers
may capture and replay the third message of the handshake
four messages, which includes the session PTK. This enforces
resetting the incremental Nonce and replay counter allowing the
attackers to decrypt transmitted data regardless of the applied
EAP method nor the confidentiality Protocol.
4.4.2 Group Key Handshake Key-Reinstallation Attack. Group
Key Handshake takes place directly after the 4-way handshake.
Two EAPOL messages exchange the encrypted group key (GTK),
which is used for encrypting multicast transmitted messages.
The main vulnerability behind group key reinstallation is the
acceptance of any previously used replay counter at the
authenticator. Thus if the attacker blocks and captures the
second message of the group key handshake and replays it later,
the authenticator will practically install the dated GTK because
the authenticator matches the replay counter with any used
replay counter in the group key handshake. Figure 4 depicts the
group key reinstallation attack.
M. Abo-Soliman et al.
keying material is not available before exchanging the
cryptographic keys. In additions, it is not possible to cipher the
probing, beacon and legacy 802.11 authentication/association
frames without a long-term shared key. Therefore, an attacker
can send continuous de-authentication frames to the client or
access point, with a spoofed MAC address [27]. Deauthentication DoS exploits the 802.11 management frames.
These frames do not require any encryption even when the
session is established with the confidentiality protocol. The
attacker only needs to know the victim's MAC address, which
can easily be retrieved by network monitoring.
5 EXPERIMENTAL WORK
The main objective of our experiment is to evaluate the
resistance of WPA2/enterprise authentication methods using
tunnel-based EAP. This is done through two main testing
methods. The first is performed on a dedicated test lab while the
second is applied by launching live attacks on different client
devices that are members of corporate networks.
5.1 Test Lab Evaluation
The test lab is a prototype implementation of complete
enterprise network. Based on 802.1x architecture, we installed
FreeRadius [28] as an authentication server and the access point
was configured as Pass-through authenticator with WPA2
corporate mode. Various client types in terms of model and
operating system was configured as network mobile nodes. The
attacking device was based on Kali Linux with the required
dependencies to enable the attacking-scripts. All the attacking
scripts are developed using python. Wireshark [29] was also
used for packets capture and headers analysis. Lab architecture
is shown in Figure 5.
Figure 4: Group Key Reinstallation Attack
4.4.3 Fast Transition Handshake Key-Reinstallation Attack.
Although 802.11r amendment is developed mainly to protect
802.11 networks against key reinstallation, a recent attack [23] is
performed for Wi-Fi networks using WPA2 personal mode. Fast
transitions handshake is vulnerable to key reinstallation in most
Wi-Fi networks protected by WPA2 enterprise mode because
802.1x handshake is not required for roaming devices after new
fast transition handshake. The re-association frames are based
on previously derived session master key.
4.5 De-authentication Attacks
Unfortunately, initial MAC layer frames can easily be sniffed
during legacy authentication and association phases because
4
Figure 5: Lab architecture
5.1.1 Lab Testbed . Table 1 shows the technical Specifications
of devices and systems that were used for lab evaluation.
Enterprise WLAN Security Flaws
ARES 2018, August 27--30 2018, Hamburg, Germany
Table 1: Testbed Lab
Components
Authentication
Server
Access point
validation is not enforced.
Software
OS: Centos 7
App: Freeradius
Hardware
intel core i52.5GH,
4 GB RAM
TP-Link wireless N
Router
Client 1
Android
Quad-core
1.4GH,
2GB RAM
Client 2
Windows 10, 64bit
intel core 2 Duo
3GHz, 4 GB RAM
Client 3
Linux Centos 7
intel core 2 Duo
3GHz, 4 GB RAM
5.1.2 Lab Evaluation Methodology. In the test lab evaluation,
we have launched different attacks against each configured
security protocol respectively. Each attack is performed several
times on the same protocol. Same attack is launched to the same
protocol on Linux-based system, android-based system and MS
windows-based system to get its success ratio for each
authentication method. Three variants of EAP were implemented
sequentially. The three methods are EAP-TTLS, EAP-PEAP and
EAP-TLS, which are currently applied in most Network-AccessControl (NAC) systems. Other password-based authentication
methods are also reviewed in this study but our lab evaluation
focuses mainly on WPA2 using tunneled EAP methods.
5.1.3 Lab Evaluation Results. Results of the applied evaluation
tests are presented in Figure 6 that graphically shows Active
attacks success ratio against tunneled EAP methods. Amongst
the launched attacks, de-authentication has the highest success
rate for all security techniques. Key reinstallation attacks come
in the second severity level against all secure methods. Online
dictionary and Evil-Twin attacks failed to penetrate EAP-TLS
with valid certificate. EAP-TLS and EAP-PEAP can be
compromised by online dictionary and evil twin attacks if client
Figure 6: Attacks Success Ratio
5.2 Live Attacks Evaluation
Live experiments were performed on active in-production
corporate NAC systems like ARUBA Clear-Pass and PulseSecure to test the effectiveness of the attacks. We followed
known ethical considerations before launching the live attacks
by getting network owner’s permissions of the volunteering
companies. The target devices were identified by MAC addresses
and were all under our control. Table 2 summarizes the overall
resistance of most common WPA2/EAP authentication methods
where the Up arrow () denotes protocol resistant while the
down arrow () denotes protocol vulnerable to attacks. These
out-comings are based on results of our live evaluation, test lab
in addition to theoretical reviews of previous academic studies.:
6 DETECTED VULNERABILITIES AND
PROPOSED MITIGATIONS
Wireless Security analysts endeavor to detect new security flaws
Table 2: Common authentication protocols resistance against wireless effective Attacks
Authentication Attacks
Confidentiality Attacks
Availability
Attacks
Authentication Protocol
Resistance
(%)
Dictionary
Brute Force
Key-Reinstallation
Evil-Twin
De-authentication
EAP-MD5





0%
EAP-PSK





0%





0%





40%
EAP-AKA





40%
EAP-SPEKE





20%
EAP-FAST





40%
*


*

* 20 : 60 %
*


*

* 20 : 60 %





60%
EAP-LEAP
EAP-SIM
EAP-TTLS
EAP-PEAP
EAP-TLS
Password
EAP
Tunnel
EAP
* EAP-TTLS & EAP-PEAP can resist against Dictionary and Evil Twin attacks when client validation is applied. Thus, resistance ratio may reach 60%.
5
ARES 2018, August 27--30 2018, Hamburg, Germany
and vulnerabilities that could be exploited by attackers. In this
section, we highlight the newly discovered vulnerabilities that
allow penetrating wireless networks. This may help in patching
and remediating wireless access control systems. The study
involves a test lab in addition to theoretical research.
6.1 Detected Vulnerabilities
The success of attacks is a result of bad implementation or native
issues in the applied security protocols. Weak passwords and use
of invalid or weak certificates are common examples of bad
implementations. Native security issues are the detected
weaknesses or vulnerabilities of wireless protocol that is
exploited by attackers. This section discusses the latest
vulnerabilities for each attacking category.
6.1.1
Authentication
Attacks
Vulnerabilities.
Three
vulnerabilities have been detected that allow authentication
penetration of enterprise WPA2. The first is the device/user
identity detection due to a known vulnerability of sending
identity intentionally in a clear text within the tunnel. Getting
username is a mandatory step before dictionary passwords test
trials starts. The second vulnerability is that WPA2-enterprise
does not apply a native locking after multiple authentication
failures from same source. It rather depends on 802.1x
architecture where time intervals are configured at the
authenticator to manage session time, idle timeout, etc... These
intervals are exchanged between EAP authentication servers and
Authenticators through EAP methods. However, locking client
authentications after a specified number of authentication
failures is not practically enforced. The third addressed
vulnerability is the server validating only by client for EAP-PEAP
and EAP-TLS authentication. This can easily be compromised by
accepting any certificate at the attacking devices. EAP-TLS is
not susceptible to this attack because it enforces client-side
validation. WPA2 enterprise cracking is considered of higher risk
than personal WPA2 security protocols because the cracked
values are usually domain or enterprise user credentials, which
allow the attacker to gain access not only to layer two Wi-Fi
network but also to all authorized resources of the cracked
account.
6.1.2 Confidentiality Attacks Vulnerabilities. Confidentiality
attacks exploitations have two main reasons: The first issue is
M. Abo-Soliman et al.
the lack of knowledge and bad implementations, while the
second is due to the native vulnerabilities of security protocols.
Users’ misbehaviors and devices’ misconfiguration of accepting
invalid certificates at the client/user side simplify the evil twin
attacks. Some other WPA2 native vulnerabilities are exploited by
key reinstallation attacks regardless of the used encryption and
integrity protocols. Key reinstallation attacks target all
WPA/WPA2 protected WLAN by exploiting their state machine
through the enforcement of the reuse of already-in-use key in a
communicating session by resetting key parameters such as
Nonces in the 4-way handshake and replay counter in group-key
handshake.
6.1.3 Availability Attacks Vulnerabilities. The transmission of
Management frames in clear text is considered one of the main
vulnerabilities for lots of WDoS and other wireless attacks. The
acceptance of de-authentication and de-association frames from
any transmitting nodes without device-validation allows
malicious nodes to provoke network functionality.
6.2 Proposed Mitigations
Vulnerability detection is the first step of various security risks
mitigations. In the following subsections, a list of proposed
mitigations to recover previously discussed recent effective
attacks is proposed.
6.2.1 Security Mitigations for Authentication Attacks. Native
authentication rejection after specific number of trials is a
mandatory requirement to defend against online active
dictionary attack. This closes the door against malicious
intruders. Online parallel dictionary attacks by utilizing multiple
virtual clients that use spoofed MAC addresses may succeed to
crack network access secrets. However, locking techniques
decrease the possibility of penetration. Applying a dedicated
application, certificate or a SIM card at the client must be
enforced at the client in a cellular-style security for enterprise
Wi-Fi networks. Identity hiding must be enforced because
detecting the legitimate username makes it easy for attacker to
apply the dictionary attack.
6.2.2 Security Mitigations for Confidentiality Attacks. New
security requirements must be added to the current WPA2 state
machine in order to resist against key reinstallation attacks. The
first update is to prevent the re-use of Nonces during the 4-way
Table 3: WLAN Effective Attacks and Proposed Mitigations
6
Enterprise WLAN Security Flaws
handshake. Adequate replay counter in the group key
handshake is required by not allowing acknowledgment with an
already used replay counter within the same session. Another
update should be enforced which is installing the GTK only after
receiving acknowledgment from all supplicants.
6.2.3 Security Mitigations for Availability Attacks. Amongst the
open challenges for WDoS attacks is a valid defense against deauthentication attacks. Dedicated IDSs may be used in
promiscuous mode to detect fake de-authentication based on
transmission parameters by monitoring all traffic in the secure
area. The main concern is to provide native protocol security.
Legacy 802.11 authentication should undergo adequate update.
Authenticating the de-authentication frames is an adequate
solution. This can be applied by sending encrypted deauthentication frames within the established tunnel in addition
to the clear-text frames for active communicating clients.
Communicating peers should not accept de-authentication
frames from unauthenticated clients. This will help detecting
inappropriate de-authentication frames from rogue sender.
Table 3 summarizes corporate networks’ effective attacks and
their adequate proposed mitigations.
6.2.4 General Security Considerations. Countermeasures
should be considered to maintain corporate wireless LANs
security to ensure continuous protection for transmitted data
and provided services. Among these countermeasures are the
use of strong encryption and valid certificates for enterprise
service that passes through 802.11 wireless medium. Periodic
inductions and awareness sessions should be conducted for all
users and administrators who deal with mobile devices and
sensors. In additions, regular wireless security audits should be
implemented by applying penetration tests on the
authentication handshakes to detect other vulnerabilities of
WLAN security techniques. These practices help in mitigating
the newly discovered vulnerabilities. Figure 7 depicts the
recommended general security considerations.
Figure 7: Enterprise WLAN Security Consideration
7 CONCLUSION AND FUTURE WORK
In this paper, we have performed theoretical and practical
studies on enterprise WLAN Security. A profound analysis was
discussed on the resistance of applied security countermeasures
against recent effective wireless attacks. The study involved a
test lab, live practices and academic reviews to evaluate the
impact of current wireless attacks on common enterprise
security methods. The study confirmed real risks of recent
attacks on all WPA2 authentication methods. In additions, new
vulnerabilities that allow penetration of enterprise wireless
ARES 2018, August 27--30 2018, Hamburg, Germany
networks were detected and practically evaluated.
Recommended mitigation and amendments to resolve the
detected issues were proposed. This encourages the
communication society to work for a new protection standard
that natively protects sensitive data transmission. For the future,
we plan to develop a new version of WLAN secure protocol
stack for protecting the next generation of wireless
communication. It should include the surveyed modifications
and amendments that resist recent attacking techniques. This
will help avoiding potential risks that threatens wireless
authentication, confidentiality, and availability.
REFERENCES
[1] K. Sharma and B. Gupta, "Attack in Smartphone Wi-Fi Access Channel: State
of the Art, Current Issues, and Challenges," in Next-Generation Networks:
Springer, 2018, pp. 555-561.
[2] B. Bellalta, L. Bononi, R. Bruno, and A. Kassler, "Next generation IEEE 802.11
Wireless Local Area Networks: Current status, future directions and open
challenges," Computer Communications, vol. 75, pp. 1-25, 2016.
[3] A. Kavianpour and M. C. Anderson, "An Overview of Wireless Network
Security," in Cyber Security and Cloud Computing (CSCloud), 2017 IEEE 4th
International Conference on, 2017, pp. 306-309: IEEE.
[4] S. Alblwi and K. Shujaee, "A Survey on Wireless Security Protocol WPA2," in
Int. Conf. security and management, 2017, pp. 12-17.
[5] I. S. Association, "802.1 x-2010," ed: Žiūrėta, 2014.
[6] F. P. Miller, A. F. Vandome, and J. McBrewster, "Advanced encryption
standard," 2009.
[7] M. H. Jakubowski and R. Venkatesan, "Cryptographic technique that provides
fast encryption and decryption and assures integrity of a ciphertext message
through use of a message authentication code formed through cipher block
chaining of the plaintext message," ed: Google Patents, 2001.
[8] D. McGrew, "Galois counter mode," in Encyclopedia of Cryptography and
Security: Springer, 2011, pp. 506-508.
[9] H. I. Bulbul, I. Batmaz, and M. Ozel, "Wireless network security: comparison
of wep (wired equivalent privacy) mechanism, wpa (wi-fi protected access)
and rsn (robust security network) security protocols," in Proceedings of the 1st
international conference on Forensic applications and techniques in
telecommunications, information, and multimedia and workshop, 2008, p. 9:
ICST (Institute for Computer Sciences, Social-Informatics and
Telecommunications Engineering).
[10] S. Hanna, K. Hoeper, H. Zhou, and J. Salowey, "Requirements for a TunnelBased Extensible Authentication Protocol (EAP) Method," 2012.
[11] N. Cam-Winget, S. Hanna, H. Zhou, and J. Salowey, "Tunnel Extensible
Authentication Protocol (TEAP) Version 1," 2014.
[12] S. S. Rezaie, S. A. Hoseini, and H. Taheri, "Implementation of Extensible
Authentication Protocol in OPNET Modeller."
[13] T. Dierks, "The transport layer security (TLS) protocol version 1.2," 2008.
[14] D. Simon, B. Aboba, and R. Hurst, "The EAP-TLS authentication protocol,"
2070-1721, 2008.
[15] P. Funk and S. Blake-Wilson, "Extensible authentication protocol tunneled
transport layer security authenticated protocol version 0 (EAP-TTLSv0)," 2008.
[16] H. Andersson, S. Josefsson, G. Zorn, D. Simon, and A. Palekar, "Protected EAP
Protocol (PEAP)," draft-josefsson-pppext-eaptls-eap-05. txt, work-in-progress,
2002.
[17] J.-C. Chen, M.-C. Jiang, and Y.-w. Liu, "Wireless LAN security and IEEE 802.11
i," IEEE Wireless Communications, vol. 12, no. 1, pp. 27-36, 2005.
[18] C. Rigney, S. Willens, A. Rubens, and W. Simpson, "Remote authentication
dial in user service (RADIUS)," 2070-1721, 2000.
[19] M. A. Abo-Soliman and M. A. Azer, "A study in WPA2 enterprise recent
attacks," in2017 13th International Computer Engineering Conference (ICENCO),
2017, pp. 323-330.
[20] S. Aked, C. Bolan, and M. Brand, "A Proposed Method for Examining Wireless
Device Vulnerability to Brute Force Attacks via WPS External Registrar PIN
Authentication Design Vulnerability," in Proceedings of the International
Conference on Security and Management (SAM), 2012, p. 1: The Steering
Committee of The World Congress in Computer Science, Computer
Engineering and Applied Computing (WorldComp).
[21] O. Nakhila, A. Attiah, Y. Jinz, and C. Zoux, "Parallel active dictionary attack on
wpa2-psk wi-fi networks," in Military Communications Conference, MILCOM
2015-2015 IEEE, 2015, pp. 665-670: IEEE.
[22] A. Bartoli, E. Medvet, and F. Onesti, "Evil twins and WPA2 enterprise: A
coming security disaster?," Computers & Security, 2018.
7
ARES 2018, August 27--30 2018, Hamburg, Germany
[23] M. Vanhoef and F. Piessens, "Key Reinstallation Attacks: Forcing Nonce Reuse
in WPA2," ed. Conference on Computer and Communications Security: CCS,
2017.
[24] D. Bongard, "Offline bruteforce attack on wifi protected setup," Presentation at
Passwordscon, 2014.
[25] D. Wang and P. Wang, "Offline dictionary attack on password authentication
schemes using smart cards," in Information Security: Springer, 2015, pp. 221237.
[26] P. Sharma, P. K. Kaushal, and P. R. Sharma, "Survey on Evil Twin Attack,"
International Journal of Scientific Engineering and Research (IJSER), vol. 4, no.
4, pp. 54-58, 2015.
[27] V. Poddar, R. Jaipur, and M. Chopra, "Detection of the de-authentication
denial of service attack in 802.11 wireless networks," Int. J. Sci. Eng. Res, vol. 6,
no. 10, pp. 150-158, 2015.
[28] A. DeKok, "FreeRADIUS," Http://Freeradius. org, 2008
[29] [1]L. Chappell and G. Combs, Wireshark network analysis: the official
Wireshark certified network analyst study guide. Protocol Analysis Institute,
Chappell University, 2010
8
View publication stats
M. Abo-Soliman et al.
Download