Attacks on IEEE 802.11 wireless networks
Abstract
Security of wireless computer networks was initially secured with the WEP security protocol, which relies on the RC4 encryption algorithm and the CRC algorithm to check the integrity. The basic problems of the WEP are a short initialization vector, unsafe data integrity checking, using a common key, the lack of mechanisms for management and exchange of keys, the lack of protection from the endless insertion of the same package into the network, the lack of authentication of access points and the like. The consequences of these failures are easy attacks against the WEP network, namely their complete insecurity.
Therefore, the work began on the IEEE 802.11i protocol, which should radically improve the security of wireless networks. Since the development of a protocol lasted, the WPA standard was released to offset the security gap caused by the WEP. The WPA also relies on RC4 and CRC algorithms, but brings temporary keys and the MIC algorithm for data integrity. The 802.1X authentication was introduced and common keys are no longer needed, since it is possible to use an authentication server. The length of the initialization vector was increased and the vector is obtained based on the packet serial number, in order to prevent the insertion of the same packet into the network. The weakness of the WPA security mechanism is the use of a common key.
WPA2 (802.11i) later appeared. Unlike the WPA mechanism that worked on old devices with the replacement of software, WPA2 requires new network devices that can perform AES encryption. AES replaces the RC4 algorithm and delivers much greater security. Data integrity is protected by encryption.
Despite progress, there are still weaknesses in wireless networks. Attacks for denial of service are possible as well as spoofing package headers attacks. For now, it is not advisable to use wireless networks in environments where unreliability and unavailability are not tolerated.
Introduction
In the entire history of networking it has never been easier to penetrate the network. One of the biggest problems of today's wireless networks is the lack of effective systems for intrusion detection. Forgetting to cover gaps in wireless network security may result in intrusion into the network by an attacker.
Security in IEEE 802.11 wireless networks
Although the IEEE 802.11 protocol defines security standards, wireless networks are one of the weakest links in the chain of computer networks. The basic security requirements of each computer network are reliable user authentication, privacy protection and user authentication.
Security attacks on IEEE 802.11 wireless networks
Non-technical attacks include a variety of human weaknesses, such as lack of conscience, negligence or over-confidence towards the strangers. Network attacks include a number of techniques that enable attackers to penetrate into the wireless network, or at least to disable it. Apart from the security problems with the IEEE 802.11 protocol, there are vulnerabilities in operating systems and applications on wireless clients.
The methodology of attack
Before testing wireless network security vulnerabilities, it is important to define a formal testing methodology. The first step before the actual attack is footprinting. The second step is the creation of a network map that shows how the wireless system looks. For this purpose, hackers are using specific tools, such as Network Stumbler, Nmap and Fping. When basic information about the wireless network is gathered, more information can be found out through the process of system scanning (enumeration).
Attacks on IEEE 802.11 wireless networks
Social engineering is a technique by which attackers exploit the natural trust of most people.
Radio waves do not respect defined boundaries. If radio waves are broadcasted outside of the boundaries of the defined area, then it is necessary to reduce signal strength on wireless access points. In that way, radio waves travel over shorter distances. Antennas are an integral part of wireless networks. A selected antenna type affects performance, network availability and safety of wireless networks.
Finding default values
CommView for WiFi is a tool for monitoring data flow (sniffer) especially written for wireless networks.
Cain & Abel is a universal tool for the detection of all types of passwords.
If a wireless network uses a protective mechanism of MAC address filtering, then the attacker must collect the IP addresses. To connect to a wireless access point, it is necessary to know its SSID. Contrary to what some people think, SSID is not a password.
Wardriving
Driving a car with a portable computer aimed at the detection of wireless computer networks, onto which connection is later possible, is called wardriving. For wardriving, it is necessary to have an appropriate software tool and a wireless network card or an adapter, on which an external antenna can be added to increase signal strength. It is also possible to use a global positioning device (GPS) to determine the coordinates of the detected wireless access points on a map. The most widely used software tools for wardriving are Network Stumbler, Kismet and MiniStumbler.
Network attacks
Hackers’ most usual attack to circumvent the basic access control in wireless networks is masking their own MAC address with an MAC address of a legitimate client on the network (MAC address spoofing).
Man-in-the-Middle attack inserts the attacker’s system in the middle between wireless clients and the wireless access point. Legitimate wireless users will be fooled when they try to connect, by being associated to the attacker's system instead of the legitimate wireless access point.
The ARP table poisoning attack inserts the attacker's system in the middle of communication between legitimate clients and the wireless access point. Attackers could use the address resolution protocol if it is running on the network. The aim of this attack is to introduce an attacker as a legitimate user on the network.
The Simple Network Management Protocol (SNMP) is used to monitor and manage network devices. SNMP versions 1 and 2 do not possess security mechanisms when managing clients.
Denial of service attack sends a bunch of malicious network requests which overlap radio waves on a wireless network system with unnecessary traffic, preventing addressing of the legitimate demands. Denial of service attack may be aimed to deny legitimate network services and to allow an attacker further penetration into the network.
Conclusion
In this paper, modern methods of attacks on IEEE 802.11 wireless networks are analyzed and processed. The most important tools for the attacks are presented as well as their effective usage for intrusion into wireless networks and discovery of useful information. The usage of wireless computer networks in environments where security and network availability are imperative is not recommended.
References
Beaver, K., Davis, P., 2005, Hacking wireless networks for dummies, Wiley Publishing, Inc., Indianapolis, Indiana, USA,
Bobar, Z., 2009, Zaštita računarskih mreža Ministarstva odbrane i Vojske Srbije primenom virtuelnog honeyneta, Vojnotehnički glasnik/Military Technical Courier, Vol. 57, No. 3, pp.80–87.
Cache, J., Wright, J., Liu, V., 2010, Hacking Exposed Wireless, Second Edition, The McGraw-Hill Companies, New York, USA,
Earle, A., 2006, Wireless Security Handbook, Taylor & Francis Group, New York, USA,
Evseev, S.P., Dorohov, A.V., Korolj, O.G., 2011, Mehanizmi zaštite informacija u kompjuterskim mrežama i sistemima, Vojnotehnički glasnik/Military Technical Courier, Vol. 59, No. 4, pp.15–39,
Graves, K., 2010, CEH: Certified Ethical Hacker Study Guide, Wiley Publishing, Inc., Indianapolis, Indiana, USA,
Hurley, C., Rogers, R., Thornton, F., 2007, WarDriving and Wireless Penetration Testing, Syngress Publishing, Inc.,
Milovanović, I., 2009, Master rad: Bežične MESH mreže, Fakultet za informatiku i menadžment, Univerzitet Singidunum, Niš,
Tanenbaum, A., Wetherall, D., 2010, Computer Networks, 5th Edition, Prentice Hall, USA,
www.personalmag.rs/blog/ns-wardriving-mapa, posećeno: 25.05.2012.
Proposed Creative Commons Copyright Notices
Proposed Policy for Military Technical Courier (Journals That Offer Open Access)
Authors who publish with this journal agree to the following terms:
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).