Survey of the security risks of Wi-Fi networks based on the information elements of beacon and probe response frames
DOI:
https://doi.org/10.22517/23447214.23781Keywords:
Beacon frames, IEEE802.11, RSN, Security, TKIP, Wi-Fi, Wireshark, WPSAbstract
Wi-Fi networks have become prevalent in homes, businesses, and public places. Wi-Fi is one of the most common means that people use to access digital services like Facebook, WhatsApp, Instagram, email, and even payment platforms. Equipment for deploying Wi-Fi networks is affordable and its basic features are easy to manipulate. In many cases Wi-Fi users do not even have to buy any communication equipment, since Wi-Fi routers are installed by internet service providers (ISP) in the premises of their customers. Wi-Fi equipment, owned either by end users or ISP companies, should be configured as securely as possible to avoid potential attacks. The security capabilities and features of Wi-Fi routers and access points are inserted into beacon and probe response frames. Potential attackers can use sniffing tools like Wireshark to capture these frames and extract information about security features to discover vulnerabilities. In order to assess the security risks of Wi-Fi networks we conducted a survey in which we used Wireshark to capture the traffic from several Wi-Fi networks, and then through a filter we selected the beacon and probe response frames to analyze the security information elements carried by those frames. We came to the conclusion that despite technical recommendations, some security parameters and options are still set in a way that makes networks more prone to attacks. With this paper we want the readers to be aware of the security risks of their Wi-Fi networks, even the ones set up by their internet service providers.
Downloads
References
S. E. Frankel, B. Eydt, L. Owens, and K. K. Scarfone, "Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i | NIST," Special Publication (NIST SP) - 800-97, Feb. 2007. DOI: 10.6028/NIST.SP.800-97
https://doi.org/10.6028/NIST.SP.800-97
J. R. Vollbrecht, B. Aboba, L. J. Blunk, H. Levkowetz, and J. Carlson, "Extensible Authentication Protocol (EAP)." [Online]. Available: https://tools.ietf.org/html/rfc3748. [Accessed: 26-Mar-2019].
"802.1X Overview and EAP Types," Intel. [Online]. Available: https://www.intel.com/content/www/us/en/support/articles/000006999/network-and-i-o/wireless-networking.html. [Accessed: 26-Mar-2019].
"Security | Wi-Fi Alliance." [Online]. Available: https://www.wi-fi.org/discover-wi-fi/security. [Accessed: 26-Mar-2019].
"IEEE Standard for Information technology-Telecommunications and information exchange between systems Local and metropolitan area networks-Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications," IEEE Std 802.11-2016 (Revision of IEEE Std 802.11-2012), pp. 1-3534, Dec. 2016.
M. Koziol, "Wi-Fi Gets More Secure: Everything You Need to Know About WPA3," IEEE Spectrum: Technology, Engineering, and Science News, 06-Sep-2018. [Online]. Available: https://spectrum.ieee.org/tech-talk/telecom/security/everything-you-need-to-know-about-wpa3. [Accessed: 27-Mar-2019].
P. B. and the S. community, "Scapy." [Online]. Available: https://secdev.github.io/. [Accessed: 30-Jan-2019].
"Wireshark · Go Deep." [Online]. Available: https://www.wireshark.org/. [Accessed: 30-Jan-2019].
[9] E. Tews and M. Beck, "Practical Attacks Against WEP and WPA," in Proceedings of the Second ACM Conference on Wireless Network Security, New York, NY, USA, 2009, pp. 79-86. DOI: 10.1145/1514274.1514286
https://doi.org/10.1145/1514274.1514286
M. Vanhoef and F. Piessens, "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17, Dallas, Texas, USA, 2017, pp. 1313-1328.
https://doi.org/10.1145/3133956.3134027
DOI: 10.1145/3133956.3134027
https://doi.org/10.1145/3133956.3134027
"KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know," PCWorld, 08-Nov-2017. [Online]. Available: https://www.pcworld.com/article/3233308/security/krack-wi-fi-security-flaw-faq-tips.html. [Accessed: 14-Feb-2019].
"Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack | US-CERT." [Online]. Available: https://www.us-cert.gov/ncas/alerts/TA12-006A. [Accessed: 29-Jan-2019].
"Fern Pro | Downloads." [Online]. Available: http://www.fern-pro.com/download. [Accessed: 30-Jan-2019].
"Google Code Archive - Long-term storage for Google Code Project Hosting." [Online]. Available: https://code.google.com/archive/p/reaver-wps/. [Accessed: 30-Jan-2019].
T. Campbell, "Technical Note: Removal of TKIP from Wi-Fi Devices," p. 3, 2015.
"WPA2 'KRACK' Attack," SANS Internet Storm Center. [Online]. Available: https://isc.sans.edu/forums/diary/22932/. [Accessed: 08-Apr-2019].
C. Osborne, "Here's every patch for KRACK Wi-Fi vulnerability available right now," ZDNet. [Online]. Available: https://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/. [Accessed: 08-Apr-2019].
Downloads
-
Vistas(Views): 474
- PDF Descargas(Downloads): 280
Published
How to Cite
Issue
Section
License
Copyrights
The journal is free open access. The papers are published under the Creative Commons Attribution / Attribution-NonCommercial-NoDerivatives 4.0 International - CC BY-NC-ND 4.0 license. For this reason, the author or authors of a manuscript accepted for publication will yield all the economic rights to the Universidad Tecnológica of Pereira free of charge, taking into account the following:
In the event that the submitted manuscript is accepted for publication, the authors must grant permission to the journal, in unlimited time, to reproduce, to edit, distribute, exhibit and publish anywhere, either by means printed, electronic, databases, repositories, optical discs, Internet or any other required medium. In all cases, the journal preserves the obligation to respect, the moral rights of the authors, contained in article 30 of Law 23 of 1982 of the Government Colombian.
The transferors using ASSIGNMENT OF PATRIMONIAL RIGHTS letter declare that all the material that is part of the article is entirely free of copyright. Therefore, the authors are responsible for any litigation or related claim to intellectual property rights. They exonerate of all responsibility to the Universidad Tecnológica of Pereira (publishing entity) and the Scientia et Technica journal. Likewise, the authors accept that the work presented will be distributed in free open access, safeguarding copyright under the Creative Commons Attribution / Recognition-NonCommercial-NoDerivatives 4.0 International - https://creativecommons.org/licenses/by-nc-nd/4.0/deed.es license.