Survey of the security risks of Wi-Fi networks based on the information elements of beacon and probe response frames


Authors

DOI:

https://doi.org/10.22517/23447214.23781

Keywords:

Beacon frames, IEEE802.11, RSN, Security, TKIP, Wi-Fi, Wireshark, WPS

Abstract

Wi-Fi networks have become prevalent in homes, businesses, and public places. Wi-Fi is one of the most common means that people use to access digital services like Facebook, WhatsApp, Instagram, email, and even payment platforms. Equipment for deploying Wi-Fi networks is affordable and its basic features are easy to manipulate. In many cases Wi-Fi users do not even have to buy any communication equipment, since Wi-Fi routers are installed by internet service providers (ISP) in the premises of their customers. Wi-Fi equipment, owned either by end users or ISP companies, should be configured as securely as possible to avoid potential attacks. The security capabilities and features of Wi-Fi routers and access points are inserted into beacon and probe response frames. Potential attackers can use sniffing tools like Wireshark to capture these frames and extract information about security features to discover vulnerabilities.  In order to assess the security risks of Wi-Fi networks we conducted a survey in which we used Wireshark to capture the traffic from several Wi-Fi networks, and then through a filter we selected the beacon and probe response frames to analyze the security information elements carried by those frames. We came to the conclusion that despite technical recommendations, some security parameters and options are still set in a way that makes networks more prone to attacks. With this paper we want the readers to be aware of the security risks of their Wi-Fi networks, even the ones set up by their internet service providers.  

Downloads

Download data is not yet available.

Author Biographies

Hector Ivan Reyes-Moncayo, Universidad de los Llanos

Ingeniero Electrónico, Magister en Teleinformática, y Doctor en Ingeniería. Actualmente es profesor asistente en la Escuela de Ingeniería de la Universidad de los Llanos en Villavicencio, Meta.

Luis Daniel Malaver- Mendoza, Universidad de los Llanos

Egresado del programa de Ingeniería de Sistemas  de la Universidad de los Llanos. Integrante del grupo de estudio GERA (Grupo de estudio de Redes y Aplicaciones).

Andrea Lorena Ochoa-Murillo, Universidad de los Llanos

Ingeniera de Sistemas en 2019 por la Universidad de los Llanos (Villavicencio, Colombia). Mis intereses de investigación incluyen Redes, Teleinformática y programación. Estudiante de la Facultad de Ciencias Básicas e Ingeniería de la Universidad de los Llanos perteneciente al Grupo de Estudio de Redes y Aplicaciones GERA.

References

S. E. Frankel, B. Eydt, L. Owens, and K. K. Scarfone, "Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i | NIST," Special Publication (NIST SP) - 800-97, Feb. 2007. DOI: 10.6028/NIST.SP.800-97

https://doi.org/10.6028/NIST.SP.800-97

J. R. Vollbrecht, B. Aboba, L. J. Blunk, H. Levkowetz, and J. Carlson, "Extensible Authentication Protocol (EAP)." [Online]. Available: https://tools.ietf.org/html/rfc3748. [Accessed: 26-Mar-2019].

"802.1X Overview and EAP Types," Intel. [Online]. Available: https://www.intel.com/content/www/us/en/support/articles/000006999/network-and-i-o/wireless-networking.html. [Accessed: 26-Mar-2019].

"Security | Wi-Fi Alliance." [Online]. Available: https://www.wi-fi.org/discover-wi-fi/security. [Accessed: 26-Mar-2019].

"IEEE Standard for Information technology-Telecommunications and information exchange between systems Local and metropolitan area networks-Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications," IEEE Std 802.11-2016 (Revision of IEEE Std 802.11-2012), pp. 1-3534, Dec. 2016.

M. Koziol, "Wi-Fi Gets More Secure: Everything You Need to Know About WPA3," IEEE Spectrum: Technology, Engineering, and Science News, 06-Sep-2018. [Online]. Available: https://spectrum.ieee.org/tech-talk/telecom/security/everything-you-need-to-know-about-wpa3. [Accessed: 27-Mar-2019].

P. B. and the S. community, "Scapy." [Online]. Available: https://secdev.github.io/. [Accessed: 30-Jan-2019].

"Wireshark · Go Deep." [Online]. Available: https://www.wireshark.org/. [Accessed: 30-Jan-2019].

[9] E. Tews and M. Beck, "Practical Attacks Against WEP and WPA," in Proceedings of the Second ACM Conference on Wireless Network Security, New York, NY, USA, 2009, pp. 79-86. DOI: 10.1145/1514274.1514286

https://doi.org/10.1145/1514274.1514286

M. Vanhoef and F. Piessens, "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17, Dallas, Texas, USA, 2017, pp. 1313-1328.

https://doi.org/10.1145/3133956.3134027

DOI: 10.1145/3133956.3134027

https://doi.org/10.1145/3133956.3134027

"KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know," PCWorld, 08-Nov-2017. [Online]. Available: https://www.pcworld.com/article/3233308/security/krack-wi-fi-security-flaw-faq-tips.html. [Accessed: 14-Feb-2019].

"Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack | US-CERT." [Online]. Available: https://www.us-cert.gov/ncas/alerts/TA12-006A. [Accessed: 29-Jan-2019].

"Fern Pro | Downloads." [Online]. Available: http://www.fern-pro.com/download. [Accessed: 30-Jan-2019].

"Google Code Archive - Long-term storage for Google Code Project Hosting." [Online]. Available: https://code.google.com/archive/p/reaver-wps/. [Accessed: 30-Jan-2019].

T. Campbell, "Technical Note: Removal of TKIP from Wi-Fi Devices," p. 3, 2015.

"WPA2 'KRACK' Attack," SANS Internet Storm Center. [Online]. Available: https://isc.sans.edu/forums/diary/22932/. [Accessed: 08-Apr-2019].

C. Osborne, "Here's every patch for KRACK Wi-Fi vulnerability available right now," ZDNet. [Online]. Available: https://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/. [Accessed: 08-Apr-2019].

Downloads

    Vistas(Views): 780
  • PDF Descargas(Downloads): 492

Published

2020-09-30

How to Cite

Reyes-Moncayo, H. I., Malaver- Mendoza, L. D., & Ochoa-Murillo, A. L. (2020). Survey of the security risks of Wi-Fi networks based on the information elements of beacon and probe response frames. Scientia Et Technica, 25(3), 351–357. https://doi.org/10.22517/23447214.23781

Issue

Vol. 25 No. 3 (2020)

Section

Eléctrica

License

The undersigned authors declare that the article submitted to the journal Scientia et Technica is an original work and that all its content is free of third-party copyright restrictions or has the corresponding authorizations. Consequently, the authors assume responsibility for any litigation or claim related to intellectual property rights, releasing the Technological University of Pereira and the journal Scientia et Technica from any liability.

If the submitted work is accepted for publication, the authors retain copyright to the article and grant the journal Scientia et Technica the right of first publication, as well as a non-exclusive, perpetual license to reproduce, edit, distribute, display, and publicly communicate the article in any medium or format, including print, electronic, databases, repositories, the Internet, or other scientific dissemination systems. The authors agree that the article will be published in open access and distributed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).

The journal Scientia will respect in all cases the moral rights of the authors, in accordance with the provisions of article 30 of Law 23 of 1982 of the Republic of Colombia, recognizing the authorship of the work, the right to integrity and the right of disclosure, which are inalienable and non-waivable.