Fast track article: Bringing law and order to IEEE 802.11 networks-A case for DiscoSec

Quantified Score

Visualization

Abstract

To improve the tarnished reputation of WLAN security, the new IEEE 802.11i standard provides means for mutual user authentication and assures confidentiality of user data. However, the IEEE 802.11 link-layer is still highly vulnerable to a plethora of simple, yet effective attacks which further jeopardize the already fragile security of wireless communications. Some of these vulnerabilities are related to limited hardware capabilities of access points and their abuse may result in serious degradation of control over the wireless connection, which, especially in the case of broadcast communication, allows for client hijacking attacks. Although these issues are known and their impact is expected to be less prevalent on modern equipment, this work demonstrates the opposite. In our experimental analysis, we tested frequently used access points, and by forcing them to operate on their performance limits, we identified significant operational anomalies and demonstrated their impact on security by implementing a novel version of the Man-In-The-Middle attack, to which we refer as the Muzzle attack. Secondly, this work describes DiscoSec, a solution for ''patching'' WLANs against a variety of such link-layer attacks. DiscoSec provides DoS-resilient key exchange, an efficient frame authentication, and a performance-oriented implementation. By means of extensive real-world measurements DiscoSec is evaluated, showing that even on very resource-limited devices the network throughput is decreased by only 22% compared to the throughput without any authentication, and by 6% on more performance-capable hardware. To demonstrate its effectiveness, DiscoSec is available as an open-source IEEE 802.11 device driver utilizing well-established cryptographic primitives provided by the Linux Crypto API and OpenSSL library.