Intercepting mobile communications: the insecurity of 802.11
Proceedings of the 7th annual international conference on Mobile computing and networking
DoS and authentication in wireless public access networks
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
The Final Nail in WEP's Coffin
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
802.11 denial-of-service attacks: real vulnerabilities and practical solutions
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Wireless client puzzles in IEEE 802.11 networks: security by wireless
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Design, implementation, and performance analysis of DiscoSec Service pack for securing WLANs
WOWMOM '08 Proceedings of the 2008 International Symposium on a World of Wireless, Mobile and Multimedia Networks
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
To improve the tarnished reputation of WLAN security, the new IEEE 802.11i standard provides means for mutual user authentication and assures confidentiality of user data. However, the IEEE 802.11 link-layer is still highly vulnerable to a plethora of simple, yet effective attacks which further jeopardize the already fragile security of wireless communications. Some of these vulnerabilities are related to limited hardware capabilities of access points and their abuse may result in serious degradation of control over the wireless connection, which, especially in the case of broadcast communication, allows for client hijacking attacks. Although these issues are known and their impact is expected to be less prevalent on modern equipment, this work demonstrates the opposite. In our experimental analysis, we tested frequently used access points, and by forcing them to operate on their performance limits, we identified significant operational anomalies and demonstrated their impact on security by implementing a novel version of the Man-In-The-Middle attack, to which we refer as the Muzzle attack. Secondly, this work describes DiscoSec, a solution for ''patching'' WLANs against a variety of such link-layer attacks. DiscoSec provides DoS-resilient key exchange, an efficient frame authentication, and a performance-oriented implementation. By means of extensive real-world measurements DiscoSec is evaluated, showing that even on very resource-limited devices the network throughput is decreased by only 22% compared to the throughput without any authentication, and by 6% on more performance-capable hardware. To demonstrate its effectiveness, DiscoSec is available as an open-source IEEE 802.11 device driver utilizing well-established cryptographic primitives provided by the Linux Crypto API and OpenSSL library.