Penetration Testing of IEEE 802.11 Encryption Protocols using Kali Linux Hacking Tools
18 Jun 2020-International Journal of Computer Applications (Foundation of Computer Science (FCS), NY, USA)-Vol. 176, Iss: 32, pp 26-33
TL;DR: In this article, the authors use penetration testing to assess vulnerabilities and conduct attacks on Wireless Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) and 802.11i (Wi-Fi2) security protocols.
Abstract: The use of wireless network as a medium of communication has tremendously increased due to its flexibility, mobility and easy accessibility. Its usage is inevitable at hotels and restaurants, airports, organizations and currently predominant in homes. As large number of devices connect to wireless network, valuable and sensitive information are shared among users in the open air, attackers can easily sniff and capture data packets. This paper aims at using penetration testing to assess vulnerabilities and conduct attacks on Wireless Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) and 802.11i (WPA2) security protocols. The penetration testing was conducted using Kali Linux with its Aircrack-ng tools.
Citations
More filters
27 Aug 2021
TL;DR: This paper implements HalfSipHash on the Barefoot Tofino switch by using dependency management schemes to conserve pipeline stages and slicing semantics for concise circular bit shift operations, and shows that the efficient implementation performs 67 million, 90 million, 150 million, and 304 million hashes per second.
Abstract: Cyclic Redundancy Check (CRC) is a computationally inexpensive function readily available in many high-speed networking devices, and thus it is used extensively as a hash function in many data-plane applications. However, CRC is not a true cryptographic hash function, and it leaves applications vulnerable to attack. While cryptographically secure hash functions exist, there is no fast and efficient implementation for such functions on high-speed programmable switches. In this paper, we introduce an implementation of a secure keyed hash function optimized for commodity programmable switches and capable of running entirely within the data plane. We implement HalfSipHash on the Barefoot Tofino switch by using dependency management schemes to conserve pipeline stages and slicing semantics for concise circular bit shift operations. We show that our efficient implementation performs 67 million, 90 million, 150 million, and 304 million hashes per second for 32-byte, 24-byte, 16-byte, and 8-byte input strings, respectively.
11 citations
01 Jul 2021
TL;DR: A WiFi network honeypot designed to exploit artificial intelligence only in detecting aggressors and tailoring a hackback, it is concur that machine learning techniques can be applied to answer other shortcomings of the design.
Abstract: Attackers move throughout all environments. They conduct reconnaissance, scan networks, and seek misconfigured and vulnerable stations. This aspect is especially true for wireless networks. As the COVID-19 pandemic pushed numerous employees to conduct business-related tasks over the home network, the WiFi spectrum's protection has become more critical and taken a front seat in developing cybersecurity best practices. Detection of an intruder will not suffice in today's environment. This paper presents our contribution in the form of a WiFi network honeypot. As we limited our framework to exploit artificial intelligence only in detecting aggressors and tailoring a hackback, we concur that machine learning techniques can be applied to answer other shortcomings of our design.
2 citations
01 Jan 2021
TL;DR: In this paper, the authors present a tool named Fluxion to decipher WEP, WPA, and WPA2 passwords using a brief information about the security protocols is given so that comprehending the attack more undoubtedly.
Abstract: The content in the present paper reviews the attack carried out to decipher WEP, WPA, and WPA2 passwords using a tool named Fluxion. Before understanding how the tool works, brief information about the security protocols is given so that comprehending the attack more undoubtedly. At the same time, we compare Fluxion to other pre-existing tools used to crack Wi-Fi passwords and then list out the major differences between them. This comparison is done to evaluate the efficacy and success rate of Fluxion. In conclusion, this research and attack are performed to provide a deeper insight into WEP, WPA, and WPA2 cracking.
2 citations
01 Jan 2021
TL;DR: In this paper, the authors proposed that the security of Wi-Fi wireless networks is conditioned by different variables incorporated in standards, norms, good practices, and various investigations concerning this topic.
Abstract: Systems, data, users, and networks are essential in terms of information security. Systems, data, users and networks are essential in terms of information security. Wi-Fi wireless networks play a crucial role in increasing connectivity, as well as preventing and monitoring unauthorized access. Nonetheless, Wi-Fi wireless networks’ security is conditioned by different variables incorporated in standards, norms, good practices, and various investigations concerning this topic.
2 citations
References
More filters
16 Aug 2001
TL;DR: It is shown that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages.
Abstract: In this paper we present several weaknesses in the key scheduling algorithm of RC4, and describe their cryptanalytic significance. We identify a large number of weak keys, in which knowledge of a small number of key bits suffices to determine many state and output bits with non-negligible probability. We use these weak keys to construct new distinguishers for RC4, and to mount related key attacks with practical complexities. Finally, we show that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages. Our new passive ciphertext-only attack on this mode can recover an arbitrarily long key in a negligible amount of time which grows only linearly with its size, both for 24 and 128 bit IV modifiers.
1,127 citations
"Penetration Testing of IEEE 802.11 ..." refers background in this paper
...[24] describes the “weak” IVs of having a structure of B+3::ff:X (where B is the byte of key, ff being constant value of 255, and X is irrelevant)....
[...]
30 Sep 2008
TL;DR: This Special Publication 800-series reports on ITL's research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations.
Abstract: (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology (IT). ITL's responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL's research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.
346 citations
30 Oct 2017
TL;DR: The key reinstallation attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key, and forces the client into using a predictable all-zero encryption key.
Abstract: We introduce the key reinstallation attack. This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key's associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack. All protected Wi-Fi networks use the 4-way handshake to generate a fresh session key. So far, this 14-year-old handshake has remained free from attacks, and is even proven secure. However, we show that the 4-way handshake is vulnerable to a key reinstallation attack. Here, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying handshake messages. When reinstalling the key, associated parameters such as the incremental transmit packet number (nonce) and receive packet number (replay counter) are reset to their initial value. Our key reinstallation attack also breaks the PeerKey, group key, and Fast BSS Transition (FT) handshake. The impact depends on the handshake being attacked, and the data-confidentiality protocol in use. Simplified, against AES-CCMP an adversary can replay and decrypt (but not forge) packets. This makes it possible to hijack TCP streams and inject malicious data into them. Against WPA-TKIP and GCMP the impact is catastrophic: packets can be replayed, decrypted, and forged. Because GCMP uses the same authentication key in both communication directions, it is especially affected. Finally, we confirmed our findings in practice, and found that every Wi-Fi device is vulnerable to some variant of our attacks. Notably, our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key.
305 citations
"Penetration Testing of IEEE 802.11 ..." refers methods in this paper
...According to [32], the four-way handshake provides mutual authentication based on the PMK, and agrees on a fresh session key known as the Pairwise Transient Key (PTK)....
[...]
Book•
11 Nov 2008
TL;DR: Cutting-edge coverage of the new edition includes virtualization, mobile devices, and other trends, as well as new topics such as psychological approaches to social engineering attacks, Web application attacks, penetration testing, data loss prevention, cloud computing security, and application programming development security.
Abstract: Reflecting the latest developments from the information security field, best-selling Security+ Guide to Network Security Fundamentals, 4e provides the most current coverage available while thoroughly preparing readers for the CompTIA Security+ SY0-301 certification exam. Its comprehensive introduction to practical network and computer security covers all of the the new CompTIA Security+ exam objectives. Cutting-edge coverage of the new edition includes virtualization, mobile devices, and other trends, as well as new topics such as psychological approaches to social engineering attacks, Web application attacks, penetration testing, data loss prevention, cloud computing security, and application programming development security.
101 citations
"Penetration Testing of IEEE 802.11 ..." refers methods in this paper
...28 - Message Authentication Code (CBC-MAC) protocol (CCMP) for data encryption [29] [30]....
[...]
TL;DR: Topics covered in this book include intrusion detection, secure PHY/MAC/routing protocols, attacks and prevention, immunization, key management, secure group communications/multicast, secure location services, monitoring and surveillance, anonymity, privacy, trust establishment/management, redundancy and security, and dependable wireless networking.
Abstract: Wireless networks technologies have been dramatically improved by the popularity of third generation (3G) wireless networks, wireless LANs, Bluetooth, and sensor networks. However, security is a major concern for wide deployments of such wireless networks. The contributions to this volume identify various vulnerabilities in the physical layer, the MAC layer, the IP layer, the transport layer, and the application layer, and discuss ways to strengthen security mechanisms and services in all these layers. The topics covered in this book include intrusion detection, secure PHY/MAC/routing protocols, attacks and prevention, immunization, key management, secure group communications/multicast, secure location services, monitoring and surveillance, anonymity, privacy, trust establishment/management, redundancy and security, and dependable wireless networking.
72 citations