Vojnotehnički Glasnik (Jun 2013)
Attacks on IEEE 802.11 wireless networks
Abstract
Security of wireless computer networks was initially secured with the WEP security protocol, which relies on the RC4 encryption algorithm and the CRC algorithm to check the integrity. The basic problems of the WEP are a short initialization vector, unsafe data integrity checking, using a common key, the lack of mechanisms for management and exchange of keys, the lack of protection from the endless insertion of the same package into the network, the lack of authentication of access points and the like. The consequences of these failures are easy attacks against the WEP network, namely their complete insecurity. Therefore, the work began on the IEEE 802.11i protocol, which should radically improve the security of wireless networks. Since the development of a protocol lasted, the WPA standard was released to offset the security gap caused by the WEP. The WPA also relies on RC4 and CRC algorithms, but brings temporary keys and the MIC algorithm for data integrity. The 802.1X authentication was introduced and common keys are no longer needed, since it is possible to use an authentication server. The length of the initialization vector was increased and the vector is obtained based on the packet serial number, in order to prevent the insertion of the same packet into the network. The weakness of the WPA security mechanism is the use of a common key. WPA2 (802.11i) later appeared. Unlike the WPA mechanism that worked on old devices with the replacement of software, WPA2 requires new network devices that can perform AES encryption. AES replaces the RC4 algorithm and delivers much greater security. Data integrity is protected by encryption. Despite progress, there are still weaknesses in wireless networks. Attacks for denial of service are possible as well as spoofing package headers attacks. For now, it is not advisable to use wireless networks in environments where unreliability and unavailability are not tolerated. Introduction In the entire history of networking it has never been easier to penetrate the network. One of the biggest problems of today's wireless networks is the lack of effective systems for intrusion detection. Forgetting to cover gaps in wireless network security may result in intrusion into the network by an attacker. Security in IEEE 802.11 wireless networks Although the IEEE 802.11 protocol defines security standards, wireless networks are one of the weakest links in the chain of computer networks. The basic security requirements of each computer network are reliable user authentication, privacy protection and user authentication. Security attacks on IEEE 802.11 wireless networks Non-technical attacks include a variety of human weaknesses, such as lack of conscience, negligence or over-confidence towards the strangers. Network attacks include a number of techniques that enable attackers to penetrate into the wireless network, or at least to disable it. Apart from the security problems with the IEEE 802.11 protocol, there are vulnerabilities in operating systems and applications on wireless clients. The methodology of attack Before testing wireless network security vulnerabilities, it is important to define a formal testing methodology. The first step before the actual attack is footprinting. The second step is the creation of a network map that shows how the wireless system looks. For this purpose, hackers are using specific tools, such as Network Stumbler, Nmap and Fping. When basic information about the wireless network is gathered, more information can be found out through the process of system scanning (enumeration). Attacks on IEEE 802.11 wireless networks Social engineering is a technique by which attackers exploit the natural trust of most people. Radio waves do not respect defined boundaries. If radio waves are broadcasted outside of the boundaries of the defined area, then it is necessary to reduce signal strength on wireless access points. In that way, radio waves travel over shorter distances. Antennas are an integral part of wireless networks. A selected antenna type affects performance, network availability and safety of wireless networks. Finding default values CommView for WiFi is a tool for monitoring data flow (sniffer) especially written for wireless networks. Cain & Abel is a universal tool for the detection of all types of passwords. If a wireless network uses a protective mechanism of MAC address filtering, then the attacker must collect the IP addresses. To connect to a wireless access point, it is necessary to know its SSID. Contrary to what some people think, SSID is not a password. Wardriving Driving a car with a portable computer aimed at the detection of wireless computer networks, onto which connection is later possible, is called wardriving. For wardriving, it is necessary to have an appropriate software tool and a wireless network card or an adapter, on which an external antenna can be added to increase signal strength. It is also possible to use a global positioning device (GPS) to determine the coordinates of the detected wireless access points on a map. The most widely used software tools for wardriving are Network Stumbler, Kismet and MiniStumbler. Network attacks Hackers’ most usual attack to circumvent the basic access control in wireless networks is masking their own MAC address with an MAC address of a legitimate client on the network (MAC address spoofing). Man-in-the-Middle attack inserts the attacker’s system in the middle between wireless clients and the wireless access point. Legitimate wireless users will be fooled when they try to connect, by being associated to the attacker's system instead of the legitimate wireless access point. The ARP table poisoning attack inserts the attacker's system in the middle of communication between legitimate clients and the wireless access point. Attackers could use the address resolution protocol if it is running on the network. The aim of this attack is to introduce an attacker as a legitimate user on the network. The Simple Network Management Protocol (SNMP) is used to monitor and manage network devices. SNMP versions 1 and 2 do not possess security mechanisms when managing clients. Denial of service attack sends a bunch of malicious network requests which overlap radio waves on a wireless network system with unnecessary traffic, preventing addressing of the legitimate demands. Denial of service attack may be aimed to deny legitimate network services and to allow an attacker further penetration into the network. Conclusion In this paper, modern methods of attacks on IEEE 802.11 wireless networks are analyzed and processed. The most important tools for the attacks are presented as well as their effective usage for intrusion into wireless networks and discovery of useful information. The usage of wireless computer networks in environments where security and network availability are imperative is not recommended.
Keywords
