Skip to main content
SpringerLink
Log in

Association Attacks in IEEE 802.11: Exploiting WiFi Usability Features

  • Conference paper
  • First Online:
Socio-Technical Aspects in Security and Trust (STAST 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11739))

Abstract

Association attacks in IEEE 802.11 aim to manipulate wireless clients into associating with a malicious access point, usually by exploiting usability features that are implemented on the network managers of modern operating systems. In this paper we review known association attacks in IEEE 802.11 and we provide a taxonomy to classify them according to the network manager features that each attack exploits. In addition, we analyze the current applicability status of association attacks, by implementing them using the well-known Wifiphisher tool and we review the security posture of modern network managers against known association attacks and their variations. Our results show that association attacks still pose an active threat. In particular, we analyze various strategies that may be implemented by an adversary in order to increase the success rate of association attacks, and we show that even though network managers have hampered the effectiveness of some known attacks (e.g. KARMA), other techniques (e.g. Known Beacons) are still an active threat.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Roguehostapd github page. https://github.com/wifiphisher/roguehostapd

  2. Wifiphisher github page. https://github.com/wifiphisher/wifiphisher

  3. Wi-fi protected setup specification version 1.0h. 2006 (2015)

    Google Scholar 

  4. Common vulnerability scoring system version 3.1: Specification document (2019). https://www.first.org/cvss/specification-document

  5. Pwning WiFi networks with bettercap and the PMKID client less attack, February 2019. https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/

  6. Cassola, A., Robertson, W., Kirda, E., Noubir, G.: A practical, targeted, and stealthy attack against WPA enterprise authentication. In: NDSS Symposium 2013, June 2013. https://doi.org/10.1109/IAW.2005.1495975

  7. Altaweel, A., Stoleru, R., Gu, G.: EvilDirect: A new Wi-Fi direct hijacking attack and countermeasures. In: 2017 26th International Conference on Computer Communication and Networks (ICCCN), pp. 1–11, July 2017. https://doi.org/10.1109/ICCCN.2017.8038416

  8. Dagelić, A., Perković, T., Vujatović, B., Čagalj, M.: SSID oracle attack on undisclosed Wi-Fi preferred network lists. Wirel. Commun. Mob. Comput. 2018, 15 p. (2018). https://doi.org/10.1155/2018/5153265. Article ID 5153265

  9. Barbera, M.V., Epasto, A., Mei, A., Perta, V.C., Stefa, J.: Signals from the crowd: uncovering social relationships through smartphone probes. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 265–276. ACM (2013)

    Google Scholar 

  10. Camps-Mur, D., Garcia-Saavedra, A., Serrano, P.: Device-to-device communications with Wi-Fi direct: overview and experimentation. IEEE Wirel. Commun. 20(3), 96–104 (2013). https://doi.org/10.1109/MWC.2013.6549288

    Article  Google Scholar 

  11. Chatzisofroniou, G.: Efficient Wi-Fi phishing attacks. Tripwire blog (2017)

    Google Scholar 

  12. Chatzisofroniou, G.: Introducing wifiphisher. In: BSidesLondon 2015 (2017)

    Google Scholar 

  13. Chatzisofroniou, G.: Lure10: Exploiting windows automatic wireless association algorithm. In: HITBSecConf 2017 (2017)

    Google Scholar 

  14. Chatzisofroniou, G.: Known beacons attack. CENSUS S.A. blog (2018)

    Google Scholar 

  15. Dai Zovi, D.A., Macaulay, S.A.: Attacking automatic wireless network selection. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 365–372, June 2005. https://doi.org/10.1109/IAW.2005.1495975

  16. Group, I.W.: Part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications: higher-speed physical layer in the 5 GHZ band. In: IEEE Std 802.11 (1999). https://ci.nii.ac.jp/naid/10011815988/en/

  17. Hurley, C.: WarDriving: Drive, Detect, Defend: A Guide to Wireless Security (2004)

    Google Scholar 

  18. Jana, S., Kasera, S.K.: On fast and accurate detection of unauthorized wireless access points using clock skews. IEEE Trans. Mob. Comput. 9(3), 449–462 (2010). https://doi.org/10.1109/TMC.2009.145

    Article  Google Scholar 

  19. Nobles, P.: Vulnerability of IEEE802.11 WLANs to MAC layer dos attacks. In: IET Conference Proceedings, pp. 14–14(1), January 2004. https://digital-library.theiet.org/content/conferences/10.1049/ic.2004.0670

  20. Nussel, L.: The evil twin problem with WPA2-enterprise. SUSE Linux Products GmbH (2010)

    Google Scholar 

  21. Roth, V., Polak, W., Rieffel, E., Turner, T.: Simple and effective defense against evil twin access points. In: Proceedings of the First ACM Conference on Wireless Network Security, pp. 220–235. ACM (2008)

    Google Scholar 

  22. SensePost: Manna from heaven. DEF CON 22 (2015)

    Google Scholar 

  23. Tippenhauer, N.O., Rasmussen, K.B., Pöpper, C., Capkun, S.: iPhone and iPod location spoofing: Attacks on public WLAN-based positioning systems. Technical report/ETH Zürich, Department of Computer Science 599 (2012)

    Google Scholar 

  24. Vanhoef, M.: Windows 10 lock screen: abusing the network UI for backdoors (and how to disable it). Mathy Vanhoef blog (2017)

    Google Scholar 

  25. Vanhoef, M., Piessens, F.: Advanced Wi-Fi attacks using commodity hardware. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 256–265. ACM, New York (2014). https://doi.org/10.1145/2664243.2664260

  26. Vanhoef, M., Piessens, F.: Key reinstallation attacks: forcing nonce reuse in WPA2. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1313–1328. ACM, New York (2017). https://doi.org/10.1145/3133956.3134027

  27. Venkataraman, A., Beyah, R.: Rogue access point detection using innate characteristics of the 802.11 MAC. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 394–416. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05284-2_23

    Chapter  Google Scholar 

  28. Viehbck, S.: Wi-Fi protected setup online pin brute force vulnerability (2011)

    Google Scholar 

  29. Yang, C., Song, Y., Gu, G.: Active user-side evil twin access point detection using statistical techniques. IEEE Trans. Inf. Forensics Secur. 7(5), 1638–1651 (2012)

    Article  Google Scholar 

Download references

Acknowledgement

This research has been co-financed by the European Union and Greek national funds through the Operational Program Competitiveness, Entrepreneurship and Innovation, under the call RESEARCH-CREATE-INNOVATE (project code: T1EDK-01958).

This work has been partly supported by the University of Piraeus Research Center.

Author information

Authors and Affiliations

  1. SecLab, Department of Informatics, University of Piraeus, Pireas, Greece

    George Chatzisofroniou & Panayiotis Kotzanikolaou

Authors
  1. George Chatzisofroniou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Panayiotis Kotzanikolaou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to George Chatzisofroniou or Panayiotis Kotzanikolaou .

Editor information

Editors and Affiliations

  1. Computing, Newcastle University, Newcastle upon Tyne, UK

    Thomas Groß

  2. Faculty of Engineering, Bristol University, Bristol, UK

    Theo Tryfonas

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chatzisofroniou, G., Kotzanikolaou, P. (2021). Association Attacks in IEEE 802.11: Exploiting WiFi Usability Features. In: Groß, T., Tryfonas, T. (eds) Socio-Technical Aspects in Security and Trust. STAST 2019. Lecture Notes in Computer Science(), vol 11739. Springer, Cham. https://doi.org/10.1007/978-3-030-55958-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-55958-8_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-55957-1

  • Online ISBN: 978-3-030-55958-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation