Abstract
Association attacks in IEEE 802.11 aim to manipulate wireless clients into associating with a malicious access point, usually by exploiting usability features that are implemented on the network managers of modern operating systems. In this paper we review known association attacks in IEEE 802.11 and we provide a taxonomy to classify them according to the network manager features that each attack exploits. In addition, we analyze the current applicability status of association attacks, by implementing them using the well-known Wifiphisher tool and we review the security posture of modern network managers against known association attacks and their variations. Our results show that association attacks still pose an active threat. In particular, we analyze various strategies that may be implemented by an adversary in order to increase the success rate of association attacks, and we show that even though network managers have hampered the effectiveness of some known attacks (e.g. KARMA), other techniques (e.g. Known Beacons) are still an active threat.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Roguehostapd github page. https://github.com/wifiphisher/roguehostapd
Wifiphisher github page. https://github.com/wifiphisher/wifiphisher
Wi-fi protected setup specification version 1.0h. 2006 (2015)
Common vulnerability scoring system version 3.1: Specification document (2019). https://www.first.org/cvss/specification-document
Pwning WiFi networks with bettercap and the PMKID client less attack, February 2019. https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/
Cassola, A., Robertson, W., Kirda, E., Noubir, G.: A practical, targeted, and stealthy attack against WPA enterprise authentication. In: NDSS Symposium 2013, June 2013. https://doi.org/10.1109/IAW.2005.1495975
Altaweel, A., Stoleru, R., Gu, G.: EvilDirect: A new Wi-Fi direct hijacking attack and countermeasures. In: 2017 26th International Conference on Computer Communication and Networks (ICCCN), pp. 1–11, July 2017. https://doi.org/10.1109/ICCCN.2017.8038416
Dagelić, A., Perković, T., Vujatović, B., Čagalj, M.: SSID oracle attack on undisclosed Wi-Fi preferred network lists. Wirel. Commun. Mob. Comput. 2018, 15 p. (2018). https://doi.org/10.1155/2018/5153265. Article ID 5153265
Barbera, M.V., Epasto, A., Mei, A., Perta, V.C., Stefa, J.: Signals from the crowd: uncovering social relationships through smartphone probes. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 265–276. ACM (2013)
Camps-Mur, D., Garcia-Saavedra, A., Serrano, P.: Device-to-device communications with Wi-Fi direct: overview and experimentation. IEEE Wirel. Commun. 20(3), 96–104 (2013). https://doi.org/10.1109/MWC.2013.6549288
Chatzisofroniou, G.: Efficient Wi-Fi phishing attacks. Tripwire blog (2017)
Chatzisofroniou, G.: Introducing wifiphisher. In: BSidesLondon 2015 (2017)
Chatzisofroniou, G.: Lure10: Exploiting windows automatic wireless association algorithm. In: HITBSecConf 2017 (2017)
Chatzisofroniou, G.: Known beacons attack. CENSUS S.A. blog (2018)
Dai Zovi, D.A., Macaulay, S.A.: Attacking automatic wireless network selection. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 365–372, June 2005. https://doi.org/10.1109/IAW.2005.1495975
Group, I.W.: Part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications: higher-speed physical layer in the 5 GHZ band. In: IEEE Std 802.11 (1999). https://ci.nii.ac.jp/naid/10011815988/en/
Hurley, C.: WarDriving: Drive, Detect, Defend: A Guide to Wireless Security (2004)
Jana, S., Kasera, S.K.: On fast and accurate detection of unauthorized wireless access points using clock skews. IEEE Trans. Mob. Comput. 9(3), 449–462 (2010). https://doi.org/10.1109/TMC.2009.145
Nobles, P.: Vulnerability of IEEE802.11 WLANs to MAC layer dos attacks. In: IET Conference Proceedings, pp. 14–14(1), January 2004. https://digital-library.theiet.org/content/conferences/10.1049/ic.2004.0670
Nussel, L.: The evil twin problem with WPA2-enterprise. SUSE Linux Products GmbH (2010)
Roth, V., Polak, W., Rieffel, E., Turner, T.: Simple and effective defense against evil twin access points. In: Proceedings of the First ACM Conference on Wireless Network Security, pp. 220–235. ACM (2008)
SensePost: Manna from heaven. DEF CON 22 (2015)
Tippenhauer, N.O., Rasmussen, K.B., Pöpper, C., Capkun, S.: iPhone and iPod location spoofing: Attacks on public WLAN-based positioning systems. Technical report/ETH Zürich, Department of Computer Science 599 (2012)
Vanhoef, M.: Windows 10 lock screen: abusing the network UI for backdoors (and how to disable it). Mathy Vanhoef blog (2017)
Vanhoef, M., Piessens, F.: Advanced Wi-Fi attacks using commodity hardware. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 256–265. ACM, New York (2014). https://doi.org/10.1145/2664243.2664260
Vanhoef, M., Piessens, F.: Key reinstallation attacks: forcing nonce reuse in WPA2. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1313–1328. ACM, New York (2017). https://doi.org/10.1145/3133956.3134027
Venkataraman, A., Beyah, R.: Rogue access point detection using innate characteristics of the 802.11 MAC. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 394–416. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05284-2_23
Viehbck, S.: Wi-Fi protected setup online pin brute force vulnerability (2011)
Yang, C., Song, Y., Gu, G.: Active user-side evil twin access point detection using statistical techniques. IEEE Trans. Inf. Forensics Secur. 7(5), 1638–1651 (2012)
Acknowledgement
This research has been co-financed by the European Union and Greek national funds through the Operational Program Competitiveness, Entrepreneurship and Innovation, under the call RESEARCH-CREATE-INNOVATE (project code: T1EDK-01958).
This work has been partly supported by the University of Piraeus Research Center.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Chatzisofroniou, G., Kotzanikolaou, P. (2021). Association Attacks in IEEE 802.11: Exploiting WiFi Usability Features. In: Groß, T., Tryfonas, T. (eds) Socio-Technical Aspects in Security and Trust. STAST 2019. Lecture Notes in Computer Science(), vol 11739. Springer, Cham. https://doi.org/10.1007/978-3-030-55958-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-55958-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-55957-1
Online ISBN: 978-3-030-55958-8
eBook Packages: Computer ScienceComputer Science (R0)