Authors:
Yi Li
1
;
Marcos Serrano
1
;
Tommy Chin
2
;
Kaiqi Xiong
1
and
Jing Lin
1
Affiliations:
1
Intelligent Computer Networking and Security Lab, University of South Florida, Tampa and U.S.A.
;
2
Department of Computing Security, Rochester Institute of Technology, Rochester and U.S.A.
Keyword(s):
KRACK, Software-defined Networking, WPA2, Network Security.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Network Security
;
Security and Privacy in Mobile Systems
;
Wireless Network Security
Abstract:
Most modern Wi-Fi networks are secured by the Wi-Fi Protected Access II (WPA2) protocol that uses a 4-way handshake. Serious weaknesses have been discovered in this 4-way handshake that allows attackers to perform key reinstallation attacks (KRACKs) within the range of an Access Point (AP) to intercept personal information. In this paper, we study KRACK and present a software-defined networking (SDN)-based detection and mitigation framework to defend against KRACK. The proposed framework leverages the characteristic of an SDN controller, a global view of a network, to monitor and manage a Wi-Fi network traffic. It consists of two main components: detection and mitigation modules. Both of them are deployed on the SDN controller. The detection module will monitor network traffic and detect the duplicated message 3 of the 4-way handshake. Once KRACK has been detected, the mitigation module will update the flow table to redirect the attack traffic to a splash portal, which is a place to
store attack traffic. Extensive experimental results demonstrate that the proposed framework can efficiently detect and mitigate KRACK. We achieve an average of 170.926 ms to detect KRACK and an average of 10.041 ms to mitigate KRACK in our experiments.
(More)