[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2664243.2664260acmotherconferencesArticle/Chapter ViewAbstractPublication PagesacsacConference Proceedingsconference-collections
research-article

Advanced Wi-Fi attacks using commodity hardware

Published: 08 December 2014 Publication History

Abstract

We show that low-layer attacks against Wi-Fi can be implemented using user-modifiable firmware. Hence cheap off-the-shelf Wi-Fi dongles can be used carry out advanced attacks. We demonstrate this by implementing five low-layer attacks using open source Atheros firmware. The first attack consists of unfair channel usage, giving the user a higher throughput while reducing that of others. The second attack defeats countermeasures designed to prevent unfair channel usage. The third attack performs continuous jamming, making the channel unusable for other devices. For the fourth attack we implemented a selective jammer, allowing one to jam specific frames already in the air. The fifth is a novel channel-based Man-in-the-Middle (MitM) attack, enabling reliable manipulation of encrypted traffic.
These low-layer attacks facilitate novel attacks against higher-layer protocols. To demonstrate this we show how our MitM attack facilitates attacks against the Temporal Key Integrity Protocol (TKIP) when used as a group cipher. Since a substantial number of networks still use TKIP as their group cipher, this shows that weaknesses in TKIP have a higher impact than previously thought.

References

[1]
http://modwifi.bitbucket.org/.
[2]
E. Bayraktaroglu, C. King, X. Liu, G. Noubir, R. Rajaraman, and B. Thapa. On the performance of IEEE 802.11 under jamming. In INFOCOM, 2008.
[3]
J. Bellardo and S. Savage. 802.11 denial-of-service attacks: real vulnerabilities and practical solutions. In Proc. of the 12th USENIX Security Symp., 2003.
[4]
D. S. Berger, F. Gringoli, N. Facchi, I. Martinovic, and J. Schmitt. Gaining insight on friendly jamming in a real-world IEEE 802.11 network. In WiSec, 2009.
[5]
G. Berger-Sabbatel, A. Duda, O. Gaudouin, M. Heusse, and F. Rousseau. Fairness and its impact on delay in 802.11 networks. In GLOBECOM, 2004.
[6]
M. Cagalj, S. Ganeriwal, I. Aad, and J.-P. Hubaux. On selfish behavior in CSMA/CA networks. In INFOCOM, 2005.
[7]
A. Cassola, W. Robertson, E. Kirda, and G. Noubir. A practical, targeted, and stealthy attack against wpa enterprise authentication. In NDSS Symp., Apr. 2013.
[8]
S. Ganu, K. Ramachandran, M. Gruteser, I. Seskar, and J. Deng. Methods for restoring MAC layer fairness in IEEE 802.11 networks with physical layer capture. In REALMAN, 2006.
[9]
D. Halperin, W. Hu, A. Sheth, and D. Wetherall. Tool release: Gathering 802.11n traces with channel state information. ACM SIGCOMM CCR, 2011.
[10]
F. M. Halvorsen, O. Haugen, M. Eian, and S. F. Mjølsnes. An improved attack on TKIP. In 14th Nordic Conf. on Secure IT Systems (NordSec), 2009.
[11]
IEEE Std 802.11-2012. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, 2012.
[12]
Y. S. Kim, P. Tague, H. Lee, and H. Kim. Carving secure wi-fi zones with defensive jamming. In ASIACCS, 2012.
[13]
A. Kochut, A. Vasan, A. U. Shankar, and A. Agrawala. Sniffing out the correct physical layer capture model in 802.11b. In ICNP, 2004.
[14]
J. Lee, W. Kim, S.-J. Lee, D. Jo, J. Ryu, T. Kwon, and Y. Choi. An experimental study on the capture effect in 802.11a networks. In Proc. of the 2nd ACM Intl. Workshop on Wireless Network Testbeds, Experimental Evaluation and Characterization, 2007.
[15]
M. Lynn and R. Baird. Advanced 802.11 attack. In Black Hat Briefings, 2002.
[16]
J. Manweiler, N. Santhapuri, S. Sen, R. Roy Choudhury, S. Nelakuditi, and K. Munagala. Order matters: Transmission reordering in wireless networks. In MobiCom, 2009.
[17]
V. Moen, H. Raddum, and K. J. Hole. Weaknesses in the temporal key hash of wpa. Mobile Computing and Comm. Review, 2004.
[18]
M. Morii and Y. Todo. Cryptanalysis for rc4 and breaking wep/wpa-tkip. IEICE Trans., 2011.
[19]
G. Noubir, R. Rajaraman, B. Sheng, and B. Thapa. On the robustness of ieee 802.11 rate adaptation algorithms against smart jamming. In WiSec, 2011.
[20]
T. Ohigashi and M. Morii. A practical message falsification attack on wpa. In Joint Workshop on Information Security (JWIS), 2009.
[21]
K. G. Paterson, B. Poettering, and J. C. Schuldt. Plaintext recovery attacks against wpa/tkip, 2013.
[22]
K. Pelechrinis, G. Yan, S. Eidenbenz, and S. Krishnamurthy. Detecting selfish exploitation of carrier sensing in 802.11 networks. In INFOCOM, 2009.
[23]
O. Queseth. The effect of selfish behavior in mobile networks using CSMA/CA. In Proc. of the 61st IEEE Vehicular Technology Conf., 2005.
[24]
S. Radosavac, J. S. Baras, and I. Koutsopoulos. A framework for MAC protocol misbehavior detection in wireless networks. In Proc. of the 4th ACM workshop on Wireless security, WiSe '05, 2005.
[25]
M. Raya, J.-P. Hubaux, and I. Aad. DOMINO: a system to detect greedy behavior in EEE 802.11 hotspots. In MobiSys, 2004.
[26]
P. Sepehrdad, S. Vaudenay, and M. Vuagnoux. Statistical attack on rc4 distinguishing wpa. In EUROCRYPT, 2011.
[27]
E. Tews and M. Beck. Practical attacks against WEP and wpa. In WiSec, 2009.
[28]
Y. Todo, Y. Ozawa, T. Ohigashi, and M. Morii. Falsification attacks against wpa-tkip in a realistic environment. IEICE Trans., 2012.
[29]
M. Vanhoef and F. Piessens. Practical verification of wpa-tkip vulnerabilities. In ASIACCS, 2013.
[30]
M. Wilhelm, I. Martinovic, J. B. Schmitt, and V. Lenders. Wifire: A firewall for wireless networks. In SIGCOMM, 2011.
[31]
W. Xu, W. Trappe, Y. Zhang, and T. Wood. The feasibility of launching and detecting jamming attacks in wireless networks. In Proc. of ACM MobiHoc, 2005.

Cited By

View all
  • (2024)RISiren: Wireless Sensing System Attacks via MetasurfaceProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690186(3332-3345)Online publication date: 2-Dec-2024
  • (2024)Untangling the Knot: Breaking Access Control in Home Wireless Mesh NetworksProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670380(2072-2086)Online publication date: 2-Dec-2024
  • (2024)Beamforming made Malicious: Manipulating Wi-Fi Traffic via Beamforming Feedback ForgeryProceedings of the 30th Annual International Conference on Mobile Computing and Networking10.1145/3636534.3690669(908-922)Online publication date: 4-Dec-2024
  • Show More Cited By
  1. Advanced Wi-Fi attacks using commodity hardware

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ACSAC '14: Proceedings of the 30th Annual Computer Security Applications Conference
    December 2014
    492 pages
    ISBN:9781450330053
    DOI:10.1145/2664243
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    • ACSA: Applied Computing Security Assoc

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 08 December 2014

    Permissions

    Request permissions for this article.

    Check for updates

    Qualifiers

    • Research-article

    Funding Sources

    Conference

    ACSAC '14
    Sponsor:
    • ACSA
    ACSAC '14: Annual Computer Security Applications Conference
    December 8 - 12, 2014
    Louisiana, New Orleans, USA

    Acceptance Rates

    Overall Acceptance Rate 104 of 497 submissions, 21%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)96
    • Downloads (Last 6 weeks)20
    Reflects downloads up to 21 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)RISiren: Wireless Sensing System Attacks via MetasurfaceProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690186(3332-3345)Online publication date: 2-Dec-2024
    • (2024)Untangling the Knot: Breaking Access Control in Home Wireless Mesh NetworksProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670380(2072-2086)Online publication date: 2-Dec-2024
    • (2024)Beamforming made Malicious: Manipulating Wi-Fi Traffic via Beamforming Feedback ForgeryProceedings of the 30th Annual International Conference on Mobile Computing and Networking10.1145/3636534.3690669(908-922)Online publication date: 4-Dec-2024
    • (2024)Segment-Based Formal Verification of WiFi Fragmentation and Power Save ModeProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637667(753-768)Online publication date: 1-Jul-2024
    • (2024)The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3352981(1-17)Online publication date: 2024
    • (2024)Max-Min Fairness in RIS-Assisted Anti-Jamming Communications: Optimization Versus Deep Reinforcement Learning ApproachesIEEE Transactions on Communications10.1109/TCOMM.2024.337135972:7(4476-4492)Online publication date: Jul-2024
    • (2024)Mapping Cyber Attacks on the Internet of Medical Things: A Taxonomic Review2024 19th Annual System of Systems Engineering Conference (SoSE)10.1109/SOSE62659.2024.10620925(84-91)Online publication date: 23-Jun-2024
    • (2024)Reactive Jamming of the Helium Network2024 IEEE 21st Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51664.2024.10454757(296-301)Online publication date: 6-Jan-2024
    • (2024)Countermeasuring Aggressors via Intelligent Adaptation of Contention Window in CSMA/CA SystemsIEEE Access10.1109/ACCESS.2024.341623212(88216-88230)Online publication date: 2024
    • (2024)A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi NetworksIEEE Access10.1109/ACCESS.2024.336280312(23096-23121)Online publication date: 2024
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media