Commodity Wi-Fi networks are particularly vulnerable to attacks because of factors such as shared medium, security protocol design flaws, insufficient software implementations, potential for hardware deficits, and improper configurations. Among all the security threats, two widely observed hazards are the prevalence of wireless eavesdroppers and rogue devices. Wireless eavesdropping refers to the activities of monitoring, sniffing and collecting broadcasted frames. It provides adversaries with necessary information for obtaining a free Internet connection, compromising and intruding into a wireless network, and creating rogue devices. A rogue device is typically referred to as an unauthorized one in the literature. This type of devices can be easily deployed by end-users with a malicious or selfish purpose. When a rogue device is connected to a network, it can be used by adversaries for committing espionage and launching various advanced attacks.
In practice, few network administrators have both the detailed visibility into network behavior and the breadth of knowledge needed to diagnose such security problems. When they do, the process is highly labor intensive and rarely cost effective except for the most severe and persistent problems. Even then, the range of interactions and lack of visibility into their causes may stymie manual diagnosis. As a result, it motivates us to develop efficient and comprehensive solutions to prevent commodity Wi-Fi networks from wireless eavesdroppers and rogue devices.
In this work, we start by examining a widely accepted myth about achieving passive wireless eavesdropping in Wi-Fi networks. We identify several sources that can reveal the existence of eavesdroppers and develop a series of techniques to detect such eavesdroppers in Chapter.2. These proposed eavesdropper detection techniques can greatly increase the bar of unauthorized use or penetration of a wireless network. Further, we give a detailed description of how to achieve real "passive eavesdropping," which is also employed by our passive frame collector described in Chapter.3.
Next, we give a comprehensive taxonomy of rogue APs and their corresponding scenarios, which were not discussed in the literature before. To defend commodity Wi-Fi networks from various types of rogue APs, we develop a practical and comprehensive hybrid rogue access point (RAP) detection framework for commodity Wi-Fi networks in Chapter.3. It is the first scheme that combines the distributed wireless media surveillance and user " fingerprinting ", and the centralized wired end socket level traffic examination. The former is designed not only to detect various types of rogue access points (APs), but also to discover suspicious activities so as to prevent the adversaries from turning victim APs into rogue devices. Moreover, the socket level traffic analysis helps our frame work to achieve a finer granularity on rogue AP detection among the existing schemes. Our proposed framework employs novel techniques to increase network resilience by thwarting malicious and selfish behavior that could undermine the security of a commodity Wi-Fi network.
Moreover, to identify or discover rogue clients that have breached network security mechanisms, we proposed a multiple characteristics based rogue user detection technique. The proposed technique can function as a stand alone program or be a part of our rogue AP protection framework. We evaluated its performance under different complicated scenarios including strict time constraints, lossy environments, and various wireless trace data sets with complex features. The evaluation results demonstrate that the proposed technique greatly enhanced the accuracy and robustness of rogue user detection. Thus, it can further strengthen our rogue AP protection framework in the battle with selfish and malicious behaviors in commodity Wi-Fi networks.
Our proposed framework has the following niceproperties: (i) it requires neither specialized hardware nor modification to existing standards; (ii) the proposed mechanism greatly improves the rogue AP detection probability so that network resilience is improved; (iii) it provides a cost-effective solution to Wi-Fi network security enhancement by incorporating free but mature software tools; (iv) it can protect the network from adversaries capable of using customized equipment and/or violating the IEEE 802.11 standard; (v) its open architecture allows extra features to be easily added on in the future. Our analysis demonstrates that this hybrid rogue AP protection framework is capable of revealing rogue devices and preempting potential attacks with a low overhead. We conclude with some directions for further research.
Keywords. IEEE 802.11 networks, wireless eavesdropping, rogue access points, rogue clients, naïve Bayesian classifier, intrusion detection, security. (Abstract shortened by UMI.)
Recommendations
Advanced Wi-Fi attacks using commodity hardware
ACSAC '14: Proceedings of the 30th Annual Computer Security Applications ConferenceWe show that low-layer attacks against Wi-Fi can be implemented using user-modifiable firmware. Hence cheap off-the-shelf Wi-Fi dongles can be used carry out advanced attacks. We demonstrate this by implementing five low-layer attacks using open source ...
Traffic Hijacking in Wi-Fi Networks via ICMP Redirects
ACM TURC '23: Proceedings of the ACM Turing Award Celebration Conference - China 2023This paper uncovers a vulnerability involving identity spoofing through cross-layer interactions among Wi-Fi, IP, and ICMP protocols. The discovered vulnerability enables an off-path attacker to impersonate the Access Point (AP) of a Wi-Fi network, ...