How is your Wi-Fi connection today? DoS attacks on WPA3-SAE

Chatzoglou, Efstratios; Kambourakis, Georgios; Kolias, Constantinos

doi:10.1016/j.jisa.2021.103058

Cited by 23 publications

(28 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Given that AWID3 has much more samples, and it was created with the PMF always active, a logical assumption (which is further validated in section VI) is that this dataset will produce somewhat better classification results compared to those of AWID2. Recall that PMF protects against deauthentication and disassociation attacks, therefore, as detailed in § 5 of [21] and in [22], an attacker would need to persistently spray with unencrypted Deauthentication and Disassociation frames in an attempt to achieve DoS or choose other avenues, say, PMF protected deauthentication frames that exploit a zero-day vulnerability as given in § 6 of [19]. Based on the previous assumption, following a trial-and-error approach, we first examined the shallow classification of AWID2.…”

Section: Methodsmentioning

confidence: 99%

“…1) frame.len: The total length of a frame can be an indication of an ongoing attack, especially when analyzing protected (normal) vis-à-vis unprotected (attack) frames. For instance, with reference to AWID3 CSV Therefore, as demonstrated in [19] (refer for instance to the so-called "Radio confusion" and "Radio confusion revisited" attacks), this feature can aid in identifying impersonation or flooding assaults unfolding simultaneously over different channels. 6) radiotap.channel.type.ofdm: It is used to state if the radio channel uses OFDM modulation 4 .…”

Section: A Feature Selectionmentioning

confidence: 99%

“…PMF cryptographically protects sensitive management frames, namely Deauthentication, Disassociation, and Action frames. Therefore, for causing a DoS situation, the opponent can only transmit unprotected Deauthentication or Disassociation frames in an effort to disconnect a device [21] or rely on other types of frames such as the Simultaneous Authentication of Equals (SAE) ones [19]. Put simply, the features that make the difference here are the frame.len, which is increased for every protected frame, and the wlan.fc.protected, which is always set for protected Deauthentication or Disassociation frames.…”

Section: F Takeaways and Future Directionsmentioning

confidence: 99%

See 2 more Smart Citations

Pick Quality Over Quantity: Expert Feature Selection and Data Preprocessing for 802.11 Intrusion Detection Systems

et al. 2022

Self Cite

View full text Add to dashboard Cite

Wi-Fi is arguably the most proliferated wireless technology today. Due to its massive adoption, Wi-Fi deployments always remain in the epicenter of attackers and evildoers. Surprisingly, research regarding machine learning driven intrusion detection systems (IDS) that are specifically optimized to detect Wi-Fi attacks is lagging behind. On top of that, the field is dominated by false or half-true assumptions that potentially can lead to corresponding models being overfilled to certain validation datasets, simply giving the impression or illusion of high efficiency. This work attempts to provide concrete answers to the following key questions regarding IEEE 802.11 machine learning driven IDS. First, from an expert's viewpoint and with reference to the relevant literature, what are the criteria for determining the smallest possible set of classification features, which are also common and potentially transferable to virtually any deployment types/versions of 802.11? And second, based on these features, what is the detection performance across different network versions and diverse machine learning techniques, i.e., shallow versus deep learning ones? To answer these questions, we rely on the renowned 802.11 security-oriented AWID family of datasets. In a nutshell, our experiments demonstrate that with a rather small set of 16 features and without the use of any optimization or ensemble method, shallow and deep learning classification can achieve an average F1 score of up to 99.55% and 97.55%, respectively. We argue that the suggested human expert driven feature selection leads to lightweight, deployment-agnostic detection systems, and therefore can be used as a basis for future work in this interesting and rapidly evolving field.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: A Feature Selectionmentioning

confidence: 99%

Section: F Takeaways and Future Directionsmentioning

confidence: 99%

See 1 more Smart Citation

Pick Quality Over Quantity: Expert Feature Selection and Data Preprocessing for 802.11 Intrusion Detection Systems

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…The respective contemporary AP models were ASUS RT-AX88U, DIR-X1860, MR7350, AX1800, RAX40, and AX10v1, respectively. Excluding legacy or common Wi-Fi vulnerabilities [36][37][38], for such devices, an essential concern is the protection of the Wi-Fi passphrase, i.e., the key(s) to connect to the Wi-Fi network. Another major concern is the safeguarding of the user credentials used to connect to the AP's web-based management interface.…”

Section: Access Pointsmentioning

confidence: 99%

Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny

Chatzoglou

Kambourakis

Smiliotopoulos

2022

Sensors

Self Cite

View full text Add to dashboard Cite

The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, which are becoming increasingly popular, and sometimes are even required to operate the device. Nevertheless, the use of such apps may indirectly magnify the attack surface of the IoT device itself and expose the end-user to security and privacy breaches. Therefore, a key question arises: do these apps curtail their functionality to the minimum needed, and additionally, are they secure against known vulnerabilities and flaws? In seek of concrete answers to the aforesaid question, this work scrutinizes more than forty chart-topping Android official apps belonging to six diverse mainstream categories of IoT devices. We attentively analyse each app statically, and almost half of them dynamically, after pairing them with real-life IoT devices. The results collected span several axes, namely sensitive permissions, misconfigurations, weaknesses, vulnerabilities, and other issues, including trackers, manifest data, shared software, and more. The short answer to the posed question is that the majority of such apps still remain susceptible to a range of security and privacy issues, which in turn, and at least to a significant degree, reflects the general proclivity in this ecosystem.

show abstract

“…On the other hand, mainstream digital technologies are also in the crosshairs of a variety of threat actors. Furthermore, while the 802.11 standard has greatly advanced over the years in terms of security, recent research work indicates that even the latest defenses, say, the Simultaneous Authentication of Equals (SAE) authentication and key exchange method and the Protected Management Frames (PMF) mechanism, embraced by the most recent at the time of writing 802.11-2020 standard are not impermeable [ 2 , 3 , 4 ]. Through a security prism, the situation becomes more cumbersome and complicated, given that at least infrastructure-based Wi-Fi domains co-exist with their wired counterparts, and therefore the former can be used as a springboard for attacking the latter.…”

Section: Introductionmentioning

confidence: 99%

Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features

Chatzoglou

Kambourakis

Smiliotopoulos

et al. 2022

Sensors

Self Cite

View full text Add to dashboard Cite

Intrusion detection in wireless and, more specifically, Wi-Fi networks is lately increasingly under the spotlight of the research community. However, the literature currently lacks a comprehensive assessment of the potential to detect application layer attacks based on both 802.11 and non-802.11 network protocol features. The investigation of this capacity is of paramount importance since Wi-Fi domains are often used as a stepping stone by threat actors for unleashing an ample variety of application layer assaults. In this setting, by exploiting the contemporary AWID3 benchmark dataset along with both shallow and deep learning machine learning techniques, this work attempts to provide concrete answers to a dyad of principal matters. First, what is the competence of 802.11-specific and non-802.11 features when used separately and in tandem in detecting application layer attacks, say, website spoofing? Second, which network protocol features are the most informative to the machine learning model for detecting application layer attacks? Without relying on any optimization or dimensionality reduction technique, our experiments, indicatively exploiting an engineered feature, demonstrate a detection performance up to 96.7% in terms of the Area under the ROC Curve (AUC) metric.

show abstract

How is your Wi-Fi connection today? DoS attacks on WPA3-SAE

Cited by 23 publications

References 5 publications

Pick Quality Over Quantity: Expert Feature Selection and Data Preprocessing for 802.11 Intrusion Detection Systems

Pick Quality Over Quantity: Expert Feature Selection and Data Preprocessing for 802.11 Intrusion Detection Systems

Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny

Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features

Contact Info

Product

Resources

About