On the Robustness of Wi-Fi Deauthentication Countermeasures

Schepers, Domien; Ranganathan, Aanjhan; Vanhoef, Mathy

doi:10.1145/3507657.3528548

Cited by 17 publications

(19 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, to reduce the risk of false negatives, two false deauthentication frames or three total deauthentication frames received within 2 s are required to complete the state transitions and trigger an attack state. The 2-s-window was chosen as it is the deauthentication timeout value [ 35 ] set by hostapd , a commonly used control and authentication daemon on Linux based WAPs. This approach also compensates for any poor device identification results, an example of which can be seen in Table 4 with the Realtek and MacBook Air combination.…”

Section: Discussionmentioning

confidence: 99%

Preventing Attacks on Wireless Networks Using SDN Controlled OODA Loops and Cyber Kill Chains

Zanna

Radcliffe

Kumar

2022

Sensors

View full text Add to dashboard Cite

Impersonation-based attacks on wireless networks are easy to perform and can significantly impact network security. Their detection is problematic due to the attacks utilizing legitimate functions. This paper proposes a novel algorithm based on Observe-Orientate-Decide-Act (OODA) loop and Cyber Kill Chain (CKC) strategies to detect and neutralize these attacks. To evaluate this approach, we conducted experiments using four attack methods on a wireless router equivalent device, five wireless client devices, and two attack devices. The system employs a Radio Frequency (RF) device identification system and attack state machine implemented using a Software Defined Networking (SDN) architecture and the P4 programming language. The technique remains compliant with the IEEE 802.11 standard and requires no client-side modifications. The results show that the RF section detected 97.5% (average) of impersonated frames, and the overall method neutralized all attacks in the four attack scenarios. This outcome demonstrates that this technique, built on the OODA loops and CKC methodology, using SDN architecture and P4, is suitable for real-time detection and prevention of wireless impersonation attacks.

show abstract

Section: Discussionmentioning

confidence: 99%

Preventing Attacks on Wireless Networks Using SDN Controlled OODA Loops and Cyber Kill Chains

Zanna

Radcliffe

Kumar

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…• Given that AWID3 has much more samples, and it was created with the PMF always active, a logical assumption (which is further validated in section VI) is that this dataset will produce somewhat better classification results compared to those of AWID2. Recall that PMF protects against deauthentication and disassociation attacks, therefore, as detailed in § 5 of [21] and in [22], an attacker would need to persistently spray with unencrypted Deauthentication and Disassociation frames in an attempt to achieve DoS or choose other avenues, say, PMF protected deauthentication frames that exploit a zero-day vulnerability as given in § 6 of [19]. Based on the previous assumption, following a trial-and-error approach, we first examined the shallow classification of AWID2.…”

Section: Methodsmentioning

confidence: 99%

Pick Quality Over Quantity: Expert Feature Selection and Data Preprocessing for 802.11 Intrusion Detection Systems

et al. 2022

View full text Add to dashboard Cite

Wi-Fi is arguably the most proliferated wireless technology today. Due to its massive adoption, Wi-Fi deployments always remain in the epicenter of attackers and evildoers. Surprisingly, research regarding machine learning driven intrusion detection systems (IDS) that are specifically optimized to detect Wi-Fi attacks is lagging behind. On top of that, the field is dominated by false or half-true assumptions that potentially can lead to corresponding models being overfilled to certain validation datasets, simply giving the impression or illusion of high efficiency. This work attempts to provide concrete answers to the following key questions regarding IEEE 802.11 machine learning driven IDS. First, from an expert's viewpoint and with reference to the relevant literature, what are the criteria for determining the smallest possible set of classification features, which are also common and potentially transferable to virtually any deployment types/versions of 802.11? And second, based on these features, what is the detection performance across different network versions and diverse machine learning techniques, i.e., shallow versus deep learning ones? To answer these questions, we rely on the renowned 802.11 security-oriented AWID family of datasets. In a nutshell, our experiments demonstrate that with a rather small set of 16 features and without the use of any optimization or ensemble method, shallow and deep learning classification can achieve an average F1 score of up to 99.55% and 97.55%, respectively. We argue that the suggested human expert driven feature selection leads to lightweight, deployment-agnostic detection systems, and therefore can be used as a basis for future work in this interesting and rapidly evolving field.

show abstract

“…In the context of WPT, this could cause the charging session to abort. With the introduction of IEEE 802.11w, these deauthentication messages must be authenticated, limiting the broadcast to the legitimate station [38]. By default, IEEE 802.11 networks that use WPA3 need to follow the IEEE 802.11w standard [38], [43].…”

Section: B Denial-of-service (Dos)mentioning

confidence: 99%

“…With the introduction of IEEE 802.11w, these deauthentication messages must be authenticated, limiting the broadcast to the legitimate station [38]. By default, IEEE 802.11 networks that use WPA3 need to follow the IEEE 802.11w standard [38], [43]. However, as recent research by [38] has shown, even networks that use WPA3 can be vulnerable to deauthentication attacks.…”

Section: B Denial-of-service (Dos)mentioning

confidence: 99%

See 1 more Smart Citation

On the Security of the Wireless Electric Vehicle Charging Communication

Köhler

Birnbach

Baker

et al. 2022

2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)

View full text Add to dashboard Cite

The adoption of fully Electric Vehicles (EVs) is happening at a rapid pace. To make the charging as fast and convenient as possible, new charging approaches are developed constantly. One such approach is wireless charging, also known as Wireless Power Transfer (WPT). Instead of charging an EV via a charging cable, the battery is charged wirelessly. For safety and efficiency reasons, the vehicle and the charging station continuously exchange critical information about the charging process. This includes, e.g., the maximum voltage and current, battery temperature, and State of Charge (SoC). Since there is no physical connection between the vehicle and the charging station, this necessary control communication has to be implemented as a wireless connection. However, if the communication is interrupted, the charging process is aborted for safety reasons.In this paper, we analyze the attack surface of EV charging standards that use such a wireless control communication.More specifically, we discuss potential wireless attacks that can violate the availability and analyze the implemented security features of a real-world wireless charging station that has already been deployed. We found that the tested charging station does not implement even simple security measures, such as IEEE 802.11w, that can protect the communication from denial-ofservice attacks. Finally, we discuss potential countermeasures, and give recommendations to improve the security and increase the resilience of wireless charging.

show abstract

On the Robustness of Wi-Fi Deauthentication Countermeasures

Cited by 17 publications

References 27 publications

Preventing Attacks on Wireless Networks Using SDN Controlled OODA Loops and Cyber Kill Chains

Preventing Attacks on Wireless Networks Using SDN Controlled OODA Loops and Cyber Kill Chains

Pick Quality Over Quantity: Expert Feature Selection and Data Preprocessing for 802.11 Intrusion Detection Systems

On the Security of the Wireless Electric Vehicle Charging Communication

Contact Info

Product

Resources

About