Wireless Network

Security Attacks and

vulnerabilities;
Chapter 3
Wireless Security Protocols
• Wireless security protocols are encryption standards developed to
secure data on wireless networks, providing protection against
unauthorized access and data interception. E
• ach protocol varies in its level of security, depending on its encryption
algorithms and authentication methods.
• Here is a summary of the primary protocols, from the earliest to the
latest.
WEP (Wired Equivalent Privacy)
• Introduction: WEP was introduced in 1997 as part of the original IEEE
802.11 standard. It was the first security protocol for wireless networks.
• Encryption: Uses RC4 stream cipher with either a 40-bit or 104-bit
encryption key.
• Security Weaknesses:
• Weak Initialization Vector (IV): WEP's short and predictable IV leads to high
chances of key reuse, allowing attackers to deduce the encryption key.
• Easily Breakable: Attackers can crack WEP encryption quickly, using readily
available tools.
• Status: Deprecated and considered highly insecure. Not recommended for
any network.
WPA (Wi-Fi Protected Access)
• Introduction: WPA was developed to address WEP’s weaknesses and was introduced
in 2003 as an interim solution while WPA2 was being developed.
• Encryption: Uses TKIP (Temporal Key Integrity Protocol), which dynamically generates
a new 128-bit key for each packet to improve security.
• Security Improvements:
• Dynamic Key Generation: TKIP assigns a unique key for each packet, making attacks more
challenging.
• Message Integrity Check (MIC): Helps prevent packets from being tampered with during
transmission.
• Limitations:
• Still Vulnerable to Certain Attacks: Although more secure than WEP, WPA is still susceptible to
dictionary attacks.
• Status: Considered outdated but can be used if WPA2 or WPA3 are not available.
WPA2 (Wi-Fi Protected Access
II)
• Introduction: WPA2, introduced in 2004, became mandatory for Wi-Fi
certification in 2006 and remains widely used today.
• Encryption: Employs AES (Advanced Encryption Standard) with CCMP
(Counter Mode with Cipher Block Chaining Message Authentication
Code Protocol) for stronger encryption and integrity.
• Security Enhancements:
• AES Encryption: Provides a robust encryption method, making it highly
resistant to attacks.
• CCMP: Replaces TKIP with a more secure protocol for message integrity and
confidentiality.
• Vulnerabilities:
• KRACK Attack: Discovered in 2017, the Key Reinstallation Attack (KRACK)
exploits vulnerabilities in WPA2, enabling attackers to intercept data if they
can force the reinstallation of encryption keys.
• Status: WPA2 is still widely used and secure, especially with firmware
patches to address KRACK vulnerabilities.
WPA3 (Wi-Fi Protected Access
III)
• Introduction: WPA3 was launched in 2018 to provide a stronger security standard, addressing
WPA2's known vulnerabilities and introducing advanced security features.
• Encryption: Uses AES with an enhanced authentication protocol called SAE (Simultaneous
Authentication of Equals).
• Key Security Features:
• SAE (Simultaneous Authentication of Equals): Provides a more secure handshake than WPA2, making it
resilient to dictionary attacks.
• Forward Secrecy: Ensures that even if a key is compromised, past communication cannot be decrypted.
• Protected Management Frames (PMF): Prevents attackers from using deauthentication or disassociation
attacks to disconnect users from the network.
• Additional Security for IoT:
• Easy Connect: Simplifies secure network connections for devices without displays, like IoT devices.
• Status: WPA3 is the current standard for wireless security and is recommended for all new
networks due to its enhanced protection.
Comparison of Wireless Security
Protocols
Encryption Key Integrity
Protocol Vulnerabilities Security Level
Algorithm Management Protocol

Easily cracked,
WEP RC4 Weak IV None Low
weak IV

WPA TKIP Dynamic MIC Dictionary attacks Moderate

WPA2 AES with CCMP Dynamic CCMP KRACK attack High

WPA3 AES with SAE Dynamic PMF Minimal Very High

Attack mitigating
• Use WPA3: If possible, configure all networks to WPA3 for maximum
security.
• Secure Passwords: Use strong, unique passwords to prevent brute-
force attacks.
• Disable WPS: Wi-Fi Protected Setup (WPS) is vulnerable to attacks
and should be disabled if security is a priority.
• Regular Firmware Updates: Update all routers and network devices
to ensure they have the latest security patches.
• Monitor the Network: Regularly check for unauthorized devices or
suspicious activities on the network.
Common Wireless Network
Attacks
• Wireless networks are prone to various types of attacks due to their
open nature and the lack of physical boundaries.
• Here are some of the most common attacks that target wireless
networks
1. Passive Attacks
• Definition: An attacker listens to network traffic without altering it.
These attacks are harder to detect since they don’t interfere with
normal network operations.
• Example: Eavesdropping or traffic sniffing.
• Impact: Allows attackers to gather sensitive information, such as login
credentials or personal data, from unencrypted communications.
2. Active Attacks
• Definition: The attacker interacts with network traffic by injecting,
modifying, or disrupting communications.
• Example: Packet injection, jamming, or data manipulation.
• Impact: Can disrupt network services, manipulate data, or allow
unauthorized access to network resources.
3. Specific Attack Types
• Man-in-the-Middle (MITM) Attacks:
• Description: The attacker intercepts communication between a user and a
network by positioning themselves in the middle.
• Mechanism: Commonly done by ARP spoofing, rogue access points, or
session hijacking.
• Impact: Allows attackers to steal sensitive information or alter communication
between the two parties without their knowledge.
• Evil Twin Attacks:
• Description: The attacker sets up a fake Wi-Fi access point (AP) that
resembles a legitimate one.
• Mechanism: When users connect to this fake AP, the attacker can monitor all
transmitted data.
• Impact: Exposes user data, login credentials, and can lead to malware
installation.
• Packet Sniffing:
• Description: Capturing data packets traveling over the network, often
unencrypted, to collect sensitive information.
• Mechanism: Packet sniffers monitor the network’s traffic, intercepting
packets and logging data.
• Impact: Can lead to data theft if sensitive information like login details
or personal data is captured.
• Denial-of-Service (DoS) Attacks:
• Description: Overwhelms the network or specific devices, making the service
inaccessible to legitimate users.
• Mechanism: Jamming the wireless signal, flooding the network with excessive
traffic, or de-authenticating users.
• Impact: Disrupts service for users, potentially halting operations for a
business or causing inconvenience to individuals.
• Replay Attacks:
• Description: The attacker captures legitimate data packets and re-sends
(replays) them to trick the network or device.
• Mechanism: Often targets authentication packets to gain unauthorized access
to the network.
• Impact: Allows attackers to bypass authentication and access network
resources without authorization
• MAC Spoofing:
• Description: The attacker changes their device’s MAC address to match an
authorized device on the network.
• Mechanism: By using a cloned MAC address, the attacker gains network
access and bypasses MAC filtering.
• Impact: Grants unauthorized access, potentially allowing the attacker to
access restricted areas of the network.
• Rogue Access Points:
• Description: Unauthorized APs are set up within a secure network to lure
users or intercept data.
• Mechanism: These APs operate on the same network SSID, deceiving users
into connecting.
• Impact: Allows attackers to intercept communications or introduce malware
to devices connected to the rogue AP.
• Key Reinstallation Attacks (KRACK):
• Description: Exploits a vulnerability in the WPA2 protocol by forcing devices
to reinstall encryption keys.
• Mechanism: Repeatedly resets the encryption key, allowing partial decryption
of data.
• Impact: Enables attackers to intercept data thought to be protected, making
sensitive information vulnerable.
Prevention and Mitigation
Strategies
• Strong Encryption: Use WPA3 whenever possible to protect against
eavesdropping and MITM attacks.
• Network Monitoring: Regularly scan for unauthorized devices, rogue
APs, or unusual traffic patterns.
• Secure Authentication: Use strong, unique passwords, multi-factor
authentication, and disable WPS.
• User Awareness: Educate users on the risks of connecting to
unknown networks and recognizing fake APs.
• Update Firmware: Keep all network devices up to date to protect
against vulnerabilities like KRACK.
Wireless Network
Vulnerabilities
• Weak Encryption Protocols:
• Protocols like WEP and early versions of WPA have been cracked; they
provide minimal security.
• Authentication Flaws:
• Vulnerabilities in how devices authenticate with networks can allow
unauthorized access.
• Poor Access Point Management:
• Weak passwords, default settings, and unmonitored access points can
be entry points for attackers.
• Misconfigured Devices:
• Weak firewall settings, open ports, and unpatched firmware on access
points or devices increase attack surfaces.
• Insecure IoT Devices:
• IoT devices often have weak security and are vulnerable to
compromise, making networks susceptible to attacks.
• Human Error:
• Users may unknowingly connect to malicious access points or disclose
sensitive information, leading to security risks
Defensive Strategies and
mitigating
• Upgrading Security Protocols:
• Use WPA3 for enhanced security; avoid WEP and earlier WPA
versions.
• Strong Authentication Mechanisms:
• Implement Multi-Factor Authentication (MFA) and unique credentials
to restrict unauthorized access.
• Regular Monitoring and Scanning:
• Regularly check for unauthorized devices or unusual network activity.
• Implementing Network Segmentation:
• Divide networks to limit access to sensitive data, isolating vulnerable
devices from critical resources.
• Enforcing Secure Configuration:
• Disable WPS, set strong passwords, and regularly update firmware to
minimize vulnerabilities.
• Education and Training:
• Teach users to recognize and avoid suspicious networks, particularly
open or unsecured networks.