Analysis of deauthentication attack in IEEE 802.11 networks and a proposal for its detection
Abstract
The article issues related to IEEE 802.11 technology are considered, described in detail the vulnerability that allows an attacker to perform a deauthentication attack. Analysis and practical experiments have shown that the existing vulnerability of Wi-Fi technology still remains dangerous to legitimate users, and using it, an attacker can send deauthentication frames, which results in disruption of communication between clients and the access points to which they are connected. For research were used Kali Linux OS, Aircrack-ng tool to launch attacks and Wireshark to capture and analyze IEEE 802.11 frames. Experimental studies allowed to identify anomalies during the attack and based on them, an algorithm for detecting deauthentication attacks was offered. The proposed solution uses a combination of three parameters (reason code, timestmap, RSSI signal strength level), which in our opinion will reduce the frequency of false positives. It is proposed to use the DDA (Detector of Deauthentication Attack), which will scan and analyze wireless traffic, and issue warnings in the event of an attack.
Downloads
References
/References
M. Waliullah and D. Gan, "Wireless LAN Security Threats & Vulnerabilities", International Journal of Advanced Computer Science and Applications, vol. 5, no. 1, pp. 176-183, 2014 https://doi.org/10.14569/ijacsa.2014.050125
C. Kolias, G. Kambourakis, A. Stavrou and S. Gritzalis, "Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset", IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 184-208, 2016 https://doi.org/10.1109/comst.2015.2402161
M. Chan Aung and K. Thant, "Detection and mitigation of wireless link layer attacks", 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA), pp. 173-178, 2017 https://doi.org/10.1109/sera.2017.7965725
H. A. Noman, S. M. Abdullah, and H. I. Mohammed, "An automated approach to detect deauthentication and disassociation dos attacks on wireless 802.11 networks", International Journal of Computer Science Issues (IJCSI), vol. 12, no. 4, pp. 107-112, 2015 https://www.ijcsi.org/papers/IJCSI-12-4-107-112.pdf
Deep Joshi, Dr. Ved Vyas Dwivedi, K.M.Pattani “De-Authentication attack on wireless network 802.11i using Kali Linux”, International Research Journal of Engineering and Technology (IRJET), Volume, 04 Issue, pp. 1666-1669, 2017 https://www.irjet.net/archives/V4/i1/IRJET-V4I1331.pdf
Korolkov R.Y. and Kutsak S.V "The features of a deauthentication attack implementation in networks 802.11", Ukrainian Information Security Research Journal, vol. 21, no. 3, pp. 175-181, 2019 https://doi.org/10.18372/2410-7840.21.13953 [in Ukrainian]
R. Cheema, D. Bansal and S. Sofat, "Deauthentication/Disassociation Attack: Implementation and Security in Wireless Mesh Networks", International Journal of Computer Applications, vol. 23, no. 7, pp. 7-15, 2011 https://doi.org/10.5120/2901-3801
J. Milliken, V. Selis, K. Yap and A. Marshall, "Impact of Metric Selection on Wireless DeAuthentication DoS Attack Performance", IEEE Wireless Communications Letters, vol. 2, no. 5, pp. 571-574, 2013 https://doi.org/10.1109/wcl.2013.072513.130428
C. Kohlios and T. Hayajneh, "A Comprehensive Attack Flow Model and Security Analysis for Wi-Fi and WPA3", Electronics, vol. 7, no. 11, p. 284, 2018. https://doi.org/10.3390/electronics7110284
Mofreh Salem, Amany Sarha, Mostafa Abu-Bakr “A DOS Attack Intrusion Detection and Inhibition Technique for Wireless Computer Networks” ICGST- CNIR, Volume (7), Issue (I), pp. 17-24, 2007 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.469.5991
IEEE standard for information technology-telecommunications and information exchange between systems-local and metropolitan area networks-specific requirements - part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Std 802.11-2007 (Revision of IEEE Std 802.11-1999), C1–1184, 2007 https://standards.ieee.org/standard/802_11-2007.html
Masiukiewicz Antoni, Tarykin Viktor, Podvornyi Vova, “Tools for Wi-Fi Network Security Analysis”, Vistula Scientific Quarterly, 3(49), pp. 114-134, 2016 http://cejsh.icm.edu.pl/cejsh/element/bwmeta1.element.desklight-60891997-7f20-4acc-bda8-de4e8b4a3dac/c/KNUV_3_49_2016.114-134.pdf
John Bellardo and Stefan Savage “Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions”, Published in 12th USENIX Security Symposium Washington, D.C., USA, pp. 15-27, 2003 https://cseweb.ucsd.edu/~savage/papers/UsenixSec03.pdf
M. Agarwal, S. Biswas and S. Nandi, "Detection of De-authentication Denial of Service attack in 802.11 networks", 2013 Annual IEEE India Conference (INDICON), pp. 1-6, 2013 https://doi.org/10.1109/indcon.2013.6726015
Deauthentication reason code table. [Online]. – Available: https://www.cisco.com/assets/sol/sb/WAP371_Emulators/WAP371_Emulator_v1-0-1-5/help/Apx_ReasonCodes2.html [Accessed: March 30, 2021].
How to increase wifi adapter power [Online]. – Available: https://www.kalitut.com/2019/04/how-to-increase-wifi-txpower.html [Accessed: March 30, 2021].
TJ OConnor “Detecting and responding to data link layer attacks”, SANS Institute InfoSec Reading Room, October 13, 2010 https://www.sans.org/reading-room/whitepapers/intrusion/paper/33513
Z. Afzal, J. Rossebo, B. Talha and M. Chowdhury, "A Wireless Intrusion Detection System for 802.11 networks", 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 828-834, 2016 https://doi.org/10.1109/wispnet.2016.7566249
A. Arora, “Preventing wireless deauthentication attacks over 802.11 networks,” ArXiv, vol. abs/1901.07301, 2019 https://arxiv.org/pdf/1901.07301.pdf
S. Wang, J. Wang, C. Feng and Z. Pan, "Wireless Network Penetration Testing and Security Auditing", ITM Web of Conferences, vol. 7, p. 03001, 2016 https://doi.org/10.1051/itmconf/20160703001
Rajinder Singh and Satish Kumar “A light weight solution for detecting de-authentication attack”, International Journal of Network Security & Its Applications (IJNSA) vol. 11, no.1, pp. 15-26, 2019 https://aircconline.com/ijnsa/V11N1/11119ijnsa02.pdf
M. Waliullah and D. Gan, "Wireless LAN Security Threats & Vulnerabilities", International Journal of Advanced Computer Science and Applications, vol. 5, no. 1, pp. 176-183, 2014 https://doi.org/10.14569/ijacsa.2014.050125
C. Kolias, G. Kambourakis, A. Stavrou and S. Gritzalis, "Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset", IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 184-208, 2016 https://doi.org/10.1109/comst.2015.2402161
M. Chan Aung and K. Thant, "Detection and mitigation of wireless link layer attacks", 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA), pp. 173-178, 2017 https://doi.org/10.1109/sera.2017.7965725
H. A. Noman, S. M. Abdullah, and H. I. Mohammed, "An automated approach to detect deauthentication and disassociation dos attacks on wireless 802.11 networks", International Journal of Computer Science Issues (IJCSI), vol. 12, no. 4, pp. 107-112, 2015 https://www.ijcsi.org/papers/IJCSI-12-4-107-112.pdf
Deep Joshi, Dr. Ved Vyas Dwivedi, K.M.Pattani “De-Authentication attack on wireless network 802.11i using Kali Linux”, International Research Journal of Engineering and Technology (IRJET), Volume, 04 Issue, pp. 1666-1669, 2017 https://www.irjet.net/archives/V4/i1/IRJET-V4I1331.pdf
Korolkov R.Y. and Kutsak S.V "The features of a deauthentication attack implementation in networks 802.11", Ukrainian Information Security Research Journal, vol. 21, no. 3, pp. 175-181, 2019 https://doi.org/10.18372/2410-7840.21.13953 [in Ukrainian]
R. Cheema, D. Bansal and S. Sofat, "Deauthentication/Disassociation Attack: Implementation and Security in Wireless Mesh Networks", International Journal of Computer Applications, vol. 23, no. 7, pp. 7-15, 2011 https://doi.org/10.5120/2901-3801
J. Milliken, V. Selis, K. Yap and A. Marshall, "Impact of Metric Selection on Wireless DeAuthentication DoS Attack Performance", IEEE Wireless Communications Letters, vol. 2, no. 5, pp. 571-574, 2013 https://doi.org/10.1109/wcl.2013.072513.130428
C. Kohlios and T. Hayajneh, "A Comprehensive Attack Flow Model and Security Analysis for Wi-Fi and WPA3", Electronics, vol. 7, no. 11, p. 284, 2018. https://doi.org/10.3390/electronics7110284
Mofreh Salem, Amany Sarha, Mostafa Abu-Bakr “A DOS Attack Intrusion Detection and Inhibition Technique for Wireless Computer Networks” ICGST- CNIR, Volume (7), Issue (I), pp. 17-24, 2007 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.469.5991
IEEE standard for information technology-telecommunications and information exchange between systems-local and metropolitan area networks-specific requirements - part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Std 802.11-2007 (Revision of IEEE Std 802.11-1999), C1–1184, 2007 https://standards.ieee.org/standard/802_11-2007.html
Masiukiewicz Antoni, Tarykin Viktor, Podvornyi Vova, “Tools for Wi-Fi Network Security Analysis”, Vistula Scientific Quarterly, 3(49), pp. 114-134, 2016 http://cejsh.icm.edu.pl/cejsh/element/bwmeta1.element.desklight-60891997-7f20-4acc-bda8-de4e8b4a3dac/c/KNUV_3_49_2016.114-134.pdf
John Bellardo and Stefan Savage “Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions”, Published in 12th USENIX Security Symposium Washington, D.C., USA, pp. 15-27, 2003 https://cseweb.ucsd.edu/~savage/papers/UsenixSec03.pdf
M. Agarwal, S. Biswas and S. Nandi, "Detection of De-authentication Denial of Service attack in 802.11 networks", 2013 Annual IEEE India Conference (INDICON), pp. 1-6, 2013 https://doi.org/10.1109/indcon.2013.6726015
Deauthentication reason code table. [Online]. – Available: https://www.cisco.com/assets/sol/sb/WAP371_Emulators/WAP371_Emulator_v1-0-1-5/help/Apx_ReasonCodes2.html [Accessed: March 30, 2021].
How to increase wifi adapter power [Online]. – Available: https://www.kalitut.com/2019/04/how-to-increase-wifi-txpower.html [Accessed: March 30, 2021].
TJ OConnor “Detecting and responding to data link layer attacks”, SANS Institute InfoSec Reading Room, October 13, 2010 https://www.sans.org/reading-room/whitepapers/intrusion/paper/33513
Z. Afzal, J. Rossebo, B. Talha and M. Chowdhury, "A Wireless Intrusion Detection System for 802.11 networks", 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 828-834, 2016 https://doi.org/10.1109/wispnet.2016.7566249
A. Arora, “Preventing wireless deauthentication attacks over 802.11 networks,” ArXiv, vol. abs/1901.07301, 2019 https://arxiv.org/pdf/1901.07301.pdf
S. Wang, J. Wang, C. Feng and Z. Pan, "Wireless Network Penetration Testing and Security Auditing", ITM Web of Conferences, vol. 7, p. 03001, 2016 https://doi.org/10.1051/itmconf/20160703001
Rajinder Singh and Satish Kumar “A light weight solution for detecting de-authentication attack”, International Journal of Network Security & Its Applications (IJNSA) vol. 11, no.1, pp. 15-26, 2019 https://aircconline.com/ijnsa/V11N1/11119ijnsa02.pdf
