Аналіз атаки деавтентифікації в мережах IEEE 802.11 та пропозиція по її виявленню
Анотація
Безпроводові мережі використовують радіоефір та широкомовну природу фізичного рівня і через це надзвичайно вразливі до можливих атак і несанкціонованого доступу. У статті розглянуті питання, пов'язані з технологією IEEE 802.11, докладно описана вразливість, яка дозволяє зловмиснику виконувати DoS-атаку у ситуації, коли не використовуються захищені кадри управління Protected Management Frames (PMF). Аналіз і практичні експерименти довели, що існуюча вразливість технології Wi-Fi до сих пір залишається небезпечною для кінцевих користувачів, і використовуючи її зловмисник може відправляти підроблені кадри деавтентифікації, що призводить до порушення зв’язку між клієнтами та точками доступу, до яких вони підключені. Дану атаку реалізовано на реальному випробувальному стенді безпроводової мережі і проведені обширні експерименти по вивченню поведінки мережних вузлів в нормальних умовах та під час атаки. Для реалізації атаки були використані: операційна система Kali Linux, інструмент Aircrack-ng для запуску атаки і Wireshark для захоплення і аналізу кадрів IEEE 802.11. Експериментальні дослідження дозволили виділити аномалії під час атаки і на підставі цього запропоновано алгоритм виявлення атак деавтентифікаціі. Пропонується використовувати детектор атаки деавтентифікації (Detector of Deauthentication Attack DDA), який буде сканувати та аналізувати безпроводовий мережний трафік, і видавати попередження у разі виявлення атаки. Запропоноване рішення використовує комбінації з трьох параметрів (код причини reason code, часова мітка timestmap, рівень потужності сигналу RSSI), що на наш погляд дозволить знизити частоту помилкових спрацьовувань.
Завантаження
Посилання
/Посилання
M. Waliullah and D. Gan, "Wireless LAN Security Threats & Vulnerabilities", International Journal of Advanced Computer Science and Applications, vol. 5, no. 1, pp. 176-183, 2014 https://doi.org/10.14569/ijacsa.2014.050125
C. Kolias, G. Kambourakis, A. Stavrou and S. Gritzalis, "Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset", IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 184-208, 2016 https://doi.org/10.1109/comst.2015.2402161
M. Chan Aung and K. Thant, "Detection and mitigation of wireless link layer attacks", 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA), pp. 173-178, 2017 https://doi.org/10.1109/sera.2017.7965725
H. A. Noman, S. M. Abdullah, and H. I. Mohammed, "An automated approach to detect deauthentication and disassociation dos attacks on wireless 802.11 networks", International Journal of Computer Science Issues (IJCSI), vol. 12, no. 4, pp. 107-112, 2015 https://www.ijcsi.org/papers/IJCSI-12-4-107-112.pdf
Deep Joshi, Dr. Ved Vyas Dwivedi, K.M.Pattani “De-Authentication attack on wireless network 802.11i using Kali Linux”, International Research Journal of Engineering and Technology (IRJET), Volume, 04 Issue, pp. 1666-1669, 2017 https://www.irjet.net/archives/V4/i1/IRJET-V4I1331.pdf
Korolkov R.Y. and Kutsak S.V "The features of a deauthentication attack implementation in networks 802.11", Ukrainian Information Security Research Journal, vol. 21, no. 3, pp. 175-181, 2019 https://doi.org/10.18372/2410-7840.21.13953 [in Ukrainian]
R. Cheema, D. Bansal and S. Sofat, "Deauthentication/Disassociation Attack: Implementation and Security in Wireless Mesh Networks", International Journal of Computer Applications, vol. 23, no. 7, pp. 7-15, 2011 https://doi.org/10.5120/2901-3801
J. Milliken, V. Selis, K. Yap and A. Marshall, "Impact of Metric Selection on Wireless DeAuthentication DoS Attack Performance", IEEE Wireless Communications Letters, vol. 2, no. 5, pp. 571-574, 2013 https://doi.org/10.1109/wcl.2013.072513.130428
C. Kohlios and T. Hayajneh, "A Comprehensive Attack Flow Model and Security Analysis for Wi-Fi and WPA3", Electronics, vol. 7, no. 11, p. 284, 2018. https://doi.org/10.3390/electronics7110284
Mofreh Salem, Amany Sarha, Mostafa Abu-Bakr “A DOS Attack Intrusion Detection and Inhibition Technique for Wireless Computer Networks” ICGST- CNIR, Volume (7), Issue (I), pp. 17-24, 2007 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.469.5991
IEEE standard for information technology-telecommunications and information exchange between systems-local and metropolitan area networks-specific requirements - part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Std 802.11-2007 (Revision of IEEE Std 802.11-1999), C1–1184, 2007 https://standards.ieee.org/standard/802_11-2007.html
Masiukiewicz Antoni, Tarykin Viktor, Podvornyi Vova, “Tools for Wi-Fi Network Security Analysis”, Vistula Scientific Quarterly, 3(49), pp. 114-134, 2016 http://cejsh.icm.edu.pl/cejsh/element/bwmeta1.element.desklight-60891997-7f20-4acc-bda8-de4e8b4a3dac/c/KNUV_3_49_2016.114-134.pdf
John Bellardo and Stefan Savage “Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions”, Published in 12th USENIX Security Symposium Washington, D.C., USA, pp. 15-27, 2003 https://cseweb.ucsd.edu/~savage/papers/UsenixSec03.pdf
M. Agarwal, S. Biswas and S. Nandi, "Detection of De-authentication Denial of Service attack in 802.11 networks", 2013 Annual IEEE India Conference (INDICON), pp. 1-6, 2013 https://doi.org/10.1109/indcon.2013.6726015
Deauthentication reason code table. [Online]. – Available: https://www.cisco.com/assets/sol/sb/WAP371_Emulators/WAP371_Emulator_v1-0-1-5/help/Apx_ReasonCodes2.html [Accessed: March 30, 2021].
How to increase wifi adapter power [Online]. – Available: https://www.kalitut.com/2019/04/how-to-increase-wifi-txpower.html [Accessed: March 30, 2021].
TJ OConnor “Detecting and responding to data link layer attacks”, SANS Institute InfoSec Reading Room, October 13, 2010 https://www.sans.org/reading-room/whitepapers/intrusion/paper/33513
Z. Afzal, J. Rossebo, B. Talha and M. Chowdhury, "A Wireless Intrusion Detection System for 802.11 networks", 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 828-834, 2016 https://doi.org/10.1109/wispnet.2016.7566249
A. Arora, “Preventing wireless deauthentication attacks over 802.11 networks,” ArXiv, vol. abs/1901.07301, 2019 https://arxiv.org/pdf/1901.07301.pdf
S. Wang, J. Wang, C. Feng and Z. Pan, "Wireless Network Penetration Testing and Security Auditing", ITM Web of Conferences, vol. 7, p. 03001, 2016 https://doi.org/10.1051/itmconf/20160703001
Rajinder Singh and Satish Kumar “A light weight solution for detecting de-authentication attack”, International Journal of Network Security & Its Applications (IJNSA) vol. 11, no.1, pp. 15-26, 2019 https://aircconline.com/ijnsa/V11N1/11119ijnsa02.pdf
M. Waliullah and D. Gan, "Wireless LAN Security Threats & Vulnerabilities", International Journal of Advanced Computer Science and Applications, vol. 5, no. 1, pp. 176-183, 2014 https://doi.org/10.14569/ijacsa.2014.050125
C. Kolias, G. Kambourakis, A. Stavrou and S. Gritzalis, "Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset", IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 184-208, 2016 https://doi.org/10.1109/comst.2015.2402161
M. Chan Aung and K. Thant, "Detection and mitigation of wireless link layer attacks", 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA), pp. 173-178, 2017 https://doi.org/10.1109/sera.2017.7965725
H. A. Noman, S. M. Abdullah, and H. I. Mohammed, "An automated approach to detect deauthentication and disassociation dos attacks on wireless 802.11 networks", International Journal of Computer Science Issues (IJCSI), vol. 12, no. 4, pp. 107-112, 2015 https://www.ijcsi.org/papers/IJCSI-12-4-107-112.pdf
Deep Joshi, Dr. Ved Vyas Dwivedi, K.M.Pattani “De-Authentication attack on wireless network 802.11i using Kali Linux”, International Research Journal of Engineering and Technology (IRJET), Volume, 04 Issue, pp. 1666-1669, 2017 https://www.irjet.net/archives/V4/i1/IRJET-V4I1331.pdf
Korolkov R.Y. and Kutsak S.V "The features of a deauthentication attack implementation in networks 802.11", Ukrainian Information Security Research Journal, vol. 21, no. 3, pp. 175-181, 2019 https://doi.org/10.18372/2410-7840.21.13953 [in Ukrainian]
R. Cheema, D. Bansal and S. Sofat, "Deauthentication/Disassociation Attack: Implementation and Security in Wireless Mesh Networks", International Journal of Computer Applications, vol. 23, no. 7, pp. 7-15, 2011 https://doi.org/10.5120/2901-3801
J. Milliken, V. Selis, K. Yap and A. Marshall, "Impact of Metric Selection on Wireless DeAuthentication DoS Attack Performance", IEEE Wireless Communications Letters, vol. 2, no. 5, pp. 571-574, 2013 https://doi.org/10.1109/wcl.2013.072513.130428
C. Kohlios and T. Hayajneh, "A Comprehensive Attack Flow Model and Security Analysis for Wi-Fi and WPA3", Electronics, vol. 7, no. 11, p. 284, 2018. https://doi.org/10.3390/electronics7110284
Mofreh Salem, Amany Sarha, Mostafa Abu-Bakr “A DOS Attack Intrusion Detection and Inhibition Technique for Wireless Computer Networks” ICGST- CNIR, Volume (7), Issue (I), pp. 17-24, 2007 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.469.5991
IEEE standard for information technology-telecommunications and information exchange between systems-local and metropolitan area networks-specific requirements - part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Std 802.11-2007 (Revision of IEEE Std 802.11-1999), C1–1184, 2007 https://standards.ieee.org/standard/802_11-2007.html
Masiukiewicz Antoni, Tarykin Viktor, Podvornyi Vova, “Tools for Wi-Fi Network Security Analysis”, Vistula Scientific Quarterly, 3(49), pp. 114-134, 2016 http://cejsh.icm.edu.pl/cejsh/element/bwmeta1.element.desklight-60891997-7f20-4acc-bda8-de4e8b4a3dac/c/KNUV_3_49_2016.114-134.pdf
John Bellardo and Stefan Savage “Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions”, Published in 12th USENIX Security Symposium Washington, D.C., USA, pp. 15-27, 2003 https://cseweb.ucsd.edu/~savage/papers/UsenixSec03.pdf
M. Agarwal, S. Biswas and S. Nandi, "Detection of De-authentication Denial of Service attack in 802.11 networks", 2013 Annual IEEE India Conference (INDICON), pp. 1-6, 2013 https://doi.org/10.1109/indcon.2013.6726015
Deauthentication reason code table. [Online]. – Available: https://www.cisco.com/assets/sol/sb/WAP371_Emulators/WAP371_Emulator_v1-0-1-5/help/Apx_ReasonCodes2.html [Accessed: March 30, 2021].
How to increase wifi adapter power [Online]. – Available: https://www.kalitut.com/2019/04/how-to-increase-wifi-txpower.html [Accessed: March 30, 2021].
TJ OConnor “Detecting and responding to data link layer attacks”, SANS Institute InfoSec Reading Room, October 13, 2010 https://www.sans.org/reading-room/whitepapers/intrusion/paper/33513
Z. Afzal, J. Rossebo, B. Talha and M. Chowdhury, "A Wireless Intrusion Detection System for 802.11 networks", 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 828-834, 2016 https://doi.org/10.1109/wispnet.2016.7566249
A. Arora, “Preventing wireless deauthentication attacks over 802.11 networks,” ArXiv, vol. abs/1901.07301, 2019 https://arxiv.org/pdf/1901.07301.pdf
S. Wang, J. Wang, C. Feng and Z. Pan, "Wireless Network Penetration Testing and Security Auditing", ITM Web of Conferences, vol. 7, p. 03001, 2016 https://doi.org/10.1051/itmconf/20160703001
Rajinder Singh and Satish Kumar “A light weight solution for detecting de-authentication attack”, International Journal of Network Security & Its Applications (IJNSA) vol. 11, no.1, pp. 15-26, 2019 https://aircconline.com/ijnsa/V11N1/11119ijnsa02.pdf