Enterprise WLAN Security Attacks / (Record no. 8973)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 22364nam a22002537a 4500 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 210301b2018 a|||f mb|| 00| 0 eng d |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | EG-CaNU |
| Transcribing agency | EG-CaNU |
| 041 0# - Language Code | |
| Language code of text | eng |
| Language code of abstract | eng |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 005 |
| 100 0# - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Mohamed Ahmed Abo-Soliman |
| 245 1# - TITLE STATEMENT | |
| Title | Enterprise WLAN Security Attacks / |
| Statement of responsibility, etc. | Mohamed Ahmed Abo-Soliman |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. | |
| Date of publication, distribution, etc. | 2018 |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | 100 p. |
| Other physical details | ill. |
| Dimensions | 21 cm. |
| 500 ## - GENERAL NOTE | |
| Materials specified | Supervisor: Sherif Elkassas |
| 502 ## - Dissertation Note | |
| Dissertation type | Thesis (M.A.)—Nile University, Egypt, 2018 . |
| 504 ## - Bibliography | |
| Bibliography | "Includes bibliographical references" |
| 505 0# - Contents | |
| Formatted contents note | Contents:<br/>Introduction ........................................................................................................................................... 14<br/>1.1 General Overview .......................................................................................................................... 14<br/>1.2 Research Objectives ....................................................................................................................... 15<br/>1.3 Research Goals .............................................................................................................................. 15<br/>1.4 Research Approach ........................................................................................................................ 16<br/>1.5 Thesis Organization ....................................................................................................................... 16<br/>Chapter 2 ...................................................................................................................................................... 17<br/>2 WLAN Security Overview .................................................................................................................... 18<br/>2.1 History of WLAN Security ............................................................................................................ 18<br/>2.1.1 Early Stages of Wi-Fi Security .............................................................................................. 18<br/>2.1.2 Cryptography and Embedded Security Protocols .................................................................. 19<br/>2.1.3 Wi-Fi Security Standardization (IEEE 802.11i) .................................................................... 19<br/>2.1.4 Four-Way Handshake Security Protocols .............................................................................. 20<br/>2.2 WPA2 Architecture ........................................................................................................................ 21<br/>2.2.1 Key Generation ...................................................................................................................... 22<br/>2.2.2 Key Distribution.................................................................................................................... 22<br/>2.2.3 WPA2 Authentication ............................................................................................................ 23<br/>2.2.3.1 WPA2 Personal .................................................................................................................. 24<br/>2.2.3.2 WPA2 Enterprise ............................................................................................................... 24<br/>2.3 IEEE 802.1x architecture ............................................................................................................... 24<br/>Chapter 3 ...................................................................................................................................................... 27<br/>3 WPA2 enterprise authentication methods .............................................................................................. 28<br/>3.1 EAP Overview ............................................................................................................................... 28<br/>3.2 EAP Messages Exchange ............................................................................................................... 29<br/>3.3 Common EAP Methods ................................................................................................................. 30<br/>3.3.1 Legacy EAP ........................................................................................................................... 31<br/>3.3.2 Password Based EAP Methods .............................................................................................. 31<br/>3.3.2.1 LEAP ................................................................................................................................ 31<br/>3.3.2.2 EAP SIM ............................................................................................................................ 32<br/>3.3.2.3 EAP AKA .......................................................................................................................... 32<br/>3.3.2.4 EAP SPEKE ....................................................................................................................... 32<br/>3.3.3 Tunnel Based EAP Methods .................................................................................................. 33<br/>6<br/>3.3.3.1 EAP-TTLS ......................................................................................................................... 33<br/>3.3.3.2 EAP-PEAP ......................................................................................................................... 34<br/>3.3.3.3 EAP-TLS ........................................................................................................................... 34<br/>3.3.3.4 EAP-FAST ......................................................................................................................... 35<br/>3.3.3.5 TEAP ................................................................................................................................ 35<br/>3.4 EAP-Method Selection .................................................................................................................. 36<br/>3.5 EAP Security Requirements .......................................................................................................... 36<br/>3.5.1 General EAP Requirements ................................................................................................... 37<br/>3.5.1.1 Mandatory Requirements ................................................................................................... 37<br/>3.5.1.1.1 Generation of symmetric keying material .................................................................... 38<br/>3.5.1.1.2 Key strength (Self Protecting) ...................................................................................... 38<br/>3.5.1.1.3 Mutual authentication support ..................................................................................... 38<br/>3.5.1.1.4 Shared state equivalence (Synchronization of state) .................................................... 39<br/>3.5.1.1.5 Resistance to Dictionary Attacks ................................................................................. 39<br/>3.5.1.1.6 Protection against Man-in-the-Middle Attack ............................................................. 39<br/>3.5.1.1.7 Protected Ciphersuite Negotiation ............................................................................... 40<br/>3.5.1.2 Recommended Requirements ............................................................................................ 40<br/>3.5.1.2.1 Fragmentation .............................................................................................................. 40<br/>3.5.1.2.2 End-user identity hiding ............................................................................................... 40<br/>3.5.1.3 Optional Requirements ...................................................................................................... 41<br/>3.5.1.3.1 Channel binding ........................................................................................................... 41<br/>3.5.1.3.2 Fast reconnect .............................................................................................................. 41<br/>3.5.2 Tunnel-Based EAP Requirements ......................................................................................... 42<br/>3.5.2.1 General Requirements ........................................................................................................ 43<br/>3.5.2.1.1 RFC Compliance .......................................................................................................... 43<br/>3.5.2.2 Tunnel Requirements ......................................................................................................... 43<br/>3.5.2.2.1 TLS Requirements ....................................................................................................... 44<br/>3.5.2.2.1.1 Cipher Suite .......................................................................................................... 44<br/>3.5.2.2.1.1.1 Cipher Suite Negotiation ................................................................................ 44<br/>3.5.2.2.1.1.2 Tunnel data Protection Algorithm .................................................................. 44<br/>3.5.2.2.1.1.3 Tunnel Authentication and Key Establishment .............................................. 44<br/>3.5.2.2.1.2 Tunnel Replay Protection...................................................................................... 44<br/>3.5.2.2.1.3 TLS Extensions ..................................................................................................... 44<br/>3.5.2.2.1.4 Peer Identity Privacy ............................................................................................. 44<br/>3.5.2.2.1.5 Session resumption ............................................................................................... 45<br/>3.5.2.2.2 Fragmentation .............................................................................................................. 45<br/>7<br/>3.5.2.2.3 Protection of data external to tunnel ............................................................................ 45<br/>3.5.2.3 Tunnel Payload Requirements ........................................................................................... 45<br/>3.5.2.3.1 Extensible attribute Type ............................................................................................. 45<br/>3.5.2.3.2 Request/Challenge Response Operation ...................................................................... 45<br/>3.5.2.3.3 Indicating Criticality of Attributes ............................................................................... 45<br/>3.5.2.3.4 Vendor-Specific Support.............................................................................................. 46<br/>3.5.2.3.5 Result Indication .......................................................................................................... 46<br/>3.5.2.3.6 Internationalization of Display Strings ........................................................................ 46<br/>3.5.2.4 EAP Channel Binding Requirements ................................................................................. 46<br/>3.5.2.5 Requirements Associated with Carrying Username and Passwords .................................. 47<br/>3.5.2.5.1 Security ........................................................................................................................ 47<br/>3.5.2.5.1.1 Confidentiality and Integrity ................................................................................. 47<br/>3.5.2.5.1.2 Authentication of Server ....................................................................................... 47<br/>3.5.2.5.1.3 Server Certificate Revocation Checking ............................................................... 47<br/>3.5.2.5.2 Internationalization ...................................................................................................... 47<br/>3.5.2.5.3 Metadata ....................................................................................................................... 47<br/>3.5.2.5.4 Password Change ......................................................................................................... 48<br/>3.5.2.6 Requirements Associated with Carrying EAP Methods .................................................... 48<br/>3.5.2.6.1 Method Negotiation ..................................................................................................... 48<br/>3.5.2.6.2 Chained Methods ......................................................................................................... 48<br/>3.5.2.6.3 Cryptographic Binding with the TLS Tunnel .............................................................. 48<br/>3.5.2.6.4 Peer-Initiated EAP Authentication ............................................................................... 48<br/>3.5.2.6.5 Method Metadata ......................................................................................................... 48<br/>3.6 Tunnel-Based EAP authentication compliance .............................................................................. 49<br/>Chapter 4 ...................................................................................................................................................... 50<br/>4 WLAN Threats & Attacks ..................................................................................................................... 51<br/>4.1 Categories of Wireless attacks ....................................................................................................... 51<br/>4.2 Effective enterprise wireless LANs Attacks .................................................................................. 52<br/>4.2.1 Authentication Attacks ........................................................................................................... 52<br/>4.2.1.1 Brute Force Attacks ........................................................................................................... 53<br/>4.2.1.2 Dictionary Attacks ............................................................................................................. 53<br/>4.2.1.2.1 Passive Dictionary Attack ............................................................................................ 53<br/>4.2.1.2.2 Active Dictionary Attack ............................................................................................. 54<br/>4.2.2 Confidentiality Attacks .......................................................................................................... 54<br/>4.2.2.1 Evil Twin ........................................................................................................................... 54<br/>4.2.2.2 Key Reinstallation Attacks ................................................................................................ 54<br/>8<br/>4.2.2.2.1 4-way Handshake Key-Reinstallation Attack .............................................................. 55<br/>4.2.2.2.2 Group Key Handshake Key-Reinstallation Attack ...................................................... 55<br/>4.2.2.2.3 Fast Transition Handshake Key-Reinstallation Attack ................................................ 55<br/>4.2.3 Availability Attacks ............................................................................................................... 55<br/>4.2.3.1 De-authentication Attacks .................................................................................................. 56<br/>Chapter 5 ...................................................................................................................................................... 57<br/>5 Evaluation & Proposed mitigations ....................................................................................................... 58<br/>5.1 Evaluating WPA2 Authentication Protocols. ................................................................................. 58<br/>5.1.1 EAP common methods Performance evaluation ................................................................... 58<br/>5.1.1.1 LAB Architecture ............................................................................................................... 58<br/>5.1.1.2 Test Bed ............................................................................................................................. 59<br/>5.1.1.3 Test Scenario ...................................................................................................................... 59<br/>5.1.1.4 Practical Evaluation and Lab Results................................................................................. 60<br/>5.2 Practical monitoring and Protocols Analysis ................................................................................. 63<br/>5.2.1 General EAP messages format ............................................................................................... 63<br/>5.2.2 EAP-TTLS Messages format ................................................................................................. 64<br/>5.2.2.1 Attribute Value Pairs (AVPs) ............................................................................................ 66<br/>5.2.3 EAP-PEAP Messages format ................................................................................................. 66<br/>5.2.3.1 PEAP Arbitrary Parameter Exchange ................................................................................ 67<br/>5.2.4 EAP-TLS Messages format ................................................................................................... 67<br/>5.3 EAP common methods Security evaluation................................................................................... 68<br/>5.3.1 Test Lab Evaluation ............................................................................................................... 68<br/>5.3.2 Live Attacks Evaluation ......................................................................................................... 70<br/>5.3.2.1 Ethical Considerations ....................................................................................................... 71<br/>5.4 DETECTED VULNERABILITIES AND PROPOSED MITIGATIONS .................................... 72<br/>5.4.1 Detected Vulnerabilities ......................................................................................................... 73<br/>5.4.1.1 Active Dictionary Attack Practical Evaluation .................................................................. 73<br/>5.4.1.2 Vulnerabilities of Active Dictionary Attack ...................................................................... 74<br/>5.4.2 Key Reinstallation Attack Practical Evaluation ..................................................................... 75<br/>5.4.2.1 Direct GTK Installation after sending 1st message............................................................. 76<br/>5.4.2.2 Standard GTK Installation ................................................................................................. 76<br/>Chapter 6 ...................................................................................................................................................... 78<br/>6 Conclusion & Future Directions ............................................................................................................ 79<br/>6.1 Performance Evaluation Summary ................................................................................................ 79<br/>6.2 Impact of attacks on Authentication methods .............................................................................. 80<br/>6.3 Recommendations and Proposed Amendments ........................................................................... 81<br/>9<br/>6.3.1 Security Requirements for authentication attacks .................................................................. 81<br/>6.3.2 Security Requirements for Confidentiality Attacks ............................................................... 81<br/>6.3.3 Security Requirements for Availability Attacks .................................................................... 82<br/>6.3.4 General Security Considerations ............................................................................................ 82<br/>6.4 Future Directions ........................................................................................................................... 83<br/>Appendix ....................................................................................................................................................... 85<br/>References ............................................................................................................................... |
| 520 3# - Abstract | |
| Abstract | Abstract:<br/>The increasing number of mobiles and handheld devices that allow wireless access to enterprise data<br/>and services is considered a major concern for network designers, implementers and analysts.<br/>Enhancements of wireless technologies also accelerate the adoptions of enterprise wireless networks<br/>that are widely deployed solely or as an extension to existing wired networks. Bring Your Own<br/>Device is an example of the new challenging wireless trends. BYOD environments allow the use of<br/>personal mobile computing devices like smart phones, tablets, and laptops for business activities.<br/>BYOD has become popular in work places since they keep users in their comfort zone leading to<br/>more productivity and cost reduction for businesses. Nevertheless, business data and services are<br/>consequentially subject to several wireless attacks, whether they are hosted on a cloud or on<br/>premises, especially when travelling through the open air. Corporates and organizations usually<br/>apply network-access-control systems for securing enterprise wireless LANs. However, the security<br/>systems may be compromised due to detected flaws posing the enterprise critical information to<br/>leakage or the entire network to interruption or complete failure. The study helps in evaluating the<br/>real risks that threatens wireless technologies. It also provides recommended mitigations and<br/>solutions to overcome the detected vulnerabilities and security flaws. This support to ensure<br/>adequate protection for wireless communication especially transmitted 802.11 data of corporates and<br/>large networks. |
| 546 ## - Language Note | |
| Language Note | Text in English, abstracts in English . |
| 650 #4 - Subject | |
| Subject | Wireless Technologies |
| 655 #7 - Index Term-Genre/Form | |
| Source of term | NULIB |
| focus term | Dissertation, Academic |
| 690 ## - Subject | |
| School | Wireless Technologies |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Source of classification or shelving scheme | Dewey Decimal Classification |
| Koha item type | Thesis |
| 650 #4 - Subject | |
| -- | 327 |
| 655 #7 - Index Term-Genre/Form | |
| -- | 187 |
| 690 ## - Subject | |
| -- | 327 |
| Withdrawn status | Lost status | Source of classification or shelving scheme | Damaged status | Not for loan | Home library | Current library | Date acquired | Total Checkouts | Full call number | Date last seen | Price effective from | Koha item type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dewey Decimal Classification | Main library | Main library | 03/01/2021 | 005 / M.S.E/2018 | 03/01/2021 | 03/01/2021 | Thesis |