A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication

20th Annual Network and Distributed System Security Symposium, NDSS 2013

Volumn , Issue , 2013, Pages

  Cassola, Aldo ^a   Robertson, William ^a   Kirda, Engin ^a   Noubir, Guevara ^a  

^a NORTHEASTERN UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION; NETWORK SECURITY; USER INTERFACES;

AUTHENTICATION SERVERS; COMMODITY OPERATING SYSTEMS; DESIGN DEFICIENCIES; ENTERPRISE NETWORKS; PRACTICAL IMPORTANCE; PROTOTYPE IMPLEMENTATIONS; WEAK BINDING; WIRELESS NETWORKING TECHNOLOGY; WIRELESS SECURITY; WIRELESS TECHNOLOGIES;

WIRELESS NETWORKS;

EID: 85180418432     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (53)

1. G. Agosta, A. Barenghi, F. D. Santis, and G. Pelosi. Record Setting Software Implementation of DES Using CUDA. In Proceedings of the International Conference on Information Technology: New Generations, pages 748-755. IEEE Computer Society, 2010.
2. Aircrack. Aircrack-ng. http://www.aircrack-ng.org/, 2012.
3. Amazon. Amazon Elastic Cloud Computing (EC2). http://aws.amazon.com/ec2/, 2012.
4. K. Bauer, H. Gonzales, and D. McCoy. Mitigating Evil Twin Attacks in 802.11. In Proceedings of the Performance, Computing and Communications Conference, pages 513-516, December 2008.
5. BBN Technologies. 802.11b Transmitter/Receiver. https://www.cgran.org/wiki/BBN80211, 2008.
6. A. Bittau, M. Handley, and J. Lackey. The Final Nail in WEP's Coffin. Security and Privacy, IEEE Symposium on, 0:386-400, 2006.
7. S. Bratus, C. Cornelius, D. Kotz, and D. l. Peebles. Active behavioral fingerprinting of wireless devices. In Proceedings of the first ACM conference on Wireless network security, WiSec'08, pages 56-61, New York, NY, USA, 2008. ACM.
8. M. Cagalj, S. Capkun, and J.-P. Hubaux. Wormhole-Based Antijamming Techniques in Sensor Networks. IEEE Transactions on Mobile Computing (TMC), 2007.
9. L. Cai, K. Zeng, H. Chen, and P. Mohapatra. Good Neighbor: Ad hoc Pairing of Nearby Wireless Devices by Multiple Antennas. In Network and Distributed System Security Symposium (NDSS), 2011.
10. C. Castelluccia and P. Mutaf. Shake them up!: a movement-based pairing protocol for cpu-constrained devices. In MobiSys, pages 51-64, 2005.
11. B. Charles. mschapv2acc, a proof of concept of MS-CHAPV2 auditing and cracking tool. http://code.google.com/p/mschapv2acc/, 2010.
12. J. Chiang and Y.-C. Hu. Cross-layer jamming detection and mitigation in wireless broadcast networks. In Proceedings of MobiCom, 2007.
13. Cisco. Cisco Adaptive Wireless IPS Software. http://www.cisco.com/en/US/products/ps9817, 2011.
14. Comodo, Inc. Comodo Report of Incident. https://www.comodo.com/Comodo-FraudIncident-2011-03-23.html, 2011.
15. J. Damsgaard, M. A. Parikh, and B. Rao. Wireless commons perils in the common good. Communications of the ACM, 49(2):104-109, February 2006.
16. Electronic Frontier Foundation. A Post Mortem on the Iranian DigiNotar Attack. https://www.eff.org/deeplinks/2011/09/postmortem-iranian-diginotar-attack, 2011.
17. Ettus Research. Universal Software Radio Peripheral. http://www.ettus.com/, 2012.
18. FreeRADIUS Project. FreeRADIUS RADIUS Server. http://freeradius.org/, 2012.
19. E. Gabrilovich and A. Gontmakher. The Homograph Attack. Communications of the ACM, 45(2), February 2002.
20. GNU Radio Project. GNU Radio. http://gnuradio. org, 2012.
21. S. Gollakota, N. Ahmed, N. Zeldovich, and D. Katabi. Secure In-Band Wireless Pairing. In Proceedings of the USENIX Security Symposium, 2011.
22. H. Gonzales, K. Bauer, J. Lindqvist, D. McCoy, and D. Sicker. Practical Defenses for Evil Twin Attacks in 802.11. In Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM), pages 1-6, December 2010.
23. M. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun. Loud and Clear: Human-Verifiable Authentication Based on Audio. In Proceedings of the IEEE Internation Conference on Distributed Computing Systems, page 10, 2006.
24. T. Guneysu, T. Kasper, M. Novotny, C. Paar, and A. Rupp. Cryptanalysis with COPACOBANA. IEEE Transactions on Computers, 57:1498-1513, 2008.
25. M. Hellman. A Cryptanalytic Time-Memory Trade-Off. IEEE Transactions on Information Theory, 26(4):401-406, 1980.
26. IEEE. Standards for Wireless, Local, and Metropolitan Area Networks. http://standards.ieee.org/findstds/standard/802.1X-2010.html, http://standards.ieee.org/about/get/802/802.11.html, 2012.
27. M. Jakobsson, P. Finn, and N. Johnson. Why and How to Perform Fraud Experiments. Security & Privacy, IEEE, 6(2):66-68, March-April 2008.
28. M. Jakobsson and J. Ratkiewicz. Designing ethical phishing experiments: a study of (ROT13) rOnl query features. In 15th International Conference on World Wide Web (WWW), 2006.
29. Y. Liu, P. Ning, H. Dai, and A. Liu. Randomized differential dsss: jamming-resistant wireless broadcast communication. In Proceedings of the 29th conference on Information communications, pages 695-703, Piscataway, NJ, USA, 2010. IEEE Press.
30. M. Marlinspike. sslstrip. http://www.thoughtcrime.org/software/sslstrip/, 2012.
31. M. Marlinspike. wpacracker. https://www.wpacracker.com/, 2012.
32. S. Mathur, R. Miller, A. Varshavsky, W. Trappe, and N. Madayam. ProxiMate: Proximity-based Secure Pairing using Ambient Wireless Signals. In International Conference on Mobile Systems, Applications, and Services (MOBISYS), 2011.
33. Microsoft, Inc. Extensible Authentication Protocol. http://technet.microsoft.com/enus/network/bb643147, 2011.
34. A. Narayanan and V. Shmatikov. Fast Dictionary Attacks on Passwords using Time-Space Tradeoff. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA USA, November 2005. ACM.
35. nVidia. Compute Unified Device Architecture. http://developer.nvidia.com/object/cuda.html, 2012.
36. P. Oeschlin. Making a Faster Cryptanalytic Time-Memory Trade-Off. In Proceedings of Advances in Cryptology (CRYPTO), Lecture Notes in Computer Science. Springer, 2003.
37. Openwall Project. John the Ripper. http://www.openwall.com/john/, 2012.
38. OpenWRT Project. OpenWRT. http://www.openwrt.org.
39. K. Pelechrinis, I. Broustis, S. V. Krishnamurthy, and C. Gkantsidis. Ares: an anti-jamming reinforcement system for 802.11 networks. In Proceedings of the 5th international conference on Emerging networking experiments and technologies, CoNEXT'09, pages 181-192, New York, NY, USA, 2009. ACM.
40. V. Roth, W. Polak, E. Rieffel, and T. Turner. Simple and effective defense against evil twin access points. In Proceedings of the ACM Conference on Wireless Network Security, pages 220-235, New York, NY, USA, 2008. ACM.
41. B. Schneier, Mudge, and D. Wagner. Cryptanalysis of Microsoft's PPTP Autentication Extensions (MSCHAPv2). http://www.schneier.com/paperpptpv2.pdf, 1999.
42. M. K. Simon, J. K. Omura, R. A. Scholtz, and B. K. Levitt. Spread Spectrum Communications Handbook. McGrawHill, 2001.
43. Skyhook, Inc. Skyhook Wireless Positioning System. http://skyhookwireless.com/developers/, 2012.
44. M. Strasser, B. Danev, and S. Capkun. Detection of Reactive Jamming in Sensor Networks. ACM Transactions on Sensor Networks (TOSN), 2010.
45. M. Strasser, C. Popper, S. Capkun, and M. Cagalj. Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping. In Proceedings of the IEEE Symposium on Security and Privacy, 2008.
46. The Shmoo Group. IDN Homograph Attack. http://www.shmoo.com/idn, 2005.
47. WatchGuard. Anatomy of a Wireless “Evil Twin” Attack. http://www.watchguard.com/infocenter/editorial/27079.asp, 2011.
48. M. Weir, S. Aggarwal, B. de Medeiros, and B. Glodek. Password Cracking Using Probabilistic Context-Free Grammars. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA USA, May 2009. IEEE Computer Society.
49. M. Wilhelm, I. Martinovic, J. B. Schmitt, and V. Lenders. Short paper: reactive jamming in wireless networks: how realistic is the threat? In Proceedings of the fourth ACM conference on Wireless network security, WiSec'11, pages 47-52, New York, NY, USA, 2011. ACM.
50. J. Wright. ASLEAP, Exploiting CISCO LEAP. http://www.willhackforsushi.com/Asleap.html, 2008.
51. J. Wright. FreeRADIUS, Wireless Pwnage Edition. http://www.willhackforsushi.com/7, 2010.
52. W. Xu, W. Trappe, and Y. Zhang. Defending wireless sensor networks from radio interference through channel adaptation. ACM Transactions on Sensor Networks, 4:18:1-18:34, September 2008.
53. G. Zorn. Microsoft PPP CHAP Extensions, Version 2. http://tools.ietf.org/html/rfc2759, 2000.