Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabilities (WIFI)
The growing volume of attacks on the Internet has increased the demand for more robust systems and sophisticated tools for vulnerability analysis, intrusion detection, forensic investigations, and possible responses. Current hacker tools and technologies warrant reengineering to address cyber crime and homeland security. The being aware of the flaws on a network is necessary to secure the information infrastructure by gathering network topology, intelligence, internal/external vulnerability analysis, and penetration testing. This paper has as main objective to minimize damages and preventing the attackers from exploiting weaknesses and vulnerabilities in the 4 ways handshake (WIFI).
We equally present a detail study on various attacks and some solutions to avoid or prevent such attacks in WLAN.
Dr. Sebastian Nixon & Yibrah Haile. (2017). Analyzing vulnerabilities on WLAN security protocols and enhance its security by using pseudo random MAC address. International Journal of Emerging Trends & Technology in Computer Science, 6(3), 293-300.
Laurent Butti & Julien Tinnes. (2008). Discovering and exploiting 802.11 wireless driver vulnerabilities. Journal in Computer Virology, 4(1), 25–37.
A. Alabdulatif, X. Ma & L. Nolle. (2013). A framework for proving the correctness of cryptographic protocol properties by linear temporal logic. International Journal of Digital Society (IJDS), 4(1-2), 749–757.
M. Vanhoef, D. Schepers, & F. Piessens. (2017). Discovering logical vulnerabilities in the wi-fi handshake using model-based testing. In ACM Symposium on Information, Computer and Communications Security, 360-371.
Nikita Borisov, Ian Goldberg, & David Wagner. (2001). Intercepting mobile communications: The insecurity of 802.11. Proceedings of the 7th annual international conference on Mobile computing and networking. ACM, 180-189.
L. Dong, K. F. Chen, & X. J. Lai. (2009). Formal analysis of authentication in 802.11 I. Journal of Shanghai Jiaotong University (Science), 1, 023.
Michael R. Bartolacci, Larry J. LeBlanc, & Ashley Podhradsky. (2014). Personal denial of service (PDOS) attacks: A discussion and exploration of a new category of cyber crime. Journal of Digital Forensics, Security and Law, 9(1), 19–36.
E. Tews & M. Beck. (2009). Practical attacks against WEP and WPA. In Proceedings of the second ACM conference on Wireless network security, WiSec, 79-86.
A. Wool. (2004). A note on the fragility of the Michael message integrity code. IEEE Transactions on Wireless Communications, 3(5), 1459-1462.
A. Stubbleﬁeld, J. Ioannidis, & A. Rubin. (2004). A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP). ACM Transactions Information System Security, 7(2), 319–332.
V.Moen, H. Raddum, & K. J. Hole. (2004). Weaknesses in the temporal key hash of WPA. ACMSIG Mobile Computing and Communications Review, 8(2), 76–83.
S. Fluhrer, I. Mantin, & A. Shamir. (2001). Weaknesses in the key scheduling algorithm of RC4. International Proceeding 8th Workshop Selected Areas in Cryptography, 1–24.
C. He & J. C.Mitchell. (2004). Analysis of the 802.111 4-way handshake. In Proceedings of the ACM Workshop on Wireless Security, 43–50.
S. Singh, C. Estan, G. Varghese, & S. Savage. (2004). Automated worm fingerprinting. In Proceedings of the 6th Symposium on Operating Systems Design and Implementation, 45-60.
J. Levine, R. LaBella, H. Owen, D. Contis, & B. Culve. (2003). The use of honeynet to detect exploited systems across large enterprise networks. In Proceedings IEEE Workshop on Information Assurance, West Point, NY: United States Military Academy. Available at: https://www.researchgate.net/publication/4035063_The_use_of_Honeynets_to_detect_exploited_systems_across_large_enterprise_networks
E. Spafford. (1989). The internet worm: Crisis and aftermath. Communications of the ACM, 32(6), 678–687.
S. Gaitan, L. Calderoni, P. Palmieri, M.-C. Ten Veldhuis, D. Maio, & M. van Riemsdijk. (2014). From sensing to action: Quick and reliable access to information in cities vulnerable to heavy rain. Sensors Journal, IEEE, 14(12), 4175–4184.
D. S. Tonesi, L. Salgarelli, & A. Tortelli. (2010). Securing the signaling plane in beyond 3G networks: analysis of performance overheads. Security and Communication Networks, 3(2-3), 217–232.
Copyright (c) 2018 International Journal of Engineering and Management Research
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.