This Article 
 Bibliographic References 
 Add to: 
The Insecurity of Wireless Networks
July-Aug. 2012 (vol. 10 no. 4)
pp. 54-61
Frederick T. Sheldon, Oak Ridge National Laboratory
John Mark Weber, Dynetics
Seong-Moo Yoo, University of Alabama in Huntsville
W. David Pan, University of Alabama in Huntsville
Wi-Fi is the standard protocol for wireless networks used extensively in US critical infrastructures. Since the Wired Equivalency Privacy (WEP) security protocol was broken, the Wi-Fi Protected Access (WPA) protocol has been considered the secure alternative compatible with hardware developed for WEP. However, in November 2008, researchers developed an attack on WPA, allowing forgery of Address Resolution Protocol (ARP) packets. Subsequent enhancements have enabled ARP poisoning, cryptosystem denial of service, and man-in-the-middle attacks. Open source systems and methods (OSSM) have long been used to secure networks against such attacks. This article reviews OSSMs and the results of experimental attacks on WPA. These experiments re-created current attacks in a laboratory setting, recording both wired and wireless traffic. The article discusses methods of intrusion detection and prevention in the context of cyberphysical protection of critical Internet infrastructure. The basis for this research is a specialized (and undoubtedly incomplete) taxonomy of Wi-Fi attacks and their adaptations to existing countermeasures and protocol revisions. Ultimately, this article aims to provide a clearer picture of how and why wireless protection protocols and encryption must achieve a more scientific basis for detecting and preventing such attacks.

1. Y. Xiao, “IEEE 802.11n: Enhancements for Higher Throughput in Wireless LANs,” IEEE Communications Magazine, vol. 12, no. 6, 2005, pp. 82–91.
2. IEEE Std. 802.11-200, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, IEEE, 2007; 802.11-2007.pdf.
3. S. Frankel et al., Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, US Nat'l Inst. Standards and Technology, 2007; 800-97SP800-97.pdf.
4. J. Geier, “802.11 WEP: Concepts and Vulnerability,” Wi-Fi Planet,20 June 2002; 1368661.
5. H. Cheung, “How to Crack WEP—Part 1: Setup and Network Recon,” Tom's Guide, 2008;,review-451.html .
6. H. Cheung, “How to Crack WEP—Part 2: Performing the Crack,” Tom's Guide, 2008;,review-459.html .
7. H. Cheung, “How to Crack WEP—Part 3: Securing Your WLAN,” Tom's Guide, 2008;,review-471-7.html .
8. F. Robinson, “Examining 802.11i and WPA,” Network Computing,26 Mar. 2004; .
9. F. Halvorsen and O. Haugen, “Cryptanalysis of IEEE 802.11i TKIP,” Dept. of Telematics, Norwegian Univ. of Science and Technology, 2009; doctkip_master.pdf.
10. E. Tews and M. Beck, “Practical Attacks against WEP and WPA,” Proc. 2nd ACM Conf. Wireless Network Security, ACM, 2009, pp. 79–86.
11. T. Ohigashi and M. Morii, “A Practical Message Falsification Attack on WPA,” 2009; A_Practical_Message_Falsification_Attack_On_WPA.pdf .
12. “WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies,” white paper, AirTight Networks, 2010; WPA2-Hole196-Vulnerability.pdf .
13. G. Combs, “TShark—Dump and Analyze Network Traffic,” Wireshark; .
14. D. Gupta, “The New Attack on WPA/TKIP: Much Ado about Nothing?,” blog, AirTight Networks, 8 Sept. 2009; http://blog.airtightnetworks.comthe-new-attack-on-wpatkip-much-ado-about-nothing .
15. M. Kershaw, “Kismet Readme,” Kismet, 2011; www.kismetwireless.netdocumentation.shtml .
16. K. Hutchinson, “Wireless Intrusion Detection Systems,” SANS Inst., 2004; wireless-intrusion-detection-systems_1543 .
1. Technology Roadmap: Smart Grids, Int'l Energy Agency, 2011; .
2. T. Kuruganti et al., “Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards,” white paper, US Dept. of Energy, 2009; DocumentsandMediaNERCCIPwireless_whitepaper.pdf .
3. “Frequently Asked Questions: How Many Smart Meters Are Installed in the U.S. and Who Has Them?,” US Dept. of Energy; .
4. “Vulnerability Analysis of Energy Delivery Systems,” US Dept. of Energy, Sept. 2011; .
5. Roadmap to Achieve Energy Delivery Systems Cybersecurity, Energy Sector Control Systems Working Group, Sept. 2011; roadmap.pdf.
6. “Department of Energy Releases New Roadmap to Guide Public-Private Cybersecurity Initiatives,” US Dept. of Energy, 15 Sept. 2011; .
7. Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity R&D Program, US Nat'l Science and Technology Council, Dec. 2011; ostpfed_cybersecurity_rd_strategic_plan_2011.pdf .

Index Terms:
Encryption,Wireless communication,Wireless networks,Communication system security,IEEE 802.11 Standards,Phase shift keying,Network security,computer security,Internet-based attacks on privacy and confidentiality,critical Internet infrastructure,intrusion detection and prevention,Wi-Fi protected access,IEEE 802.11,attack experimentation
Frederick T. Sheldon, John Mark Weber, Seong-Moo Yoo, W. David Pan, "The Insecurity of Wireless Networks," IEEE Security & Privacy, vol. 10, no. 4, pp. 54-61, July-Aug. 2012, doi:10.1109/MSP.2012.60
Usage of this product signifies your acceptance of the Terms of Use.