Issue No. 04 - July-Aug. (2012 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.60
Frederick T. Sheldon , Oak Ridge National Laboratory
John Mark Weber , Dynetics
Seong-Moo Yoo , University of Alabama in Huntsville
W. David Pan , University of Alabama in Huntsville
Wi-Fi is the standard protocol for wireless networks used extensively in US critical infrastructures. Since the Wired Equivalency Privacy (WEP) security protocol was broken, the Wi-Fi Protected Access (WPA) protocol has been considered the secure alternative compatible with hardware developed for WEP. However, in November 2008, researchers developed an attack on WPA, allowing forgery of Address Resolution Protocol (ARP) packets. Subsequent enhancements have enabled ARP poisoning, cryptosystem denial of service, and man-in-the-middle attacks. Open source systems and methods (OSSM) have long been used to secure networks against such attacks. This article reviews OSSMs and the results of experimental attacks on WPA. These experiments re-created current attacks in a laboratory setting, recording both wired and wireless traffic. The article discusses methods of intrusion detection and prevention in the context of cyberphysical protection of critical Internet infrastructure. The basis for this research is a specialized (and undoubtedly incomplete) taxonomy of Wi-Fi attacks and their adaptations to existing countermeasures and protocol revisions. Ultimately, this article aims to provide a clearer picture of how and why wireless protection protocols and encryption must achieve a more scientific basis for detecting and preventing such attacks.
Encryption, Wireless communication, Wireless networks, Communication system security, IEEE 802.11 Standards, Phase shift keying, Network security, computer security, Internet-based attacks on privacy and confidentiality, critical Internet infrastructure, intrusion detection and prevention, Wi-Fi protected access, IEEE 802.11, attack experimentation
S. Yoo, J. M. Weber, F. T. Sheldon and W. D. Pan, "The Insecurity of Wireless Networks," in IEEE Security & Privacy, vol. 10, no. , pp. 54-61, 2012.