Advanced Wi-Fi attacks using commodity hardware

Proceedings of the 30th Annual Computer Security Applications Conference Pub Date : 2014-12-08 DOI:10.1145/2664243.2664260

M. Vanhoef, F. Piessens

{"title":"Advanced Wi-Fi attacks using commodity hardware","authors":"M. Vanhoef, F. Piessens","doi":"10.1145/2664243.2664260","DOIUrl":null,"url":null,"abstract":"We show that low-layer attacks against Wi-Fi can be implemented using user-modifiable firmware. Hence cheap off-the-shelf Wi-Fi dongles can be used carry out advanced attacks. We demonstrate this by implementing five low-layer attacks using open source Atheros firmware. The first attack consists of unfair channel usage, giving the user a higher throughput while reducing that of others. The second attack defeats countermeasures designed to prevent unfair channel usage. The third attack performs continuous jamming, making the channel unusable for other devices. For the fourth attack we implemented a selective jammer, allowing one to jam specific frames already in the air. The fifth is a novel channel-based Man-in-the-Middle (MitM) attack, enabling reliable manipulation of encrypted traffic. These low-layer attacks facilitate novel attacks against higher-layer protocols. To demonstrate this we show how our MitM attack facilitates attacks against the Temporal Key Integrity Protocol (TKIP) when used as a group cipher. Since a substantial number of networks still use TKIP as their group cipher, this shows that weaknesses in TKIP have a higher impact than previously thought.","PeriodicalId":104443,"journal":{"name":"Proceedings of the 30th Annual Computer Security Applications Conference","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"120","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 30th Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2664243.2664260","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 120

Abstract

We show that low-layer attacks against Wi-Fi can be implemented using user-modifiable firmware. Hence cheap off-the-shelf Wi-Fi dongles can be used carry out advanced attacks. We demonstrate this by implementing five low-layer attacks using open source Atheros firmware. The first attack consists of unfair channel usage, giving the user a higher throughput while reducing that of others. The second attack defeats countermeasures designed to prevent unfair channel usage. The third attack performs continuous jamming, making the channel unusable for other devices. For the fourth attack we implemented a selective jammer, allowing one to jam specific frames already in the air. The fifth is a novel channel-based Man-in-the-Middle (MitM) attack, enabling reliable manipulation of encrypted traffic. These low-layer attacks facilitate novel attacks against higher-layer protocols. To demonstrate this we show how our MitM attack facilitates attacks against the Temporal Key Integrity Protocol (TKIP) when used as a group cipher. Since a substantial number of networks still use TKIP as their group cipher, this shows that weaknesses in TKIP have a higher impact than previously thought.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

使用普通硬件的高级Wi-Fi攻击

我们展示了针对Wi-Fi的底层攻击可以使用用户可修改的固件来实现。因此，廉价的现成Wi-Fi加密狗可以用来进行高级攻击。我们通过使用开源Atheros固件实现五种底层攻击来演示这一点。第一种攻击包括不公平的信道使用，为用户提供更高的吞吐量，同时减少其他人的吞吐量。第二次攻击破坏了旨在防止不公平信道使用的对策。第三种攻击执行连续干扰，使信道无法用于其他设备。对于第四次攻击，我们实施了一个选择性干扰器，允许干扰已经在空中的特定帧。第五种是一种新颖的基于通道的中间人(MitM)攻击，可以对加密流量进行可靠的操作。这些低层攻击为针对高层协议的新攻击提供了便利。为了证明这一点，我们将展示MitM攻击如何在将临时密钥完整性协议(TKIP)用作组密码时促进对其的攻击。由于大量的网络仍然使用TKIP作为他们的组密码，这表明TKIP的弱点比以前想象的有更大的影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 30th Annual Computer Security Applications Conference

自引率

0.00%

发文量