Detection of WPS attacks through multiscale analysis
Autor(a) principal: | |
---|---|
Data de Publicação: | 2012 |
Outros Autores: | , , |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | https://proa.ua.pt/index.php/crc/article/view/16590 |
Resumo: | The wide spread adoption of 802.11 networks as the solution for providing an efficient network coverage with high data-rates raised several security concerns. In a first stage, WEP was used for protecting user’s wireless networks from intrusions. Such intrusions’ purposes could be simple free Internet accesses or more complex attacks to access confidential information. However, due to multiple technical flaws this approach was not sufficient which lead to the emergence of WPA and WPA2 technologies. WPA and WPA2 allow more secure networks but require more complicated configuration tasks. With the objective of creating a simple configuration interface, the Wi-Fi Alliance came up with a simple configuration approach: the Wi-Fi Protected Setup (WPS). WPS is present in major vendors products, providing a much easier configuration setup but a less efficient security environment. This less secure implementation is vulnerable to brute force attacks, that can be quick to execute, with little complexity and difficult to detect. After cracking the WPS, attackers can access to WPA/WPA2wireless passphrase and consequently, illicitly connect to users’ wireless networks. Accessing and analyzing the content of the wireless frames is limited by technical requirements and legal constrains. Therefore, this paper presents a method to detect attacks on WPA routers with Wi-Fi Protected Setup based only on the amount of traffic generated. We propose a monitoring station which exclusively analyzes traffic flows from the router. By monitoring the traffic and using a multiscale analysis we are able to accurately identify this type of intrusion attempt over other traffic. |
id |
RCAP_935d6d29410949489f6619eebf5f8a3a |
---|---|
oai_identifier_str |
oai:proa.ua.pt:article/16590 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Detection of WPS attacks through multiscale analysisThe wide spread adoption of 802.11 networks as the solution for providing an efficient network coverage with high data-rates raised several security concerns. In a first stage, WEP was used for protecting user’s wireless networks from intrusions. Such intrusions’ purposes could be simple free Internet accesses or more complex attacks to access confidential information. However, due to multiple technical flaws this approach was not sufficient which lead to the emergence of WPA and WPA2 technologies. WPA and WPA2 allow more secure networks but require more complicated configuration tasks. With the objective of creating a simple configuration interface, the Wi-Fi Alliance came up with a simple configuration approach: the Wi-Fi Protected Setup (WPS). WPS is present in major vendors products, providing a much easier configuration setup but a less efficient security environment. This less secure implementation is vulnerable to brute force attacks, that can be quick to execute, with little complexity and difficult to detect. After cracking the WPS, attackers can access to WPA/WPA2wireless passphrase and consequently, illicitly connect to users’ wireless networks. Accessing and analyzing the content of the wireless frames is limited by technical requirements and legal constrains. Therefore, this paper presents a method to detect attacks on WPA routers with Wi-Fi Protected Setup based only on the amount of traffic generated. We propose a monitoring station which exclusively analyzes traffic flows from the router. By monitoring the traffic and using a multiscale analysis we are able to accurately identify this type of intrusion attempt over other traffic.UA Editora2012-01-01info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://proa.ua.pt/index.php/crc/article/view/16590CRC 2012: 12ª Conferência sobre Redes de Computadores; 2012: CRC 2012; 65-69CRC 2012: 12ª Conferência sobre Redes de Computadores; 2012: CRC 2012; 65-69reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAPenghttps://proa.ua.pt/index.php/crc/article/view/16590https://proa.ua.pt/index.php/crc/article/view/16590/11724Petiz, IvoRocha, EduardoSalvador, PauloNogueira, Antónioinfo:eu-repo/semantics/openAccess2023-08-30T14:15:22Zoai:proa.ua.pt:article/16590Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T20:27:45.334375Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Detection of WPS attacks through multiscale analysis |
title |
Detection of WPS attacks through multiscale analysis |
spellingShingle |
Detection of WPS attacks through multiscale analysis Petiz, Ivo |
title_short |
Detection of WPS attacks through multiscale analysis |
title_full |
Detection of WPS attacks through multiscale analysis |
title_fullStr |
Detection of WPS attacks through multiscale analysis |
title_full_unstemmed |
Detection of WPS attacks through multiscale analysis |
title_sort |
Detection of WPS attacks through multiscale analysis |
author |
Petiz, Ivo |
author_facet |
Petiz, Ivo Rocha, Eduardo Salvador, Paulo Nogueira, António |
author_role |
author |
author2 |
Rocha, Eduardo Salvador, Paulo Nogueira, António |
author2_role |
author author author |
dc.contributor.author.fl_str_mv |
Petiz, Ivo Rocha, Eduardo Salvador, Paulo Nogueira, António |
description |
The wide spread adoption of 802.11 networks as the solution for providing an efficient network coverage with high data-rates raised several security concerns. In a first stage, WEP was used for protecting user’s wireless networks from intrusions. Such intrusions’ purposes could be simple free Internet accesses or more complex attacks to access confidential information. However, due to multiple technical flaws this approach was not sufficient which lead to the emergence of WPA and WPA2 technologies. WPA and WPA2 allow more secure networks but require more complicated configuration tasks. With the objective of creating a simple configuration interface, the Wi-Fi Alliance came up with a simple configuration approach: the Wi-Fi Protected Setup (WPS). WPS is present in major vendors products, providing a much easier configuration setup but a less efficient security environment. This less secure implementation is vulnerable to brute force attacks, that can be quick to execute, with little complexity and difficult to detect. After cracking the WPS, attackers can access to WPA/WPA2wireless passphrase and consequently, illicitly connect to users’ wireless networks. Accessing and analyzing the content of the wireless frames is limited by technical requirements and legal constrains. Therefore, this paper presents a method to detect attacks on WPA routers with Wi-Fi Protected Setup based only on the amount of traffic generated. We propose a monitoring station which exclusively analyzes traffic flows from the router. By monitoring the traffic and using a multiscale analysis we are able to accurately identify this type of intrusion attempt over other traffic. |
publishDate |
2012 |
dc.date.none.fl_str_mv |
2012-01-01 |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
https://proa.ua.pt/index.php/crc/article/view/16590 |
url |
https://proa.ua.pt/index.php/crc/article/view/16590 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
https://proa.ua.pt/index.php/crc/article/view/16590 https://proa.ua.pt/index.php/crc/article/view/16590/11724 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
UA Editora |
publisher.none.fl_str_mv |
UA Editora |
dc.source.none.fl_str_mv |
CRC 2012: 12ª Conferência sobre Redes de Computadores; 2012: CRC 2012; 65-69 CRC 2012: 12ª Conferência sobre Redes de Computadores; 2012: CRC 2012; 65-69 reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799133545286860800 |