M. Vanhoef, Nehru Bhandaru, T. Derham, I. Ouzieli, F. Piessens
{"title":"操作通道验证:防止针对受保护Wi-Fi网络的多通道中间人攻击","authors":"M. Vanhoef, Nehru Bhandaru, T. Derham, I. Ouzieli, F. Piessens","doi":"10.1145/3212480.3212493","DOIUrl":null,"url":null,"abstract":"We present a backwards compatible extension to the 802.11 standard to prevent multi-channel man-in-the-middle attacks. This extension authenticates parameters that define the currently in-use channel. Recent attacks against WPA2, such as most key reinstallation attacks, require a man-in-the-middle (MitM) position between the client and Access Point (AP). In particular, they all employ a multi-channel technique to obtain the MitM position. In this technique, the adversary acts as a legitimate AP by copying all frames sent by a real AP to a different channel. At the same time, the adversary acts as a legitimate client by copying all frames sent by the client to the channel of the real AP. When copying frames between both channels, the adversary can reliably manipulate (encrypted) traffic. We propose an extension to the 802.11 standard to prevent such multi-channel MitM attacks, making exploitation of future weaknesses in protected Wi-Fi networks harder, to practically infeasible. Additionally, we propose a method to securely verify dynamic channel switches that may occur while already connected to a network. Finally, we implemented a prototype of our extension on Linux for both the client and AP to confirm practical feasibility.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"Operating Channel Validation: Preventing Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks\",\"authors\":\"M. Vanhoef, Nehru Bhandaru, T. Derham, I. Ouzieli, F. Piessens\",\"doi\":\"10.1145/3212480.3212493\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a backwards compatible extension to the 802.11 standard to prevent multi-channel man-in-the-middle attacks. This extension authenticates parameters that define the currently in-use channel. Recent attacks against WPA2, such as most key reinstallation attacks, require a man-in-the-middle (MitM) position between the client and Access Point (AP). In particular, they all employ a multi-channel technique to obtain the MitM position. In this technique, the adversary acts as a legitimate AP by copying all frames sent by a real AP to a different channel. At the same time, the adversary acts as a legitimate client by copying all frames sent by the client to the channel of the real AP. When copying frames between both channels, the adversary can reliably manipulate (encrypted) traffic. We propose an extension to the 802.11 standard to prevent such multi-channel MitM attacks, making exploitation of future weaknesses in protected Wi-Fi networks harder, to practically infeasible. Additionally, we propose a method to securely verify dynamic channel switches that may occur while already connected to a network. Finally, we implemented a prototype of our extension on Linux for both the client and AP to confirm practical feasibility.\",\"PeriodicalId\":267134,\"journal\":{\"name\":\"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3212480.3212493\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3212480.3212493","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
We present a backwards compatible extension to the 802.11 standard to prevent multi-channel man-in-the-middle attacks. This extension authenticates parameters that define the currently in-use channel. Recent attacks against WPA2, such as most key reinstallation attacks, require a man-in-the-middle (MitM) position between the client and Access Point (AP). In particular, they all employ a multi-channel technique to obtain the MitM position. In this technique, the adversary acts as a legitimate AP by copying all frames sent by a real AP to a different channel. At the same time, the adversary acts as a legitimate client by copying all frames sent by the client to the channel of the real AP. When copying frames between both channels, the adversary can reliably manipulate (encrypted) traffic. We propose an extension to the 802.11 standard to prevent such multi-channel MitM attacks, making exploitation of future weaknesses in protected Wi-Fi networks harder, to practically infeasible. Additionally, we propose a method to securely verify dynamic channel switches that may occur while already connected to a network. Finally, we implemented a prototype of our extension on Linux for both the client and AP to confirm practical feasibility.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
