CC BY
26INTERNATIONAL SCIENTIFIC AND TECHNICAL CONFERENCE "DIGITAL TECHNOLOGIES: PROBLEMS AND SOLUTIONS OF PRACTICAL IMPLEMENTATION IN THE SPHERES" APRIL 27-28, 2023
ANALYSIS OF WI-FI WIRELESS ACCESS METHODS Mubarak Baltabaevna Abdujapparova \ Saodat Uzakbayeva2
1,2Tashkent university of information technologies named after Muhammad al-Khwarizmi
https://doi.org/10.5281/zenodo.7856631
Abstract. Wireless network technologies based on IEEE 802.11 standards occupy an important place in the modern world. A high level of threats leads to the need to lookfor protection methods that allow you to systematically ensure information security. The paper indicates the protocols that provide data encryption. Protection technologies and some methods of hacking closed-type wireless networks are considered: WEP, WPA, WPA2, WPA3. The shortcomings of each Wi-Fi security technology are indicated.
Keywords: Wi-Fi security technology, 802.11 standard, WEP, WPA, WPA2, WPA3, encryption protocols, Wi-Fi networks.
Wireless technologies in the field of receiving and transmitting information occupy an important place in the modern world. The complexity of laying wired communication lines contributed to the spread of wireless data transmission systems. The high level of threats leads to the need to look for their own methods of protection, allowing to systematically solve the problems of ensuring information security. Any information of financial, competitive, military or political value is threatened. An additional risk is the possibility of intercepting the management of information infrastructure objects.
Types of wireless networks of the 802.11 standard. The fastest growing segment of telecommunications is currently a wireless Wi-Fi network, which provides the reception / transmission of information using radio waves. The layer of the OSI model is physical (802.11 framing). The 802.11 standard defines three types of frames: management (Management frames), control (Control frames), data (Data frames). Each frame has a control field that specifies the 802.11 protocol version, frame type, indicators such as WPA enabled/disabled, power saving management. 802.11 frames carry protocols and data of higher levels of the OSI model inside the frame body. The frequency range is microwave. The 802.11n standard operates at frequencies of 2.412-2.484 GHz (14 receive / transmit channels 20 MHz wide each, channel speed - up to 600 Mbps), and the 802.11ac standard at 5 GHz (23 non-overlapping receive/transmit channels, 20 MHz wide each, channel speed up to 7000 Mbps). In order to increase the data transfer rate, the channel width can be increased: in the 2.4 GHz band - from 20 MHz to 40 MHz, in the 5 GHz band - from 20 MHz to 160 MHz. The modulation of the modern standard 802.11 —MU-MIMO (Multi User—Multiple Input Multiple Output) is built on the basis of multiple antennas (creates up to 4 information streams), which ensures a high data transfer rate. The 802.11 Beamforming technology provides directional radiation from the router to the subscriber, which increases the reception / transmission speed and partially protects the subscriber from interception of his traffic by an intruder.
Wi-Fi networks are divided into two types - open and closed. Open-type networks do not use security to connect to the device itself or use remote network access protection when user authentication is not performed on the device itself (when using a bridge or switch), but on a remote server [1]. Using the Nmap program (Network Mapper, packages are available for Linux,
INTERNATIONAL SCIENTIFIC AND TECHNICAL CONFERENCE "DIGITAL TECHNOLOGIES: PROBLEMS AND SOLUTIONS OF PRACTICAL IMPLEMENTATION IN THE SPHERES" APRIL 27-28, 2023
Windows and Mac OSX), the attacker will determine the network map, the state of the TCP and UDP ports of the victim. Change the MAC address for unauthorized network connection.
WEP wireless device protection technology. Closed-type Wi-Fi networks encrypt data packets in the information transmission channel using the following security technologies: WEP (Wired Equivalent Privacy), WPA and WPA2 (WiFi Protected Access). WEP traffic encryption with a 128-bit key (RC4 scheme) is provided by adding a 104-bit key (password), which is set by the administrator, and a 24-bit initialization vector (figure 1).
Fig. 1. WEP traffic encryption When intercepting frames, it is possible to compute an initialization vector. The 24-bit initialization vector is located in the frame after the MAC addresses.
The number of iteration options for calculating the initialization vector is 224. The decryption time of the key is directly proportional to the amount of intercepted information. The key is calculated by statistical analysis of the intercepted packets (several tens of thousands), while there is a similarity between the keys of different frames. Currently, it takes minutes to crack WEP. One of the main tools is the airodump-ng sniffer for collecting packets and the aircrakc-ng cracking utility (dictionary search). It is also possible to use the wesside-ng utility (using rainbow tables).
WPA wireless security technology. WPA (Wi-Fi Protected Access) is the second generation of Wi-Fi security technology. The password length is arbitrary in the range of 8 -63 bytes, which makes it very difficult to guess. WPA technology is the sum of: 802.1X standard (generates a basic key), EAP (Extensible Authentication Protocol), MIC (packet integrity check) and TKIP authentication protocol [2]. WPA is based on: TKIP (Temporal Key Integrity Protocol), encryption key size —128 bits, use of WEP key. The TKIP protocol uses a two -level system of initialization vectors (Fig. 2). For each new frame, the value of the lower initialization vector increases (as before in the WEP standard), while after passing through the loop, the value of the higher initialization vector increases and a new key is generated. When changing the key, the statistics database for hacking simply does not have time to accumulate. WPA differs from WEP in that it encrypts data on a per-client basis [3].
INTERNATIONAL SCIENTIFIC AND TECHNICAL CONFERENCE "DIGITAL TECHNOLOGIES: PROBLEMS AND SOLUTIONS OF PRACTICAL IMPLEMENTATION IN THE SPHERES" APRIL 27-28, 2023
Fig. 2. WPA traffic encryption
After user authentication and authorization, the so-called "handshake", a temporary key (PTK) is generated, which is used to encode the traffic of just one client. Therefore, even if an attacker has penetrated the network, he will be able to read the packets of other clients only when he intercepts their "handshakes" - each one individually.
Disadvantages of WPA: 1. In WPA, frame integrity is checked using the MIC (Message Integrity Check) system. If a false frame is received, the system discards it. The access point blocks all communications through itself for 60 seconds if a key guessing attack is detected. This feature is used by an attacker, sending false frames to the access point to block the network. 2. It is very difficult to decrypt the master key in WPA. However, there is a way to find out the MIC key (used for integrity checking) as well as the payload. To implement an attack, an attacker must know the MAC address of a client connected to a Wi-Fi network in order to further steal this address and spoof it on their device. The open source Nmap utility is used as a network analysis tool (Network Mapper packages are available for Linux, Windows and Mac OSX), and the Network Manager program can remap the required MAC addresses. 3. In WPA, there is WPS (Passwordless Access Point Connection) technology that allows wireless devices to easily access a Wi-Fi network, provided that they have physical access to the router. It also became the first exploited WPA vulnerability [4] An attacker, using the WPS enabled on the router, selects the WPS pin code using brute force. The PIN code consists of 8 digits (the number of password brute-force options is 108). The last digit is the checksum, which is calculated over the first seven digits, so the selection of the pin code is 107. However, there is a vulnerability in the protocol itself that allows splitting the pin code into 2, 4 and 3 parts, which are selected separately from each other. In this case, the selection of the pin code —104 (selection of four digits) and 103 (selection of three digits) is 11000 combinations.[1] An attacker using a password brute force method can obtain a WPS pin code, which will allow him to subsequently enter the victim's network.
WPA2 wireless security technology. Currently, for Wi-Fi networks, WPA2 security technology is relatively reliable. WPA2 uses a strong cryptographic encryption algorithm - AES (Advanced Encryption Standard). WPA2 fixes a key stream theft and spoofing vulnerability, and adds AES/CCMP with a completely new encryption algorithm based on AES256 with additional security and integrity checking. This technology can only be hacked with the help of brute force, which is protected by a monthly key change [5].
INTERNATIONAL SCIENTIFIC AND TECHNICAL CONFERENCE "DIGITAL TECHNOLOGIES: PROBLEMS AND SOLUTIONS OF PRACTICAL IMPLEMENTATION IN THE SPHERES" APRIL 27-28, 2023
Disadvantages of WPA2: 1. Drawbacks comply with WPA over WPS/QSS protocol. You can protect yourself by disabling WPS. 2. It is possible to intercept the handshake and select the key using the brute force method. The hacking method was called a key reinstallation attack, or KRACK for short. The attack can be implemented by influencing the four-way handshake of the WPA2 protocol [4]. An attacker connects to a secure network by verifying that he and the access point share the same BSSID. The attack is implemented as follows. The attacker intercepts the third handshake packet and relays it to the client. This causes the key to be reset and the nonce packet counter (random 32-byte numbers) to zero. The nonce counter is directly involved in the creation of the key stream, which is used to encrypt packets sent between the client and the router. As a result of the attack, the next packet sent by the client after reinstalling the key will be encrypted with the same key stream that was used to encrypt the first packet [5]. Next, packets are accumulated and the key is calculated by brute force.
Features of hacking in the case of WEP and WPS technologies. In the case of WEP technology, successful hacking requires accumulation of intercepted frames (accumulation of initialization vectors), while connection stability does not play a significant role, since a strict order of frame transmission between the attacker and the access point is not required. In the case of WPS technology, successful hacking requires strict adherence and sequence of packet transmission between the attacker and the access point in order to check each pin code during enumeration. If a packet is lost, the WPS connection must be re-established. In this regard, the success of brute force depends on the signal strength of the access point.
WPA3 wireless security technology. The WPA2 four-way handshake vulnerability is fixed in WPA3 through a SAE connection method known as Dragonfly (a technology aimed at protecting Wi-Fi networks from offline dictionary attacks). SAE (Simultaneous Authentication of Equals) technology is described in the IEEE 802.11s standard and is based on the Diffie-Hellman key exchange protocol using finite cyclic groups [6]. Under the SAE, two or more parties establish cryptographic keys based on knowledge of the password by one or more parties.
The resulting session key that each party receives to authenticate the connection is chosen based on information from the password, keys, and MAC addresses of both parties. Another innovation of WPA3 will be support for PMF (Protected Management Frames) to control traffic integrity [4]. Like WPA2, WPA3 has two modes of operation: WPA3-Personal and WPA3-Enterprise. WPA3-Personal provides single password login, which the client enters when connecting to the network. At the same time, the number of authentication attempts within a single handshake is limited. Also, the restriction will not allow picking up a password offline. Instead of a PSK key, WPA3 implements SAE technology. In WPA3-Enterprise, encryption is done with 192-bit keys. The authentication keys are stored on a separate RADIUS server.
A significant drawback of WPA3 is the use of WPS, QSS. The password protection bypass method, like in WPA and WPA2, does not depend on the complexity of the password for accessing the wireless network (up to 50 requests per second for connecting via WPS, while hacking requires 10,000 WPS password guessing attempts). Currently, wireless equipment manufacturers have limited the number of WPS password login attempts. If the number of connection attempts is exceeded, WPS access is automatically disabled for 1 hour. However, when using the Reaver utility (brute force), which detects WPS blocking by the access point and pauses in the search, and also recognizes attempts to disconnect the connection if the PIN code is entered incorrectly,
INTERNATIONAL SCIENTIFIC AND TECHNICAL CONFERENCE "DIGITAL TECHNOLOGIES: PROBLEMS AND SOLUTIONS OF PRACTICAL IMPLEMENTATION IN THE SPHERES" APRIL 27-28, 2023
hacking will be about seven days (the cycle time is about 104 requests). There is a threat to all Wi-Fi network security technologies - this is a kind of attack called the "evil twin". The essence of the attack is to copy the name of the SSID of the wireless network (an attacker creates a copy of a wireless access point with a stronger radiation signal than a real wireless network). Thus, the attacker replaces the original access point with a duplicate to which the user connects, opening the attacker the opportunity to access confidential information [7].
The analysis of Wi-Fi wireless network protection technology was carried out. As a result, we can conclude that today the most optimal Wi-Fi security technology is WPA3, which uses data transmission channel encryption based on 192-bit keys. However, the client is advised to disable the WPS/QSS functions when surfing the network, use VPN (virtual private network) when connecting to open wireless networks. In this case, all network traffic from the client to the VPN server will be encrypted. In addition, the user needs to watch for browser messages about encryption violations or inappropriate security certificates [7]. Compliance with the above recommendations will allow users of a wireless Wi-Fi network to solve the problem of ensuring information security. Conclusion
An analysis of the Wi-Fi wireless network protection technology was carried out. As a result, we can conclude that today the most optimal Wi-Fi security technology is WPA3, which uses data transmission channel encryption based on 192-bit keys. However, the client is advised to disable the WPS/QSS functions when surfing the network, use VPN (virtual private network) when connecting to open wireless networks. In this case, all network traffic from the client to the VPN server will be encrypted. In addition, the user needs to watch for browser messages about encryption violations or inappropriate security certificates [7]. Compliance with the above recommendations will allow users of a wireless Wi-Fi network to solve the problem of ensuring information security.
REFERENCES
1. С.К.Варлатая, О.С.Рогова, Анализ методов защиты беспроводной сети Wi-Fi от известных способов взлома злоумышленником// Молодой ученый, 2015, №№ 1(81), с. 3637.
2. Безопасность WPA3 //SPY-SOFT.NET: URL: https://spy-soft.net/wpa3/.
3. Л.Герасимов. WPA3. Смотрим, что нового в следующем стандарте безопасности Wi -Fi, изучаем прошлые //URL: https://xakep.ru/2018/10/26/wpa3/.
4. Wi-Fi сети: проникновение и защита// URL: https://habr.com/ru/post/224955/.
5. Об алгоритме взлома WPA-PSK// URL: https://habr.com/ru/post/122623/ .
6. Э. Таненбаум, Д. Уэзеролл. Компьютерные сети //Санкт-Петербург, 2012. — 960 с.
7. 7.Злой двойник // wikipedia: URL : https://ru.wikipedia.org/wiki/.
