Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: The International Workshop on Socio-Technical Aspects in Security
Guest editors: Thomas Groß and Luca Viganò
Article type: Research Article
Authors: Chatzisofroniou, George | Kotzanikolaou, Panayiotis; *
Affiliations: SecLab, Department of Informatics, University of Piraeus, Greece
Correspondence: [*] Corresponding author. E-mail: [email protected].
Note: [1] This paper is an extended and revised version of a paper presented at the International Workshop on Socio-Technical Aspects in Security [16].
Abstract: Association attacks aim to manipulate WiFi clients into associating with a malicious access point, by exploiting protocol vulnerabilities and usability features implemented on the network managers of modern operating systems. In this paper we classify association attacks based on the network manager features that each attack exploits. To validate their current validity status, we implement and test all known association attacks against the network managers of popular operating systems, by using our Wifiphisher tool. We analyze various strategies that may be implemented by an adversary in order to increase the success rate of association attacks. Furthermore, we examine the behavior of association attacks against upcoming security protocols and certifications for IEEE 802.11, such as WPA3, Wi-Fi Enhanced Open and Easy Connect. Our results show that even though the network managers have hampered the effectiveness of some known attacks (e.g. KARMA), other techniques (e.g. Known Beacons) are still active threats. More importantly, our results show that even the newer security protocols leave room for association attacks. Finally, we describe novel detection and prevention techniques for association attacks, as well as security controls based on user awareness.
Keywords: IEEE 802.11, WiFi security, association attacks, WPA2, WPA3, WiFi Enhanced Open, WiFi Easy Connect
DOI: 10.3233/JCS-210036
Journal: Journal of Computer Security, vol. 30, no. 3, pp. 357-380, 2022
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]