a proof of mitm vulnerability in public wlans guarded by
play

A Proof of MITM Vulnerability in Public WLANs Guarded by Captive - PowerPoint PPT Presentation

Feb 24, 2024 •110 likes •426 views

A Proof of MITM Vulnerability in Public WLANs Guarded by Captive Portal Author: Wei-Lin Chen Po-Kang Chen Quincy Wu Outline Introduction Motivation Related Works Authentication of Public WLAN Implementation &

  1. A Proof of MITM Vulnerability in Public WLANs Guarded by Captive Portal Author: Wei-Lin Chen Po-Kang Chen Quincy Wu

  2. Outline � Introduction � Motivation � Related Works � Authentication of Public WLAN � Implementation & Experiment result � Conclusion 2

  3. Introduction � A lot of public areas begin to provide the Wireless LAN for users, it is called Public WLAN (PWLAN). � PWLANs are usually provided by Wireless Internet Service Providers (WISPs) which manage the payment mechanism of PWLANs. 3

  4. Introduction � Nowadays it is easy to find PWLAN service in a coffee shop or a fast food restaurant, people enjoy this convenience to access Internet in these public places. � According the TWNIC (Taiwan Network Information Center) reports the sample survey on January 2010, the frequency of using the Internet service in public areas which becomes higher. 4

  5. Figure 1. January 2010 Taiwan Internet using frequency report 5 http://www.twnic.net.tw/download/200307/200307index.shtml

  6. Motivtion 6

  7. Motivation � More and more people are utilizing the PWLANs. � Traditionally, we rely WEP or WPA-PSK to protect our WLAN. � Readily available tools to crack the WEP or WPA-PSK secret keys . 7

  8. Motivation � Therefore, most PWLANs now use a new secure mechanism, called Captive Portal. � It was widely accepted by WISPs. 8

  9. Motivation Figure 2. Login webpage 9

  10. Motivation � A new standard IEEE 802.1X is proposed to replace the Captive Portal. � But the 802.1X standard is more complicated than Captive Portal, so 802.1X is not widely deployed in PWLANs. � We shall show that for PWLANs which are guarded by Captive Portal will be vulnerable to Man-In-The-Middle attacks, so that unauthenticated users can access Internet via the PWLANs. 10

  11. Related Work 11

  12. ARP (Address Resolution Protocol) � ARP To convert IP address to MAC address in order to communicate in Ethernet communications 12

  13. ARP (Address Resolution Protocol) � Broadcast ARP Request message to ask for the MAC address associated with the destination IP address � The host sends a unicast ARP Reply message to sender with the IP-MAC address pairing � Update the ARP cache after receiving ARP Reply 13

  14. ARP Spoof � The malicious user sends ARP Reply with fake IP-MAC pairing, in an attempt to spoof the ARP cache of other hosts on the network. � ARP Spoof can perform Man-In-The-Middle (MITM) attacks or Denial of Service (DoS) attacks. 14

  15. MITM � Before the network does not occur the MITM attack, the hosts has correct MAC address for both, they communicates with each other directly. � After the network occur the MITM attack, the dynamic IP-MAC pairing will be modified in ARP cache for both hosts. The attacker can receive the packet from one side host and forward it to other host. 15

  16. MITM Figure 3. MITM attack 16

  17. Authentication of Public WLAN 17

  18. Figure 4. PWLANs architecture 18

  19. Figure 5. Captive Portal process 19

  20. Implementation & Experiment result 20

  21. Implementation Figure 6. MITM in Captive Portal (1/2) 21

  22. Victim packets Attacker packets 22 Figure 7. MITM in Captive Portal (2/2)

  23. Implementation Data TCP/UDP : checksum TCP/UDP/ICMP IP IP : source IP address & checksum ETHERNET Figure 8. To modify of masquerade packet 23

  24. Experiment Result Eee PC 701 Lenovo X200 Remote FTP (victim) (attacker) server CPU Intel Celeron M Intel Core2 Intel Pentium processor Duo CPU Dual CPU 900MHz P8600 E2200 2.40GHz 2.20GHz Memory 512MB 4GB 2GB Operating Windows XP Windows 7 32- Ubuntu 9.10 System 32-bit bit TCP buffer 65,535 65,535 65,535 size (bytes) Table 1. Implementation spec. 24

  25. Figure 9. Implementation environment 25

  26. Figure 10. Download 10MB files 26 Figure 11. Download 20MB files

  27. Experiment & Result File size Average Download Speed Performance (Kbps) without relay with relay 10MB 241.55 234.06 97% 20MB 243.34 235.72 97% Table 2. Experiment result 27

  28. Conclusion 28

  29. Conclusion � We knew how ARP Spoof can be used to launch MTIM attack in PWLANs, the unauthenticated users can access Internet via the PWLANs. � We advise the WISPs can deploy the network devices that support the intrusion detection feature, or re-design the PWLANs architecture and authenticate users by 802.1X. 29

  30. Thank you for your listening 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( )

MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( )

Software and Web Security 2 MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( ) MitM attack: attacker gets between the browser and the web server, eg eg by setting up a wifi access point

345 views • 9 slides
Top 10 Vulnerabilities in past 5 years. #10 - DROWN Vulnerability in downgrading to SSLv2

Top 10 Vulnerabilities in past 5 years. #10 - DROWN Vulnerability in downgrading to SSLv2

Top 10 Vulnerabilities in past 5 years. #10 - DROWN Vulnerability in downgrading to SSLv2 Can break encryption of TLS in ~8 hours Requires MITM March 2016 #9 - POODLE Vulnerability in downgrading to SSLv3 Decipher cipher

419 views • 20 slides
MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation

MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation

Software and Web Security 2 MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation by Moxie Marlinspike; see URL on course page sws2 1 MitM (Man-in-the-Middle) attacks MitM attack: attacker

971 views • 38 slides
Network Selection for Public WLANS Farid Adrangi Intel Corp. Farooq Bari AT&T

Network Selection for Public WLANS Farid Adrangi Intel Corp. Farooq Bari AT&T

Network Selection for Public WLANS Farid Adrangi Intel Corp. Farooq Bari AT&T Wireless Background An increasing public WLAN deployment by WISP, 3G, and fixed broadband operators In roaming situations, a WLAN access network

146 views • 12 slides
Rewrite Semantics for Guarded Recursion in Type Theory Patrick Bahr IT University of Copenhagen

Rewrite Semantics for Guarded Recursion in Type Theory Patrick Bahr IT University of Copenhagen

Rewrite Semantics for Guarded Recursion in Type Theory Patrick Bahr IT University of Copenhagen joint work with Rasmus Mgelberg and Hans Bugge Grathwohl Overview Guarded Recursive Types Dependent Types Reduction Semantics 2 / 21 Guarded

488 views • 45 slides
Productive Coprogramming with Guarded Recursion Jeroen Slot en Ilse Pool First slide Last time

Productive Coprogramming with Guarded Recursion Jeroen Slot en Ilse Pool First slide Last time

Productive Coprogramming with Guarded Recursion Jeroen Slot en Ilse Pool First slide Last time we saw that corecursive functions have to be guarded. But guarded recur- sion does not always work, so we need something else, which we will be

783 views • 5 slides
Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides
MiTM Attack MiTM Attack Edri Guy Edri Guy May 29 ,2013 May 29 ,2013 PC-Labs May 29 2013

MiTM Attack MiTM Attack Edri Guy Edri Guy May 29 ,2013 May 29 ,2013 PC-Labs May 29 2013

MiTM Attack - Haifa-Sec MiTM Attack MiTM Attack Edri Guy Edri Guy May 29 ,2013 May 29 ,2013 PC-Labs May 29 2013 MiTM Attack - Haifa-Sec MiTM Attack - Haifa-Sec DISCLAIMER DISCLAIMER 1 The following discussion is for informational

552 views • 33 slides
SIP-Based Vertical Handoff Between WWANs and WLANs 1 WLAN-UMTS Interworking Architecture

SIP-Based Vertical Handoff Between WWANs and WLANs 1 WLAN-UMTS Interworking Architecture

SIP-Based Vertical Handoff Between WWANs and WLANs 1 WLAN-UMTS Interworking Architecture Loosely coupled integration architecture WWANs and WLANs are connected through the Internet, and each is an independent IP wireless access domain.

128 views • 11 slides
Recreating the NSA's MITM Attack 1 Why Should This Topic be Chosen? Goal 1: Understanding how

Recreating the NSA's MITM Attack 1 Why Should This Topic be Chosen? Goal 1: Understanding how

create your own exercise Christoph Schmidt, Team 1 Recreating the NSA's MITM Attack 1 Why Should This Topic be Chosen? Goal 1: Understanding how the NSA uses its access to the Backbone Goal 2: Understanding how MITM attacks can be done

1.02k views • 82 slides
The Clocks Are Ticking: No More Delays! Reduction Semantics for Type Theory with Guarded

The Clocks Are Ticking: No More Delays! Reduction Semantics for Type Theory with Guarded

The Clocks Are Ticking: No More Delays! Reduction Semantics for Type Theory with Guarded Recursion Patrick Bahr 1 Hans Bugge Grathwohl 2 Rasmus Mgelberg 1 1 IT University of Copenhagen 2 Aarhus University What is guarded recursion?

710 views • 48 slides
Wireless Communication Systems @CS.NCTU Lecture 9: MAC Protocols for WLANs Fine-Grained Channel

Wireless Communication Systems @CS.NCTU Lecture 9: MAC Protocols for WLANs Fine-Grained Channel

Wireless Communication Systems @CS.NCTU Lecture 9: MAC Protocols for WLANs Fine-Grained Channel Access in Wireless LAN (SIGCOMM10) Instructor: Kate Ching-Ju Lin ( ) 1 Physical-Layer Data Rate PHY layer data rate in WLANs is

791 views • 21 slides
Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a significant shock that brings welfare below a socially accepted level (Khl, 2003) Vulnerability increases when there is uncertainty with respect to

529 views • 21 slides
Contents What is vulnerability? Why conduct vulnerability assessments? Defining

Contents What is vulnerability? Why conduct vulnerability assessments? Defining

6/19/2015 Vulnerability and Capacity Assessment Index (VCAI) for Climate Change Adaptation SVRK Prabhakar USAID ADAPT Asia-Pacific Presented at NABARD Training Workshop, Mumbai on 18 June 2015 Contents What is vulnerability? Why

705 views • 21 slides
Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Analysis and Food Aid W orking Group Chaired by W FP/ VAM Unit Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1 Overview 1 . Methodology of the VA 2 0 0 4 2 . Highlights of

703 views • 28 slides
Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and migration systems Purpose Intended to guide & inform frontline workers & decision makers on the relevance of vulnerability factors to

507 views • 19 slides
Chapter 5: The Data Link Layer Chapter 5 Link Layer and LANs Our goals: understand

Chapter 5: The Data Link Layer Chapter 5 Link Layer and LANs Our goals: understand

Chapter 5: The Data Link Layer Chapter 5 Link Layer and LANs Our goals: understand principles behind data link layer services: error detection, correction sharing a broadcast channel: multiple access link layer addressing link

591 views • 18 slides
Computer Networks - Xarxes de Computadors Outline Course Syllabus Unit 1: Introduction Unit 2.

Computer Networks - Xarxes de Computadors Outline Course Syllabus Unit 1: Introduction Unit 2.

Grau en enginyeria informtica - Xarxes de Computadors (XC-grau) Computer Networks - Xarxes de Computadors Outline Course Syllabus Unit 1: Introduction Unit 2. IP Networks Unit 3. TCP Unit 4. LANs Unit 5. Network applications 1 Lloren

1.11k views • 64 slides
freeRTOS & lwIP for ZYNQ (and Zedboard) Dr. Heinz Rongen Forschungszentrum Jlich GmbH

freeRTOS & lwIP for ZYNQ (and Zedboard) Dr. Heinz Rongen Forschungszentrum Jlich GmbH

freeRTOS & lwIP for ZYNQ (and Zedboard) Dr. Heinz Rongen Forschungszentrum Jlich GmbH Zentralinstitut Systeme der Elektronik (ZEA-2) H.Rongen@fz-juelich.de Controller (The small ones ) - Single Chip Solutions / Applications -

715 views • 34 slides
Computer Communication Networks Link ICEN/ICSI 416 Fall 2017 Prof. Dola Saha 1 Link layer

Computer Communication Networks Link ICEN/ICSI 416 Fall 2017 Prof. Dola Saha 1 Link layer

Computer Communication Networks Link ICEN/ICSI 416 Fall 2017 Prof. Dola Saha 1 Link layer and LANs our goals: understand principles behind link layer services: error detection, correction sharing a broadcast channel: multiple

1.06k views • 89 slides
Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7

Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7

Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7 R3 H8 Network 4 (point-to-point) R1 R2 Kameswari Chebrolu H4 Network 3 (FDDI) Router Dept. of Electrical Engineering, IIT Kanpur H6 H5

543 views • 4 slides
CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens

CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens

CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu

578 views • 55 slides
Agenda Introduction to ARP ARP functionality Proxy ARP RARP Applied

Agenda Introduction to ARP ARP functionality Proxy ARP RARP Applied

1/13 ARP: Address Resolution Protocol Surasak Sanguanpong nguan@ku.ac.th http://www.cpe.ku.ac.th/~nguan Last updated: July 3, 2002 Applied Network Research Group Department of Computer Engineering, Kasetsart

510 views • 7 slides
Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9 ISO/OSI+DoD model wireshark +4fd9 T opics for our workshop Network layer models Ethernet, WiFi Layer3: ARP, ICMP, IPv4, IPv6 Layer4:

812 views • 44 slides

More recommend