rp2 availability analysis of surfwireless
play

RP2 - Availability analysis of SURFwireless Kasper van Brakel July - PowerPoint PPT Presentation

Apr 08, 2024 •177 likes •426 views

RP2 - Availability analysis of SURFwireless Kasper van Brakel July 4th, 2019 Introduction SURFwireless: Wi-Fi-as-a-Service since 2016 Aerohive, Hivemanager Investigate potential attacks that threaten the availability for clients of

  1. RP2 - Availability analysis of SURFwireless Kasper van Brakel July 4th, 2019

  2. Introduction SURFwireless: Wi-Fi-as-a-Service since 2016 ● Aerohive, Hivemanager ● Investigate potential attacks that threaten the availability for clients of SURFwireless ● 2

  3. Research questions How can SURFnet detect that the availability of the SURFwireless service is under threat and ● determine its impact? Sub-questions: ○ Which common attacks on 802.11 networks can be used to threaten the availability of SURFwireless? ○ What impact can these attack cause on the wireless clients of SURFwireless? ○ What measures can SURFnet take to defend SURFwireless against attacks on availability? 3

  4. Scope Potential attacks must be applicable on 802.11 with WPA2-Enterprise ● The general security of eduroam is out of scope, only investigating attacks on availability ● Only detection and prevention methods of the attacks that can be configured from the ● Hivemanager were investigated 4

  5. Related work Type of DoS attacks (Bicakci et al.): ● Radio Frequency(RF) jamming ○ MAC layer attacks ○ Above MAC layer attacks (protocol based i.e. ARP, ICMP, TCP ) ○ MAC layer Denial-of-Service(DoS) attacks: ● Deauthentication attack (Bellardo et al.) ○ Channel Switch attack (Könings et al.) ○ Quiet attack (Könings et al.) ○ 5

  6. Experiments Parameters: iPerf3 and ping ● Experiments performed 30 times for 60 seconds ● Scapy ● Experiments: Basetest ● Deauthentication attack ● Channel Switch attack ● Quiet attack ● Figure 4: Testbed setup 6

  7. Deauthentication attack Abuses deauth frames ● Figure 1: Generic Deauthentication frame. Source: 802.11 Wireless Networks: The Definitive Guide, Oreilly 7

  8. Channel Switch attack Abuses 802.11h amendment ● Transmitted in Beacon, Probe response or action frame ● Figure 2: Generic Channel Switch element. Source: 802.11 Wireless Networks: The Definitive Guide, Oreilly 8

  9. Quiet attack 802.11h amendment ● Transmitted in Beacons, Probe response ● Depending on driver implementation clients can be silenced for up to 65535 Time Units ● Figure 3: Quiet element. Source: 802.11 Wireless Networks: The Definitive Guide, Oreilly 9

  10. 10

  11. 11

  12. 12

  13. 13

  14. 14

  15. 15

  16. Vulnerable devices Vulnerable against Deauthentication and Channel Switch attack ● Device 802.11 chip OS Dell XPS 13 Intel 6235-N Linux mint 2019.1 Macbook pro Airport card MacOS 10.14.5 (2017) Samsung S10 Broadcom Android 9 One Plus 6T Qualcomm Android 9 16

  17. DoS Detection Alarm Threshold Alarm Threshold Type Client (frames per SSID (frames per minute) minute) Detection Probe Request 1200 12000 Probe Response 2400 24000 DoS protection by Aerohive ● (Re) Association 600 6000 Request Only deauthentication attack was ● detected Association 240 2400 Disassociation 120 1200 Authentication 600 6000 Deauthentication 120 1200 EAP Over LAN 600 6000 (EAPol) Table 1: Overview of default threshold values Hivemanager. 17

  18. Detection Formula: ● Attack frame rate Clients 0.1 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 6.5 7 7.5 1 600 120 60 40 30 24 20 17.1 15 13.3 12 10.9 10 9.2 8.6 8 10 6000 1200 600 400 300 240 200 171 150 133 12 109 100 92 86 80 0 Table 2: Overview of threshold values for Hivemanager per investigated attack frame rate. 18

  19. Code: Action type: 0 Spectrum management 1 QoS Prevention 2 DLS 3 Block Ack 802.11w protects: ● Robust action frames ○ 5 Radio Deauthentication frames ○ Dissasociation frames ○ 6 Fast BSS Transition Channel switch and Quiet attack can both abuse ● beacon and probe response frames ← not protected 8 SA Query 9 Protected Dual of Public Action 126 Vendor-specific Protected Table 3: Overview of robust action frames from 802.11 19 specification Source

  20. Discussion SSID threshold not variable based on client count ● Quiet attack may potentially work on other devices ● More sophisticated detection methods to determine MAC address spoofing based attacks i.e. by ● sequence number exists (Guo et al). Source For 802.11w protection both client and AP must support it ● Attacks were conducted on a single access point environment ● 20

  21. Conclusion Deauthentication attack and Channel Switch attack both succeeded ● Impact on the wireless clients depend on used attack frame rate ● Only the deauthentication attack was detected by Aerohive WiPs ● 802.11w protects against deauthentication attack, channel switch and quiet attack remain ● unaddressed 21

  22. Future work Locate attacker, combining 802.11-based positioning and frame thresholds per AP ● Investigate other relevant attacks that potentially threaten the availability of SURFwireless and ● determine the threshold value for Aerohive WiPs. Investigate the possibility to extend the current 802.11w amendment to support all frames if client ● is authenticated. 22

  23. Questions? 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

improving the power efficiency of surfwireless Jeroen van Leur December 22, 2016 System and

improving the power efficiency of surfwireless Jeroen van Leur December 22, 2016 System and

improving the power efficiency of surfwireless Jeroen van Leur December 22, 2016 System and Network Engineering - UvA surfwireless Distributed service, Managed Centrally SURFnet ensures Wireless Connectivity Interconnected with

575 views • 20 slides
for High Availability Martin Thompson - @mjpt777 What Is High Availability ?

for High Availability Martin Thompson - @mjpt777 What Is High Availability ?

Event Sourced Architectures for High Availability Martin Thompson - @mjpt777 What Is High Availability ? Availability refers to ability of the user community to access a system not about Uptime! By High availability we

814 views • 19 slides
High availability and analysis of PostgreSQL Sergey Kalinin 18-19 of April 2012, dCache

High availability and analysis of PostgreSQL Sergey Kalinin 18-19 of April 2012, dCache

High availability and analysis of PostgreSQL Sergey Kalinin 18-19 of April 2012, dCache Workshop, Zeuthen Tuesday, April 17, 12 Content There is a lot you can do with PG. This talk concentrates on backup, high availability and how to

489 views • 24 slides
Availability Knob Flexible User-Defined Availability in the Cloud Mohammad Shahrad and David

Availability Knob Flexible User-Defined Availability in the Cloud Mohammad Shahrad and David

Availability Knob Flexible User-Defined Availability in the Cloud Mohammad Shahrad and David Wentzlaff October 5, 2016 IaaS Providers and Availability Guarantees One thing in common: Fixed 99.95% availability! 2 Whats wrong with fixed

631 views • 31 slides
DFTCalc: A tool for Advanced Reliablity, Availability, Maintenance and Safety analysis. Enno

DFTCalc: A tool for Advanced Reliablity, Availability, Maintenance and Safety analysis. Enno

DFTCalc: A tool for Advanced Reliablity, Availability, Maintenance and Safety analysis. Enno Ruijters, University of Twente Supervisor: Marielle Stoelinga 28/01/16 1 Reliability of critical systems System failures can be catastrophic

504 views • 38 slides
Extending CSP with tests for availability Gavin Lowe Extending CSP with tests for availability

Extending CSP with tests for availability Gavin Lowe Extending CSP with tests for availability

Extending CSP with tests for availability 01 Extending CSP with tests for availability Gavin Lowe Extending CSP with tests for availability 02 Testing for availability Many languages for message-passing concurrency allow programs to test

541 views • 19 slides
Availability Enhancement and Analysis for Mixed-Criticality Systems on Multi-core Roberto MEDINA,

Availability Enhancement and Analysis for Mixed-Criticality Systems on Multi-core Roberto MEDINA,

Availability Enhancement and Analysis for Mixed-Criticality Systems on Multi-core Roberto MEDINA, Etienne BORDE, Laurent PAUTET Design, Automation & Test Europe March 22nd 2018 Overview Research and Industrial Context 1

227 views • 21 slides
Pac-Man Card Status Michael Mulhearn Seth Hillbrand Availability Hillbrand Availability:

Pac-Man Card Status Michael Mulhearn Seth Hillbrand Availability Hillbrand Availability:

Pac-Man Card Status Michael Mulhearn Seth Hillbrand Availability Hillbrand Availability: Our project was trumped by Tony Tyson for the last 1.5 weeks proposal work with a fixed deadline. We dropped to zero percent. Expect to

553 views • 7 slides
Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Plan & Deploy Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline Lead - RDC Planning & Deploy Data Protection & Availability Industry Typical Data Retention Requirements Patient

662 views • 9 slides
Microsoft Azure and SUSE High Availability TUT1134 When Availability Matters Mark Gonnelly

Microsoft Azure and SUSE High Availability TUT1134 When Availability Matters Mark Gonnelly

Microsoft Azure and SUSE High Availability TUT1134 When Availability Matters Mark Gonnelly Stephen Mogg Senior Consultant Technical Strategist for SAP and Public Cloud About This Session What to Expect: - HA concepts - SUSE Cluster

1k views • 39 slides
Chapter 4: Implementing High Availability and Redundancy in a Campus Network CCNP-RS SWITCH

Chapter 4: Implementing High Availability and Redundancy in a Campus Network CCNP-RS SWITCH

Chapter 4: Implementing High Availability and Redundancy in a Campus Network CCNP-RS SWITCH Ali Aydemir Chapter 4 Objectives Understand high availability. Implement high availability. Describe high availability monitoring

1.54k views • 118 slides
High Availability with the openais project Prepared by: Steven Dake 7/12/05 Agenda Service

High Availability with the openais project Prepared by: Steven Dake 7/12/05 Agenda Service

High Availability with the openais project Prepared by: Steven Dake 7/12/05 Agenda Service Availability Forum Reliability and Availability Application Interface Specification Service Availability Forum Mission The Service

256 views • 24 slides
AutoASAP AutoASAP Features AutoAsap Entities Availability & Availability &

AutoASAP AutoASAP Features AutoAsap Entities Availability & Availability &

ASAP & AutoASAP Overview Architecture AutoASAP AutoASAP Features AutoAsap Entities Availability & Availability & Availability & More Info Performance Monitor Performance Monitor Performance Monitor Other TANDsoft

948 views • 81 slides
High Availability and Automatic Failover in PostgreSQL Using Open Source Solutions Avinash

High Availability and Automatic Failover in PostgreSQL Using Open Source Solutions Avinash

High Availability and Automatic Failover in PostgreSQL Using Open Source Solutions Avinash Vallarapu Percona What is High Availability ? High Availability in our routine database life is: An always-on mechanism Avoid data loss

377 views • 21 slides
Availability with Veeam Cornel Popescu Systems Engineer Veeam IBS Compass Sofia, 22 nd

Availability with Veeam Cornel Popescu Systems Engineer Veeam IBS Compass Sofia, 22 nd

Availability with Veeam Cornel Popescu Systems Engineer Veeam IBS Compass Sofia, 22 nd November 2016 Agenda Veeam Availability Suite v9.5 whats new? Veeam Agents for Linux & Windows Veeam Availability Orchestrator

663 views • 40 slides
MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability

MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability

MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability Clustering & disasters Geographical Redundancy power failures network failures Clustering Technologies hardware failures software failures

593 views • 47 slides
INTERIM SUPERINTENDENTS REVISED PROPOSED BUDGET BUDGET WORK SESSION APRIL 21, 2020 New Bu

INTERIM SUPERINTENDENTS REVISED PROPOSED BUDGET BUDGET WORK SESSION APRIL 21, 2020 New Bu

INTERIM SUPERINTENDENTS REVISED PROPOSED BUDGET BUDGET WORK SESSION APRIL 21, 2020 New Bu Budget O t Outloo ook 2 Revised: FY 2021 Budget Based on What We Know Right Now Amount ($ in millions) Total Expenditure Needs $725.8

338 views • 30 slides
Reward Platform for Healthy Activities Alessio Signorini Chief T echnology Officer REWARD

Reward Platform for Healthy Activities Alessio Signorini Chief T echnology Officer REWARD

Reward Platform for Healthy Activities Alessio Signorini Chief T echnology Officer REWARD PLATFORM FOR HEALTH 25,000 pts = $25 Connect Apps Statistics / Insights Redeem you already use Cash / Rewards in Dashboard Alessio Signorini

409 views • 17 slides
O L D M I N T R E S T O R A T I O N P R O J E C T o l d m i n t r e s t o r a t i o n p r o

O L D M I N T R E S T O R A T I O N P R O J E C T o l d m i n t r e s t o r a t i o n p r o

O L D M I N T R E S T O R A T I O N P R O J E C T o l d m i n t r e s t o r a t i o n p r o j e c t Background Near-term Activation Long-term Renovation and Reuse o l d m i n t b a c k g r o u n d Constructed between 1869-1874;

362 views • 10 slides
www.dransfield.com.au 1 80% of lenders said they would lend to serviced apartments (2011

www.dransfield.com.au 1 80% of lenders said they would lend to serviced apartments (2011

Experience includes acting as principals and advisors for a wide range of hotel and resort assets > City hotels and regional assets > Single and multi-site operations > Backpacker to 5 Star Wide range of complimentary specialist

366 views • 32 slides
Final Presentation Financial Management for Millenials December 12, 2019 Team Romeo Lauren de

Final Presentation Financial Management for Millenials December 12, 2019 Team Romeo Lauren de

Final Presentation Financial Management for Millenials December 12, 2019 Team Romeo Lauren de Luna Abhijeet Saxena Meenal Jakatdar Team Romeo | Common Cents Problem Motivation Team Romeo | Common Cents Problem motivation Nearly half of

574 views • 40 slides
! e d a r G h t 5 o t e m o c l e W Leawood Elementary School 2019-2020 A

! e d a r G h t 5 o t e m o c l e W Leawood Elementary School 2019-2020 A

! e d a r G h t 5 o t e m o c l e W Leawood Elementary School 2019-2020 A Message From Your PTO Miss Teddy 8:35-8:45 Morning Rally 8:45-9:10 Morning Meeting 9:10-9:30 Interactive Notebooks 9:30-10:00 Math WIN

437 views • 26 slides
Hotel Splendide Royal Lugano, Switzerland Giuseppe Rossi General Manager LUGANO, SWITZERLAND

Hotel Splendide Royal Lugano, Switzerland Giuseppe Rossi General Manager LUGANO, SWITZERLAND

Hotel Splendide Royal Lugano, Switzerland Giuseppe Rossi General Manager LUGANO, SWITZERLAND Lugano lays in the middle of the Northern Italian Lakes Region and is Switzerlands third largest financial centre LUGANO, MEDITERRANEAN SPIRIT

467 views • 42 slides
2019-2020 505 Volleyball Academy/DCVA Parent Meeting THE FIELD HOUSE 4101 PASEO DEL NORTE

2019-2020 505 Volleyball Academy/DCVA Parent Meeting THE FIELD HOUSE 4101 PASEO DEL NORTE

2019-2020 505 Volleyball Academy/DCVA Parent Meeting THE FIELD HOUSE 4101 PASEO DEL NORTE WWW.505VOLLEYBALL.COM Introductions, Club History & Philosophy Coaching Philosophy, Coaches, Club Handbook 505 VBA Parent Teams (National,

686 views • 32 slides

More recommend