- DoS Resilience of Wireless Access Points: An Empirical Study (2007)
- The IEEE 802.11 networks have a tremendous growth in the last years, but also now there is a rapid development of the wireless LAN technologies. High transmission rates, simple deployment and especially low costs make this network technology an efficient and cheap way to get access to the Internet. Fon is the world-wide greatest WIFI community and in January 2007 this community offers more than 11.000 access points in Germany and nearly 55.000 all over the world. However, this technology has also his shady sides. For example, it is possible for everyone to receive data from the wireless medium. So a protection against this open data traffic is a encryption mechanism called Wired Equivalent Privacy (WEP). The tragic end of theWired Equivalent Privacy (WEP) and the simplicity of various Denial-of-Service (DoS) attacks on the wireless medium have resulted in giving up the security at the logical-link layer and shifting it to upper layers (or in the best case leaving it within virtual private networks (VPNs)). Nevertheless, there is an enormous growth in using public access to the Internet via HotSpots in cafés, libraries, schools or at airports, train stops etc. Therefore, it is important for the Wireless Internet Service Provider (WISP) to make sure that anyone with a usual wireless device can connect to their access points. Offering this service to anybody makes giving a sufficient level of security very difficult. On the one hand it should be easy for everyone to use this access, on the other hand there is, in most cases, no security. A businessman is not very pleased about phishing his account data for a great enterprise or for his online office like the KIS at the University of Technology in Kaiserslautern. In most cases the WISPs use a simple web based authentication mechanism. By connecting to the WISPs services, the user is redirected to a webpage requesting his login data or credit card information. Therefore the user only needs a wireless LAN device and a webbrowser to authenticate. An attacker could sniff on the wireless medium to phish delicate data from a legal connected user or use DoS attacks as initial point for various other attacks. In most cases, this can be done with no or only small effort. On the other side, in some cases, the WISP has to do a hard reset on his wireless devices after a DoS attack. Therefore an analysis of access points is done in this work. So, the first part is to show how "‘new"’ access points react to flooding attacks and what mechanisms are used to protect them. The second part implements an attack using an anomaly of some access points that are discovered in the first part. And the last chapter deals with some information about using an Intrusion Detection System (IDS) to protect the devices against such attacks.
- Phishing in the Wireless: Implementation and Analysis (2006)
- Web-based authentication is a popular mechanism implemented by Wireless Internet Service Providers (WISPs) because it allows a simple registration and authentication of customers, while avoiding the high resource requirements of the new IEEE 802.11i security standard and the backward compatibility issues of legacy devices. In this work we demonstrate two different and novel attacks against web-based authentication. One attack exploits operational anomalies of low- and middle-priced devices in order to hijack wireless clients, while the other exploits an already known vulnerability within wired-networks, which in dynamic wireless environments turns out to be even harder to detect and protect against.