KRACK

Wi-Fi Protected Access (WPA) and WPA2 are defined in the 802.11i amendment to the 802.11 standard with the intended purpose of replacing the fundamentally unsecure Wired Equivalent Privacy (WEP) protocol for providing confidentiality, integrity, and authentication on a Wi-Fi network. WPA was intended to be used as a software-based stopgap for existing wireless hardware that werent capable of supporting the much stronger WPA2 protocol. It uses the Temporal Key Integrity Protocol (TKIP), which, like WEP, uses the Rivest Cipher 4 (RC4) cipher for encryption, but with enhancements that address many of the shortcomings of WEP (Adnan, et al., 2015). Unfortunately, TKIP uses the Michael algorithm for protecting data integrity, which has been proven fundamentally flawed and unsecure (Wool, 2004). WPA2 uses the much stronger Counter Mode CBC-MAC Protocol (CCMP), which uses the Advanced Encryption Standard (AES) cipher for data encryption and its cipher block chaining message authentication code (CBC-MAC) mode for data integrity (Adnan, et al., 2015). WPA2 is the recommended and most widely used protocol today.

In October 2017, Mathy Vanhoef published his research paper on a group of related vulnerabilities he discovered in the WPA2 standard, collectively called Key Reinstallation Attacks (KRACK). At its core, KRACK forces the reuse of a nonce that is used to produce the initialization vector (IV). The encryption algorithm uses the IV and encryption key as inputs to produce the keystream, which is used to convert plaintext into ciphertext. Its crucial that the IV doesnt repeat for the same encryption key, otherwise, the same keystream will be used to produce multiple ciphertext messages. This may allow an adversary to perform cryptanalysis using the ciphertext messages to derive the keystream, which in turn can be used to decrypt messages. Whats more, the nonce is also used as a replay counter, opening up clients to replay attacks (Vanhoef & Piessens, 2017).

One of the attacks described by KRACK exploits the 4-way handshake of the WPA2 protocol. The 4-way handshake is used to establish the session key that is used to protect the unicast traffic between the wireless client and access point (AP). It occurs after the client has authenticated and associated with the access point and can be described as follows:

Step 1) The AP sends its nonce (ANonce) and replay counter to the wireless client. The client is able to use this ANonce, along with its own nonce, the master key (e.g., pre-shared password in a personal Wi-Fi network), its MAC address, and the APs MAC address to generate the session key.

Step 2) The wireless client sends its nonce (SNonce) and replay counter to the AP. The AP now has everything it needs to generate the same session key. The AP now generates the group key. This will be used to protect broadcast and multicast traffic for the Wi-Fi network.

Step 3) The AP sends the group key and incremented replay counter the wireless client.

Step 4) The wireless client sends the final message to the AP, acknowledging it has received the group key. The client then proceeds to install the session and group keys. At this point, the client may begin sending encrypted unicast traffic. Upon receiving message 4 from the client, the AP also installs the session and group keys, and can begin communicating with the client using these keys.

Its important to note that once the client has sent message 4 (see Step 4 above), it installs the session and group keys, then sets the nonce used for the IV and replay counter to 0. For each encrypted message sent, the client increments this nonce by 1, which should ensure that the same IV is never used more than once for a given session key. This is of paramount importance to the overall effectiveness of the encryption algorithm.

Wireless communications are prone to environmental interference, so the WPA2 standard mandates that the AP retransmit message 3 (see Step 3 above) if it hasnt received message 4 from the client. Furthermore, it mandates that the client accept retransmissions of message 3 by reinstalling the session and group keys and resetting the nonce value to 0. This flaw in the protocol is exploited by KRACK.

As a prerequisite, the adversary needs to place himself between the targeted client and access point. He does this by setting up a rogue access point to serve as a man-in-the-middle (MITM). Because the MAC addresses of the client and AP are used to generate the session key, this rogue AP must also clone these MAC addresses. This requires the rogue AP to operate on a channel different from what the targeted AP is using, as well as trick the targeted client into communicating over this new channel. With the MITM in place, the attack on the 4-way handshake can be described as follows:

Step 1) The client sends message 4 to the MITM. In turn, the MITM does not forward message 4 to the AP.

Step 2) This causes the AP to retransmit message 3 to the MITM, thinking its previous attempt had failed. The MITM forwards message 3 to the client. The client reinstalls the same session key and resets the nonce used in the IV and replay counter to 0. The client begins sending encrypted messages, which reuse one or more IVs for the same session key.

Step 3) The client sends message 4 to the MITM. The MITM forwards message 4 to the AP this time. The AP installs the session and group keys per usual.

Step 4) The MITM can now use ciphertext messages that were generated using the same IV and session key to derive the keystream, which it can use to decrypt messages sharing that same IV and session key. The MITM can also conduct replay attacks against the client.

This attack is implementation dependent, however. For example, Windows and iOS deviate from the WPA2 standard by ignoring retransmissions of message 3. Mac OS X and OpenBSD accept retransmissions of message 3, but only if it has been encrypted by the session key. Certain network interface cards also ignore these retransmissions. Nevertheless, KRACK can work around these limitations and all implementations are still vulnerable to an attack on the group key, which is used by all clients and the AP to protect broadcast and multicast traffic on the Wi-Fi network. Worse still, versions 2.4 and 2.5 of the wpa_supplicant, which serves as the WPA/WPA2 implementation in some distributions of Linux, contain a bug that resets the session key to all zeros upon receiving message 3 again. Android 6.0 also contains this bug. This means cryptanalysis is not needed, as the keystream is already known and can be used to decrypt every package sent by these clients. KRACK also exploits PeerKey and Fast BSS Transition to attack the AP (Vanhoef & Piessens, 2017).

Vanhoef suggests two solutions to KRACK. First, clients should not reset the nonce value when reinstalling the same session key. Better still, clients should simply ignore retransmissions of message 3, but still reply with message 4. The other solution is for WPA2 to switch to an encryption system that is resistant to nonce reuse. The former will require vendors to patch their firmware/software (Vanhoef & Piessens, 2017). The latter will require an amendment to the 802.11 standard.

Jamming

Jamming in wireless networks is defined as the disruption of existing wireless communications by decreasing the signal-to-noise ratio at receiver sides through the transmission of interfering wireless signals. (Grover, 2014). In the article, Jamming and Anti-jamming Techniques in Wireless Networks: A Survey, Kanika Grover explains what jamming is and does to wireless networks. The article describes several techniques and processes that attackers use to jam Wifi networks as well as a brief overview of some examples. Two main aspects of jamming techniques are the different types of jammers that are used to disrupt the network along with the placement of these jammers.

Jammers can jam the wireless network in various different ways. The effectiveness of a jammer depends on the strength of the radio transmission power. In addition to the transmission power, the location and the influence on the network also has a direct relationship to the effectiveness of the jammer. There are two different categories to attacks that jam the wireless network, resulting in a Denial of Service attack. By simply causing interferences to a Wifi network, an attacker can completely disrupt the normal operation of the communication channel in the Wifi network. Until the communication channel is used, reactive jamming only passively monitors the communication channel. Active or proactive jamming keeps the channel busy and blocked at all times.

In the proactive/active jamming method, packets are sent over the wifi channel that the jammer is operating on. This results in all the other nodes falling off the network and no longer being operational over that channel. Some examples are constant, deceptive, and random jammers. The main difference between deceptive and constant jammers is deceptive jammers continuously emits regular packets instead of random bits like the constant jammer. Deceptive jammers are also more difficult to detect. Random jammers go through a sleep or active phase which could be a fixed or random times and can transmit random bits or regular packets to disrupt service continuity.

Reactive jamming is started when there is transmission activity over the networks and works on compromising the reception of data that is being sent. Interleaving jamming is a form of reactive jamming. The article Interleaving Jamming in WiFi Networks, written by Triet D. Vo-Huu defines interleaving jamming as a multi-carrier jamming strategy that generates

interference on data subcarriers i, i + 3, i + 6, . . . , i + 3(n ? 1), where i is any starting data subcarrier, and n is the number of subcarriers targeted for jamming.

Its found that by exploiting the interleaving design determined by the IEEE 802.11 standard, a proficient jamming methodology can be conceived to totally obstruct the WiFi correspondence connect with ease. As indicated by the IEEE 802.11 standard, after the Physical Layer outline payload is encoded the convolutional encoder, the coded bit grouping is interleaved. The interleaving procedure helps disperse the burst mistakes that may occur amid the flag engendering, in this way permitting the convolutional decoder at the collector to remedy the scattered mistakes.

Recently, due to demand, popularity, and convenience, IEEE 802.11a/g wireless local area (WLAN) has showed up in an extraordinary number of devices, from tablets, individual media players, personal computers, and even to mobile devices. With the growing demand through the recent years, many devices now have the capability to access the WiFi network. As a result, this has increased the need for higher throughput in WLAN. As Zhen-dong Zhang stated in his article, Low-Complexity Hardware Interleaver/Deinterleaver for IEEE 802.11a/g/n WLAN, The latest established IEEE 802.11n WLAN employs multiple-input multiple-output (MIMO) orthogonal frequency-division multiplexing (OFDM) transmission technique to enable high-throughput communication for up to 600 Mb/s. Nonetheless, it additionally builds the computational and the equipment complexities enormously, contrasted to the first 802.11a/g standard.

The interleaving jamming strategy misused the IEEE 802.11 interleaving method. This provides the opportunity to present burst errors to the WiFi receivers convolutional decoder. By impacting the WiFi link performance, the interleaving strategy can destroy beyond 95% of the transmitted data packets even though the jamming power is 0.1% of the transmitted power. Interleaving jamming saves power. When compared with other strategies, the same jamming impact would usually require at least 5 dB to around 15 dB more power (Vo-Huu, 2016).

AuthRF and AssRF

Authentication request flooding (AuthRF) and Association request flooding (AssRF) are considered denial of service attacks. AuthRF floods access points with illegitimate requests. These illegitimate requests consume the available resources of the access point and force it to deny legitimate request. AssRF floods the access points and forces them out of service. AuthRF and AssRF are not vendor specific; all access points are vulnerable to these attacks. AuthRF and AssRF attacks affect both transmission control protocol (TCP) and user datagram protocol (UDM). AuthRF and AssRF attacks negatively affect both TCP and downstream UDP traffic. AuthRF and AssRF attacks have the ability to stop TCP and downstream UDP traffic. Upstream UDP traffic is resistant to the AuthRF and AssRF attacks even under high attack rates.

The access point receives each illegitimate authentication request or disassociation request multiple times. The access point will send response frames to the hackers wireless station. The hackers wireless station does not send acknowledgment frames back to the access point. The access point will consider the transmissions as failed. The access point will continue to send response frames to the hackers wireless station, but no data frames are being transmitted. During an attack, the access point is flooded with illegitimate request. Since the hackers wireless station does not provide an acknowledgement to the access point, the access point will continue to send responses to the hackers wireless station thereby overloading the access point.

The constant sending of response frames by the access point does not allow for the transmission of data frames and creates the denial of service attack. Denial of service attacks only last for the duration of the attack, no further damage is noted after the attack has stopped (Liu, Yu, & Brewster, 2010).

Deauthentication flooding and disassociation flooding are two additional types of denial of service attacks against the wireless local area network (WLAN). Deauthentication attacks occur when an attacker sends a deauthentication frame to the access point and includes a spoofed address for the victim. This causes victim to lose connection with the access point. Disassociation attacks work similarly to deauthentication attacks except a disassociation frame is sent instead of a deauthentication frame. Encryption keys such as WEP, TKIP, and AES provide no protection against denial of service attacks. Encryption can only protect against crypto attacks to the WLAN. Only one percent of the available physical bandwidth is required to carry out a denial of service attack (Liu & Yu, 2007). Voice over Internet Protocol (VoIP) is also susceptible to denial of service attacks. VoIP is susceptible to AuthRF and AssRF denial of service attacks the same way TCP and UDP traffic is susceptible to denial of service attacks.

There are five techniques to resolve AuthRF and AssRF denial of service attacks. The first technique is request authentication. Request authentication allows the access point to validate incoming authentication and association requests. The access point will discard any request that determined to be illegitimate. Request authentication techniques include media access control (MAC) address filtering, random bit authentication, message integrity checks, and sequence numbers. The second technique is reduction of duplicate request. Many denial of service attacks are flooded with the same requests multiple times. When duplicate request are no longer being processed than the communication with the hackers wireless station is be reduced. The third technique is reduction of response retransmission. This technique does not retransmit lost valid response frames. The fourth technique is round robin transmission. This technique allow each queue to have equal chances to transmit data and management frames. In order to implement round robin transmission, the firmware of the access point will require modification. Some vendors do not provide the ability to modify the firmware of the access point. The fifth technique is traffic pattern filtering. After a certain number of authentication or association frames are received by the access point any additional frames received will be dropped by the access point. Of the five techniques, reduction of duplicate requests and reduction of response transmission is the easiest to implement. Request authentication is the most effective of the five techniques at resolving denial of service attacks.

Please show comparison between these 3 wireless network attacks

Krack,Jamming,Auth RF AssRF