In wireless network communications, radio waves travel through free space; hence, the information reaches any receiving point with appropriate radio receivers. This aspect makes the wireless networks vulnerable to various types of attacks. A true understanding of these attacks provides better ability to defend the network against the attacks, thus eliminating potential threats from the wireless systems. This work presents a series of cyberwar laboratory exercises that are designed for IEEE 802.11 wireless networks security courses. The exercises expose different aspects of violations in security such as confidentiality, privacy, availability, and integrity. The types of attacks include traffic analysis, rogue access point, MAC filtering, replay, man-in-the-middle, and denial of service attacks. For each exercise, the materials are presented as open-source tools along with descriptions of the respective methods, procedures, and penetration techniques. 1. Introduction Wireless networks have gained popularity in many critical areas such as in healthcare centers, hospitals, police departments, military facilities, and airports. Therefore, it is extremely important to enhance the network security in order to protect the information that resides within the network. To achieve this goal, different security protocols have been designed, among which are WEP, WPA, and WPA2. Despite the presence of these protocols, security is still the main concern in the wireless networks. Air transmission is a vulnerable medium, and it provides opportunity for the attackers to intercept the information that will be later used to launch different types of attacks. Consequently, it is important to know different kind of security attacks in order to defend the networks against the attacks and to guarantee the reliability of the wireless networks. Numerous hands-on courses and laboratory exercises have been developed to investigate security flaws in networks and to determine best ways to prevent the attackers from compromising the security of such systems. However, most of the existing laboratory exercises are investigating the wired networks. Meanwhile, most existing wireless laboratory exercises mainly focus on the methods to crack the WEP security protocol [1–4]. In this work, on the contrary, we design a series of laboratory exercises for IEEE 802.11 wireless network security courses. The exercises focus on the types of attacks that have not received much attention in the current wireless laboratories. The laboratory exercises are conducted for students in both graduate and
References
[1]
X. Yuan, R. Archer, J. Xu, and H. Yu, “A visualization tool for wireless network attacks,” Journal of Education, Informatics and Cybernetics, vol. 1, no. 3, 2008.
[2]
X. Yuan, O. T. Wright, H. Yu, and K. A. Williams, “Laboratory design for wireless network attacks,” in Proceedings of the 5th Annual Conference on Information Security Curriculum Development, pp. 5–12, New York, NY, USA, September 2008.
[3]
Y. Zahur and T. A. Yang, “Wireless LAN security and laboratory designs,” ACM Journal of Computing Sciences in Colleges, vol. 19, no. 3, 2004.
[4]
S. Vinjosh Reddy, K. Sai Ramani, K. Rijutha, S. Mohammad Ali, and C. H. Pradeep Reddy, “Wireless hacking-a WiFi hack by cracking WEP,” in Proceedings of the 2nd International Conference on Education Technology and Computer (ICETC '10), pp. 1189–1193, Shanghai, China, 2010.
[5]
J. Hill, C. Carver, J. Humphries, and U. Pooch, “Using an isolated network laboratory to teach advanced networks and security,” in Proceedings of the ACM 32th SIGCSE Technical Symposium on Computer Science Education, pp. 36–40, 2001.
[6]
P. A. Mateti, “A laboratory based capstone course on internet security,” in Proceedings of the ACM 37th SIGCSE Technical Symposium on Computer Science Education, pp. 2–6, 2006.
[7]
J. C. Brustoloni, “Laboratory experiments for network security instruction,” ACM Journal on Educational Resources in Computing, vol. 6, no. 4, Article ID 1248458, 2006.
[8]
P. J. Wagner and J. M. Wudi, “Designing and implementing a cyberwar laboratory exercise for a computer security course,” in Proceedings of the 35th SIGCSE Technical Symposium on Computer Science Education, pp. 402–406, March 2004.
[9]
X. Luo, X. Ji, and M. -S. Park, “Location privacy against traffic analysis attacks in wireless sensor networks,” in Proceedings of the International Conference on Information Science and Applications (ICISA '10), pp. 1–6, Seoul, Korea, 2010.
[10]
G. Padmavathi and D. Shanmugapriya, “A survey of attacks, security mechanisms and challenges in wireless sensor networks,” International Journal of Computer Science and Information Security, vol. 4, no. 1, 2009.
[11]
S. Srilasak, K. Wongthavarawat, and A. Phonphoem, “Integrated wireless rogue access point detection and counterattack system,” in Proceedings of the 2nd International Conference on Information Security and Assurance (ISA '08), pp. 326–331, Busan, Korea, April 2008.
[12]
R. H. Rahman, N. Nowsheen, M. A. Khan, and A. H. Khan, “Wireless LAN security: an in-depth study of the threats and vulnerabilities,” Journal of Information Technology, vol. 6, no. 4, pp. 441–446, 2007.
[13]
G. Lackner, U. Payer, and P. Teufl, “Combating wireless LAN MAC-layer address spoofing with fingerprinting methods,” International Journal of Network Security, vol. 9, no. 2, pp. 164–172, 2009.
[14]
K. Tao, J. Li, and S. Sampalli, “Detection of spoofed MAC addresses in 802.11 wireless networks,” Communications in Computer and Information Science, vol. 23, no. 3, pp. 201–213, 2008.
[15]
L. Buttyán and L. Csik, “Security analysis of reliable transport layer protocols for wireless sensor networks,” in Proceedings of the 8th IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 419–424, Mannheim, Germany, 2010.
[16]
A. Beach, M. Gartrell, and R. Han, “Solutions to security and privacy issues in mobile social networking,” in Proceedings of the 12th IEEE International Conference on Computational Science and Engineering (CSE '09), vol. 4, pp. 1036–1042, Vancouver, Canada, 2009.
[17]
H. Hwang, G. Jung, K. Sohn, and S. Park, “A study on MITM(Man in the Middle) vulnerability in wireless network using 802.1X and EAP,” in Proceedings of the International Conference on Information Science and Security (ICISS '08), pp. 164–170, Seoul, Korea, 2007.
[18]
S. Glass, V. Muthukkumurasamy, and M. Portmann, “Detecting man-in-the-middle and wormhole attacks in wireless mesh networks,” in Proceedings of the International Conference on Advanced Information Networking and Applications (AINA '09), pp. 530–538, Bradford, UK, May 2009.
[19]
A. Rachedi and A. Benslimane, “Impacts and solutions of control packets vulnerabilities with IEEE 802.11 MAC,” Wireless Communications and Mobile Computing, vol. 9, no. 4, pp. 469–488, 2009.
[20]
K. Bicakci and B. Tavli, “Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks,” Computer Standards and Interfaces, vol. 31, no. 5, pp. 931–941, 2009.
[21]
M. A. Khan and A. Hasan, “Pseudo random number based authentication to counter denial of service attacks on 802.11,” in Proceedings of the 5th IEEE and IFIP International Conference on Wireless and Optical Communications Networks (WOCN '08), pp. 1–5, Surabaya, Indonesia, May 2008.
[22]
Z. Zhang, J. Wu, J. Deng, and M. Qiu, “Jamming ACK attack to wireless networks and a mitigation approach,” in Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM '08), pp. 4966–4970, New Orleans, La, USA, 2008.
[23]
M. Boulmalf, E. Barka, and A. Lakas, “Analysis of the effect of security on data and voice traffic in WLAN,” Computer Communications, vol. 30, no. 11-12, pp. 2468–2477, 2007.
[24]
S. Glass and V. Muthukkumarasamy, “802.11 DCF denial of service vulnerabilities,” in Proceedings of the 3rd Australian Computer, Network and Information Forensics Conference, 2005.
[25]
J. Bellardo and S. Savage, “802.11 denial-of-service attacks: real vulnerabilities and practical solutions,” in Proceedings of 12th USENIX Security Symposium, Berkeley, Calif, USA, 2003.
