IEEE 802.11 is the U.S. standard protocol for wireless local area networks. Since the WEP encryption that had been used for security to IEEE 802.11 was broken, the WPA encryption was considered to be the secure alternative that could still run on hardware developed for the WEP encryption. However, in 2009 Beck and Tews developed an attack that took advantage of WPA with TKIP, allowing packets to be forged and sent on the network. Furthermore, Halverson and Haugen extended these attacks by decrypting larger DHCP packets. This thesis focuses on the detection and prevention of current attacks on 802.11i WPA. Open source systems and methods will be used to secure networks against these types of attacks. The methodology used recreates current attacks in a laboratory setting, recording traffic from the air, as well as from the wire. The attack is analyzed, and then methods of intrusion detection and prevention are discussed. The work of this thesis is to analyze current attacks and develop signatures and other methods that identify these attacks. These signatures are then integrated into a system that allows detection and prevention of these attacks.
展开▼
机译:IEEE 802.11是用于无线局域网的美国标准协议。由于破坏了用于IEEE 802.11的安全性的WEP加密,因此WPA加密被认为是仍可以在为WEP加密开发的硬件上运行的安全替代方案。但是,在2009年,Beck and Tews开发了一种利用TKIP利用WPA的攻击,从而允许伪造数据包并在网络上发送。此外,Halverson和Haugen通过解密较大的DHCP数据包扩展了这些攻击。本文着重于对802.11i WPA的当前攻击的检测和预防。开源系统和方法将用于保护网络免受这些类型的攻击。所使用的方法可在实验室环境中重现当前的攻击,并记录空中和电线的流量。对攻击进行了分析,然后讨论了入侵检测和预防的方法。本文的工作是分析当前的攻击并开发签名和识别这些攻击的其他方法。然后将这些签名集成到一个系统中,该系统可以检测和阻止这些攻击。
展开▼