Detection of WPS Attacks Based on Multiscale Traffic Analysis
Ivo Petiz, Eduardo Rocha, Paulo Salvador and António Nogueira
Affiliation: DETI, University of Aveiro/Instituto de Telecomunicações Campus de Santiago 3810-193 Aveiro, Portugal.
Keywords: Traffic identification, wavelet transform, scalogram, Wi-Fi, WPS.Traffic identification, wavelet transform, scalogram, Wi-Fi, WPS.Traffic identification, wavelet transform, scalogram, Wi-Fi, WPS.
The worldwide adoption of the IEEE 802.11 standard as the solution to provide efficient network coverage
with high data-rates raised several security concerns. In a first stage, Wired Equivalent Privacy (WEP) was used to protect
wireless networks from intrusions, whose main motivations ranged from simply getting free Internet access to the perpetration
of complex attacks in order to retrieve confidential information. However, due to its multiple technical flaws, this
approach was not sufficient, leading to the emergence of the Wi-Fi Protected Access (WPA) and WPA2 technologies,
which provided more secure mechanisms at the cost of requiring complicated configuration tasks. In order to create a
simple configuration interface, the Wi-Fi Alliance proposed a simple configuration approach: the Wi-Fi Protected Setup
(WPS), which is used by major network products manufacturers and provides a much easier configuration setup, although
in a less efficient security environment. Actually, this implementation is vulnerable to brute force attacks, which are very
quick to execute, have little complexity and are difficult to detect. After cracking WPS, attackers can access to
WPA/WPA2 login information and illicitly connect to the target wireless network. There are several technical requirements
and legal constrains that limit access to the contents of wireless frames, thus preventing their deep analysis. This
paper presents a method to detect attacks over WPA-enabled routers with Wi-Fi Protected Setup based only on the
amount of generated traffic. The detection methodology uses a monitoring station that exclusively analyzes traffic flows
from the router: by monitoring traffic and using a multiscale analysis procedure, the approach is able to accurately identify
each intrusion attempt.
Rights & PermissionsPrintExport