Presentation Material

Abstract

WPA2 is the most robust security configuration available today for WiFi networks. It is widely used to secure enterprise WLANs. Interestingly, it is also being used to secure guest, municipal and public WiFi networks. In this paper, we present a new vulnerability found in WPA2 protocol which can be exploited by a malicious user to attack and compromise legitimate users. We also present a few attack mitigation techniques which can be used to protect genuine WiFi users.

AI Generated Summary^{may contain errors}

Here is a summarized version of the content:

The speaker demonstrates a man-in-the-middle (MITM) attack using SSL Strip software on a Wi-Fi network. They successfully poison the ARP cache entry of a victim, replacing the default gateway’s MAC address with their own. The attack is not detectable on the wire, but only in the air.

To counter such attacks, the speaker suggests several techniques:

1. Fixing the problem in the protocol by duplicating GTA or group data frames.
2. Using endpoint security software like Snort or IPSec to detect ARP cache changes.
3. Implementing client isolation features using PSPF, but this may break legitimate communication between users.
4. Utilizing wireless monitoring systems to detect attacks in the air.

The speaker concludes that all WPA2 networks are vulnerable to Hole196 and inter-user privacy is broken. A multi-layered defense strategy is required, including endpoint security, protocol fixes, and wireless monitoring systems. The final message is to be aware of such vulnerabilities and take necessary security measures.