Seminar Report
Seminar Report
Seminar Report
A
Seminar Report
On
A STUDY FOR SECURED WI-FI
CONNECTIVITY
In partial fulfillment of requirements for the degree of
Bachelor of Technology
In
Computer Engineering
Submitted By
Date:
Place: Jalgaon
Principal
Dr. K. P. Rane
Acknowledgement
I have taken efforts in this seminar. However, it would not have been possible without
the kind support and help of many individuals and institute. I would like to extend my
sincere thanks to all of them.
I would like to express my special gratitude and thanks to Head of Computer De-
partment Prof.M. T. Kolhe for giving us such attention and time.
We are highly indebted to,Prof. Pooja Naval for her guidance and constant su-
pervision as well as for providing necessary information regarding the seminar and also
for her support in completing the seminar report.
Last but not least we wish to acknowledge my parents and friends for giving more
strength and encouragement.
iii
Abstract
Many People join wireless network in the world, with wide use of Wifi networks. Wire-
less networking has more security threats and vulnerabilities. Wireless technology uses
high frequency radio waves to communicate between devices. Hackers can break into the
system easily due to various vulnerabilities. Wireless security protocols can be cracked
by many ways like by using dictinary attack or brute force attack. The study give com-
parative analysis of the security protocols that are WEP, WPA, WPA2. There are many
security risks associated with the current wireless protocols and encryption methods.
Keywords : Wireless Security, Wifi, WEP, WPA/WPA2
iv
Contents
Certificate ii
Acknowledgement iii
Abstract iv
Index v
1 Introduction 1
1.1 What is Wi-Fi? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1.1 Wi-Fi - How does it works? . . . . . . . . . . . . . . . . . . . . . 1
1.2 Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Basic Wi-Fi Security Protocols . . . . . . . . . . . . . . . . . . . . . . . 3
1.3.1 WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3.2 WPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3.3 WPA2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Literature Survey 5
2.1 Literature Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Table for literature survey . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3 Methodology 9
3.1 Open system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.2 Basic service set identifiers . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.3 Web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.4 Handshaking Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.5 Secure Sockets Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4 Implementation 12
4.1 Deauthentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
v
4.2 Recovering a hidden ESSID . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.3 WPA/WPA2 Handshakes . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.4 Address Resolution Protocol Request . . . . . . . . . . . . . . . . . . . . 14
4.5 Dictionary Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.6 Brute force attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5 Application 16
References 20
vi
List of Figures
3.1 Flowchart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
vii
List of Tables
2.1 literature survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
viii
Chapter 1
Introduction
A Wireless Network is a wireless communication system that allows mobile comput-
ers and workstations to communicate and exchange data with each other using radio waves
as the transmission medium. Wireless networking is a method by which homes, telecom-
munications networks and business installations avoid the costly process of introducing
cables into a building, or as a connection between various equipment location.Wireless
technology provides us many benefits like portability and flexibility, increased produc-
tivity, and lower installation costs. WIFI is a short-range wireless transmission technol-
ogy,hundreds of feet to support access to the Internet in the context of a radio signal.[2] In
current network security research trends, the study of performance of security protocols
of WLAN has been one of research focuses.
1
CHAPTER 1. INTRODUCTION
Local network is accessed by using Wireless access point(WAP). WAP is device that
physically connects to the LAN via router. A wifi hotspot is created by access point that
is connected to internet. These AP sets their hotspot, wifi enabled devices connects to
the base station near it. It has radio trans-receiver to send or receive data using radio
communication to and from other wireless enabled devices. This network is identified by
using SSID (Service set identifier). The data transfer is done securely that uses protocol
802.11 which is maintained by IEEE.
1.3.1 WEP
Wired Equivalent Privacy (WEP) is a security standard for wireless networks or
WiFi. It was a part of the original IEEE 802.11 protocol, introduced in 1997. WEP was
the first cryptographic protocol which are developed for the WI-FI to enable privacy and
authentication[3]. WEP protocol uses the RC4 (Rivest Cipher4) stream cipher algorithm
to encrypt the wireless communications. This RC4 stream algorithm protects the contents
form disclosure to eavesdroppers. WEP uses shared secret key of 40 to 140 bits[6]. In
2001 2003, major security flaws were identified with WEP that proved that the data
transmitted was susceptible to malicious changes of the wireless network. The main
problem of WEP was it uses static encryption keys.Later, WEP was replaced by WPA
standards.
1.3.2 WPA
The WPA is an intermediate measure to take the place of WEP. WPA has contributed
to the increased protection of wireless communications through the increased level of data
protection and access control of current and future solutions to wireless networks. WPA
is designed to be the software upgrade to the existing devices and is compatible with
the new IEEE 802.11i standard. The WPA protocol implements almost all of the IEEE
802.11i standard. The Temporal Key Integrity Protocol (TKIP) was adopted for WPA.
WPA included a Message Integrity Check, which is designed to prevent an attacker to
alter or resend data packets. This replaced the cyclic redundancy check (CRC) that
was used by the WEP standard. WPA uses a message integrity check algorithm called
TKIP to verify the integrity of the packets. TKIP is much stronger than a CRC, but the
algorithm used in WPA2 is stronger.
1.3.3 WPA2
WPA2 is the security method added to WPA for wireless networks that provides
stronger data protection and network access control. It provides enterprise and consumer
Wi-Fi users with a high level of assurance that only authorized users can access their
wireless networks. WPA2 uses Advanced Encryption Standard, which is significantly
stronger and harder to break.WPA2 have the 4 main key factors that are mutual au-
thentication, strong encryption, interoperability, Ease to use. A WPA2 network provides
unique encryption keys for each wireless client that connects to it. WPA2 has stronger
security and is easier to configure than the prior options.
Summary
In this chapter we have studied about wifi and about its working. We also studied
various wi-fi security protocols such as WEP, WPA, WPA2 which provides encryption to
our wireless connectivity so that no attacker can intrude into the system, hence provides
a secured wireless network.
5
CHAPTER 2. LITERATURE SURVEY
Summary
In this chapter we have studied the various related work on wireless security or some
of the wireless security protocols. By conducting literature survey, we studied different
research articles, papers that test various security protocols and techniques to secure
wireless networks.
9
CHAPTER 3. METHODOLOGY
by hackers and identity thieves. In essence, SSL allows for a private conversation just be-
tween the two intended parties. To create this secure connection, an SSL certificate (also
referred to as a digital certificate) is installed on a web server and serves two functions:
It authenticates the identity of the website (this guarantees visitors that theyre not on a
bogus site) and it encrypts the data thats being transmitted.
Next process will be to either select brute force or web interface. Here web-interface
is recommended and after selecting it four terminals will be spawned simultaneously
consisting of ”Fake DNS”, ”DHCP server”, ”Deauthentication” and ”Wifi information”.
On the user side, the user gets disconnected from its original access point. The attacker
will force the user to connect to its fake access point.
On users screen SSL certificates will get prompt and it will ask the user to sign into
the network due to some security issues[1][2]. When the user enters the password and
that password is matched with it, handshaking comes in picture. And if the password is
matched, the user gets disconnected from the fake access point and the ”Wifi information”
terminal is prompted in which password is displayed[2].
Figure 3.1 shows the how system runs from start to handshaking part.
Summary
The method tests the wifi security through a dictionary attack or brute force at-
tack that takes more time. Wifi passwords are tested through a wordlist, performing a
dictionary attack by this method.
4.1 Deauthentication
Deauthentication attack sends disassocate packets to one or more clients or users
which are currrently associated with a particular accesss point. An attacker can send a
deauthentication frame at any time to a wireless access point, with a spoofed address
for the victim. It is a attack which targets the communication between router and the
device.Unlike most radio jammers, deauthentication acts in a unique way. An attacker
can send a deauthentication frame at any time to a wireless access point, with a spoofed
address for the victim. The protocol does not require any encryption for this frame, even
when the session was established with Wired Equivalent Privacy (WEP) for data privacy,
and the attacker only needs to know the victim’s MAC address, which is available in the
clear through wireless network sniffing. If a station wants to deauthenticate from an AP,
or if an AP wants to deauthenticate from stations, either device can send a deauthenti-
cation frame. Because authentication is a prerequisite for association, a deauthentication
frame will automatically cause a disassociation to occur. Deauthentication cannot be
refused by either party, except when management frame protection (defined in 802.11w)
is negotiated and the message integrity check MIC fails. The deauthentication service is
invoked when an existing Open System, Shared Key, or SAE authentication is to be ter-
minated. Deauthentication is an SS. In an ESS, because authentication is a prerequisite
for association, the act of deauthentication causes the station to be disassociated.
12
CHAPTER 4. IMPLEMENTATION
shown other computers don’t know what to look for. If a wireless network is set as hidden,
when the access point or router starts broadcasting, the wireless network name will be
missing int the management packets. This lets the client devices know that there is an
available wi-fi network, but its SSID is hidden and consequently the client device is not
able to connect to it. This ESSID is not always shown as it is hidden most of the time
as per name suggest.
between the two devices, to authenticate the device connection. We can use a wordlist
using the aircrack-ng and test each password in the wordlist by using the handshake. To
crack WPA encrypted network, we need two things: we need to capture the handshake,
and we need a wordlist that contains passwords.
The weakness in the WPA2-PSK system is that the encrypted password is shared
in what is known as the 4-way handshake. When a client authenticates to the access
point (AP), the client and the AP go through a 4-step process to authenticate the user
to the AP. If hacker can grab the password at that time, he can then attempt to crack
it. A hacker must first sniff the WPA 4-way handshake, in order to mount a brute
force or dictionary based WPA password cracking attack on a wifi user with WPA or
WPA2[4]. The authentication process leaves two considerations, the access point still
needs to authenticate itself to the client station(STA) and keys to encrypt the traffic
need to be derived. The WPA2-PSK has provided the shared secret key PMK(Pairwise
Master Key). Therefore the four-way handshake is used to establish another key called
the PTK(Pairwise Transient Key). The PTK is generated by concatenating the following
attributes: PMK, AP nonce, STA nonce, AP MAC address and STA MAC address. The
handshake also yields the GTK (Group Temporal Key), used to decrypt multicast and
broadcast traffic.
that particular IP address. When a machine recognizes the IP address as its own, it
sends a reply so ARP can update the cache for future reference and proceed with the
communication.
Summary
The chapter comprises the structure of the system and all the sections stepwise such
as deauthentication, finding a ESSID, capturing WPA/WPA2 handshakes, generating
ARP request. The dictionary attack or brute force attack are methods used to break into
password protected networking system.
16
Chapter 6
Advantages And Disadvantages
6.1 Advantages
• Flexible - If you change network in future, you can easily update the wireless
network to meet new configurations.
• Encryption keys are less vulnerable to cracking - When using the enterprise
mode, each client receives a unique encryption key after logging in. This technique
prevents hackers from performing dictionary based attacks, like with the personal
mode, where they may be able to crack the encryption key.
• Able to secure the wired side, as well - The enterprise mode has 802.1x
authentication. This authentication protocol isn’t designed just for Wi-fi. If your
wired switches support it, you can use 802.1x authentication for the wired side of
the network too.
• More OSs and devices now support WPA/WPA2 - Some businesses have
been held back by legacy equipment, computers and devices that only support
the insecure WEP encryption. However, as old equipment is replaced or updated,
WPA/WPA2 should be supported and now all operating systems have included
support for many years now.
• Prevents client-to-client eavesdropping - Since each user securely receives a
unique encryption key after logging in, users can’t see each others wireless traffic.
The personal mode uses one encryption key so users can snoop on each other.
• Protects network resources - Aside from using your organizations network to
perform activities, criminals may actually target your network, depending on the
nature of your organization. Thus a secure wireless network is a key component of
any strategy to keep your organizations valuable intellectual property secure.
• Improves network monitoring ability - Along with any wireless network secu-
rity strategy comes an increasing tool kit for monitoring network usage. Even if the
security is as simple as a WPA passkey, you can track who has received the key,
line that up with MAC addresses in the access point log and use that information
to track usage and spot unauthorized access.
17
CHAPTER 6. ADVANTAGES AND DISADVANTAGES
6.2 Disadvantages
• Reliability Like any radio frequency transmission, wireless networking signals are
subject to a wide variety of interference, as well as complex propagation effects that
are beyond the control of the network administrator.
• Security To combat this consideration, wireless networks may choose to utilize
some of the various encryption technologies available. Some of the more commonly
utilized encryption methods, however, are known to have weaknesses that a dedi-
cated adversary can compromise.
19
References
[1] Nishant Pimple, Utkarsha Pawar, Tejashree Salunke, Janhavi Sangoi “Wireless Se-
curity An Approach Towards Secured Wi-Fi Connectivity”, 2020 6th International
Conference on Advanced Computing Communication Systems (ICACCS), ISSN-
2575-7288, pp.872-875, April 2020.
[2] Haishen Peng, “WIFI network information security analysis research”, 2012 IEEE,
pp. 2243-2245.
[4] Dongsheng Yin, Kai Cui, “A Research into The Latent Danger of WLAN”, The 6th
International Conference on Computer Science Education (ICCSE 2011), August
2011, pp.1085-1090.
[5] Saif Ur Rehman, Saeed Ullah, Sardar Ali, “On Enhancing the WEP Security Against
Brute-force and Compromised Keys”, 2010 International Conference on Computer
Information Systems and Industrial Management Applications (CISIM), 2010, pp
250 - 254.
[6] Saurabh Malgaonkar, Rohan Patil, Aishwarya Rai, Aastha Singh, “Research on
Wi-Fi Security Protocols” in International Journal of Computer Applications (0975
8887), Volume 164 No 3, April 2017, pp.30-36.
[7] Yonglei Liu, Zhigang Jin, Ying Wang, “Survey on security scheme and attacking
methods of WPA/WPA2”, 2010 IEEE, pp 10-13.
20