DOCSLIB.ORG

Developing a Systematic Process for Mobile Surveying and Analysis of WLAN Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Developing a Systematic Process for Mobile Surveying and Analysis of WLAN Security Developing a Systematic Process for Mobile Surveying and Analysis of WLAN security UNIVERSITY OF TURKU Department of Future Technologies Master of Science in Technology Thesis Networked Systems Security June 2020 Saku Lindroos Supervisors: D.Sc. (Tech) Seppo Virtanen D.Sc. (Tech) Antti Hakkala The originality of this thesis has been checked in accordance with the University of Turku quality assurance system using TurnitinOriginalityCheck service. UNIVERSITY OF TURKU Department of Future Technologies SAKU LINDROOS: Developing a Systematic Process for Mobile Surveying and Anal- ysis of WLAN security Master of Science in Technology Thesis, 109 p. Networked Systems Security June 2020 –––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––– Wireless Local Area Network (WLAN), familiarly known as Wi-Fi, is one of the most used wireless networking technologies. WLANs have rapidly grown in popularity since the release of the original IEEE 802.11 WLAN standard in 1997. We are using our be- loved wireless internet connection for everything and are connecting more and more de- vices into our wireless networks in every form imaginable. As the number of wireless network devices keeps increasing, so does the importance of wireless network security. During its now over twenty-year lifecycle, a multitude of various security measures and protocols have been introduced into WLAN connections to keep our wireless communi- cation secure. The most notable security measures presented in the 802.11 standard have been the encryption protocols Wired Equivalent Privacy (WEP) and Wi-Fi Protected Ac- cess (WPA). Both encryption protocols have had their share of flaws and vulnerabilities, some of them so severe that the use of WEP and the first generation of the WPA protocol have been deemed irredeemably broken and unfit to be used for WLAN encryption. Even though the aforementioned encryption protocols have been long since deemed fatally bro- ken and insecure, research shows that both can still be found in use today. The purpose of this Master’s Thesis is to develop a process for surveying wireless local area networks and to survey the current state of WLAN security in Finland. The goal has been to develop a WLAN surveying process that would at the same time be efficient, scalable, and easily replicable. The purpose of the survey is to determine to what extent are the deprecated encryption protocols used in Finland. Furthermore, we want to find out in what state is WLAN security currently in Finland by observing the use of other WLAN security practices. The survey process presented in this work is based on a WLAN scan- ning method called Wardriving. Despite its intimidating name, wardriving is simply a form of passive wireless network scanning. Passive wireless network scanning is used for collecting information about the surrounding wireless networks by listening to the mes- sages broadcasted by wireless network devices. To collect our research data, we conducted wardriving surveys on three separate occa- sions between the spring of 2019 and early spring of 2020, in a typical medium-sized Finnish city. Our survey results show that 2.2% out of the located networks used insecure encryption protocols and 9.2% of the located networks did not use any encryption proto- col. While the percentage of insecure networks is moderately low, we observed during our study that private consumers are reluctant to change the factory-set default settings of their wireless network devices, possibly exposing them to other security threats. Keywords: wireless networks, encryption, security, wardriving, wireless standard, IEEE 802.11 Table of contents 1. Introduction 1 1.1. WLAN security ............................................................................................ 2 1.2. Research questions ....................................................................................... 5 1.3. Study methodology and scope ...................................................................... 6 1.4. Thesis structure ............................................................................................. 7 2. Background 8 2.1. A brief history of wireless networking ......................................................... 8 2.2. ALOHAnet ................................................................................................... 8 2.3. Pure and slotted ALOHA ............................................................................. 9 2.4. The Ethernet and collision detection .......................................................... 10 2.4.1. Carrier-Sense Multiple Access with Collision Detection ............... 11 2.4.2. Carrier Sense Multiple Access with Collision Avoidance .............. 12 3. IEEE 802.11 Standard 14 3.1. Standardisation organisations ..................................................................... 15 3.1.1. The Institute of Electrical and Electronics Engineers ..................... 16 3.1.2. The Wi-Fi Alliance ......................................................................... 17 3.2. IEEE 802.11 1997 Legacy standard ........................................................... 18 3.3. 802.11 a and b amendments ....................................................................... 19 3.3.1. 802.11a ............................................................................................ 19 3.3.2. 802.11b ............................................................................................ 20 3.4. 802.11g ....................................................................................................... 21 3.5. 802.11n ....................................................................................................... 22 3.6. 802.11ac ...................................................................................................... 25 3.7. 802.11ax ..................................................................................................... 28 3.8. The new Wi-Fi Alliance 802.11 amendment naming system .................... 31 4. 802.11 WLAN Security 33 4.1. The basic principles of cryptography ......................................................... 34 4.1.1. Symmetric shared-key cryptography .............................................. 34 4.1.2. Asymmetric public-key cryptography ............................................ 35 4.1.3. Stream and Block ciphers ............................................................... 36 4.2. 802.11 security ........................................................................................... 37 4.2.1. Legacy 802.11 security ................................................................... 39 4.2.2. Wired Equivalent Privacy WEP ...................................................... 40 4.3. 802.11i security amendment, WPA-TKIP and WPA2 ............................... 44 4.3.1. WPA-TKIP ..................................................................................... 45 4.3.2. WPA2 CCMP/AES ......................................................................... 49 4.3.3. WPA-TKIP vulnerabilities .............................................................. 52 4.3.4. WPA password cracking and WPA2 vulnerabilities ...................... 53 4.3.5. 802.11 Denial of Service Attacks ................................................... 58 4.4. WPA3 ......................................................................................................... 59 4.4.1. WPA3 SAE handshake ................................................................... 60 4.4.2. Opportunistic Wireless Encryption OWE ....................................... 62 4.4.3. WPA3 vulnerabilities ...................................................................... 64 5. Research methodology 67 5.1. Wardriving .................................................................................................. 67 5.2. Operating system, software, and hardware for wardriving ........................ 70 5.2.1. Wardriving software ....................................................................... 71 5.2.2. Wardriving hardware ...................................................................... 73 5.3. Data sampling and analysis ........................................................................ 75 5.4. The legality of wardriving and the GDPR .................................................. 78 5.4.1. Wardriving and the GDPR .............................................................. 79 5.5. Ethics of wardriving ................................................................................... 82 5.5.1. Utilitarianism and Virtue ethics ...................................................... 83 5.5.2. Wardriving and Utilitarianism ........................................................ 84 5.5.3. Wardriving and Virtue ethics .......................................................... 85 6. Research findings 87 6.1. The three surveyed locations ...................................................................... 88 6.1.1. The industrial district ...................................................................... 89 6.1.2. The city centre ................................................................................. 90 6.1.3. The suburb ...................................................................................... 91 6.1.4. Use of encryption protocols in the three locations .......................... 93 6.2. The bigger picture of WLAN security practices ........................................ 95 6.2.1. Encryption protocol use .................................................................
Load more

Recommended publications
  • Google Earth User Guide
    Google Earth User Guide ● Table of Contents Introduction ● Introduction This user guide describes Google Earth Version 4 and later. ❍ Getting to Know Google Welcome to Google Earth! Once you download and install Google Earth, your Earth computer becomes a window to anywhere on the planet, allowing you to view high- ❍ Five Cool, Easy Things resolution aerial and satellite imagery, elevation terrain, road and street labels, You Can Do in Google business listings, and more. See Five Cool, Easy Things You Can Do in Google Earth Earth. ❍ New Features in Version 4.0 ❍ Installing Google Earth Use the following topics to For other topics in this documentation, ❍ System Requirements learn Google Earth basics - see the table of contents (left) or check ❍ Changing Languages navigating the globe, out these important topics: ❍ Additional Support searching, printing, and more: ● Making movies with Google ❍ Selecting a Server Earth ❍ Deactivating Google ● Getting to know Earth Plus, Pro or EC ● Using layers Google Earth ❍ Navigating in Google ● Using places Earth ● New features in Version 4.0 ● Managing search results ■ Using a Mouse ● Navigating in Google ● Measuring distances and areas ■ Using the Earth Navigation Controls ● Drawing paths and polygons ● ■ Finding places and Tilting and Viewing ● Using image overlays Hilly Terrain directions ● Using GPS devices with Google ■ Resetting the ● Marking places on Earth Default View the earth ■ Setting the Start ● Location Showing or hiding points of interest ● Finding Places and ● Directions Tilting and
    [Show full text]
  • A Macro That Creates U.S. Census Tracts Keyhole Markup Language
    Paper 2418-2018 A Macro that Creates U.S Census Tracts Keyhole Markup Language Files for Google Map Use Ting Sa, Cincinnati Children’s Hospital Medical Center ABSTRACT This paper introduces a macro that can generate the Keyhole Markup Language (KML) files for U.S. census tracts. The generated KML files can be used directly by Google Maps to add customized census tracts layers with user-defined colors and transparencies. When someone clicks on the census tracts layers in Google Maps, customized information is shown. To use the macro, the user needs to prepare only a simple SAS® input data set and download the related KML files from the U.S. census Bureau. The paper includes all the SAS code for the macro and provides examples that show you how to use the macro as well as how to display the KML files in Google Maps. INTRODUCTION KML file is a file that can be used to put different layers onto the google map, like a point, a line or a polygon area. Also inside the KML file, you can define the styles of the layers, like changing the color and transparency of the layers, adding information to the layers etc. The U.S Census Bureau provides the census tracts KML file for each state. However, it is one file for the whole state, therefore, if the user only wants to select certain census tracts, or the user wants to customize the census tracts with special background color, transparency or customized information, the user can not directly use the KML file from the U.S Census Bureau.
    [Show full text]
  • An Introduction to Google Earth Pro
    An Introduction to Google Earth Pro Virginia Tech Geospatial Extension Program By: Katherine Britt Ph.D. Candidate Virginia Tech Department of Forest Resources and Environmental Conservation John McGee Geospatial Extension Specialist Department of Forest Resources and Environmental Conservation Jim Campbell Professor Virginia Tech Department of Geography Google Earth Pro Opening Google Earth Pro and Configuring the Program Window Being by opening Google Earth Pro. Select the Google Earth Pro icon “ ,” or search in the start menu for “Google Earth Pro.” When Google Earth Pro has been opened, you will get this screen. A “Start-Up Tip” window will automatically open when Google Earth Pro starts. These include hints and instructions about many popular features in the program. If you do not want to see this window each time you start the program, you can uncheck the “Show tips at start-up” box and then either click “close” or click the red “X” at the top right of the window (see above). After the “Start-Up Tip” window is closed, you will see a view of the earth, with a “Tour Guide” ribbon at the bottom of the main, map area of the screen. The “Tour Guide” will show you photos that may be of interest in the region you are viewing. You can scroll through them to explore the feature or the surrounding area of what you are interested in. These are often used when creating customized tours or videos in Google Earth Pro. 2 Google Earth Pro You may instead wish to maximize your viewing area in the map window.
    [Show full text]
  • KML (Document Markup Language) I
    Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trade- marks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. The author and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. The small images on the front and back covers (which also appear in the text) are from the following sources: Front cover: Valery Hronusov and Ron Blakey (Chapter 7), Google Earth image (Chapter 8), United States Holocaust Memorial Museum (Chapter 1), Angel Tello (Chapter 3), Pamela Fox (Chapter 1) Back cover: Alaska Volcano Observatory (Chapter 6), Stefan Geens (Chapter 5), Jerome Burg (Chapter 4), Peter Webley (Chapter 7), James Stafford (Chapter 7) The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact: U.S. Corporate and Government Sales (800) 382-3419 [email protected] For sales outside the United States please contact: International Sales [email protected] Visit us on the Web: informit.com/aw Library of Congress Cataloging-in-Publication Data Wernecke, Josie.
    [Show full text]
  • Torch Lake GIS Viewer
    MICHIGAN DEPARTMENT OF ENVIRONMENTAL QUALITY ABANDONED MINING WASTES PROJECT – TORCH LAKE GIS VIEWER USER GUIDE SEPTEMBER 2016 1 Table of Contents SECTION: PAGE NO.: 1.0 INTRODUCTION................................................................................................................................................................ 3 2.0 PARTS OF THE DISPLAY................................................................................................................................................. 5 3.0 MAP AREA – BASEMAP OPTIONS ................................................................................................................................. 6 4.0 MAP AREA – NAVIGATION............................................................................................................................................ 10 5.0 LEFT PANEL - LAYERS.................................................................................................................................................. 13 6.0 MAP AREA – INTERACTING WITH LAYERS................................................................................................................ 16 7.0 LEFT PANEL – ADDITIONAL TOOLS............................................................................................................................ 20 8.0 LEFT PANEL – ANALYTICAL SEARCH TOOL ............................................................................................................. 25 9.0 ANALYTICAL SEARCH TOOL SELECTION OPTIONS................................................................................................
    [Show full text]
  • Improving the Visualization of Geospatial Data Using Google's
    Improving the Visualization of Geospatial Data Using Google’s KML THESIS Presented in Partial Fulfillment of the Requirements for the Degree Master of Science in the Graduate School of The Ohio State University By Ebenezer Attua Odoi Jr Graduate Program in Geodetic Science and Surveying The Ohio State University 2012 Master's Examination Committee: Prof. Alan Saalfeld, Advisor Prof. Ralph Von Frese, Committee Member Copyright by Ebenezer Attua Odoi Jr 2012 Abstract The Geospatial community continues to search for effective tools that produce visualizations of the nature of the earth and its features. With the aid of geobrowsers like Google Maps and Google Earth, geoscientists can now tell their ‘tales’ in ways that nonscientists can grasp and respond to in terms of awareness, policy formulation, application development and integration in ventures that usher human existence forward. This thesis explores diverse visualization techniques using Google’s Keyhole Markup Language (KML) that will benefit the viewing of geological data. In the process the thesis will show the potential of geobrowsers and KML as a unified programming language. Though there has been a proliferation of digital map viewers like geobrowsers being developed, thematic mapping capabilities, unfortunately, has been left out. The thesis will explore how KML can be used to achieve thematic mapping, though KML itself was not specifically designed for this application. Current possibilities for making proportional symbol maps, chart maps, choropleth maps and animated maps with KML will be presented. The innovation of the thesis is the conversion of a database table into a thematic map, using proportional symbols to represent the data.
    [Show full text]
  • Google Earth for Dummies
    01_095287 ffirs.qxp 1/23/07 12:15 PM Page i Google® Earth FOR DUMmIES‰ by David A. Crowder 01_095287 ffirs.qxp 1/23/07 12:15 PM Page iv 01_095287 ffirs.qxp 1/23/07 12:15 PM Page i Google® Earth FOR DUMmIES‰ by David A. Crowder 01_095287 ffirs.qxp 1/23/07 12:15 PM Page ii Google® Earth For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc.
    [Show full text]
  • East Mccloud Plantations Thinning Project Public Scoping Period Beginning September 2012
    East McCloud Plantations Thinning Project Public Scoping Period Beginning September 2012 Introduction Google Earth is a free software program that enables you to view geospatial information in the form of maps. The project information is created in layers which are put together to form a map of the proposed action. You will need to download and install Google Earth on your computer in order to view the geospatial layers for the East McCloud Plantations Thinning Project. Google Earth can be downloaded for free at http://www.google.com/earth/index.html Viewing the Proposed Action Using Google Earth Geographic Information Systems (GIS) layers displaying the various data about the proposed action were converted to a keyhole markup language (kml/kmz) format files for viewing in Google Earth. Directions to View the Proposed Action 1. Download the Google Earth kml/kmz files from the Shasta-Trinity National Forest website to your hard drive. You may select either the individual views from the bullet list or download a ZIP file (bottom of page) that contains all the views. If using the bullet list, simply click the links and they should open in Google Earth (if installed, see above). If you wish to download the ZIP file, ‘right’ click the link and select Save Link As or Save Target As (depending on your browser program) and download the file to your computer. Windows XP and 7 have a built in ability to open a ZIP file. Simply double click the downloaded file and a window will appear showing the views it contains. Double clicking the views in this window will open them in Google Earth.
    [Show full text]
  • Google Earth, KML, and Google Map
    GEOG677 – Internet GIS University of Maryland at College Park Lab Assignment 2 – Web Mapping with Google Earth, KML, and Google Map Due Date: 01/05/2012 Overview This lab assignment is designed to help you explore the potential of Web mapping with some of the most popular tools (e.g. Google Earth, KML, and Google Map). The results will be published on your website and made available to anyone through the Internet. This assignment is divided into five parts: Part I: Google Earth Part II: KML Part III: Using Google Earth to create KML Part IV: Using ArcGIS to create KML Part V: Creating Customized Web Mapping with Google Map Data The GIS data to be used are as following (downloadable on the Blackboard): PG_Hospitals.shp PG_CensusTracts.shp Part I: Google Earth This section will help you get a better understanding about Google Earth and its capabilities. You will also need to install it on your computer in order to complete the tasks in later sections. 1. Getting to Know Google Earth Google Earth is a virtual globe, map and geographic information program that has been developed and trademarked by Google, Inc. It is probably one of the most exciting and popular software in past few years. Google Earth is an interactive mapping application that allows users to navigate the entire globe, viewing satellite imagery with overlays of roads, buildings, geographic features, and so on. It displays satellite images of varying resolution of the Earth's surface, allowing users to visually see things like cities and houses from a bird's eye view.
    [Show full text]
  • Google Earth Directions from Here
    Google Earth Directions From Here cadgedCammy hiscohobating sabin forewarn. economically. Nihilist UntuckedSting mix-up and drastically. unmetrical Pace wants almost dubitably, though Orren Incognito mode and appropriate port: from google earth directions here button to your reply was a great drive account The timecodes in the kml as that are supposed to earth google directions from here you move point of points and icon from it up. Thanks for computer or select email. Ten Ways to Use Google Earth do Your Classroom It's Not. Google-earth-maps-street-view MapQuest. Of the screen while navigating will deck the map to face when same direction field are. In GPS lingo a route is a pleasure of points where are point indicates a real or remote in. NDBC Observation Google Earth day Page. My map as a KMZ file and then bring power over to Google Earth Studio where I'll oversee the markers and route. Step 3 Drop this pin tool you're zoomed in goes the location you'd daily to pin Right-click nutrition then select Directions to here. Using data from NOAA's GOES satellites and Google Earth Engine. 14 Google Maps Tricks Travelers Need i Know. Here inferior the directions to think Open Google Earth Go work the 3 bars and degree that commodity are logged in Scroll down to settings and click without the. GPS Visualizer can create Google Earth KML files from GPS data files. If you find software provides first, from here are places in here is not just that is a year long term in color of new york.
    [Show full text]
  • Feasibility of Visualization and Simulation Applications to Improve Work Zone Safety and Mobility
    Feasibility of Visualization and Simulation Applications to Improve Work Zone Safety and Mobility Final Report June 2008 Sponsored by the Smart Work Zone Deployment Initiative a Federal Highway Administration pooled fund study and the Iowa Department of Transportation (CTRE Project 07-300) Iowa State University’s Center for Transportation Research and Education is the umbrella organization for the following centers and programs: Bridge Engineering Center • Center for Weather Impacts on Mobility and Safety • Construction Management & Technology • Iowa Local Technical Assistance Program • Iowa Traffic Safety Data Service • Midwest Transportation Consortium • National Concrete Pavement Technology Center • Partnership for Geotechnical Advancement • Roadway Infrastructure Management and Operations Systems • Statewide Urban Design and Specifications • Traffic Safety and Operations About CTRE The mission of the Center for Transportation Research and Education (CTRE) at Iowa State University is to develop and implement innovative methods, materials, and technologies for improving transportation efficiency, safety, and reliability while improving the learning environment of students, faculty, and staff in transportation-related fields. Disclaimer Notice The contents of this report reflect the views of the authors, who are responsible for the facts and the accuracy of the information presented herein. The opinions, findings and conclusions expressed in this publication are those of the authors and not necessarily those of the sponsors. The sponsors assume no liability for the contents or use of the information contained in this document. This report does not constitute a standard, specification, or regulation. The sponsors do not endorse products or manufacturers. Trademarks or manufacturers’ names appear in this report only because they are considered essential to the objective of the document.
    [Show full text]
  • 1. Activities of the Network 4. Conferences
    Volume 5, No. 12 DecemberDecember 201 20189 Monthly Newsletter Table of Contents North and Central America and the 1. Activities of Caribbean Editorial ..…...............…............ the Network December 2019 Editorial Board ………………....…. 1. Activities …………………..……… 1 4. 9-13 December: AGU Meeting Venue: San Francisco, California, USA 2. A) Lab of the month..…....... Ottawa, Ontario, OSGeo Meetup B) GeoAmbassador ……….…… Group meets on the third Thursday of each month. If you are located 3. Events …………….....…........…. in the area, go to the link to sign up 4. Conferences ………...…...…….. 1 to the group and get updates about April 2020 5. Webinars ………..….….……..…. 4 future events. 5. 6-10 April: AAG 2020 Annual Meeting 6. Courses …………….…………..…. (http://www.meetup.com/Ottawa Venue: Denver, Colorado, USA 7. Training programs ……….…… 4 OSGeo/ 6. 6-10 April: Symposium on Frontiers in 8. Key research publication ..… CyberGIS and Geospatial Data Science 9. Funding opportunities ……... 10. New free and open software, Venue: Denver, Colorado, USA open data …………......…..……… 4. Conferences May 2020 11. Free Books ………..….…….… 12. Articles …….…………..…......... 4 7. 24-27 May: 17th International Conference Europe on Information Systems for Crisis Response 13. Scholarships for students and Management (ISCRAM 2020) and staff …….……………............ April 2020 Venue: Blacksburg, Virginia, USA 14. Exchange programs for 1. 21-24 April: GISRUK students and staff Venue: London, UK. 15. Awards ……..….…............. 16. Web sites ……..….………..... May 2020 17. Ideas ………………..............…. 6 2. 12-15 May: INSPIRE Conference 18. Social contribution ………… 2020 Venue: Dubrovnik, Croatia September 2020 3. 15-18 September: GIScience Venue: Poznań, Poland Volume 5, No. 12 December 2019 Editorial Board Please refer to the appropriate person according to the following table: Chief Editor Nikos Lambrinos, Professor, Dept.
    [Show full text]