Journal of Digital Forensics, Security and Law

Volume 13 Number 1 Article 9

3-31-2018

Automated Man-in-the-Middle Attack Against Wi‑Fi Networks

Martin Vondráček Brno University of Technology, Brno, Czech Republic, [email protected]

Jan Pluskal Brno University of Technology, Brno, Czech Republic, [email protected]

Ondřej Ryšavý Brno University of Technology, Brno, Czech Republic, [email protected]

Follow this and additional works at: https://commons.erau.edu/jdfsl

Part of the Digital Communications and Networking Commons, Forensic Science and Technology Commons, Information Security Commons, OS and Networks Commons, and the Software Engineering Commons

Recommended Citation Vondráček, Martin; Pluskal, Jan; and Ryšavý, Ondřej (2018) "Automated Man-in-the-Middle Attack Against Wi‑Fi Networks," Journal of Digital Forensics, Security and Law: Vol. 13 : No. 1 , Article 9. DOI: https://doi.org/10.15394/jdfsl.2018.1495 Available at: https://commons.erau.edu/jdfsl/vol13/iss1/9

This Article is brought to you for free and open access by the Journals at Scholarly Commons. It has been accepted for inclusion in Journal of Digital Forensics, Security and Law by an authorized administrator of (c)ADFSL Scholarly Commons. For more information, please contact [email protected]. Automated Man-in-the-Middle Attack Against Wi‑Fi Networks

Cover Page Footnote This paper is an extended version of the original paper that has been presented at the 9th EAI International Conference on Digital Forensics and Cyber Crime (Vondráček, Pluskal, & Ryšavý, 2018). This work was supported by Ministry of Interior of the Czech Republic project "Integrated platform for analysis of digital data from security incidents" VI20172020062; Ministry of Education, Youth and Sports of the Czech Republic from the National Programme of Sustainability (NPU II) project "IT4Innovations excellence in science" LQ1602; and by BUT internal project "ICT tools, methods and technologies for smart cities" FIT-S-17-3964.

This article is available in Journal of Digital Forensics, Security and Law: https://commons.erau.edu/jdfsl/vol13/iss1/ 9 Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

AUTOMATED MAN-IN-THE-MIDDLE ATTACK AGAINST WI-FI NETWORKS Martin Vondr´aˇcek Jan Pluskal OndˇrejRyˇsav´y Brno University of Technology Faculty of Information Technology Boˇzetˇechova 2, Brno, Czech Republic {xvondr20}@stud.fit.vutbr.cz, {ipluskal,rysavy}@fit.vutbr.cz ABSTRACT Currently used wireless communication technologies suffer security weaknesses that can be exploited allowing to eavesdrop or to spoof network communication. In this paper, we present a practical tool that can automate the attack on wireless security. The developed package called wifimitm provides functionality for the automation of MitM attacks in the wireless environment. The package combines several existing tools and attack strategies to bypass the wireless security mechanisms, such as WEP, WPA, and WPS. The presented tool can be integrated into a solution for automated penetration testing. Also, a popularization of the fact that such attacks can be easily automated should raise public awareness about the state of wireless security.

Keywords: Man-in-the-Middle attack, accessing secured wireless networks, password crack- ing, dictionary personalization, tampering network topology, impersonation, phishing

1. INTRODUCTION proposed wireless security standards aim at prevention of such unauthorized access. Un- Recent enhancements to wireless technology fortunately, the first standard called WEP is strengthen the benefits of wireless commu- so weak that it is possible to crack the pass- nication. It is convenient to access the net- word in a few seconds using a conventional work from any location within the network laptop computer. The answer was the intro- coverage area. For most of the portable de- duction of stronger standard WPA and later vices, this is the only way to connect to the even stronger WPA2. In 2017, Mathy Van- network. Installation and network setup are hoef announced that he discovered a vulner- easy, and the network is further expandable. ability in security mechanisms that use the The main benefit of Wi-Fi, its accessibility, four-way handshake (WPA and WPA2) and makes this technology a suitable target of at- demonstrated how easily this vulnerability tacks. A potential attacker needs to be in the can be exploited. physical proximity of a Wi-Fi network. The The main focus of this paper is security 1This paper is an extended version of the original paper that has been presented at the 9th EAI Inter- of wireless networks. It provides a study of national Conference on Digital Forensics and Cyber widely used network technologies and mech- Crime (Vondr´aˇcek,Pluskal, & Ryˇsav´y,2018). anisms of wireless security. Analyzed tech-

c 2018 ADFSL Page 59 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . . nologies and security algorithms suffer weak- evidence, it is scarcely used, because it re- nesses that can be exploited to perform Man- quires expert domain knowledge. Thus, this in-the-Middle attacks. A successful realiza- process of evidence collection is very expen- tion of this kind of attack allows not only sive and human resource demanding. to eavesdrop on all the victim’s network traffic but also to spoof his communication (Prowell, Kraus, & Borkin, 2010, pp. 101– Internet ISP 120; Callegati, Cerroni, & Ramilli, 2009). In an example scenario (Figure 1), the victim is a suspect conducting illegal activ- ity on a target network. The attacker is a law-enforcement agency investigator with appropriate legal authorization to intercept the suspect’s communication and to perform a direct attack on the network. In some cases, the suspect may be aware that his communication can be intercepted by the In- AP ternet Service Provider and harden his net- work. For example, he could use an over- lay network technology, e.g., VPN (imple- mented by L2TP, IPsec (Kent & Seo, 2005, Suspect Investigator pp. 09–10), PPTP) or anonymization net- works (Tor, I2P, etc.) to create an encrypted tunnel configured on his gateway, for all Figure 1. Example forensics scenario where his external communication. This concept the suspect has hardened his network and is easy to implement and does not require uses an encrypted tunnel from the gate- any additional configuration on endpoint de- way (AP). vices. Generally, this would not be con- sidered a properly secured network (Godber The aim of this research is to design, im- & Dasgupta, 2003, pp. 425-431), but this plement and test a tool able to automate scheme, or similar, is often used by large ven- the process of accessing a secured WLAN dors like Cisco (Deal & Cisco Systems, 2006) and to perform data interception. Further- or Microsoft (Thomas, 2017) for branch of- more, this tool should be able to tamper with fice deployment and can also be seen in home the network to collect more evidence by redi- routers1. In such cases, intercepting traffic recting traffic to place itself in the middle on the ISP level would not yield meaning- of the communication and tamper with it, ful results, because all the communication is to access otherwise encrypted data in plain encrypted by the hardening. On the other form. Using the automated tool should not hand, direct attack on the suspect’s LAN require any expert knowledge from the in- will intercept plain communication. But, vestigator. even when an investigator is legally permit- We designed a generic framework, see Fig- ted to carry out such an attack to acquire ure 3, capable of accessing and acquiring evidence from a wireless network regardless 1Asus RT-AC5300 – Merlin WRT has an option of used security mechanisms. This frame- to tunnel all traffic thought Tor. work can be split into several steps. First,

Page 60 c 2018 ADFSL Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

it is necessary for an investigator to ob- 2. SECURITY tain access to the WLAN used by the sus- pect. Therefore, this research focuses on WEAKNESSES IN exploitable weaknesses of particular secu- WLAN TECHNOLOGIES rity mechanisms, see Section 2 for more de- Following network technologies (Sec- tails. Upon successful connection to the net- tions 2.1, 2.2), which find a significant work, the investigator needs to tamper with utilization, unfortunately, suffer from the network topology. For this purpose, security weaknesses in their protocols. weaknesses of several network technologies These flaws can be used in the process of can be exploited. From this point on, the in- the MitM attack. vestigator can start to capture and break the encryption on the suspect’s communication. 2.1 Wireless Security Wired Equivalent Privacy (WEP) is a se- Specialized tools focused on exploiting in- curity algorithm introduced as a part of dividual weaknesses in security mechanisms the IEEE 802.11 standard (Halsall, 2005, currently used by WLAN s are already avail- p. 665; IEEE-SA, 2012, pp. 1167–1169). To- able. There are also specialized tools focused day, WEP is deprecated and superseded by on individual steps of MitM attacks. Tools subsequent algorithms, but is still sometimes that were analyzed and used in implemen- used, as can be seen from Table 1 avail- tation of the wifimitm package are outlined able from Wifileaks.cz 2. Fluhrer, Mantin, in Section 2. and Shamir (2001) presented that WEP is broken. There are tools that provide access Based on the acquired knowledge, refer- to wireless networks secured by WEP avail- enced studies and practical experience from able (Tews, Weinmann, & Pyshkin, 2007). manual experiments, authors were able to Regarding WEP secured WLAN s, authenti- create an attack strategy which is composed cation can be either Open System Authenti- of a suitable set of available tools. The strat- cation (OSA) or Shared Key Authentication egy is then able to select and manage in- (SKA) (IEEE-SA, 2012, pp. 1170–1174). In dividual steps for a successful MitM at- the case of WEP OSA, any station (STA) tack tailored to a specific WLAN configura- can successfully authenticate to the Access tion. This strategy also includes options for Point (AP) (Robyns, 2014, pp. 4–10). WEP impersonation and phishing for situations, SKA provides authentication and security of when the network is properly secured, and transferred communication using a shared the weakest part of the overall security is key. Confidentiality of transferred data is en- the suspect. sured by encryption using the RC4 stream cipher. Methods used for cracking access to The created software can perform a fully WEP secured networks are based on anal- automated attack and requires zero knowl- ysis of transferred data with corresponding edge. We tested the implementation on Initialization Vectors (IV s). carefully devised experiments, with available Wi-Fi Protected Access R (WPATM, a sub- equipment. The tool is open source and can set of 802.11i) was developed by the Wi-Fi be easily incorporated into other software. Alliance R as a reaction to increasing number The main use cases of this tool are found in of security flaws in WEP. The WPA is de- automated penetration testing, forensic in- vestigation, and education. 2http://www.wifileaks.cz/statistika/

c 2018 ADFSL Page 61 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . . signed to be backward hardware compatible with devices that used WEP, and vendors Table 1. Following table summarizes WLAN were expected to provide a firmware update statistics provided by Wifileaks.cz. Users of to remedy the catastrophic situation with this service voluntarily scan and publish de- WEP. Therefore, for data confidentiality and tails about WLAN s in the Czech Republic. integrity was chosen Temporal Key Integrity Information in the table show that a signifi- Protocol (TKIP). The main flaw of WPA se- cant number of WLAN s still use deprecated curity algorithm is associated with the TKIP security algorithms. The statistics consist- and a four-way handshake. It can be identi- ing of 97 192 922 measurements of 2 548 054 fied at the beginning of client device’s com- WLAN s were published on May 26, 2017. munication, where an unsecured exchange of confidential information is performed during the handshake. An investigator can obtain Security Count Ratio this unsecured communication and use it for WPA2 1 429 518 56 % consecutive cracking of the Pairwise Master WEP 393 579 15 % Key (PMK ) that is derived from Pre-Shared WPA 375 984 15 % Key (PSK ) or negotiated using an 802.1x open 67 388 3 % authentication stage in case of enterprise au- other 281 585 11 % thentication. Wi-Fi Protected Access R 2 (WPA2TM, full implementation of 802.11i) is a suc- cessor of WPA, but security flaws of Table 2. Results of wardriving in Bratislava the WPA algorithm remain significant also and Brno focused on UPC vulnerabili- for the WPA2. Besides TKIP, WPA2 ties concerning default WPA2 PSK pass- has mandatory support of Counter Mode words (Klinec & Sv´ıtok, 2016b). Detailed CBC-MAC Protocol (CCMP). Both TKIP article about these security flaws is available and CCMP ensure data confidentiality, au- online (Klinec & Sv´ıtok,2016a). thentication, and access control. IEEE 802.11ad adds and 802.11ac extends a new confidentiality protocol Galois/Counter Bratislava, Mode Protocol (GCMP). Information ex- Slovakia, Count Ratio posed during the handshake can be once 2016-10-01 again used for the dictionary attack, which Total networks 22 172 can be further improved by precomputing UPC networks 3 092 13.95 % Vulnerable the PMKs (Kumkar, Tiwari, Tiwari, Gupta, 1 327 42.92 % UPC & Shrawne, 2012, pp. 37–38; Liu, Jin, & UPC networks Wang, 2010, p. 3). Precomputed lookup ta- Brno, bles are already available online3. Czech Republic, Count Ratio A critical security flaw in wireless net- 2016-02-10 works secured by WPA or WPA2 is the func- Total networks 17 516 tionality called Wi-Fi Protected SetupTM UPC networks 2 868 16.37 % (WPS). This technology provides a comfort- Vulnerable 1 835 63.98 % UPC UPC networks 3https://www.renderlab.net/projects/ WPA-tables/

Page 62 c 2018 ADFSL Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

Server Internet Gateway Attacker Client

Figure 2. In an example network topology suitable for realization of MitM attack, the attacker’s device acts towards the victim as a default gateway. All the communication routed outside the local network from the victim is sent to the default gateway, in this case to the attacker’s device. From the attacker’s device, the communication can be further routed to the real default gateway (Callegati et al., 2009). For the successful execution of this scenario, the attacker needs to be connected to the targeted local network. able and supposedly secure way of connect- KCK and KEK are used for handshake pro- ing to the network. For a connection to tection and TK for data encryption. The re- the WLAN with WPS enabled, it is possible installation resets the incremental transmit to use an individual PIN. However, the pro- packet number (nonce) and receiver packet cess of connecting to the properly secured number (replay counter) to the initial value. network by providing PIN is very prone Therefore, the reinstallation violates the ex- to brute-force attacks (Heffner, 2011). Be- pectation of non reusable IV, which conse- cause WPS is a usual feature in today’s ac- quently breaks TKIP, CCMP or GCMP pro- cess points and that WPS is usually turned tocols. As Vanhoef & Piessens, 2017 show, on by default, WPS can be a very com- this also occasionally happens in regular con- mon security flaw even in networks secured ditions, without an adversary. by WPA2 with a strong password. Cur- Newly purchased access points usually use rently, there are already available automated WPA2 security by default. Currently, many tools for exploiting WPS weaknesses, e.g., access points can be found using default Reaver Open Source4. passwords not only for wireless network ac- Recently, a critical vulnerability, Key Re- cess, but even for AP’s web administra- installation Attacks (KRACKs), was discov- tion. With access to the AP’s administra- ered by Vanhoef & Piessens, 2017 revealing tion, the investigator could focus on chang- a flaw in 801.11i and related specifications, ing the network topology by tampering the more precisely, in the description of the four- network configuration. Access to the net- way handshake. A security of CCMP and work management further allows the investi- GCMP encryption methods expects that no gator to lower security levels, disable attack Initialization Vector (IV ) repeats under the detections, reconfigure DHCP together with same key. Authors showed that abusing this DNS and also clear AP’s logs. There are vulnerability, they can reinstall a Pairwise already implemented tools, which exploit re- Transient Key (PTK ) used for generation of lations between SSIDs and default network Key Confirmation Key (KCK ), Key Encryp- passwords, e.g., upc keys5 by Peter Geissler.6 tion Key (KEK ), and Temporal Key (TK ). 5https://haxx.in/upc-wifi/ 4https://code.google.com/archive/p/ 6UPC company is a major ISP in the Czech Re- reaver-wps/ public, URL: https://www.upc.cz

c 2018 ADFSL Page 63 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . .

These tools could be used in an attack on 1. DHCP Spoofing generates fake DHCP the network with default SSID to improve communication. This attack can also dictionary attack using possible passwords. be referred to as Rogue DHCP. An in- High severity of these security flaws is also vestigator can perform this kind of at- proven by the fact that a significant amount tack to provide devices in the network of WLAN s was found using unchanged pass- with malicious configuration, most of- words, as it is shown in Table 2. ten a fake default gateway address or DNS address. 2.2 Network Technologies vulnerable to MitM 2. ARP Spoofing provides the network de- vices with fake ARP messages. This Man-in-the-middle attacks are possible be- persuades the suspect’s device to be- cause of the very nature of existing network lieve that the attacking device’s MAC protocols. No designed for providing secu- address is the default gateway’s MAC rity per see, the common network protocols address. lack strong authentication capabilities that would prevent their misuse by an attacker. 3. IPv6 Neighbor Spoofing is a similar con- Man-in-the-middle attacks assume that the cept to ARP Spoofing. attacker can divert legitimate communica- tion. Switched Ethernet and secured wire- From the available spoofing attacks, the less transmission separates the communica- ARP Spoofing technique was implemented in tion between two endpoints thus no other de- our tool. This method proved itself with rea- vice should be able to see the conversation. sonable performance during experiments and Fortunately for the attacker, the insecurity it is simple to implement. of existing widely deployed protocols can be Of course, there are counter-measures to used. At the minimum, the following proto- spoofing attacks. The defense against spoof- cols can be considered as suitable targets: ing lies in implementing some extra function- ality to network devices: 1. DHCP automates network device con- 1. DHCP Snooping is a countermeasure figuration without a user’s intervention against DHCP Spoofing. This technique (Droms, 1997). focuses on detection of forged DHCP communication. Network device acting 2. ARP translates an IPv4 address to a as a DHCP snooper accepts only DHCP destination MAC address of the next- messages which are coming from con- hop device in the local area net- nections to the genuine DHCP server, work (Plummer, 1982). others are discarded. This way, individ- 3. IPv6 networks utilize ICMPv6 Neighbor ual connections are classified as either Discovery functionality to achieve sim- trusted or untrusted. If the network ilar functionality to ARP in IPv4 net- contains an unknown DHCP server be- works. hind an untrusted connection, it is re- ferred to as Spurious DHCP Server (Cisco Systems, Inc., 2013, p. 54-2). Because of the lack of authentication and integrity checking, these protocols are vul- 2. Dynamic ARP Inspection (DAI ) is nerable to spoofing attacks: based on analysis of ARP messages

Page 64 c 2018 ADFSL Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

transmitted over the network with aim traffic but also to perform this attack with- to detect ARP Spoofing. Similarly, de- out anyone noticing it. This way, Man-in- vice performing DAI can have its con- the-Middle Attack is endangers maintaining nections classified as trusted or un- confidentiality and integrity, key parts of the trusted. ARP messages from trusted CIA triad. connections are not checked. Analyz- HTTPS uses asymmetric cryptography ing device maintains a trusted database with private and public keys to provide se- of mapping of IP and MAC addresses cure HTTP communication. If the victim in the corresponding LAN. ARP mes- is communicating using HTTPS, successful sages from untrusted connections can realization of MitM attack is more diffi- be verified against this trusted map- cult. During communication of web browser ping database (Cisco Systems, Inc., on client’s device with a web server, these 2013, p. 56-2). two parties exchange a certificate contain- ing a public key for providing a secure data 3. Neighbor Discovery Inspection (NDI ) transfer. MitM attack, in this case, cap- uses similar approach as above- tures transferred certificate and replaces it mentioned DAI, but to detect IPv6 with a forged one (Callegati et al., 2009). Neighbor Spoofing. Analyzing device The forged certificate is at this point a self- verifies information transferred in signed certificate. Upon reception of the Neighbor Discovery messages against self-signed certificate, victim’s web browser its database of IP and MAC ad- can show some warning concerning possi- dress mappings. ble risk. If the victim is not aware of the possible consequences, the victim can accept Although the mitigation techniques are the certificate. In the case of success, both known, they are applied mostly in the enter- communicating devices are convinced of se- prise environments. In SOHO networks the cured HTTPS communication, but the at- devices either lack this feature or the protec- tacking device has the ongoing communica- tion is not enabled by the administrator. tion available. DNS Spoofing focuses on possibilities 2.3 Man-in-the-Middle Attack of forging DNS communication used for res- The MitM refers to the situation, where olution of domain names and IP addresses. the attacker’s device is located in the net- For the successful realization of this attack, work topology between two participants of the attacker needs to detect and intercept the communication (Figure 2). The attacker DNS messages in the network. The aim of then acts as an intermediary and the net- this attack is to direct the victim to a differ- work traffic is routed through the attack- ent device by providing a fake mapping of in- ing device. This state of unauthorized and quired domain name to a special IP address. intentionally changed network topology en- The attacker is able to imitate the inquired ables the attacker to eavesdrop on passed service by running a similar rogue service on communication. The attacker is also able to the provided spoofed IP address. If the vic- focus on decryption of data and on changing tim is convinced that the inquired service is the content of passed communication. That genuine, the attacker can then focus on cap- means that the attacker can inject harm- turing confidential information and creden- ful content. The attacker’s prioritized in- tials. The attacker can also use DNS Spoof- tention is not only to take control over the ing for providing the real service, but with

c 2018 ADFSL Page 65 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . .

Accessing wireless network

Scan Crack Impersonate (phishing)

Connect

Man-in-the-Middle attack stop Capturing network traffic

stop Tampering network topology

Figure 3. During the first phase – Accessing wireless network, the tool is capable of an at- tack on WEP OSA, WEP SKA, WPA PSK and WPA2 PSK secured WLAN s. In a case of the dictionary attack on the device deployed by the UPC company, used dictionaries are per- sonalized by the implicit passwords. In the case of properly secured WLAN, impersonation (phishing) can be employed. Using this method, an investigator impersonates the legitimate network to obtain the WLAN credentials from the user. During the second phase – Tamper- ing network topology, the tool needs to continuously work on keeping the network stations (STAs) persuaded that the spoofed topology is the correct one. An investigator is now able to capture or modify the traffic. The successful MitM attack is established.

Page 66 c 2018 ADFSL Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

enclosed harmful content. DNS Spoofing can phase. For the realization of DNS Spoofing, be effectively applied for spoofing fake web- it is possible to use tool dnsspoof, which is sites (Prowell et al., 2010, p. 112). If the a part of dsniff collection (Song, 2001). This attacker detects a DNS message, he inter- collection of network auditing and penetra- cepts it and forges a reply for the victim. tion testing tools contains several advanced The victim receives forged mapping of do- programs, which could be used for tamper- main name to IP address and starts commu- ing network topology. nication with the fake device without notic- Capturing traffic can be done by the tool ing the attack. The attacker then acts as dumpcap11, which is part of the Wireshark 12 the inquired service and therefore performs distribution. Behaviour, usage and success a MitM attack. rate of individual tools, as well as possibili- ties of controlling them by the implemented 2.4 Available Tools for tool, were analyzed. The software selected Specific Phases of the for individual tasks of the automated MitM MitM Attack on attack were chosen from the researched va- Wireless Networks riety of available tools based on performed manual experiments, further described in From perspective of the intended functional- the thesis (Vondr´aˇcek,2016). ity of the implemented tool, the whole pro- cess of MitM attack on wireless networks can be divided into three main phases: Ac- 3. ATTACK cessing wireless network, Tampering network AUTOMATION USING topology and Capturing network traffic, as explained in Figure 3. WIFIMITM PACKAGE To access secured wireless networks, AND WIFIMITMCLI Aircrack-ng suite7 is considered a reliable software solution. Considering the phase Ac- TOOL cessing wireless network (Figure 3), follow- The implemented tool is currently intended ing tools were utilized. Airmon-ng can man- to run on Arch Linux 13, but it could be used age modes of a wireless interface. Airodump- on other platforms which would satisfy spec- ng can be used to scan and detect attacked ified dependencies. This distribution was AP. Aircrack-ng together with aireplay-ng, selected because it is very flexible and airodump-ng and upc keys can be utilized for lightweight. Python 3.5 was selected as a pri- cracking WEP OSA, WEP SKA, WPA PSK mary implementation language for the auto- and WPA2 PSK. The tool wifiphisher 8 can mated tool and Bash was chosen for support- be used to perform impersonation and phish- ing tasks, e.g., installation of dependencies ing. Connection to the wireless network can on Arch Linux and software wrappers. be established by netctl 9. The functionality implemented in MITMf 10 with its Spoof plugin can be the wifimitm package could be directly used during the Tampering network topology incorporated into other software products based on Python language. This way 7http://www.aircrack-ng.org/ 8https://github.com/sophron/wifiphisher 11https://www.wireshark.org/docs/ 9https://www.archlinux.org/packages/ man-pages/dumpcap.html core/any/netctl/ 12https://www.wireshark.org/ 10https://github.com/byt3bl33d3r/MITMf 13https://www.archlinux.org/

c 2018 ADFSL Page 67 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . .

wifimitmcli

Captured Attack Data Traffic

updatableProcess capture model

topology

wep

access

wpa2

Dictionaries

impersonation common

requirements

Figure 4. This figure shows the basic structure of the developed application. The tool wifimitmcli uses a functionality offered by the package wifimitm. The package is also able to manipulate attack data useful for repeated attacks and capture files with intercepted traffic. Detailed structure of the package is described in section 3.

Page 68 c 2018 ADFSL Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

No Start Needs to Start Fake capture PRGA Capture IVs Authentication XOR? Yes

Repeatedly deauthenticate Start Start stations one by one, until WEP PSK ARP Replay PRGA XOR is captured. Crack

Yes No Stop Check process Cracked? All and wait.

Figure 5. The figure shows a simplified flowchart of cracking WEP OSA or WEP SKA secured wireless network. Cracking procedure is a part of the first phase Accessing wireless network as described in Figure 3. If the given WLAN has already been successfully attacked, Attack Data (Section 3.1) contains the correct key. In such cases, repetitive cracking is unnecessary and is therefore skipped. the package would work as a software scanning and capturing wireless communi- library. Schema of the wifimitm package is cation in monitor mode. The common mod- in Figure 4. ule also offers a way to deauthenticate STAs The wifimitm package consists of following from selected AP. modules. The access module offers an au- If a dictionary attack against a correctly tomated process of cracking selected WLAN. secured network fails, a phishing attack can It uses modules wep and wpa2, which imple- be managed by the impersonation14 mod- ment attacks and cracking based on the used ule. The topology module can be used to security algorithm. The wep module is ca- change network topology. It provides func- pable of fake authentication with the AP, tionality for ARP Spoofing. The capture ARP replay attack (to speed up gather- module focuses on capturing network traf- ing of IV s) and cracking the key based on fic (Figure 4). It is intended to be used after IV s. In the case of WPA2 secured net- the tool is successfully connected to the at- work, the wpa2 module can perform a dic- tacked network and network topology was tionary attack, personalize used dictionary successfully changed into the one suitable for and verify a password obtained by phish- MitM attack. ing (Figure 4). Verification of the password and dictionary attacks are done with a pre- viously captured handshake. The common 14For details concerning individual phishing sce- module contains functionality which could narios, please see wifiphisher’s website. https:// be used in various parts of the process for github.com/sophron/wifiphisher

c 2018 ADFSL Page 69 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . .

No

Yes Repeatedly deauthenticate No Needs to capture Personalize stations one by one, until handshake? dictionary? handshake is captured. Yes

Start upc_keys WPA PSK/WPA2 PSK dictionary attack

Yes No Stop Check process Cracked? All and wait.

Figure 6. This simplified flowchart illustrates cracking WPA PSK or WPA2 PSK secured network. Similarly as cracking in Figure 5, this procedure is also a part of the first phase Accessing wireless network (Figure 3). Cracking can also be skipped if the key is already known. As already described, impersonation (phishing) can be used in a case of unsuccessful cracking.

3.1 Attack Data 3.2 Dictionary Personalization Various attacks executed against the selected Weaknesses in default network passwords AP require some information to be cap- could be exploited to improve dictionary at- tured first. ARP request replay attack on tacks against WPA PSK and WPA2 PSK WEP secured networks requires an ARP re- security algorithms. The implemented tool quest to be obtained in order to start an at- incorporates upc keys for generation of pos- tacking procedure. Fake authentication in sible default passwords if the selected net- WEP SKA secured network needs PRGA work matches the criteria. The upc keys tool XOR15 obtained from a detected authenti- generates passwords, which are transferred cation. Dictionary attack against WPA PSK to the cracking tool using pipes. With this and WPA2 PSK secured networks requires approach, the implemented tool could be fur- a captured handshake. Finally, for the suc- ther improved for example to support local- cessful connection to a network, a correct key ized dictionaries. is required. When the required information is obtained, it can be saved for a later us- 3.3 Requirements age to speed up following or repetitive at- The implemented automated tool depends tacks. Data from successful attacks could on several other tools, which are being con- be even shared between users of the imple- trolled. The Python package can be au- mented tool. tomatically installed by its setup includ- 15Stream of Pseudo Random Generation Algo- ing Python dependencies. Non-Python de- rithm generated bits. pendencies can be satisfied by installation

Page 70 c 2018 ADFSL Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

ARP Replay

Flags Process has Process just started. been terminated. deauthenticated

Waiting for a beacon frame. read ACKs ARPs sent pps Waiting for an ARP request.

Files

replay_arp.cap Got ARP request, sending packets.

Figure 7. This figure presents the information model of a process controlled by wifimitm. In this example, the incorporated tool is aireplay-ng from Aircrack-ng suite executing ARP replay attack to speed up gathering of IV s. State of the process is modeled using a FSM consisting of 5 states. In a case that the attacking device receives at least one deauthenti- cation packet, the deauthenticated flag is set. Statistics contain overall information about processed packets. Useful file created by aireplay-ng during this procedure is a capture file containing ARP request. This file is part of the Attack Data, as outlined in Section 3.1.

c 2018 ADFSL Page 71 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . .

Internet Internet

STA 1 STA 5

R1 R1

STA 2 STA 6

AP AP STA 3 STA 7

STA 1 wifimitm STA 4 wifimitm STA 8

Figure 8. This figure presents the network Figure 9. This figure shows the network topology used for the first performance test- topology consisting of 8 STAs and 1 AP ing (Section 4.1) and success rate measure- which was used for the second performance ments (Section 4.2). Results of this perfor- testing (Section 4.1). Results of this perfor- mance testing are in Figure 10. mance testing are in Figure 11.

scripts and wrappers, which are currently de- turing of network traffic without being con- veloped for Arch Linux. nected to the network, an attacking device MITMf has a number of dependencies. needs a wireless network interface in monitor Therefore, the installation script also cre- mode. For sending forged packets, the wire- ates a virtual environment dedicated to less network interface also needs to be ca- MITMf. After installation, MITMf can be pable of packet injection. To be able to easily run encapsulated in its environment. perform a phishing attack, a second wire- Wifiphisher is also installed in a virtual- less interface capable of master (AP) mode ized environment and run using a wrap- has to be available. The user can check per. Tool upc keys is compiled during in- whether his hardware is capable of packet stallation. Some changes in wifiphisher’s injection using the aireplay-ng tool. Man- source code were implemented, the installa- aging monitor mode of interface is possible tion script therefore applies a software patch. with the airmon-ng tool. Other software dependencies are installed using a package manager. 3.4 Incorporation of tools Due to the nature of concrete steps of The implemented tool needs to interact with the attack, a special hardware equipment other software tools in order to automate is required. During the scanning and cap- attack procedures. Incorporated tools com-

Page 72 c 2018 ADFSL Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

municate using Standard output stream (std- ments were conducted to show how easy it is out), Standard error stream (stderr) and to gain the network communication for dif- optionally using generated files. Wifimitm ferent wireless configurations. needs to continuously analyze all these out- puts to be aware of current state of the 4.1 Attack’s Performance controlled tool. Information contained in Impact the output can be a summary of current The first experiment examines wheathe the progress, a notification that some event oc- attack is observable from end-user perspec- curred or a result of an intended action. tive or disrupts regular communication on To meet requirements for efficient incor- the network. A scheme of the networks poration of other tools so that the wifimitm used for this experiment is shown in Fig- package could interact with them, the up- ures 8 and 9, modeling SOHO16 environ- datableProcess module was developed. This ment. The STAs were correctly connected to module contains an abstract base class the AP, and they were successfully commu- UpdatableProcess. Individual incorporated nicating with the Internet. The implemented tools have dedicated classes inherited from wifimitmcli tool was then started and auto- the UpdatableProcess which are used for matically attacked the network, as described managing these tools from wifimitm. When in Section 3 and Figure 3. a process is spawned, using an instance of The performance impact of the wifimitm class inherited from UpdatableProcess, it is was compared using typologies presented in assigned a temporary directory for its out- Figures 8 and 9. As the observed metric was puts. The running process is continuously selected a Round-Trip Time (RTT ) value writing to stdout and stderr. The outputs describing a delay that end-user might expe- are periodically analyzed. Classes inherited rience when the load on the R1 is increased. from UpdatableProcess can implement a sig- For the first case, only one client is con- nalization of process’ state using a Finite nected at the time. The Figure 10 plots State Machine (FSM ). Process’ output can RTT values measured between STA1 and include notifications of events. Upon detec- its Internet gateway R1. The x axe de- tion of such event, appropriate flags can be notes each measurement, and on the y axe is set. Some processes also output summary shown corresponding delay in ms in a loga- information, which can be used to update rithmic scale. statistics. Continuously updated informa- The second case shows eight STAs con- tion about the process can therefore consist nected to R1 simultaneously, in Figure 9. of state, flags, statistics and created files as Figure 11 shows an increase of RTT mea- presented in Figure 7. sured between each of STAx and R1. Both cases were evaluated on the fact, 4. EVALUATION whether the attack being performed was re- vealed or whether the users had any suspi- The capabilities of the implemented tool cion about the malicious transformation of were evaluated. Because the tool deploys their WLAN. By results comparison of both man-in-the-middle type of attack, the tool test cases, presented in Figures 10 and 11, necessary modifies the target environment. can be concluded that regular user has no Thus we evaluated the footprint of the tool way of knowing whether the increase of la- and the possibility to detect the running at- tack by the victim. The next set of experi- 16small office/home office

c 2018 ADFSL Page 73 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . .

RTT STA1 – R1 RTT STA1 – R1 10000 ms 10000 ms

1000 ms 1000 ms

100 ms 100 ms

10 ms 10 ms

1 ms 1 ms 0 200 400 0 200 400 usual communication MitM usual communication MitM

Figure 10. The first WLAN for perfor- Figure 11. The second performance testing mance testing was the same as for the suc- consisted of 8 STAs and 1 AP connected cess rate measurements described in Sec- to the Internet – streaming videos, down- tion 4.2. Figure shows comparison of loading large files, etc. The figure com- the measured RTT between STA1 and R1 pares the RTT between STA1 and R1 sim- during usual communication and during ilarly. The performance impact is more se- successful MitM attack. The results show vere than in Figure 10. Despite the perfor- the performance impact is not critical. Dis- mance impact, the users had no suspicion cussion with the users of the attacked net- that they were under MitM attack. In- work proved this attack unrecognizable. stead, they blamed the amount of devices for network congestion.

Page 74 c 2018 ADFSL Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

tency is caused by an attack, or by a new University of Technology, Faculty of Infor- device connecting to the network, massive mation Technology where visitors were in- data transfer, or any other interference from vited to let their devices be attacked. the physical world. Results of experiments present in Ta- On the other hand, there is apparent lin- bles 3, 4 and the thesis (Vondr´aˇcek,2016, ear segregation between measurements with pp. 42–43) reveal the following conclusions: and without attack in Figure 11. This obser- vation submits a future challenge, whether • Open – networks can be very easily at- this condition might be used as a feature for tacked. a wireless network diagnostic without direct access to R1 or any of STAs. • WEP OSA and WEP SKA – secured networks can be successfully attacked 4.2 Experiments Concerning even if they use a random password. Various Network Devices • WPA PSK and WPA2 PSK – secured and Configurations networks suffer from weak passwords The second experiment observes applicabil- (dictionary attack), default passwords ity of the wifimitmcli tool in different SOHO and mistakes of users (impersonation environments based on multiple AP devices and phishing). with a variety of commonly used security settings in combination with numerous end- Consequently, results reveal feasibility user devices. The experiment was considered and ease of MitM attack using the wifim- successful if the wifimitmcli was able to per- itm, and its success rate in the target form all phases of MitM attack, Figure 3, SOHO environments. and place itself in the middle of communica- tion to capture network traffic according to the concept of MitM, Section 2.3 and Fig- 5. CONCLUSIONS ure 2. For the test case to be correct, no The goal of this research was to implement help from the investigator was allowed dur- a tool that would be able to automate all ing the attack performed by wifimitmcli. the necessary steps to perform MitM attacks The first use-case was to test all combina- on WLAN s. The authors searched for and tions of available AP devices with all avail- analyzed a range of software and methods able client ones. Figure 8 shows network focused on penetration testing, communica- topology used in this controlled laboratory tion sniffing and spoofing, password crack- experiment. Results of the success rate mea- ing and hacking in general. To be able to surements are shown in Tables 3 and 4. design, implement and test the tool capa- The second use-case was to test suc- ble of such attacks, knowledge of different cess rate of the wifimitmcli tool in a non- widespread security approaches was essen- laboratory environment beyond our control tial. The authors further focused on possibil- on the end-user part. Figure 8 shows once ities of MitM attacks even in cases where the again testing topology withLinksys WRP400 target WLAN is secured correctly. There- device as an AP. Table 4 shows measure- fore, methods and tools for impersonation ments and success rate of observations of this and phishing were also analyzed. use-case. The experiment was conducted The authors’ work and research resulted during the author’s presentation at the Brno in creation of the wifimitm Python package.

c 2018 ADFSL Page 75 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . .

Table 3. This table presents results of the success rate measurements. A successful attack is marked using a checkmark symbol (X) and unsuccessful attack is marked using a times sym- bol (×). In the case when the attack was not fully successful, the question mark (?) is used. Such partially successful test (? symbol) can for example happen in situation where the sus- pect is sending only a portion of his traffic through the investigator. Some of the used STAs lack WEP SKA settings ( symbol). Testing WPA PSK and WPA2 PSK networks were configured with password ”12345678” and WEP secured networks used password ”A b#1”.

Lenovo G580,Lenovo Windows G505s,Dell Latitude Windows 10HTC DesireE6500,Apple 8.1 500, Ubuntu iPhone Android 17.04 4, iOS 4.1.2 7.1.2 open X X X X X WEP OSA Linksys X X X X X WEP SKA WRT610N   X X X WPA PSK X X X X X WPA2 PSK X X X X X open X X X X X WEP OSA Linksys X X X X X WEP SKA WRT54G   X X X WPA PSK X X X X X WPA2 PSK X X X X X open X X X X X WEP OSA Linksys X X X X X WEP SKA WRP400   X X X WPA PSK X X X X X WPA2 PSK X X X X X open ? × X X X WEP OSA ? × × TP-LINK X X WEP SKA × TL-WR841N   X X WPA PSK ? × X X × WPA2 PSK ? × X X × open X X X X X WEP OSA D-Link X X X X X WEP SKA DVA-G3671B   X X X WPA PSK X X X X X WPA2 PSK X X X X X

Page 76 c 2018 ADFSL Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

Table 4. The following table shows the re- protections. This means that it does not sults of public experiments. Testing network interfere with SSL/TLS, VPN, or other en- utilized Linksys WRP400 as an AP and end- capsulations. Thanks to the tool’s design, it user devices of random people that agreed can be easily used together with other soft- to participate in the experiment. A success- ware specialized on interception of encapsu- ful attack is marked using a checkmark sym- lated traffic. Traffic encapsulation is a suf- bol (X). ficient protection against this tool. From the WLAN administrators point of view, Model OS Attack available defense mechanisms are outlined in Section 2.2. HTC Desire 500 Android 4.1.2 X As explained earlier, all the suspect’s net- HTC Desire 820 Android 6.0.1 X work traffic is passing through the attacking Apple iPhone 6 iOS 10.3.1 X Apple iPhone 5s iOS 10.2.1 device during a successful MitM attack. Un- X fortunately, there could be users on the net- Apple iPhone 5 iOS 10.3.1 X work other than the ones that are subject Apple iPhone 5c iOS 9.2.1 X to a court order. Making sure that only ap- Apple iPhone 4 iOS 7.1.2 X propriate traffic is being captured may be important depending on the nature of the This package serves as a library which pro- court order or the legislation. This challenge vides functionality for automation of MitM may be solved by setting corresponding filter attacks on target WLAN s. The developed rules for traffic capture software. package can also be easily incorporated into This research and its products can be uti- other tools. Another product of this re- lized in combination with other security re- search is the wifimitmcli tool which incor- search carried out at the Brno University porates the functionality of the wifimitm of Technology, Faculty of Information Tech- package. This tool automates the individ- nology. It can serve in investigations done ual steps of a MitM attack and can be by forensic researchers (Pluskal et al., 2015). used from a CLI. The implemented software It can also be used in automated penetration comes with a range of additions for conve- testing of WLANs. nient usage, e.g., a script that checks and in- In the future iterations of the develop- stalls dependencies on Arch Linux, a Python ment, the product could focus on exploit- setuptools setup script and of course a man- ing the weaknesses of the widely used WPS ual page. technology, incorporating techniques to per- The wifimitmcli tool, and therefore wifim- form KRACKs, or focus on detection of at- itm as well, was tested during experiments tacks themselves. Concerning the current with an available set of equipment. As state of the product, it does not focus on the results show, the implemented software enterprise WLAN s, which also suffer from product is able to perform an automated their weaknesses. MitM attack on WLAN s successfully. Upon successful deployment and execu- tion of the implemented tool, an investigator can eavesdrop or spoof the passing communi- ACKNOWLEDGEMENTS cation. The goal of the tool was to automate This work was supported by Ministry of In- MitM attacks on PSK secured WLANs. It terior of the Czech Republic project “Inte- does not focus on dissecting further traffic grated platform for analysis of digital data

c 2018 ADFSL Page 77 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . .

from security incidents” VI20172020062; security and forensics, and network architec- Ministry of Education, Youth and Sports tures. His work is focused on improving net- of the Czech Republic from the National work security through data analysis by ap- Programme of Sustainability (NPU II) plication of data mining, statistics, and dis- project “IT4Innovations excellence in sci- tributed computing. ence” LQ1602; and by BUT internal project “ICT tools, methods and technologies for smart cities” FIT-S-17-3964. REFERENCES Callegati, F., Cerroni, W., & Ramilli, M. (2009, Jan). Man-in-the-middle AUTHOR attack to the HTTPS protocol. BIOGRAPHIES Security Privacy, IEEE, 78–81. doi: 10.1109/MSP.2009.12 Martin Vondr´aˇcek is currently pursuing Cisco Systems, Inc. (2013). Catalyst 6500 Master’s degree in Intelligent Systems at the release 12.2sx software configuration Brno University of Technology. He has com- guide. Retrieved on January 29, 2018, pleted the Bachelor’s degree with honours from http://www.cisco.com/c/en/ at the same university in 2016 and received us/td/docs/switches/lan/ dean’s award and rector’s award later that catalyst6500/ios/12-2SX/ year. His interest in Computer Science in- configuration/guide/book.html creased during his thesis work at the Uni- Deal, R., & Cisco Systems, I. (2006). The versity of Malta in 2016 and exchange study complete cisco vpn configuration of Computer Forensics at the University of guide. Cisco Press. Retrieved on South Wales in 2017. He presented outcomes January 30, 2018, from of his research at conferences ICDF2C and https://books.google.cz/ Excel@FIT. He is dedicated to research, in- books?id=ms-8AAAACAAJ formation security, computer networks and Droms, R. (1997, March). Dynamic Host software development. Configuration Protocol (RFC No. Jan Pluskal is a Ph.D. student at FIT 2131). Internet Engineering Task BUT, freelance lecturer and programmer. Force. RFC 2131 (DRAFT He is mostly interested in computer network STANDARD). Retrieved on January forensics, machine learning, distributed com- 30, 2018, from http:// puting and C# programming. The main au- www.ietf.org/rfc/rfc2131.txt thor of Netfox Detective – a tool for network Fluhrer, S., Mantin, I., & Shamir, A. forensic analysis. In his free time, he plays (2001). Weaknesses in the key around with home automation IoT technolo- scheduling algorithm of RC4. In gies to ease up daily routines of his family. S. Vaudenay & A. Youssef (Eds.), Ondˇrej Ryˇsav´y received the Ph.D. degree Selected areas in cryptography (pp. in computer science from the Brno Univer- 1–24). Springer Berlin Heidelberg. sity of Technology, Brno, Czech Republic, in Retrieved on January 30, 2018, from 2005. He is an Associate Professor with the http://dx.doi.org/10.1007/ Department of Information Systems, Brno 3-540-45537-X 1 doi: University of Technology, Brno. His research 10.1007/3-540-45537-X 1 interests include computer networking and, Godber, A., & Dasgupta, P. (2003). in particular, network monitoring, network Countering rogues in wireless

Page 78 c 2018 ADFSL Automated Man-in-the-Middle Attack Against . . . JDFSL V13N1

networks. In Proceedings of the Klinec, D., & Sv´ıtok,M. (2016b). international conference on parallel Wardriving Bratislava 10/2016. processing workshops (Vol. Retrieved on January 30, 2018, from 2003-January, pp. 425–431). Institute https://deadcode.me/blog/2016/ of Electrical and Electronics 11/05/Wardriving-Bratislava-10 Engineers Inc. doi: -2016.html 10.1109/ICPPW.2003.1240398 Kumkar, V., Tiwari, A., Tiwari, P., Gupta, Halsall, F. (2005). Computer networking A., & Shrawne, S. (2012). and the internet. Addison-Wesley. Vulnerabilities of wireless security Retrieved on January 22, 2016, from protocols (WEP and WPA2). https://books.google.cz/ International Journal of Advanced books?id=QadX5XErZ9IC Research in Computer Engineering & Heffner, C. (2011). Cracking WPA in 10 Technology (IJARCET), 1 (2), 34–38. hours or less – /dev/ttys0. Retrieved Retrieved on January 30, 2018, from on April 4, 2016, from http://ijarcet.org/wp-content/ http://www.devttys0.com/2011/ uploads/ 12/cracking-wpa-in-10-hours-or IJARCET-VOL-1-ISSUE-2-34-38.pdf -less/ IEEE-SA. (2012, March). IEEE standard Liu, Y., Jin, Z., & Wang, Y. (2010, Sept). for information Survey on security scheme and technology–telecommunications and attacking methods of WPA/WPA2. information exchange between In 2010 6th international conference systems local and metropolitan area on wireless communications networks–specific requirements part networking and mobile computing 11: Wireless LAN medium access (wicom) (pp. 1–4). doi: control (MAC) and physical layer 10.1109/WICOM.2010.5601275 (PHY) specifications. IEEE Std Plummer, D. (1982, November). Ethernet 802.11-2012 (Revision of IEEE Std Address Resolution Protocol: Or 802.11-2007), 1–2793. doi: Converting Network Protocol 10.1109/IEEESTD.2012.6178212 Addresses to 48.bit Ethernet Address Kent, S., & Seo, K. (2005, December). for Transmission on Ethernet Security Architecture for the Internet Hardware (RFC No. 826). Internet Protocol (RFC No. 4301). Internet Engineering Task Force. RFC 826 Engineering Task Force. RFC 4301 (INTERNET STANDARD). (PROPOSED STANDARD). Retrieved on January 30, 2018, from Retrieved on January 30, 2018, from http://www.ietf.org/rfc/ https://www.ietf.org/rfc/ rfc826.txt rfc4301.txt Pluskal, J., Matouˇsek,P., Ryˇsav´y,O., Klinec, D., & Sv´ıtok,M. (2016a). UPC Kmeˇt, M., Vesel´y,V., Karp´ıˇsek,F., & UBEE EVW3226 WPA2 password Vyml´atil,M. (2015). Netfox reverse engineering, rev 3. Retrieved detective: A tool for advanced on January 30, 2018, from network forensics analysis. In https://deadcode.me/blog/2016/ Proceedings of security and protection 07/01/UPC-UBEE-EVW3226-WPA2 of information (spi) 2015 (pp. -Reversing.html 147–163). Brno University of Defence.

c 2018 ADFSL Page 79 JDFSL V13N1 Automated Man-in-the-Middle Attack Against . . .

Retrieved on January 30, 2018, from thesis, Brno University of Technology, http://www.fit.vutbr.cz/ Faculty of Information Technology). research/view pub.php?id=10863 Retrieved on January 30, 2018, from Prowell, S., Kraus, R., & Borkin, M. http://www.fit.vutbr.cz/study/ (2010). Chapter 6 - DP/BP.php?id=18596 man-in-the-middle. In S. Prowell, Vondr´aˇcek,M., Pluskal, J., & Ryˇsav´y,O. R. Kraus, & M. Borkin (Eds.), Seven (2018). Automation of MitM attack deadliest network attacks (pp. on Wi-Fi networks. In P. Matouˇsek& 101–120). Boston: Syngress. M. Schmiedecker (Eds.), Digital Retrieved on January 30, 2018, from forensics and cyber crime (pp. http://www.sciencedirect.com/ 207–220). Cham: Springer science/article/pii/ International Publishing. B9781597495493000067 doi: http://dx.doi.org/10.1016/ B978-1-59749-549-3.00006-7 Robyns, P. (2014). Wireless network privacy (Master’s thesis, Hasselt University, Hasselt). Retrieved on January 30, 2018, from http:// hdl.handle.net/1942/17516 Song, D. (2001, Dec). dsniff. Retrieved on January 27, 2018, from http:// www.monkey.org/~dugsong/dsniff Tews, E., Weinmann, R.-P., & Pyshkin, A. (2007). Breaking 104 bit WEP in less than 60 seconds. In S. Kim, M. Yung, & H.-W. Lee (Eds.), Information security applications (pp. 188–202). Springer Berlin Heidelberg. Retrieved on January 30, 2018, from http://dx.doi.org/10.1007/ 978-3-540-77535-5 14 doi: 10.1007/978-3-540-77535-5 14 Thomas, O. (2017). Windows server 2016 inside out. Pearson Education. Retrieved on January 30, 2018, from https://books.google.cz/ books?id=rLfDDgAAQBAJ Vanhoef, M., & Piessens, F. (2017). Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 24th acm conference on computer and communications security (ccs). ACM. Vondr´aˇcek,M. (2016). Automation of MitM attack on WiFi networks (Bachelor’s

Page 80 c 2018 ADFSL