Detection of WPS attacks through multiscale analysis

Resumo

The wide spread adoption of 802.11 networks as the solution for providing an efficient network coverage with high data-rates raised several security concerns. In a first stage, WEP was used for protecting user’s wireless networks from intrusions. Such intrusions’ purposes could be simple free Internet accesses or more complex attacks to access confidential information. However, due to multiple technical flaws this approach was not sufficient which lead to the emergence of WPA and WPA2 technologies. WPA and WPA2 allow more secure networks but require more complicated configuration tasks. With the objective of creating a simple configuration interface, the Wi-Fi Alliance came up with a simple configuration approach: the Wi-Fi Protected Setup (WPS). WPS is present in major vendors products, providing a much easier configuration setup but a less efficient security environment. This less secure implementation is vulnerable to brute force attacks, that can be quick to execute, with little complexity and difficult to detect. After cracking the WPS, attackers can access to WPA/WPA2wireless passphrase and consequently, illicitly connect to users’ wireless networks. Accessing and analyzing the content of the wireless frames is limited by technical requirements and legal constrains. Therefore, this paper presents a method to detect attacks on WPA routers with Wi-Fi Protected Setup based only on the amount of traffic generated. We propose a monitoring station which exclusively analyzes traffic flows from the router. By monitoring the traffic and using a multiscale analysis we are able to accurately identify this type of intrusion attempt over other traffic.