Academic Bibliography

 Search 200 years of publications by Ghent University researchers.
Advanced search
1 file | 935.98 KB
Add to list
  1. Search results
  2. Testing and improving the correctness...

Testing and improving the correctness of wi-fi frame injection

Mathy Vanhoef, Xianjun Jiao (UGent) , Wei Liu (UGent) and Ingrid Moerman (UGent)
(2023) Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2023. p.287-292
Author
Organization
Abstract
Investigating the security of Wi-Fi devices often requires writing scripts that send unexpected or malformed frames, to subsequently monitor how the devices respond. Such tests generally use Linux and off-the-self Wi-Fi dongles. Typically, the dongle is put into monitor mode to get access to the raw content of received Wi-Fi frames and to inject, i.e., transmit, customized frames. In this paper, we demonstrate that monitor mode on Linux may, unbeknownst to the user, mistakenly inject Wi-Fi frames or even drop selected frames instead of sending them. We discuss cases where this causes security testing tools to misbehave, making users to believe that a device under test is secure while in reality it is vulnerable to an attack. To remedy this problem, we create a script to test raw frame injection, and we extend the Radiotap standard to gain more control over frame injection. Our extension is now part of the Radiotap standard and has been implemented in Linux. We tested it using commercial Wi-Fi dongles and using openwifi, which is an open implementation of Wi-Fi on top of software-defined radios. With our improved setup, we reproduced tests for the KRACK and FragAttack vulnerabilities, and discovered previously unknown vulnerabilities in three smartphones.
Keywords
802.11, monitor mode, packet injection, radiotap

Downloads

  • Download
    (...).pdf
    • full text (Published version)
    • |
    • UGent only
    • |
    • PDF
    • |
    • 935.98 KB

Citation

Please use this url to cite or link to this publication:

MLA
Vanhoef, Mathy, et al. “Testing and Improving the Correctness of Wi-Fi Frame Injection.” Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2023, Assoc Computing Machinery, 2023, pp. 287–92, doi:10.1145/3558482.3581779.
APA
Vanhoef, M., Jiao, X., Liu, W., & Moerman, I. (2023). Testing and improving the correctness of wi-fi frame injection. Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2023, 287–292. https://doi.org/10.1145/3558482.3581779
Chicago author-date
Vanhoef, Mathy, Xianjun Jiao, Wei Liu, and Ingrid Moerman. 2023. “Testing and Improving the Correctness of Wi-Fi Frame Injection.” In Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2023, 287–92. New York: Assoc Computing Machinery. https://doi.org/10.1145/3558482.3581779.
Chicago author-date (all authors)
Vanhoef, Mathy, Xianjun Jiao, Wei Liu, and Ingrid Moerman. 2023. “Testing and Improving the Correctness of Wi-Fi Frame Injection.” In Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2023, 287–292. New York: Assoc Computing Machinery. doi:10.1145/3558482.3581779.
Vancouver
1.
Vanhoef M, Jiao X, Liu W, Moerman I. Testing and improving the correctness of wi-fi frame injection. In: Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2023. New York: Assoc Computing Machinery; 2023. p. 287–92.
IEEE
[1]
M. Vanhoef, X. Jiao, W. Liu, and I. Moerman, “Testing and improving the correctness of wi-fi frame injection,” in Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2023, Univ Surrey, Surrey Ctr Cyber Secur, Guildford, ENGLAND, 2023, pp. 287–292.
@inproceedings{01H9JAMRFWVAWYB5JTWJQADTBX,
  abstract     = {{Investigating the security of Wi-Fi devices often requires writing scripts that send unexpected or malformed frames, to subsequently monitor how the devices respond. Such tests generally use Linux and off-the-self Wi-Fi dongles. Typically, the dongle is put into monitor mode to get access to the raw content of received Wi-Fi frames and to inject, i.e., transmit, customized frames.

 In this paper, we demonstrate that monitor mode on Linux may, unbeknownst to the user, mistakenly inject Wi-Fi frames or even drop selected frames instead of sending them. We discuss cases where this causes security testing tools to misbehave, making users to believe that a device under test is secure while in reality it is vulnerable to an attack. To remedy this problem, we create a script to test raw frame injection, and we extend the Radiotap standard to gain more control over frame injection. Our extension is now part of the Radiotap standard and has been implemented in Linux. We tested it using commercial Wi-Fi dongles and using openwifi, which is an open implementation of Wi-Fi on top of software-defined radios. With our improved setup, we reproduced tests for the KRACK and FragAttack vulnerabilities, and discovered previously unknown vulnerabilities in three smartphones.}},
  author       = {{Vanhoef, Mathy and Jiao, Xianjun and Liu, Wei and Moerman, Ingrid}},
  booktitle    = {{Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2023}},
  isbn         = {{9781450398596}},
  keywords     = {{802.11,monitor mode,packet injection,radiotap}},
  language     = {{eng}},
  location     = {{Univ Surrey, Surrey Ctr Cyber Secur, Guildford, ENGLAND}},
  pages        = {{287--292}},
  publisher    = {{Assoc Computing Machinery}},
  title        = {{Testing and improving the correctness of wi-fi frame injection}},
  url          = {{http://doi.org/10.1145/3558482.3581779}},
  year         = {{2023}},
}
Altmetric
View in Altmetric
Web of Science
Times cited: