Cited By
View all- Daldoul YBerrima M(2024)A robust certificate management system to prevent evil twin attacks in IEEE 802.11 networksInternational Journal of Information Technology10.1007/s41870-024-02008-4Online publication date: 18-Jun-2024
The Devil is in the Details: Hidden Problems of Client-Side Enterprise Wi-Fi Configurators
Pages 251 - 261
Abstract
In the context of connecting to enterprise Wi-Fi, previous works show that relying on human users to manually configure or enforce server authentication often leads to insecure outcomes. Consequently, many user credentials can potentially be stolen by the so-called "Evil-Twin'' (ET) attack. To ease the burden of human users, various easy-to-use Wi-Fi configurators have been released and deployed. In this work, we investigate whether such configurators can indeed protect users from variants of the ET attack. To our surprise, the results of our investigation show that all configurators considered in the study suffer from certain weaknesses due to their design, implementation, or deployment practices. Notable findings include a series of design flaws in the new trust-on-first-use (TOFU) configurator on Android (available since version 12), which can be exploited in tandem to achieve a stealthy ET attack. Moreover, we found that 2 open-source Android Wi-Fi configurators fail to properly enforce server authentication under specific situations. The cause of these could be partly attributed to the complexity stemmed from certificate name matching as well as the limitations of the Android API. Last but not least, we found that a commercial configurator not only allows insecure Wi-Fi configurations to be deployed, but also the covert injection of certificates on the user device to facilitate interception of other TLS traffic, posing yet another hidden security and privacy threat to its users. All in all, this study shows that despite years of research on the topic, developing a user-friendly yet reliable Wi-Fi configurator remains an elusive goal, and thus the threat of ET attacks continues to be relevant. As such, it is time to rethink whether the complexity of the standard certificate chain validation is actually good for enterprise Wi-Fi.
References
[1]
Alberto Bartoli, Eric Medvet, Andrea De Lorenzo, and Fabiano Tarlao. 2018b. (in) secure configuration practices of wpa2 enterprise supplicants. In Proceedings of the 13th International Conference on Availability, Reliability and Security. 1--6.
[2]
Alberto Bartoli, Eric Medvet, and Filippo Onesti. 2018a. Evil twins and WPA2 Enterprise: A coming security disaster? Computers & Security, Vol. 74 (2018), 1--11.
[3]
Chad Brubaker, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, and Vitaly Shmatikov. 2014. Using frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations. In 2014 IEEE Symposium on Security and Privacy. IEEE, 114--129.
[4]
Sze Yiu Chau, Omar Chowdhury, Endadul Hoque, Huangyi Ge, Aniket Kate, Cristina Nita-Rotaru, and Ninghui Li. 2017. Symcerts: Practical symbolic execution for exposing noncompliance in X. 509 certificate validation implementations. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 503--520.
[5]
Sze Yiu Chau, Bincheng Wang, Jianxiong Wang, Omar Chowdhury, Aniket Kate, and Ninghui Li. 2018. Why Johnny Can't Make Money With His Contents: Pitfalls of Designing and Implementing Content Delivery Apps. In Proceedings of the 34th Annual Computer Security Applications Conference. 236--251.
[6]
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard). https://doi.org/10.17487/RFC5280 Updated by RFCs 6818, 8398, 8399.
[7]
Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer, and contributors. 2010--. mitmproxy: A free and open source interactive HTTPS proxy. https://mitmproxy.org/ [Version 9.0].
[8]
X de Carné de Carnavalet and Mohammad Mannan. 2016. Killed by proxy: Analyzing client-end TLS interception software. In Network and Distributed System Security Symposium.
[9]
Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumg"artner, Bernd Freisleben, and Matthew Smith. 2012. Why Eve and Mallory love Android: An analysis of Android SSL (in) security. In Proceedings of the 2012 ACM conference on Computer and communications security. 50--61.
[10]
Niels Ferguson and Bruce Schneier. 1999. A cryptographic evaluation of IPsec. (1999).
[11]
Matthew Gast. 2005. 802.11 wireless networks: the definitive guide. O'Reilly Media, Inc.
[12]
Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov. 2012. The most dangerous code in the world: validating SSL certificates in non-browser software. In Proceedings of the 2012 ACM conference on Computer and communications security. 38--49.
[13]
Man Hong Hue, Joyanta Debnath, Kin Man Leung, Li Li, Mohsen Minaei, M. Hammad Mazhar, Kailiang Xian, Endadul Hoque, Omar Chowdhury, and Sze Yiu Chau. 2021. All Your Credentials Are Belong to Us: On Insecure WPA2-Enterprise Configurations. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, Republic of Korea) (CCS '21). Association for Computing Machinery, New York, NY, USA, 1100--1117. https://doi.org/10.1145/3460120.3484569
[14]
Marten Oltrogge, Nicolas Huaman, Sabrina Amft, Yasemin Acar, Michael Backes, and Sascha Fahl. 2021. Why Eve and Mallory Still Love Android: Revisiting TLS (In) Security in Android Applications. In USENIX Security Symposium. 4347--4364.
[15]
Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, and Danfeng Yao. 2019. Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized java projects. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2455--2472.
[16]
Bruce Schneier, David Wagner, et al. 1999. Cryptanalysis of microsoft's PPTP authentication extensions (MS-CHAPv2). In International Exhibition and Congress on Network Security. Springer, 192--203.
[17]
D. Simon, B. Aboba, and R. Hurst. 2008. The EAP-TLS Authentication Protocol. RFC 5216 (Proposed Standard). https://doi.org/10.17487/RFC5216
[18]
Suphannee Sivakorn, George Argyros, Kexin Pei, Angelos D Keromytis, and Suman Jana. 2017. HVLearn: Automated black-box analysis of hostname verification in SSL/TLS implementations. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 521--538.
[19]
Cong Tian, Chu Chen, Zhenhua Duan, and Liang Zhao. 2019. Differential testing of certificate validation in SSL/TLS implementations: An rfc-guided approach. ACM Transactions on Software Engineering and Methodology (TOSEM), Vol. 28, 4 (2019), 1--37.
[20]
Louis Waked, Mohammad Mannan, and Amr Youssef. 2020. The sorry state of TLS security in enterprise interception appliances. Digital Threats: Research and Practice, Vol. 1, 2 (2020), 1--26.
[21]
Kailong Wang, Yuwei Zheng, Qing Zhang, Guangdong Bai, Mingchuang Qin, Donghui Zhang, and Jin Song Dong. 2022. Assessing certificate validation user interfaces of WPA supplicants. In Proceedings of the 28th Annual International Conference on Mobile Computing And Networking. 501--513. io
Index Terms
- The Devil is in the Details: Hidden Problems of Client-Side Enterprise Wi-Fi Configurators
Index terms have been assigned to the content through auto-classification.
Recommendations
A jamming approach to enhance enterprise Wi-Fi secrecy through spatial access control
Prevalent Wi-Fi networks have adopted various protections to prevent eavesdropping caused by the intrinsic shared nature of wireless medium. However, many of them are based on pre-shared secret incurring key management costs, and are still vulnerable ...
Attacks and vulnerabilities of Wi-Fi Enterprise networks: User security awareness assessment through credential stealing attack experiments
AbstractEnterprise Wi-Fi networks are essential for businesses and public administrations as they provide a perfectly scalable and secure system. In the university environment, they are often deployed to offer services to students. One of the most famous ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2023
394 pages
ISBN:9781450398596
DOI:10.1145/3558482
- General Chairs:
- Ioana Boureanu,
- Steve Schneider,
- Program Chairs:
- Bradley Reaves,
- Nils Ole Tippenhauer
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 28 June 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- The Chinese University of Hong Kong
- Research Grants Council (RGC) of Hong Kong
- CUHK Department of Information Engineering
Conference
WiSec '23: 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
May 29 - June 1, 2023
Guildford, United Kingdom
Acceptance Rates
Overall Acceptance Rate 98 of 338 submissions, 29%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 105Total Downloads
- Downloads (Last 12 months)69
- Downloads (Last 6 weeks)6
Reflects downloads up to 16 Nov 2024
Other Metrics
Citations
Cited By
View all- Daldoul YBerrima M(2024)A robust certificate management system to prevent evil twin attacks in IEEE 802.11 networksInternational Journal of Information Technology10.1007/s41870-024-02008-4Online publication date: 18-Jun-2024
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in