Paper 2021/1702
CheckShake: Passively Detecting Anomaly in Wi-Fi Security Handshake using Gradient Boosting based Ensemble Learning
Anand Agrawal, Urbi Chatterjee, and Rajib Ranjan Maiti
Abstract
Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN. As the firmware of the WLAN devices in the context of IoT, industrial systems, and medical devices is often not patched, detecting and preventing such attacks is challenging. In this paper, we design and implement a system, called CheckShake, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an access point using COTS radios. Our proposed system works without decrypting any traffic. It passively monitors multiple wireless channels in parallel in the neighborhood and uses a state machine model to characterize and detect the attacks. In particular, we develop a state machine model for grouping Wi-Fi handshake packets and then perform deep packet inspection to identify the symptoms of the anomaly in specific stages of a handshake session. Our implementation of CheckShake does not require any modification to the firmware of the client or the access point or the COTS devices, it only requires to be physically placed within the range of the access point and its clients. We use both the publicly available dataset and our own data set for performance analysis of CheckShake. Using gradient boosting-based supervised machine learning models, we show that an accuracy around 93.39% and a false positive rate of 5.08% can be achieved using CheckShake
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- WPAWPA2Security protocols
- Contact author(s)
- anandgarg91 @ gmail com
- History
- 2021-12-31: received
- Short URL
- https://ia.cr/2021/1702
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/1702, author = {Anand Agrawal and Urbi Chatterjee and Rajib Ranjan Maiti}, title = {{CheckShake}: Passively Detecting Anomaly in Wi-Fi Security Handshake using Gradient Boosting based Ensemble Learning}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/1702}, year = {2021}, url = {https://eprint.iacr.org/2021/1702} }