Session hijacking in WLAN based public networks
Abstract
The background for this masters thesis is the threat of session hijacking in public wireless networks. A public wireless network in this context is a network such as Wireless Trondheim where users with WLAN enabled devices can connect for a small fee for a given period of time. These kind of networks relies on having a high degree of user friendliness to reach users with average knowledge in computers and wireless networks. There is always a struggle between user friendliness and security and the downside to the user friendliness in these kind of networks is poor security. Many of these networks only use the unique identifier (MAC address) of the network device to identify users and grant them access. A person with some technical knowledge about wireless networks and less then honest intentions may exploit this weak security barrier and impersonate the legitimate user by duplicating the MAC address. The practical part of this master thesis starts with the setup of a test bench with three computers, an attacker, a legitimate client and a passive monitor. A MAC spoofing attack was performed on the production network to prove that this kind of attack is easy to perform. The attack was first done with Backtrack which is a specialized penetration testing OS and the same type of attack was done in Windows to also prove that it does not require specialized tools. The attacker was able to gain access to the Internet without going through the web page for authentication. The thesis also proposes some countermeasures against this kind of attack. They are session ID, MAC sequence number tracking and monitoring physical properties such as received signal strength and RTS-CTS handshake round trip times. The thesis presents some thoughts on how they can be implemented in the wireless Trondheim network and what the major difficulties of each of them might be. The thesis also makes an evaluation of how well each of them fit with Wireless Trondheims requirements for countermeasures against the attacks done in this thesis.