Abstract
Conference Title: MILCOM 2015 - 2015 IEEE Military Communications Conference Conference Start Date: 2015, Oct. 26 Conference End Date: 2015, Oct. 28 Conference Location: Tampa, FL, USA Wi-Fi network offers an inexpensive and convenient way to access the Internet. It becomes even more important nowadays as we are moving from the traditional computer age to the current mobile devices and Internet-of-Things age. Wi-Fi Protected Access II (WPA2) - Pre-shared key (PSK) is the current security standard used to protect small 802.11 wireless networks. Most of the available dictionary password-guessing attacks on WPA2-PSK are based on capturing the four-way handshaking frames between an authorized wireless client and the Access Point (AP). These attacks will fail if an attacker is unable to capture the four-way handshaking frames of a legitimate client. An attacker also can apply an active dictionary attack by sending a pass-phrase to the AP and waiting for the response. However, this attack approach could only achieve a low attack intensity of testing a few pass-phrases per minute. In this paper, we develop a new scheme to speed up the active pass-phrase guessing trials intensity based on two novel ideas: First, the scheme mimics multiple Wi-Fi clients connecting to the AP at the same time--each emulated Wi-Fi client has its own spoofed MAC address; Second, each emulated Wi-Fi client could try many pass-phrases using a single wireless session without the need to pass the 802.11 authentication and association stages for every pass-phrase guess. We have developed a working prototype and our experiments show that the proposed scheme can improve active dictionary pass-phrase guessing speed by 100-fold compared to the traditional single client attack.