AUTHENTICATION METHOD WPA/WPA2 KEY PARAMETERS’ DEFINITION FOR IEEE 802.11 BASED HONEYPOT

Abstract

Context. An issue of correct configuration of honeypots is still opened, especially it is about honeypots that simulate wireless networksas their clients are mobile and zone of control is not limited. Wrong configuration of honeypot may become its usage disinterested insideautomated system especially it is applicable to honeypots for IEEE 802.11 wireless networks. Honeypot with open (no authentication)method or with low security may be suspicious for experienced attacker otherwise, it become easy prey for attackers whose goal is just accessto Internet. On the other hand, usage of honeypot with strong security level make no sense as well, as this model will become unconquerablefor attackers. Most protected access points use authentication method WPA2, usage of which may assure attacker that he/she attacks legitimate system.Objective. The goal of the researching work is to develop diagnostic model for honeypots in IEEE 802.11 wireless networks, which isconditionally secured by authentication method WPA/WPA2. Proposed model can help to assess possibility to leverage known WPA vulnerabilities by attacker on access point with given configuration.Method. An evaluation method of attacker’s qualification and its technical set of equipment in way of WPA/WPA2 encryption keyselection for wireless honeypot is offered. Implementation of this method allows to reach load reduction on honeypot what will provide anillusion of system authenticity for attacker. Method of distributed brute force attack on authentication method WPA/WPA2 that providesdiagnostic of Wi-Fi honeypot for encryption key resistance is offered. A Comparison between hardware virtualization and OS-level virtualizationis provided under the identical conditions in scope of WPA2 handshake brute force task.Results. Optimal conditions for providing brute force attack in virtual environment are obtained, what can give possibility to quicklyassess security level honeypot. This information can be used to understand how qualified attacker should be.Conclusions. A method of key perseverance assessment for authentication method WPA/WPA2 in IEEE 802.11 wireless network isproposed, for interaction with attacker with needed qualification level and computing resources. A method of IEEE 802.11 wireless networkssecurity assessment using Analytics Hierarchy Process got further development. The scalable environment for honeypots assessment providing is offered. The method of wordlist generation and rotation that are delivered to assessment system is proposed, what can help to exclude key reduplication what in its turn will help to speedup of assessment results.