Abstract
A plethora of organizations, companies, and foremost universities and educational institutions are using WPA2-Enterprise protocol to allow their end-users to connect to provided Wi-Fi networks. When both the provider’s and the end-user’s devices are configured properly, it is considered one of the safest Wi-Fi connection protocols with the added benefits of having a unique password for every Wi-Fi user. However, a known evil twin attack can be performed to steal users’ Wi-Fi login credentials, if the devices are not configured correctly. Considering the widespread use of Wi-Fi-enabled smartphones and rising concerns regarding users’ privacy, we focus on the privacy aspects of WPA2-Enterprise vulnerabilities mainly on the widespread Eduroam network. We show that device deanonymization is a concerning liability of many Eduroam networks. More than 87% of 1650 devices collected during a two-month test on our university are vulnerable to MAC address deanonymization attack. Furthermore, by analyzing the Eduroam Configuration Assistant Tool of 1066 different institutions around the world, 67% of exported Eduroam profiles having the Wi-Fi device reveal the user’s identity in the clear, thus linking the users with the device’s MAC address. Indeed, the analysis of the configuration profiles has been confirmed by performing the deanonymization attack on a large-scale international music festival in our country, where 70% of the devices have been vulnerable. Additionally, we showcase the psychological aspects of secure Eduroam users, where some are willing to modify secure configuration profiles to gain aspects to certain blocked features. As a result, the attacker is granted with user credentials and IMSI number and provided with access to all Eduroam-related services.
Highlights
Nowadays, a large number of protocols are used to establish an Internet connection via a Wi-Fi network. ese protocols range from open Wi-Fi networks-hotspots to WPA or WPA2 protocols with keys shared between the device and the access point (AP)
We surveyed a wide range of services in our country and discovered that they are using Eduroam credentials for authorization, including platforms of e-citizen, which may reflect on disrupting user privacy e rest of the paper is organized as follows: Section 2 defines prerequisites and the attacker model, along with the experimental setup. e following two sections describe two different attacks: in Section 3, we present the passive deanonymization attack, while in Section 4, we introduce the evil twin attack
Devices connecting to Eduroam network allow the attacker to passively monitor Wi-Fi traffic and read the username sent by the victims device during Phase 1 of Extensible Authentication Protocol (EAP) authentication
Summary
A large number of protocols are used to establish an Internet connection via a Wi-Fi network. ese protocols range from open Wi-Fi networks-hotspots to WPA or WPA2 protocols with keys shared between the device and the access point (AP). Institutions, universities, and education centers utilize WPA2-Enterprise networks, where wireless devices establish a secure connection to a Wi-Fi network following the IEEE 802.1X standard based on portisolation functionality. In the era of smartphone devices, user privacy has become increasingly important, and many papers discuss this problem within the context of Wi-Fi-enabled devices [1,2,3,4]. E problem of user privacy is not limited to stealing user’s login credentials and can be divided into categories [7]: identity privacy, location privacy, financial privacy, social privacy, and personal privacy. An attack is presented, where the adversary exploits the vulnerability of the most widely used WPA2-Enterprise network today, Eduroam, to compromise the user’s personal, location, and identity privacy
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
