(In)Secure Configuration Practices of WPA2 Enterprise Supplicants

06/08/2018
by   Alberto Bartoli, et al.
0

WPA2 Enterprise is a fundamental technology for secure communication in enterprise wireless networks. A key requirement of this technology is that WiFi-enabled devices (i.e., supplicants) be correctly configured before connecting to the enterprise wireless network. Supplicants that are not configured correctly may fall prey of attacks aimed at stealing the network credentials very easily. Such credentials have an enormous value because they usually unlock access to all enterprise services. In this work we investigate whether users and technicians are aware of these important and widespread risks. We conducted two extensive analyses: a survey among approximately 1000 users about how they configured their WiFi devices for enterprise network access; and, a review of approximately 310 network configuration guides made available by enterprise network administrators. The results provide strong indications that the key requirement of WPA2 Enterprise is violated systematically and thus can no longer be considered realistic.

READ FULL TEXT

page 6

page 7

page 9

page 11

research
10/28/2019

Massive Access for Future Wireless Communication Systems

Multiple access technology plays an important role in wireless communica...
research
12/06/2022

A Systematic Literature Review on 5G Security

It is expected that the creation of next-generation wireless networks wo...
research
12/10/2022

A systematic literature review of cyberwarfare and state-sponsored hacking teams

It is expected that the creation of next-generation wireless networks wo...
research
08/14/2016

Security and Performance Comparison of Different Secure Channel Protocols for Avionics Wireless Networks

The notion of Integrated Modular Avionics (IMA) refers to inter-connecte...
research
05/09/2020

How not to secure wireless sensor networks revisited: Even if you say it twice it's still not secure

Two recent papers describe almost exactly the same group key establishme...
research
10/10/2019

WiFiCue: Public Wireless Access Security Assessment Tool

Public wireless access points are commonly provided by governments, busi...
research
06/03/2020

Menes: Towards a Generic, Fully-Automated Test and Validation Platform for Wireless Networks

A major step in developing robust wireless systems is to test and valida...

Please sign up or login with your details

Forgot password? Click here to reset