UT Institute of Computer Science Graduation Theses Registry

Name

Brice Michael Christian Seiler

Abstract

In 2017, security researchers Mathy Vanhoef and Frank Piessens discovered a serious set of vulnerabilities in the Wi-Fi Protected Access/Wi-Fi Protected Access 2 (WPA/WPA2) security protocol that became known as key reinstallation attack, also known as KRACK. This set of vulnerabilities allowed attackers to replay, decrypt or forge data transmitted over Wi-Fi. For some Android smartphones, KRACK led to an all-zero key being used, making it trivial for attackers to manipulate the Wi-Fi communication. Although it was acknowledged as one of the most important vulnerabilities against WPA/WPA2, no follow-up studies investigated how devices can be tested against it, and if and how it still affects Wi-Fi-enabled devices today. This Master’s thesis conducted a comprehensive analysis of the KRACK vulnerabilities, by investigating their mechanics and detailing how to setup a testing environment to research it. This testing environment was used to examine if devices were vulnerable to one of Vanhoef’s seven tests. The seven tests were performed on 29 Wi-Fi-enabled devices collected through a convenience sampling method. In total, 203 test results were gathered. Out of 29 devices, only 2 older smartphones were identified to be vulnerable to the KRACK attack. Network captures are provided for discussing the tests’ outcomes.


Funded by the European Union under Grant Agreement No. 101087529. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or European Research Executive Agency. Neither the European Union nor the granting authority can be held responsible for them.

Graduation Thesis language

English

Graduation Thesis type

Master - Cyber Security

Supervisor(s)

Danielle Morgan

Defence year

2023