2021 EDSIG Proceedings: Abstract Presentation

Using Python for teaching 802.11 security and intrusion detection

Kyle Cronin
Dakota State University

Mike Ham
Dakota State University

Tom Halverson
Dakota State University

Abstract
The detection of rogue wireless infrastructure is a challenging prospect, often limited by vendor implementations. Closed source software, implementations that impose scalability limits, and data-lock in are challenges found by system administrators that are attempting to detect rogue wireless devices on their networks. Our team is creating a python based tool for students to interact with capturing 802.11 beacon frames, extracting their data, and storing them in a third party database for querying. This allows students a hands on experience with the process, start to finish, of leveraging a Wireless Intrusion Detection System (WIDS). Several security risks exist in these networks simply due limitations in the wireless protocol design. Our proposed tool will allow for the identification of malicious Wi-Fi frames and will provide the ability for researchers to analyze wireless networks without compromising the privacy of users’ data. We will answer specific questions, using our newly created tool, as to the heuristics of an attack on a wireless network. Wireless management frames are packets required as a part of the operation of an IEEE 802.11 wireless network. that include: the network identifying itself to users and their devices, devices connecting to the network, devices searching for previously connected networks in range, and completing handoffs when a user moves from one physical location to another. Management frames have two critical flaws in regard to secure environments: they are unauthenticated and unencrypted. Our python tool prototype will capture these management frames and ships them to a central aggregation authority, such as Graylog. We will present this tool as well as our developed methodologies for the hunting of rogue wireless devise within 802.11 networks. Students will have the opportunity to learn the process of decoding beacon frames through the open sourced nature of a python script. Once this data has been derived, it will be indexed by a Graylog server. This will allow students to learn the process and mechanisms of a commercial Wireless Intrusion Detection system without vendor limitations, yet will still be able to grasp the necessary concepts.