Tackling security vulnerabilities in VPN-based wireless deployments

Current "best practice" recommendations for enterprise wireless deployments suggest the use of VPNs from a wireless client for both authentication and privacy. In this paper, we demonstrate a security issue with such deployments, which we refer to as the hidden wireless router vulnerability. This vulnerability is inherent in the VPN-based wireless LAN architecture, and leads to unsuspecting clients becoming conduits for an attack, exploiting features readily available in popular operating systems like Windows and Linux. We describe the attack scenario, and possible solutions for both detecting and locating such hidden wireless routers. Our solutions include a range of possibilities stretching from purely passive to active probing methods, and access point-based solutions. We describe our techniques and results of our implementation and experiments.

[1]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[2]  William A. Arbaugh,et al.  YOUR 802.11 WIRELESS NETWORK HAS NO CLOTHES , 2001 .

[3]  William A. Arbaugh,et al.  An Initial Security Analysis of the IEEE 802.1X Standard , 2002 .

[4]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[5]  Paramvir Bahl,et al.  RADAR: an in-building RF-based user location and tracking system , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[6]  Colin L. Mallows,et al.  A system for LEASE: location estimation assisted by stationary emitters for indoor RF wireless networks , 2004, IEEE INFOCOM 2004.

[7]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[8]  William A. Arbaugh,et al.  Your 80211 wireless network has no clothes , 2002, IEEE Wirel. Commun..

[9]  Anjur Sundaresan Krishnakumar,et al.  Infrastructure-based location estimation in WLAN networks , 2004 .