A Wireless Intrusion Detection System for 802.11 WPA3 Networks

TL;DR

This paper demonstrates vulnerabilities in WPA3 Wi-Fi networks through real attacks, and proposes a signature-based intrusion detection system that successfully detects all tested attacks, enhancing Wi-Fi security.

Contribution

It introduces a novel signature-based IDS tailored for WPA3 networks, capable of detecting multiple known attacks, and provides open-source tools for research and testing.

Findings

AP vulnerable to 8 out of 9 attacks

IDS failed to detect any attacks initially

Proposed IDS detects all tested attacks successfully

Abstract

Wi-Fi (802.11) networks have become an essential part of our daily lives; hence, their security is of utmost importance. However, Wi-Fi Protected Access 3 (WPA3), the latest security certification for 802.11 standards, has recently been shown to be vulnerable to several attacks. In this paper, we first describe the attacks on WPA3 networks that have been reported in prior work; additionally, we show that a deauthentication attack and a beacon flood attack, known to be possible on a WPA2 network, are still possible with WPA3. We launch and test all the above (a total of nine) attacks using a testbed that contains an enterprise Access Point (AP) and Intrusion Detection System (IDS). Our experimental results show that the AP is vulnerable to eight out of the nine attacks and the IDS is unable to detect any of them. We propose a design for a signature-based IDS, which incorporates techniques to detect all the above attacks. Also, we implement these techniques on our testbed and verify that our IDS is able to successfully detect all the above attacks. We provide schemes for mitigating the impact of the above attacks once they are detected. We make the code to perform the above attacks as well as that of our IDS publicly available, so that it can be used for future work by the research community at large.