On WPA2-Enterprise Privacy in High Education and Science
A plethora of organizations, companies, and foremost universities and educational institutions are using WPA2-Enterprise protocol to allow their end-users to connect to provided Wi-Fi networks. When both the provider’s and the end-user’s devices are configured properly, it is considered one of the s...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi-Wiley
2020-01-01
|
| Series: | Security and Communication Networks |
| Online Access: | http://dx.doi.org/10.1155/2020/3731529 |
| id |
doaj-7d6b7ab045634ca3b950010ca5ffe23e |
|---|---|
| record_format |
Article |
| spelling |
doaj-7d6b7ab045634ca3b950010ca5ffe23e2020-11-25T03:33:12ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222020-01-01202010.1155/2020/37315293731529On WPA2-Enterprise Privacy in High Education and ScienceT. Perković0A. Dagelić1M. Bugarić2M. Čagalj3Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture, University of Split, Split, CroatiaFaculty of Electrical Engineering, Mechanical Engineering and Naval Architecture, University of Split, Split, CroatiaFaculty of Electrical Engineering, Mechanical Engineering and Naval Architecture, University of Split, Split, CroatiaFaculty of Electrical Engineering, Mechanical Engineering and Naval Architecture, University of Split, Split, CroatiaA plethora of organizations, companies, and foremost universities and educational institutions are using WPA2-Enterprise protocol to allow their end-users to connect to provided Wi-Fi networks. When both the provider’s and the end-user’s devices are configured properly, it is considered one of the safest Wi-Fi connection protocols with the added benefits of having a unique password for every Wi-Fi user. However, a known evil twin attack can be performed to steal users’ Wi-Fi login credentials, if the devices are not configured correctly. Considering the widespread use of Wi-Fi-enabled smartphones and rising concerns regarding users’ privacy, we focus on the privacy aspects of WPA2-Enterprise vulnerabilities mainly on the widespread Eduroam network. We show that device deanonymization is a concerning liability of many Eduroam networks. More than 87% of 1650 devices collected during a two-month test on our university are vulnerable to MAC address deanonymization attack. Furthermore, by analyzing the Eduroam Configuration Assistant Tool of 1066 different institutions around the world, 67% of exported Eduroam profiles having the Wi-Fi device reveal the user’s identity in the clear, thus linking the users with the device’s MAC address. Indeed, the analysis of the configuration profiles has been confirmed by performing the deanonymization attack on a large-scale international music festival in our country, where 70% of the devices have been vulnerable. Additionally, we showcase the psychological aspects of secure Eduroam users, where some are willing to modify secure configuration profiles to gain aspects to certain blocked features. As a result, the attacker is granted with user credentials and IMSI number and provided with access to all Eduroam-related services.http://dx.doi.org/10.1155/2020/3731529 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
T. Perković A. Dagelić M. Bugarić M. Čagalj |
| spellingShingle |
T. Perković A. Dagelić M. Bugarić M. Čagalj On WPA2-Enterprise Privacy in High Education and Science Security and Communication Networks |
| author_facet |
T. Perković A. Dagelić M. Bugarić M. Čagalj |
| author_sort |
T. Perković |
| title |
On WPA2-Enterprise Privacy in High Education and Science |
| title_short |
On WPA2-Enterprise Privacy in High Education and Science |
| title_full |
On WPA2-Enterprise Privacy in High Education and Science |
| title_fullStr |
On WPA2-Enterprise Privacy in High Education and Science |
| title_full_unstemmed |
On WPA2-Enterprise Privacy in High Education and Science |
| title_sort |
on wpa2-enterprise privacy in high education and science |
| publisher |
Hindawi-Wiley |
| series |
Security and Communication Networks |
| issn |
1939-0114 1939-0122 |
| publishDate |
2020-01-01 |
| description |
A plethora of organizations, companies, and foremost universities and educational institutions are using WPA2-Enterprise protocol to allow their end-users to connect to provided Wi-Fi networks. When both the provider’s and the end-user’s devices are configured properly, it is considered one of the safest Wi-Fi connection protocols with the added benefits of having a unique password for every Wi-Fi user. However, a known evil twin attack can be performed to steal users’ Wi-Fi login credentials, if the devices are not configured correctly. Considering the widespread use of Wi-Fi-enabled smartphones and rising concerns regarding users’ privacy, we focus on the privacy aspects of WPA2-Enterprise vulnerabilities mainly on the widespread Eduroam network. We show that device deanonymization is a concerning liability of many Eduroam networks. More than 87% of 1650 devices collected during a two-month test on our university are vulnerable to MAC address deanonymization attack. Furthermore, by analyzing the Eduroam Configuration Assistant Tool of 1066 different institutions around the world, 67% of exported Eduroam profiles having the Wi-Fi device reveal the user’s identity in the clear, thus linking the users with the device’s MAC address. Indeed, the analysis of the configuration profiles has been confirmed by performing the deanonymization attack on a large-scale international music festival in our country, where 70% of the devices have been vulnerable. Additionally, we showcase the psychological aspects of secure Eduroam users, where some are willing to modify secure configuration profiles to gain aspects to certain blocked features. As a result, the attacker is granted with user credentials and IMSI number and provided with access to all Eduroam-related services. |
| url |
http://dx.doi.org/10.1155/2020/3731529 |
| work_keys_str_mv |
AT tperkovic onwpa2enterpriseprivacyinhigheducationandscience AT adagelic onwpa2enterpriseprivacyinhigheducationandscience AT mbugaric onwpa2enterpriseprivacyinhigheducationandscience AT mcagalj onwpa2enterpriseprivacyinhigheducationandscience |
| _version_ |
1715183172328620032 |