Security Audit of WLAN Networks Using Statistical Models of Specified Language Group

• Main Authors: KREKAN Jan, PLEVA Matus, DOBOS Lubomir
• Format: Article
• Language: English
• Published: Editura Universităţii din Oradea 2013-05-01
• Series: Journal of Electrical and Electronics Engineering
• Subjects: language statistics; password recovery; WLAN security; security audit
• Online Access: https://electroinf.uoradea.ro/images/articles/CERCETARE/Reviste/JEEE/JEEE_V6_N1_MAY_2013/Krekan_may2013.pdf
• ISSN: 1844-6035; 2067-2128

In order to build a secure computing environment, persons responsible for data security need tools which allow them to test the security of data being protected. Research of passwords, used in usual computing environments, showed that easy to remember non-dictionary passwords are widely used. So it should be useful to build a statistical model,which can then be used to create very effective password lists for testing the security of a given protected data object. The problem is that the society from specified location is using also foreign words,from languages widely used. This article describes a comparison of different language models used for this new statistical candidates generation method. This generator could be then used to test the strength of passwords used to protect wireless networks which useWPA-PSK as its data encryption standard. The password candidates passed to tools which perform the security audit. This method could be described also as sorting of Brute-force password candidates usingknowledge about languages used by the users. The tests showed that using combination of language models (MIX) of specified language group for the password candidates’ generator could improve thespeed of the security procedure by 37% relatively in average (60% speedup when finding 50% of passwords – in 0.69% vs 1.715% of Bruteforce combinations) comparing to mother language model (SK) and 20 times average absolute speedup comparing to Bruteforce.