Evil twins and WPA2 Enterprise: A coming security disaster?. Issue 74 (May 2018)
- Record Type:
- Journal Article
- Title:
- Evil twins and WPA2 Enterprise: A coming security disaster?. Issue 74 (May 2018)
- Main Title:
- Evil twins and WPA2 Enterprise: A coming security disaster?
- Authors:
- Bartoli, Alberto
Medvet, Eric
Onesti, Filippo - Abstract:
- Abstract: WPA2 Enterprise is a suite of protocols for secure communication in a wireless local network and has become an essential component of virtually every enterprise. In many practical deployments of this technology, a device that authenticates with username and password is at risk of leaking credentials to fraudulent access points claiming to be the enterprise network ( evil twins ) that may be placed virtually anywhere. While this kind of vulnerability is well known to practitioners, we believe these issues deserve a fresh look because the current technological landscape has magnified the corresponding risks. Convergence of organizations toward single sign-on architectures in which a single set of credentials unlock access to all services of the organizations, coupled with the huge diffusion of wifi-enabled personal devices which often contain enterprise credentials and that connect to wifi networks automatically, have made attacks aimed at stealing network credentials particularly attractive to attackers and hard to detect. In this paper we intend to draw the attention of the research and technological community on this important yet, in our opinion, widely underestimated risk. We also suggest a direction for investigating practical solutions able to offer stronger security without requiring any overhaul of existing protocols.
- Is Part Of:
- Computers & security. Issue 74(2018)
- Journal:
- Computers & security
- Issue:
- Issue 74(2018)
- Issue Display:
- Volume 74, Issue 74 (2018)
- Year:
- 2018
- Volume:
- 74
- Issue:
- 74
- Issue Sort Value:
- 2018-0074-0074-0000
- Page Start:
- 1
- Page End:
- 11
- Publication Date:
- 2018-05
- Subjects:
- Authentication -- Wifi -- Smartphone -- Hacking -- Password
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2017.12.011 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 20789.xml