Link Layer Protocol
What are the different attacks against the protocol? How do they work?
What are the vulnerabilities being exploited? How are these vulnerabilities being exploited?
What are the controls we can use to put in place to protect against the vulnerabilities? What does the network architecture look like? How will you protect against the vulnerabilities?
Create Table with following information (See Attachment)
Date
The format of the packet exchanged across the nodes is defined by the data link layer protocol. The protocols also perform actions like retransmission, random access, error detection and flow control. Some examples of the data link layer protocols include Ethernet, FDDI, PPP, token ring, ARP, ATM, frame relay and 802.1x. Different link-layer protocols handle datagram of different links in a path such as the Ethernet, which handles datagram on the first link and PPP on the second link. The Address Resolution Protocol is a communication protocol whose function is to discover the link-layer address. The 802.1x network authentication protocol opens ports for network access when a user identity is authenticated by an organization and authorizes network access.
Protocol Threats/Attacks Vulnerabilities Controls
ARP Spoofing – Address resolution Protocol poisoning refers to a certain type of attack involving sending ARP messages spoofed through a local area network.
Poisoning – this involves ARP cache poisoning and routing of ARP poison. The attacks try diverting Traffic from the host that is originally intended to an attacker.
Sniffing –
Session hijacking/MiM
Denial of service A loophole in the ARP protocol design mechanism that allows the host to receive an ARP request or packet response and fails to verify the packet authentication then replaces the ARP cache table in the original entry is a vulnerability.
Unsolicited ARP Reply is another type of vulnerability where a spoofed reply to an ARP request can be sent to any system. In contrast, the receiving system caches the reply by overwriting the existing entry or adding an entry. Some of the preventive measures that can be used are installing firewalls and session encryption, such as establishing VPNs between systems or networks to prevent disclosure attacks. The use of strong authentication is another measure. Examples are strong passwords and certificates to prevent disclosure attacks. Lastly, the use of hard coding addresses and port security.
802.1x Session Hijacking is the kind of attack where the attacker sends a fake packet to the wireless client
Man-in-the-Middle – the attacker acts as the legitimate access point where he views the Traffic passing through the wireless client and the legitimate access point.
Passive Attack to Decrypt Traffic – wireless Traffic can be intercepted by a passive eavesdropper until an IV collision occurs. What happens when XORing two packets that use similar IV, making the attacker obtain the XOR of the two-plaintext messages.
Active Attack to Inject Traffic – the attacker uses the knowledge of the exact plaintext for one encrypted message to construct the right encrypted packets. Some of the vulnerabilities include MAC spoofing, where the addresses are spoofed through sniffing the wireless Traffic.
WEP is another vulnerability that uses the RC4 encryption algorithm called a stream cipher. It expands a short key into an infinite pseudo-random keystream.
Extended Service Set ID is a vulnerability whereby many access points broadcast the network’s name, giving way to the software of some clients to provide remote wireless clients with a list of available wireless networks. Installation of a robust security network that uses the current standards to improve authentication, access control and key management.
Installation of WEP2 increases the size of IV space-enhancing authentications to avoid staleness.
Fast packet keying improves WLAN’s security by allowing one to encrypt each packet using a different key.
A virtual private network is the VPN of a client-based IPSec that allows over-the-wire and over-the-air- IPSec encryption of all IP traffic. It doesn’t matter whether wireless security is used.
References
Li, Y., & Li, J. (2016, May). The research on ARP protocol-based authentication mechanism. In 2016 International Conference on Applied Mathematics, Simulation and Modelling. Atlantis Press.
Arora, A. (2018). Preventing wireless deauthentication attacks over 802.11 networks. arXiv preprint arXiv:1901.07301.
