Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?
A.
Near field communication
B.
IV attack
C.
Evil twin
D.
Replay attack
Explanation:
An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or
“number occurring once,” as an encryption program uses it only once per session.
An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the
exchanged encrypted message by discovering a pattern. This is known as an IV attack.
A particular binary sequence may be repeated more than once in a message, and the more it appears, the more the encryption method is discoverable. For
example if a one-letter word exists in a message, it may be either “a” or “I” but it can’t be “e” because the word “e” is non-sensical in English, while “a” has a
meaning and “I” has a meaning. Repeating the words and letters makes it possible for software to apply a dictionary and discover the binary sequence
corresponding to each letter.
Using an initialization vector changes the binary sequence corresponding to each letter, enabling the letter “a” to be represented by a particular sequence in the first
instance, and then represented by a completely different binary sequence in the second instance.
WEP (Wireless Equivalent Privacy) is vulnerable to an IV attack. Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of
an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used
also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.
Incorrect Answers:
A: Near field communication (NFC) is a set of short-range wireless technologies, typically requiring a distance of 10 cm or less. NFC operates at 13.56 MHz on
ISO/IEC 18000-3 air interface and at rates ranging from 106 kbit/s to 424 kbit/s. NFC always involves an initiator and a target; the initiator actively generates an RF
field that can power a passive target. This enables NFC targets to take very simple form factors such as tags, stickers, key fobs, or cards that do not require
batteries. NFC peer-to-peer communication is possible, provided both devices are powered.
NFC tags contain data and are typically read-only, but may be rewriteable. They can be custom- encoded by their manufacturers or use the specifications provided
by the NFC Forum, an industry association charged with promoting the technology and setting key standards. The tags can securely store personal data such as
debit and credit card information, loyalty program data, PINs and networking contacts, among other information. The NFC Forum defines four types of tags that
provide different communication speeds and capabilities in terms of configurability, memory, security, data retention and write endurance. Tags currently offer
between 96 and 4,096 bytes of memory. NFC does not involve interception of authentication traffic in an attempt to gain unauthorized access to a wireless network.
This is not what is described in the question.
Therefore, this answer is incorrect.
C: An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate
provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data
can be stolen by spying on a connection or using a phishing technique.
For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and
frequency. The hacker may then send a radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimatehotspot with the same name. Evil twin does not involve interception of authentication traffic in an attempt to gain unauthorized access to a wireless network.
Therefore, this answer is incorrect.
D: A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.
This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet
substitution (such as stream cipher attack). For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which
Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or
the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice’s password (or hash) read from
the last session, which Bob accepts thus granting access to Eve.
Replay attacks are used for impersonation rather than attempting to gain unauthorized access to a wireless network. Therefore, this answer is incorrect.http://www.techopedia.com/definition/26858/initialization-vector http://en.wikipedia.org/wiki/Near_field_communication
http://www.techopedia.com/definition/5057/evil-twin
http://en.wikipedia.org/wiki/Replay_attack