PrepAway - Latest Free Exam Questions & Answers

Which of the following types of attacks involves interception of authentication traffic in an attempt to gain

Which of the following types of attacks involves interception of authentication traffic in an attempt to
gain unauthorized access to a wireless network?

PrepAway - Latest Free Exam Questions & Answers

A.
Near field communication

B.
IV attack

C.
Evil twin

D.
Replay attack

Explanation:
An initialization vector is a random number used in combination with a secret key as a means to encrypt
data. This number is sometimes referred to as a nonce, or “number occurring once,” as an encryption
program uses it only once per session.An initialization vector is used to avoid repetition during the data encryption process, making it
impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by
discovering a pattern. This is known as an IV attack.
A particular binary sequence may be repeated more than once in a message, and the more it appears, the
more the encryption method is discoverable. For example if a one-letter word exists in a message, it may
be either “a” or “I” but it can’t be “e” because the word “e” is non-sensical in English, while “a” has a
meaning and “I” has a meaning. Repeating the words and letters makes it possible for software to apply a
dictionary and discover the binary sequence corresponding to each letter.
Using an initialization vector changes the binary sequence corresponding to each letter, enabling the
letter “a” to be represented by a particular sequence in the first instance, and then represented by a
completely different binary sequence in the second instance.
WEP (Wireless Equivalent Privacy) is vulnerable to an IV attack. Because RC4 is a stream cipher, the same
traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to
prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the
IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same
IV will repeat after 5000 packets.
Incorrect Answers:
A: Near field communication (NFC) is a set of short-range wireless technologies, typically requiring a
distance of 10 cm or less. NFC operates at 13.56 MHz on ISO/IEC 18000-3 air interface and at rates
ranging from 106 kbit/s to 424 kbit/s. NFC always involves an initiator and a target; the initiator actively
generates an RF field that can power a passive target. This enables NFC targets to take very simple form
factors such as tags, stickers, key fobs, or cards that do not require batteries. NFC peer-to-peer
communication is possible, provided both devices are powered.
NFC tags contain data and are typically read-only, but may be rewriteable. They can be custom-encoded
by their manufacturers or use the specifications provided by the NFC Forum, an industry association
charged with promoting the technology and setting key standards. The tags can securely store personal
data such as debit and credit card information, loyalty program data, PINs and networking contacts,
among other information. The NFC Forum defines four types of tags that provide different
communication speeds and capabilities in terms of configurability, memory, security, data retention and
write endurance. Tags currently offer between 96 and 4,096 bytes of memory. NFC does not involve
interception of authentication traffic in an attempt to gain unauthorized access to a wireless network.
This is not what is described in the question.C: An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that
appears as a genuine hotspot offered by a legitimate provider.
In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the
personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a
phishing technique.
For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point
and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using
the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimate hotspot
with the same name. Evil twin does not involve interception of authentication traffic in an attempt to gain
unauthorized access to a wireless network.
D: A replay attack (also known as playback attack) is a form of network attack in which a valid data
transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator
or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by
IP packet substitution (such as stream cipher attack).
For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of
identity, which Alice dutifully provides (possibly after some transformation like a hash function);
meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the
interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends
Alice’s password (or hash) read from the last session, which Bob accepts thus granting access to Eve.
Replay attacks are used for impersonation rather than attempting to gain unauthorized access to a
wireless network.

http://www.techopedia.com/definition/26858/initialization-vector
http://en.wikipedia.org/wiki/Near_field_communication
http://www.techopedia.com/definition/5057/evil-twin
http://en.wikipedia.org/wiki/Replay_attack


Leave a Reply