Simple Prevention of Advanced Stealth Man-in-The-Middle Attack in WPA2 Wi-Fi Networks

Currently, Wi-Fi Protected Access II (WPA2) has been used extensively for security in Wi-FI network systems. However, several studies have shown that WPA2 is still susceptible to several attacks, especially insider attacks, including the advanced stealth man-in- the-middle ( ASMiTM) attack, which is a combination of the stealth man-in- the- middle (SMiTM) and wireless denial of service ( WDoS) attacks. The attack allows a malicious user on a Wi-Fi network secured by WPA2 to steal legitimate user information for extensive periods without being detected. Several papers have proposed methods for preventing SMiTM and ASMiTM attacks; however, the proposed methods require an additional device in a Wi-Fi network. In this study, we propose a simple method to prevent ASMiTM attacks by preventing WDoS attacks. We propose adding a function to check the increase in packet number (PN) in a station to prevent attackers from sending broadcast frames that contain ARP Spoof with high PN values. We implemented this function in the chipper-block chaining message protocol (CCMP) replay check code in the Linux Kernel. The evaluation results show that our proposed method can reduce the duration of the ASMiTM attacks with a PN of 2000 on the Ubuntu-18.04 station from 24.66 min to 0.98 min.