A Comprehensive Taxonomy of Attacks and Mitigations in IoT Wi-Fi Networks : physical and data-link layer

Abstract: The number of Internet of Things (IoT) devices is rising and Wireless Fidelity (Wi-Fi) networks are still widely used in IoT networks. Security protocols such as Wi-Fi Protected Access 2 (WPA2) are still in use in most Wi-Fi networks, but Wi-Fi Protected Access 3 (WPA3) is making its way as the new security standard. These security protocols are crucial in Wi-Fi networks with energy and memory-constrained devices because of adversaries that could breach confidentiality, integrity, and availability of networks through various attacks. Many research papers exist on single Wi-Fi attacks, and the strengths and weaknesses of security protocols and Wi-Fi standards. This thesis aims to provide a detailed overview of Wi-Fi attacks and corresponding mitigation techniques against IoT Wi-Fi networks in a comprehensive taxonomy. In addition tools are mentioned for each Wi-Fi attack that allows, e.g., professionals or network administrators to test the chosen Wi-Fi attacks against their IoT networks. Four types of attack (categories) were defined, Man-in-the-Middle (MitM), Key-recovery, Traffic Decryption, and Denial of Service (DoS) attacks. A set of Wi-Fi attack features were defined and decribed. The features included the security protocol and security mode, the layer (physical or data-link) that an attack targets, and the network component interaction required to allow a Wi-Fi attack to execute successfully. In total, 20 Wi-Fi attacks were selected with relevance to IoT in Wi-Fi networks based on some criteria. Additonally, each Wi-Fi attack consist of a description of possible consequences/results an adversary can achieve, such as eavesdropping, data theft, key recovery, and many more. Flow charts were also added to give the reader a visual perspective on how an attack works. As a result, tables were created for each relevant security protocol and the Open Systems Interconnection (OSI) layers to create a overview of mitigations and available tools for each attack. Furthermore, WPA3 was discussed on how it solves some shortcomings of WPA2 but has vulnerabilities of it own that lie in the design of the 4-way and dragonfly handshake itself. In conclusion, development and proper vulnerability tests on the Wi-Fi standards and security protocols have to be conducted to improve and reduce the possibility of current and upcoming vulnerabilities.