Simulation and Analysis of Network Security Performance Using Attack Vector Method for Public Wifi Communication

Andy Susanto, Wahyu Kusuma Raharja

Abstract


The use of wifi networks in public spaces has a risk of robbery of user access data in cyberspace, such as banking transactions, social media and other online access. The threat of Man In The Middle Attack (MITM) attacks is carried out on public wifi networks to gain access to user information by illegal means. The attack vector simulation process is carried out on the site access exampleriset.com/dvwa/login.php. ARP Poisoning attack with Ettercap device performs interception and manipulation which provides 08: 00: 27: 25: 22: 99 MAC address information to the target. Session Hijacking attack simulations are carried out using a cookie manager plugin on the HTTP and HTTPS protocols. SSL Stripping attacks by better intercepting and downgrading HTTPS to HTTP communication protocols. Poisoning ARP attacks get information from targets such as Mobile IP MAC Address 192.168.3.249 F4: 09: D8: EA: EC: E7 and Server 192.168.3.5 08: 00; 27: CC: 59: OE and user: admin Passed: password. The results of the Session Hijacking attack on the HTTP protocol get a session id in the form of phpsessiid = 4f1pnfr081e4jero11truspb60 \ r \ n which is used the specified session id time without entering user authentication. The Session Hijacking attack on the HTTPS protocol was unsuccessful and the SSL Striping attack on the HTTPS protocol was unsuccessful


Keywords


Man in The Middle Attack; Arp Posioning; Attack Vector; Session Hijacking; Wifi

Full Text:

PDF

References


D. Mukhopadhyay, S. Karmakar, A. Meshram, and A. Jadhav, “A Prototype of IoT based Remote Controlled Car for Pentesting Wireless Networks,†2019 Glob. Conf. Adv. Technol. GCAT 2019, pp. 1–7, 2019, doi: 10.1109/GCAT47503.2019.8978354.

APJII, “Penetrasi & Profil Perilaku Pengguna Internet Indonesia Tahun 2018,†Apjii, p. 51, 2019, [Online]. Available: www.apjii.or.id.

A. Koyun and E. Al Janabi, “Social Engineering Attacks,†J. Multidiscip. Eng. Sci. Technol., vol. 4, no. 6, pp. 2458–9403, 2017.

T. Radivilova and H. A. Hassan, “Test for penetration in Wi-Fi network: Attacks on WPA2-PSK and WPA2-enterprise,†2nd Int. Conf. Inf. Telecommun. Technol. Radio Electron. UkrMiCo 2017 - Proc., pp. 5–8, 2017, doi: 10.1109/UkrMiCo.2017.8095429.

A. Susila, I. Riadi, and Y. Prayudi, “Wi-Fi Security Level Analysis for Minimizing Cybercrime,†Int. J. Comput. Appl., vol. 164, no. 7, pp. 35–39, 2017, doi: 10.5120/ijca2017913667.

P. Fiadino, P. Casas, M. Schiavone, and A. D’Alconzo, “Online Social Networks anatomy: On the analysis of Facebook and WhatsApp in cellular networks,†Proc. 2015 14th IFIP Netw. Conf. IFIP Netw. 2015, 2015, doi: 10.1109/IFIPNetworking.2015.7145326.

H. Aldawood and G. Skinner, “Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review,†Proc. 2018 IEEE Int. Conf. Teaching, Assessment, Learn. Eng. TALE 2018, no. October 2019, pp. 62–68, 2019, doi: 10.1109/TALE.2018.8615162.

M. Z. A. B. Marc Capellupo, Jimmy Liranzo and G. W. Thaier Hayajneh, “Security and Attack Vector Analysis of IoT Devices,†Springer Int. Publ. AG 2017, vol. 1, pp. 593–606, 2017, doi: 10.1007/978-3-319-72395-2.

Y. Mardiana and J. Sahputra, “Analisa Performansi Protokol TCP , UDP dan SCTP,†J. Media Infotama, vol. 13, no. 2, pp. 73–84, 2017.

D. Harjowinoto, A. Noertjahyana, and J. Andjarwirawan, “Vulnerability Testing pada Sistem Administrasi Rumah Sakit X,†J. Infra, vol. 4, no. 1, p. pp.227-p.232, 2016.

R. Von Solms and J. Van Niekerk, “From information security to cyber security,†Comput. Secur., vol. 38, pp. 97–102, 2013, doi: 10.1016/j.cose.2013.04.004.

M. J. Islami, “Tantangan Dalam Implementasi Strategi Keamanan Siber Nasional Indonesia Ditinjau Dari Penilaian Global Cybersecurity Index,†Masy. Telemat. Dan Inf. J. Penelit. Teknol. Inf. dan Komun., vol. 8, no. 2, p. 137, 2018, doi: 10.17933/mti.v8i2.108.

Mulyadi and D. Rahayu, “Indonesia National Cybersecurity Review: Before and after Establishment National Cyber and Crypto Agency (BSSN),†2018 6th Int. Conf. Cyber IT Serv. Manag. CITSM 2018, no. Citsm, pp. 1–6, 2019, doi: 10.1109/CITSM.2018.8674265.

Khairunnisa and Sutarti, “Perancangan Dan Analisis Keamanan Jaringan Nirkabel Dari Serangan Ddos ( Distributed Denial of Service ) Berbasis Honeypot,†J. PROSISKO, vol. 4, no. 2, p. 8, 2017.

R. Hartley, D. Medlin, and Z. Houlik, “Ethical Hacking: Educating Future Cybersecurity Professionals,†Proc. EDSIG Conf., no. October, pp. 1–10, 2017, [Online]. Available: http://iscap.info.




DOI: https://doi.org/10.30865/ijics.v5i1.2764

Refbacks

  • There are currently no refbacks.


Copyright (c) 2021 Andy Susanto, Wahyu Kusuma Raharja

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.


The IJICS (International Journal of Informatics and Computer Science)
Published by Universitas Budi Darma.
Jl. Sisingamangaraja No.338 Simpang Limun, Medan, North Sumatera
Email: ijics.stmikbudidarma@gmail.com

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.