Wi–Fi network, security standards, security, authentication, encryption


Purpose. The article is aimed to analyze the basic security mechanisms available in Wi-Fi networks; show the mechanisms for attacking these defenses; carry out a comparative analysis of the effectiveness of protection mechanisms; provide recommendations for the use of these mechanisms in automated rail transport systems; build a demonstration model of attacks on Wi–Fi network security. Methodology. Based on the review of a significant number of domestic and foreign sources, a comparative analysis of the security mechanisms of the Wi–Fi network is carried out, where individual protection standards are analyzed, their strengths and weaknesses appear. A variety of attacks on authentication tools and mechanisms for ensuring the security of information exchange are shown. To demonstrate an attack on these security features, an algorithm has been developed for a demonstration simulation model of the WPA2 security protocol with the ability to attack this protocol. Findings. The basic standards of Wi–Fi security mechanisms have been compared. In particular, WEP, WPA, WPA2, WPA3. Different attacks on these standards have been demonstrated. The advantages and weaknesses of individual mechanisms of protective means are shown, recommendations for their use are provided. A demonstration model of attacks on wireless network protection mechanisms has been built, which demonstrates such attacks as an attack on a passphrase and a KRACK attack. To demonstrate in the program, the WPA2 standard with the PSK authentication mechanism and the cryptographic protection mechanism CCMP-128 is chosen. Originality. A wide range of Wi–Fi network security mechanisms is presented, the capabilities of individual security mechanisms are shown, and Wi–Fi network security standards are compared. The original software model shows how erroneous user actions help an attacker overcome modern security mechanisms. Practical value. Recommendations for the use of separate Wi-Fi security features can be used to build a security system for individual components of automated rail systems. A demonstration model of an attack on a Wi-Fi network can be used in a training process to train cybersecurity specialists.

Author Biographies

I. V. Zhukovyts’kyi, Dnipro National University of Railway Transport named after Academician V. Lazaryan

Dep. «Electronic Computing Machines», Dnipro National University of Railway Transport named after Academician V. Lazaryan, Lazaryana St., 2, Dnipro, Ukraine, tel. +38 (056) 373 15 89, e-mail ivzhukl@ua.fm

I. A. Pedenko, Dnipro National University of Railway Transport named after Academician V. Lazaryan

Dep. «Electronic Computing Machines», Dnipro National University of Railway Transport named after Academician V. Lazaryan, Lazaryana St., 2, Dnipro, Ukraine, tel. +38 (056) 373 15 89, e-mail actek98@gmail.com


Baranova, Ye. A., & Zareshin, S. V. (2018). Analiz zashchishchennosti besprovodnykh klientov. Modern Information Technologies and IT-education, 14(4), 938-946. (in Russian)

Intellektualnaya set wi-fi dlya transportnykh sistem. Retrieved from https://deps.ua/system-integration/wireless-solutions/wi-fi/transport.html (in Russian)

Kupriyanovsky, V. P., Sukonnikov, G. V., Sinyagov, S. A., Namiot, D. Ye., Evtushenko, S. N., & Fedorova, N. O. (2016). On internet of digital railway. International journal of open information technologies, 4(12), 53-68 (in Russian)

Morozov, A. V., & Shakhov, V. G. (2014). Analiz bezopasnosti dostupa besprovodnykh setey po tekhnologii wi-fi, primenyaemoy v obektakh infrastruktury zheleznodorozhnogo transporta. Journal of transsib railway studies, 3(19), 92-96. (in Russian)

Pedenko, I. O. (2019). Doslidzhennia i rozrobka demonstratsiinoi prohramy zakhystu bezdrotovykh merezh: dyplomna robota. Dnipro. (in Ukrainian)

Bittau, A., Handley, M., & Lackey, J. (2006, May). The final nail in wep’s coffin. 2006 IEEE Symposium on Security and Privacy (pp. 386-400). Oakland, USA. DOI: https://doi.org/10.1109/sp.2006.40 (in English)

Fluhrer, S., Mantin, I., & Shamir, A. (2001). Weaknesses in the key scheduling algorithm of RC4. Lecture notes in computer science. (pp. 1-24). DOI: https://doi.org/10.1007/3-540-45537-x_1 (in English)

Frankel, S., Eydt, B., Owens, L., & Kent, K. (2006). Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i. Gaithersburg. (in English)

Gueron, S., & Krasnov, V. (2014). The Fragility of AES-GCM Authentication Algorithm. 2014 11th International Conference on Information Technology: New Generations (pp. 333-337). Nevada, USA. DOI: https://doi.org/10.1109/itng.2014.31 (in English)

IIEEE 802.11-1999-IEEE Standard for Information Technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-specific requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications. Retrieved from https://standards.ieee.org/standard/802_11-1999.html#additional (in English)

IEEE 802.11ah-2016-IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 2: Sub 1 GHz License Exempt Operation. DOI: https://doi.org/10.1109/ieeestd.2017.7920364 (in English)

1X-2010-IEEE Standard for Local and metropolitan area networks-Port-Based Network Access Control. Retrieved from https://standards.ieee.org/standard/802_1x-2010.html (in English)

Jonsson, J. (2003). On the Security of Ctr + CBC-MAC. Lecture Notes In Computer Science, 2595, 76-93. DOI: https://doi.org/10.1007/3-540-36492-7_7 (in English)

Pakhomova, V. M., & Nazarova, D. I. (2020). Organizing Wireless Network at Marshalling Yards Using the Bee Method. Science and Transport Progress, 2(86), 60-73. doi: https://doi.org/10.15802/stp2020/204005 (in English)

Paterson, K. G., Poettering, B., & Schuldt, J. C. N. (2015). Plaintext Recovery Attacks Against WPA/TKIP. Lecture Notes in Computer Science, 8540, 325-349. DOI: https://doi.org/10.1007/978-3-662-46706-0_17 (in English)

Positive Train Control (PTC): Overview and Policy Issues. Congressional Research Service. Retrieved from https://crsreports.congress.gov (in English)

Steube, J. New attack on WPA/WPA2 using PMKID. Hashcat: website. Retrieved from https://hashcat.net/ forum/thread-7717.html (in English)

Stubblefield, A., Ioannidis, J., & Rubin, A. D. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi= (in English)

Tews, E., & Beck, M. (2009, March). Practical attacks against WEP and WPA. Proceedings of the second ACM conference on Wireless network security-WiSec '09. (pp. 79-86). Zurich, Switzerland. DOI: https://doi.org/10.1145/1514274.1514286 (in English)

Tews, E., Weinmann, R.-P., & Pyshkin, A. (2007). Breaking 104 Bit WEP in Less Than 60 Seconds. Lecture Notes in Computer Science, 4867, 188-202. DOI: https://doi.org/10.1007/978-3-540-77535-5_14 (in English)

Vanhoef, M., & Piessens, F. (2017, October). Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. (pp. 1313-1328). Dallas, USA. DOI: https://doi.org/10.1145/3133956.3134027 (in English)

Vanhoef, M., & Ronen, E. (2020, May). Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd. 2020 IEEE Symposium on Security and Privacy (SP). (pp. 517-533). San Francisco, USA. DOI: https://doi.org/10.1109/sp40000.2020.00031 (in English)

Wi-Fi CERTIFIED Enhanced Open delivers data protection in open Wi-Fi networks [web-site]. Retrieved from https://cutt.ly/9frxxot (in English)

WPA3 Security Considerations. (2019). Wi-Fi Alliance, 1-7. (in English)

WPA3 Specification Version 1.0. (2018). Wi-Fi Alliance, 1-7. (in English)



How to Cite

Zhukovyts’kyi, I. V., & Pedenko, I. A. (2020). WIRELESS WI-FI SECURITY ANALYSIS IN AUTOMATED RAILWAY SYSTEMS. Science and Transport Progress, (4(88), 7–21. https://doi.org/10.15802/stp2020/213042