TY - GEN
T1 - Vulnerabilities Associated with Wi-Fi Protected Setup in a Medical Environment
AU - Costantin, Daniel
AU - Sansurooah, Krishnun
AU - Williams, Patricia
PY - 2017/1
Y1 - 2017/1
N2 - Developed in the mid-2000s by the Wi-Fi Alliance, the Wi-Fi Protected (WPS) protocol assists configuration of mobile and wireless networks. Its development grew from the needs of less technology knowledgeable end-users to be able to setup wireless networks, primarily for the home environment. However, the technology is also used by small to medium sized businesses including medical environments and this presents multiple security vulnerabilities. WPS can employ four different types of authentication, with the PIN method the most popular. Consequently, Near Field Communication (NFC), Push Button, and USB are less documented and arguable less understood by users. This research describes in detail the methods and their vulnerabilities, and uses controlled experiments to test the security vulnerabilities of WPS authentication and how they can be exploited. The research suggests that a multi-faceted approach to mitigation and elimination of the vulnerabilities of WPS is warranted. Such an approach includes: education for end-users in the vulnerabilities and what precautions they should use to mitigate these; improvement in lockout policy implementation by vendors; and for the Wi-Fi Alliance to consider review of the vendor certification regarding lockout policy during attack detection. The balance between ease of use and security is a common problem, however the breaches in security in a medical environment can have many detrimental impacts for the healthcare provider organisation as well as for the patient including potential impact on patient safety and the reputation of the medical institution.
AB - Developed in the mid-2000s by the Wi-Fi Alliance, the Wi-Fi Protected (WPS) protocol assists configuration of mobile and wireless networks. Its development grew from the needs of less technology knowledgeable end-users to be able to setup wireless networks, primarily for the home environment. However, the technology is also used by small to medium sized businesses including medical environments and this presents multiple security vulnerabilities. WPS can employ four different types of authentication, with the PIN method the most popular. Consequently, Near Field Communication (NFC), Push Button, and USB are less documented and arguable less understood by users. This research describes in detail the methods and their vulnerabilities, and uses controlled experiments to test the security vulnerabilities of WPS authentication and how they can be exploited. The research suggests that a multi-faceted approach to mitigation and elimination of the vulnerabilities of WPS is warranted. Such an approach includes: education for end-users in the vulnerabilities and what precautions they should use to mitigate these; improvement in lockout policy implementation by vendors; and for the Wi-Fi Alliance to consider review of the vendor certification regarding lockout policy during attack detection. The balance between ease of use and security is a common problem, however the breaches in security in a medical environment can have many detrimental impacts for the healthcare provider organisation as well as for the patient including potential impact on patient safety and the reputation of the medical institution.
KW - Medical environment
KW - Medical equipment
KW - Patient safety
KW - Wi-fi protected setup
KW - Wireless hacking
KW - WPS
UR - http://www.scopus.com/inward/record.url?scp=85014912193&partnerID=8YFLogxK
U2 - 10.1145/3014812.3014872
DO - 10.1145/3014812.3014872
M3 - Conference contribution
SN - 978-1-4503-4768-6
SN - 9781450347686
SN - 1450347681
T3 - ACM International Conference Proceeding Series
BT - ACSW '17
PB - Association for Computing Machinery
CY - NY
T2 - 2017 Australasian Computer Science Week Multiconference, ACSW 2017
Y2 - 31 January 2017
ER -