24 - STUDENT - Eduroam insecurities

Jan Bocko Kuhar, Marko Dolnicar (University of Ljubljana)

We set up a test bed Eduroam wireless network as a project at the Computer Communications course. We have tried various known network attacks in this environment. As we were using virtualization technologies we discovered that a user connected to Eduroam with his own account can perform a man in the middle attack in a virtual machine and hide his identity. We used BackTrack 4 with bridged networking as a Vmware guest operating system. Once BackTrack was running and the host operating system was connected to our test Eduroam network, we successfully obtained an IP address from the DHCP server. A man in the middle ARP poisoning attack was achieved with Ettercap. Sniffing the network traffic on other clients proved that the attackers MAC address was
the Vmware assigned MAC address. Because the IP of the guest operating system was assigned without specifying user credentials the attacker's identity remained hidden.
The next step was to try this attack on the production Eduroam environment at our faculty. The attack was carried out successfully. After that we tried the ARP poisoning attack as the authenticated user, which was also successful. Both attacks went unnoticed by the network administrators, which made us wonder if the Eduroam network is really as secure as we perceive it.

Download file