Security in WiFi protocols and analysis of their impact on mobile health technologies
Ασφάλεια σε WiFi πρωτόκολλα και αποτίμηση των συνεπειών στις τεχνολογίες κινητής υγείας
View/
Keywords
WiFi ; Security ; Healthcare ; CryptographyAbstract
This thesis presents a security assessment of Wi-Fi communications, and their compounded impact through vulnerability chaining in mobile technologies, particularly within the healthcare domain. The research is structured into two main areas: (1) Wi-Fi security threats, specifically association attacks in IEEE 802.11 and the security analysis of Wi-Fi Easy Connect, the industry-standard method for connecting Internet of Things (IoT) devices to wireless networks, and (2) the consequences of wireless security flaws in the medical field through man-in-the-middle attacks targeting mobile applications, and devices used for digital phenotyping.
Specifically, the first part of this work examines association attacks that exploit usability features in network managers of modern operating systems. By implementing these attacks and analyzing their effectiveness against contemporary defenses, we demonstrate that, despite mitigations, various attack vectors remain exploitable. We further investigate Wi-Fi Easy Connect, a protocol introduced as a replacement for Wi-Fi Protected Setup (WPS) that serves as the standard method for connecting IoT devices to wireless networks, conducting an in-depth security and privacy analysis. The discovered findings reveal that, contrary to its intended goal of enhancing security, Wi-Fi Easy Connect introduces design weaknesses that expand the attack surface for adversaries. Our work also includes responses from the Wi-Fi Alliance regarding our findings, and highlights the delicate balance between usability and security in protocol design.
The second part of this thesis examines the significance of Wi-Fi attacks when combined with mobile and device vulnerabilities, with a particular focus on their impact in the healthcare domain. Specifically, we demonstrate how app-specific vulnerabilities, or the analysis of unencrypted traffic related to digital phenotyping, can be exploited by an adversary who has gained a man-in-the-middle position through the Wi-Fi attacks described in the first part of the thesis. Our research involves a large-scale security evaluation of 140 medical mobile applications on both Android and iOS platforms where we identified significant security gaps, including weak data protection mechanisms, insufficient integrity safeguards, and the transmission of sensitive Patient Health Information (PHI) over insecure channels. In addition, we analyze risks associated with digital phenotyping, where behavioral patterns extracted from digital footprints can be used to infer psychological traits. We demonstrate how digital markers, such as indicators of impulsivity, can be extracted from insecure channels (e.g., a compromised VoIP connection over Wi-Fi) by malicious actors, enabling sophisticated phishing attacks.
The thesis underscores the evolving threat landscape of wireless protocols and provides insights introduced by usability-focused protocol designs and the continued presence of Wi-Fi vulnerabilities. We demonstrate how these vulnerabilities can be further exploited to carry out additional attacks against users of mobile applications or IoT devices, including targeted phishing campaigns using digital phenotyping techniques. In addition to identifying these security gaps, we also propose remediation strategies to mitigate the risks uncovered in our analysis.
Department
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα ΠληροφορικήςNumber of pages
107Language
EnglishCollections
Except where otherwise noted, this item's license is described as
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα