A Software-Defined Testbed for Quantifying Deauthentication Resilience in Modern Wi-Fi Networks

• URL: http://arxiv.org/abs/2602.23513v1
• Date: Thu, 26 Feb 2026 21:33:56 GMT
• Title: A Software-Defined Testbed for Quantifying Deauthentication Resilience in Modern Wi-Fi Networks
• Authors: Alex Carbajal, Asma Jodeiri Akbarfam,
• Abstract summary: We introduce a software-defined testbed to measure Wi-Fi resilience to deauthentication attacks.<n>We experimentally evaluate five wireless security configurations: open networks, WPA1, WPA2 without Protected Management Frames (PMF), WPA2 with PMF, and WPA3.<n>Open networks, WPA1, and WPA2 without PMF proved entirely vulnerable to deauthentication, while no successful attacks were observed for WPA2 with PMF or WPA3 under tested conditions.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Wi-Fi deauthentication attacks remain a practical denial-of-service (DoS) threat by exploiting unprotected management frames to disrupt client connectivity. In this work, we introduce a software-defined testbed to measure Wi-Fi resilience to deauthentication attacks. We experimentally evaluate five wireless security configurations: open networks, WPA1, WPA2 without Protected Management Frames (PMF), WPA2 with PMF, and WPA3. Using controlled experiments, we measure client disconnection rates, packet injection volume, and time-to-disruption under each configuration. Packet-level behavior is analyzed using standard wireless auditing tools. Open networks, WPA1, and WPA2 without PMF proved entirely vulnerable to deauthentication, while no successful attacks were observed for WPA2 with PMF or WPA3 under tested conditions. These findings confirm the effectiveness of management-frame protection and highlight the continued risk posed by legacy or misconfigured wireless deployments.

Related papers

• Assessing the Real-World Impact of Post-Quantum Cryptography on WPA-Enterprise Networks [1.0057058606878277]
  We investigate the performance impact of Post-Quantum Cryptography (PQC) algorithms on WPA-Enterprise-based authentication.<n>We evaluate multiple combinations of PQC algorithms and analyze their performance overhead.<n>This work presents a first real-world performance evaluation of PQC-enabled WPA-Enterprise authentication.
  arXiv  Detail & Related papers  (2026-01-30T12:12:07Z)
• CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
  We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
  arXiv  Detail & Related papers  (2025-05-14T13:37:07Z)
• False Sense of Security on Protected Wi-Fi Networks [9.895667144311412]
  This paper empirically evaluate password choices in the wild and evaluate weakness in current common practices.<n>We collected a total of 3,352 password hashes from Wi-Fi access points and determine the passphrases that were protecting them.<n>We characterized the predictability of passphrases that use the minimum required length of 8 numeric or alphanumeric characters, and/or symbols stipulated in wireless security standards.
  arXiv  Detail & Related papers  (2025-01-23T04:04:22Z)
• Recovering WPA-3 Network Password by Bypassing the Simultaneous Authentication of Equals Handshake using Social Engineering Captive Portal [1.2494184403263338]
  Breaching the WPA3 network can be possible by building on various security flaws that was disclosed on WPA3 in 2021.<n>A Man in the Middle attack proposed set up is carried out by using race conditions to deauthentication WPA3 network and then using a Raspberry Pi to spawn a rouge WPA3 network.<n>This research identified that the Password was able to be recovered from Social Engineering Captive Portal when Protected Management Frames are not implemented.
  arXiv  Detail & Related papers  (2024-12-19T20:19:34Z)
• EAP-FIDO: A Novel EAP Method for Using FIDO2 Credentials for Network Authentication [43.91777308855348]
  EAP-FIDO allows organisations with WPA2/3-Enterprise wireless networks or MACSec-enabled wired networks to leverage FIDO2's passwordless authentication.<n>We provide a comprehensive security and performance analysis to support the feasibility of this approach.
  arXiv  Detail & Related papers  (2024-12-04T12:35:30Z)
• BAZAM: A Blockchain-Assisted Zero-Trust Authentication in Multi-UAV Wireless Networks [21.51085709522321]
  Unmanned aerial vehicles (UAVs) are vulnerable to interception and attacks when operated remotely without a unified identity authentication. We introduce a blockchain-assisted zero-trust authentication scheme, namely BAZAM, designed for multi-UAV wireless networks.
  arXiv  Detail & Related papers  (2024-06-30T09:06:49Z)
• A Novel Protocol Using Captive Portals for FIDO2 Network Authentication [45.84205238554709]
  We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
  arXiv  Detail & Related papers  (2024-02-20T09:55:20Z)
• Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack [33.68960337314623]
  We unveil a fundamental side channel in Wi-Fi networks, specifically the observable frame size, which can be exploited by attackers to conduct TCP hijacking attacks. We validate the effectiveness of this side channel attack through two case studies. We implement our attack in 80 real-world Wi-Fi networks and successfully hijack the victim's TCP connections in 75 (93.75%) evaluated Wi-Fi networks.
  arXiv  Detail & Related papers  (2024-02-20T04:56:48Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
  We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
  arXiv  Detail & Related papers  (2023-09-26T08:11:38Z)
• GraSens: A Gabor Residual Anti-aliasing Sensing Framework for Action Recognition using WiFi [52.530330427538885]
  WiFi-based human action recognition (HAR) has been regarded as a promising solution in applications such as smart living and remote monitoring. We propose an end-to-end Gabor residual anti-aliasing sensing network (GraSens) to directly recognize the actions using the WiFi signals from the wireless devices in diverse scenarios.
  arXiv  Detail & Related papers  (2022-05-24T10:20:16Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.