Not All ISPs Equally Secure Home Users - An Empirical Study Comparing Wi-Fi Security Provided by UK ISPs

Z. Cliffe Schreuders, Adil M. Bhat

Abstract

A majority of home users rely on their Internet service providers (ISPs) to provide them with wireless equipment that is secure, and assume that they are appropriately protected from threats such as piggybacking and eavesdropping. In this paper we present the results of an empirical study comparing the security provided to home users by their ISPs. Passive wireless data collection was used to gather information on 7,847 unique wireless access points within Leeds, UK. Non-parametric inferential statistical analysis was used to compare the security provided by the corresponding ISPs, as identified via the SSID naming used by ISPs in the UK. The ISPs identified included BT, O2, Orange, Plus Net, Sky, TalkTalk, and Virgin Media. Statistically significant differences in the security of the networks were found between ISPs, which we contend can in part be explained by their upgrade policies. These results are contrasted with the security configuration provided by three of the largest ISPs to new customers. For example, BT (the largest ISP in the UK) was found to have a greater number of access points configured with the cryptographically broken Wireless Equivalent Privacy (WEP) encryption method in use, compared to most of the other large ISPs, and this is in contrast to the favourable security configuration of the routers that are provided to new customers. The paper concludes with recommendations for when ISPs provide Wi-Fi enabled routers to home users.

References

  1. Adrian Pastor, 2007. BT home flub: pwnin the BT Home Hub [WWW Document]. GNUCITIZEN. URL http://www.gnucitizen.org/blog/bt-home-flub-pwninthe-bt-home-hub/ (accessed 10.28.12).
  2. Bittau, A., Handley, M., Lackey, J., 2006. The final nail in WEP's coffin, in: Proceedings of the 2006 IEEE Symposium on Security and Privacy, SP 7806. IEEE Computer Society, Washington, DC, USA, pp. 386- 400.
  3. Borisov, N., Goldberg, I., Wagner, D., 2001. Intercepting mobile communications: the insecurity of 802.11, in: Proceedings of the 7th Annual International Conference on Mobile Computing and Networking, MobiCom 7801. ACM, New York, NY, USA, pp. 180- 189.
  4. Dlaverty, 2004. Open all hours - Wardriving in Leeds, West Yorkshire, England [WWW Document]. Openxtra. URL http://www.openxtra.co.uk/articles/ wardriving-leeds (accessed 10.28.12).
  5. Fluhrer, S., Mantin, I., Shamir, A., 2001. Weaknesses in the key scheduling algorithm of RC4, in: Vaudenay, S., Youssef, A. (Eds.), Selected Areas in Cryptography, Lecture Notes in Computer Science. Springer Berlin / Heidelberg, pp. 1-24.
  6. John Leyden, 2008. Sky Broadband puts the fault into default Wi-Fi security: Users in guess-able random keys quandary [WWW Document]. The Register. URL http://www.theregister.co.uk/2008/02/21/sky_ broadband_wi_fi_keys_unpicked/ (accessed 10.28.12).
  7. NewsreadeR, 2008. Is your router secure? [WWW Document]. Sky User. URL http://www.skyuser.co.uk/ skyinfo/783.html (accessed 10.28.12).
  8. Stefan Viehböck, 2011. Brute forcing Wi-Fi Protected Setup: When poor design meets poor implementation [WWW Document]. URL http://packetstorm.foofus. com/papers/wireless/viehboeck_wps.pdf
  9. Stubblefield, A., Ioannidis, J., Rubin, A.D., 2004. A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP). ACM Trans. Inf. Syst. Secur. 7, 319-332.
  10. Tews, E., Beck, M., 2009. Practical attacks against WEP and WPA, in: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 7809. ACM, New York, NY, USA, pp. 79-86.
  11. Tews, E., Weinmann, R.-P., Pyshkin, A., 2007. Breaking 104 Bit WEP in less than 60 seconds, in: Proceedings of the 8th International Conference on Information Security Applications, WISA'07. Springer-Verlag, Berlin, Heidelberg, pp. 188-202.
Download


Paper Citation


in Harvard Style

Schreuders Z. and Bhat A. (2013). Not All ISPs Equally Secure Home Users - An Empirical Study Comparing Wi-Fi Security Provided by UK ISPs . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 568-573. DOI: 10.5220/0004600405680573


in Bibtex Style

@conference{secrypt13,
author={Z. Cliffe Schreuders and Adil M. Bhat},
title={Not All ISPs Equally Secure Home Users - An Empirical Study Comparing Wi-Fi Security Provided by UK ISPs},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={568-573},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004600405680573},
isbn={978-989-8565-73-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Not All ISPs Equally Secure Home Users - An Empirical Study Comparing Wi-Fi Security Provided by UK ISPs
SN - 978-989-8565-73-0
AU - Schreuders Z.
AU - Bhat A.
PY - 2013
SP - 568
EP - 573
DO - 10.5220/0004600405680573