<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">kaz44</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Университета Шакарима. Серия технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Bulletin of Shakarim University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2788-7995</issn><issn pub-type="epub">3006-0524</issn><publisher><publisher-name>«Шәкәрім университеті» КеАҚ</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.53360/2788-7995-2025-1(17)-4</article-id><article-id custom-type="elpub" pub-id-type="custom">kaz44-1766</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>АВТОМАТИЗАЦИЯ И ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ (ОРИГИНАЛЬНАЯ СТАТЬЯ)</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>AUTOMATION AND INFORMATION TECHNOLOGY (ORIGINAL ARTICLE)</subject></subj-group></article-categories><title-group><article-title>АНАЛИЗ УЯЗВИМОСТЕЙ БЕСПРОВОДНЫХ СЕТЕЙ WI-FI И LTE ДЛЯ ПРОЕКТИРОВАНИЯ ЗАЩИЩЁННОГО СМАРТФОНА</article-title><trans-title-group xml:lang="en"><trans-title>VULNERABILITY ANALYSIS OF WI-FI AND LTE NETWORKS FOR SECURE SMARTPHONE DESIGN</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0001-6006-4813</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Шайханова</surname><given-names>А. К.</given-names></name><name name-style="western" xml:lang="en"><surname>Shaikhanova</surname><given-names>A. K.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Айгуль Кайрулаевна Шайханова – PhD, профессор кафедры информационной безопасности; координатор научных проектов</p><p>Астана, ул. К.Сатпаева, 2  </p><p>Астана, проспект Кабанбай Батыра 51/1 </p></bio><bio xml:lang="en"><p>Aigul Kairulaevna Shaikhanova – PhD, Professor of the Department of Information Security; Coordinator of scientific projects </p><p>Astana, K.Satpayev str., 2  </p><p>Astana, 51/1 Kabanbai Batyr Avenue  </p></bio><email xlink:type="simple">aigul.shaikhanova@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0003-9088-3221</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Буденов</surname><given-names>Р. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Budenov</surname><given-names>R. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Руслан Аримбаевич Буденов – магистр технических наук, Инженер-электронщик</p><p>Астана, проспект Кабанбай Батыра 51/1 </p></bio><bio xml:lang="en"><p>Ruslan Arimbaevich Budenov – Master of Technical Sciences, Electronics Engineer</p><p>Astana, 51/1 Kabanbai Batyr Avenue  </p></bio><email xlink:type="simple">akarkin@mail.ru</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0005-2684-1718</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Сатиев</surname><given-names>О. Ш.</given-names></name><name name-style="western" xml:lang="en"><surname>Satiev</surname><given-names>O. Sh.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Олжас Шагзадович Сатиев – старший эксперт по информационной безопасности</p><p>Астана, проспект Кабанбай Батыра 51/1 </p></bio><bio xml:lang="en"><p>Olzhas Shagzadovich Satiev – Senior Information security Expert </p><p>Astana, 51/1 Kabanbai Batyr Avenue  </p></bio><email xlink:type="simple">os@wtotem.com</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0003-3774-8389</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Тлепов</surname><given-names>Д. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Tlepov</surname><given-names>D. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Данир Амангельдинович Тлепов – магистр технических наук, Научный сотрудник </p><p>Астана, проспект Кабанбай Батыра 51/1 </p></bio><bio xml:lang="en"><p>Danir Amangeldinovich Tlepov – Master of Technical Sciences, Researcher</p><p>Astana, 51/1 Kabanbai Batyr Avenue  </p></bio><email xlink:type="simple">tdanir@cert.kz</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-5019-2413</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Токкулиева</surname><given-names>А. К.</given-names></name><name name-style="western" xml:lang="en"><surname>Tokkuliyeva</surname><given-names>A. K.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Айжан Конурбаевна Токкулиева – магистр технических наук, докторант 1 курса специальности «Системы информационной безопасности»; младший научный сотрудник</p><p>Астана, ул. К.Сатпаева, 2  </p><p>Астана, проспект Кабанбай Батыра 51/1 </p></bio><bio xml:lang="en"><p>Aizhan Konurbaevna Tokkuliyeva – Master of Technical Sciences, 1st year doctoral student, specialty «Information Security Systems»; Junior Researcher </p><p>Astana, K.Satpayev str., 2  </p><p>Astana, 51/1 Kabanbai Batyr Avenue  </p></bio><email xlink:type="simple">aizhantokkuliyeva1983@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru">Евразийский национальный университет им. Л.Н. Гумилева; ТОО «WebTotem»<country>Казахстан</country></aff><aff xml:lang="en">L.N. Gumilyov Eurasian National University; WebTotem LLP<country>Kazakhstan</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru">ТОО «WebTotem»<country>Казахстан</country></aff><aff xml:lang="en">WebTotem LLP<country>Kazakhstan</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>29</day><month>03</month><year>2025</year></pub-date><volume>0</volume><issue>1(17)</issue><fpage>31</fpage><lpage>40</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Шайханова А.К., Буденов Р.А., Сатиев О.Ш., Тлепов Д.А., Токкулиева А.К., 2025</copyright-statement><copyright-year>2025</copyright-year><copyright-holder xml:lang="ru">Шайханова А.К., Буденов Р.А., Сатиев О.Ш., Тлепов Д.А., Токкулиева А.К.</copyright-holder><copyright-holder xml:lang="en">Shaikhanova A.K., Budenov R.A., Satiev O.S., Tlepov D.A., Tokkuliyeva A.K.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://tech.vestnik.shakarim.kz/jour/article/view/1766">https://tech.vestnik.shakarim.kz/jour/article/view/1766</self-uri><abstract><p>В данной работе представлены результаты практического анализа уязвимостей беспроводных сетей Wi-Fi (WEP, WPA, WPA2, WPA3) и LTE в контексте проектирования защищённого смартфона. Исследование проведено с использованием комплекса инструментов, включая Aircrack-ng, Wireshark, YateBTS и программно-определяемого радио BladeRF 2.0, что позволило детально изучить механизмы атак и устойчивость современных протоколов к различным типам угроз.</p><p>Экспериментальная часть включала разработку стендов и автоматизированных скриптов для тестирования на проникновение. Анализ показал, что протокол WEP обладает критическими уязвимостями и может быть взломан всего за 4 секунды. WPA2 оказался подвержен атакам, связанным с перехватом пакетов аутентификации, что делает возможным реализацию атак типа «человек посередине» (MITM). Несмотря на усовершенствования, WPA3 также демонстрирует уязвимость к атакам через побочные каналы, например, атакам Dragonblood. В свою очередь, LTE подвергается рискам перехвата международного идентификатора мобильного абонента (IMSI Catching) и атакам понижения ранга сети до 3G/2G, что позволяет злоумышленникам проводить атаки на отказ в обслуживании и перехватывать трафик.</p><p>Полученные результаты подчёркивают необходимость отказа от устаревших стандартов, улучшения механизмов аутентификации WPA3 и усовершенствования сигнальных протоколов LTE. Настоящая работа вносит вклад в повышение безопасности беспроводных коммуникаций и проектирование защищённых мобильных устройств.</p></abstract><trans-abstract xml:lang="en"><p>This paper presents the results of practical vulnerability analysis of Wi-Fi (WEP, WPA, WPA2, WPA3) and LTE wireless networks in the context of designing a secure smartphone. The study was conducted using a set of tools, including Aircrack-ng, Wireshark, YateBTS and software-defined radio BladeRF 2.0, which allowed to study in detail the attack mechanisms and resistance of modern protocols to various types of threats.</p><p>The experimental part included the development of stands and automated scripts for penetration testing. The analysis showed that the WEP protocol has critical vulnerabilities and can be compromised in just 4 seconds. WPA2 was susceptible to attacks related to authentication packet interception, making man-in-themiddle (MITM) attacks possible. Despite the improvements, WPA3 also shows vulnerability to side-channel attacks such as Dragonblood attacks. LTE, on the other hand, is vulnerable to International Mobile Subscriber Identity (IMSI Catching) and 3G/2G downgrade attacks, allowing attackers to conduct denial of service attacks and intercept traffic.</p><p>The results underscore the need to abandon outdated standards, improve WPA3 authentication mechanisms and enhance LTE signalling protocols. This paper contributes to improving the security of wireless communications and the design of secure mobile devices.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>Wi-Fi</kwd><kwd>LTE</kwd><kwd>сетевая безопасность</kwd><kwd>анализ безопасности</kwd><kwd>WEP</kwd><kwd>WPA</kwd><kwd>WPA2</kwd><kwd>WPA3</kwd><kwd>тестирование на проникновение</kwd><kwd>программно-определяемое радио</kwd></kwd-group><kwd-group xml:lang="en"><kwd>Wi-Fi</kwd><kwd>LTE</kwd><kwd>Network Security</kwd><kwd>security analysis</kwd><kwd>WEP</kwd><kwd>WPA</kwd><kwd>WPA2</kwd><kwd>WPA3</kwd><kwd>Penetration Testing</kwd><kwd>software defined radio (SDR)</kwd></kwd-group><funding-group xml:lang="ru"><funding-statement>Бұл зерттеу Қазақстан Республикасының Ғылым және жоғары білім министрлігі Ғылым комитеті тарапынан қаржыландырылды (№ BR249014/02240 гранты).</funding-statement></funding-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Check Point Software, Cyber Security Report 2023, Check Point Cyber Hub, 2023. [Online]. Доступно: https://www.checkpoint.com/cyber-hub/cyber-security-report/. [Қол жеткізілген күні: 2025 жылғы 24 қаңтар].</mixed-citation><mixed-citation xml:lang="en">Check Point Software, Cyber Security Report 2023, Check Point Cyber Hub, 2023. [Online]. Доступно: https://www.checkpoint.com/cyber-hub/cyber-security-report/. [Қол жеткізілген күні: 2025 жылғы 24 қаңтар].</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Nohl K. Attacking phone privacy in Black Hat USA / K. Nohl – 2010. – Р. 1-6.</mixed-citation><mixed-citation xml:lang="en">Nohl K. Attacking phone privacy in Black Hat USA / K. Nohl – 2010. – Р. 1-6.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Lounis K. Cut it: Deauthentication attacks on protected management frames in WPA2 and WPA3, in Foundations and Practice of Security (FPS 2021) / K. Lounis, S.H.H. Ding, M. Zulkernine // Cham: Springer. – 2022. – Р. 241-256.</mixed-citation><mixed-citation xml:lang="en">Lounis K. Cut it: Deauthentication attacks on protected management frames in WPA2 and WPA3, in Foundations and Practice of Security (FPS 2021) / K. Lounis, S.H.H. Ding, M. Zulkernine // Cham: Springer. – 2022. – Р. 241-256.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Halbouni A. Wireless security protocols WPA3: A systematic literature review / A. Halbouni, L.-Y. Ong, M.-C. Leow // IEEE Access. – 2023. – vol. 11. – Р. 112438-112450.</mixed-citation><mixed-citation xml:lang="en">Halbouni A. Wireless security protocols WPA3: A systematic literature review / A. Halbouni, L.-Y. Ong, M.-C. Leow // IEEE Access. – 2023. – vol. 11. – Р. 112438-112450.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Practical attacks against privacy and availability in 4G/LTE mobile communication systems / A. Shaik et al // in Proc. 23rd Annu. Netw. Distrib. Syst. Security Symp. (NDSS). – 2016. – Р. 1-16.</mixed-citation><mixed-citation xml:lang="en">Practical attacks against privacy and availability in 4G/LTE mobile communication systems / A. Shaik et al // in Proc. 23rd Annu. Netw. Distrib. Syst. Security Symp. (NDSS). – 2016. – Р. 1-16.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">On key reinstallation attacks over 4G LTE control-plane: Feasibility and negative impact / M.T. Raza et al // Anwar in Proc. 37th Annu. Comput. Security Appl. Conf. – 2021. – Р. 877-886.</mixed-citation><mixed-citation xml:lang="en">On key reinstallation attacks over 4G LTE control-plane: Feasibility and negative impact / M.T. Raza et al // Anwar in Proc. 37th Annu. Comput. Security Appl. Conf. – 2021. – Р. 877-886.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Schmitt P. Pretty good phone privacy / P. Schmitt, B. Raghavan // in Proc. 30th USENIX Security Symp. – 2021. – Р. 1737-1754.</mixed-citation><mixed-citation xml:lang="en">Schmitt P. Pretty good phone privacy / P. Schmitt, B. Raghavan // in Proc. 30th USENIX Security Symp. – 2021. – Р. 1737-1754.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Privacy attacks to the 4G and 5G cellular paging protocols using side channel information / S.R. Hussain et al // in Proc. Netw. Distrib. Syst. Security Symp. (NDSS). – 2019. – Р. 1-15.</mixed-citation><mixed-citation xml:lang="en">Privacy attacks to the 4G and 5G cellular paging protocols using side channel information / S.R. Hussain et al // in Proc. Netw. Distrib. Syst. Security Symp. (NDSS). – 2019. – Р. 1-15.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Baray E. WLAN security protocols and WPA3 security approach measurement through aircrackng technique / E. Baray, N.K. Ojha // in Proc. 5th Int. Conf. Comput. Methodologies Commun. (ICCMC). – 2021. – Р. 23-30.</mixed-citation><mixed-citation xml:lang="en">Baray E. WLAN security protocols and WPA3 security approach measurement through aircrackng technique / E. Baray, N.K. Ojha // in Proc. 5th Int. Conf. Comput. Methodologies Commun. (ICCMC). – 2021. – Р. 23-30.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Vanhoef M. Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd / M. Vanhoef, E. Ronen // 2020 IEEE Symposium on Security and Privacy (SP). – IEEE, 2020. – P. 517533.</mixed-citation><mixed-citation xml:lang="en">Vanhoef M. Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd / M. Vanhoef, E. Ronen // 2020 IEEE Symposium on Security and Privacy (SP). – IEEE, 2020. – P. 517533.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Vanhoef M. Key reinstallation attacks: Forcing nonce reuse in WPA2 / M. Vanhoef, F. Piessens // Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. – 2017. – P. 1313-1328.</mixed-citation><mixed-citation xml:lang="en">Vanhoef M. Key reinstallation attacks: Forcing nonce reuse in WPA2 / M. Vanhoef, F. Piessens // Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. – 2017. – P. 1313-1328.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Lin H. LTE Redirection Attack-Forcing Targeted LTE Cellphone into Unsafe Network / H. Lin // Unicorn Team-Radio and Hardware Security Research. – 2016.</mixed-citation><mixed-citation xml:lang="en">Lin H. LTE Redirection Attack-Forcing Targeted LTE Cellphone into Unsafe Network / H. Lin // Unicorn Team-Radio and Hardware Security Research. – 2016.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
