Card image

Scholarly

Volume:2, Issue: 6, 2008 Page No: 1289 - 1298

International Journal of Electrical, Electronic and Communication Sciences

ISSN: 2517-9438

1861 Downloads
Abstract Full Text Download References Share Add to Favorites
DOI:10.5281/zenodo.1335456 BibTeX JSON

Pushing the Limits of Address Based Authentication: How to Avoid MAC Address Spoofing in Wireless LANs

It is well-known that in wireless local area networks, authenticating nodes by their MAC addresses is not secure since it is very easy for an attacker to learn one of the authorized addresses and change his MAC address accordingly. In this paper, in order to prevent MAC address spoofing attacks, we propose to use dynamically changing MAC addresses and make each address usable for only one session. The scheme we propose does not require any change in 802.11 protocols and incurs only a small performance overhead. One of the nice features of our new scheme is that no third party can link different communication sessions of the same user by monitoring MAC addresses therefore our scheme is preferable also with respect to user privacy.
Authors:
Keywords:
References:
[1] C. Kaufman, R. Perlman and M. Speciner, Network Security Private
Communication in a Public World, Prentice Hall, Second Edition, 2002.
[2] Wireless LAN Security Paper, available
http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_
wp.pdf, 2002.
[3] FreeRadius, http://www.freeradius.org/
[4] G. Me, Deployment of MAC Address Authentication based on
Freeradius,
available http://www.wi-fitechnology.com/Papers+req-showcontent-id-
1.html
[5] Tcpdump, http://www.tcpdump.org/
[6] J. Wright, Detecting Wireless LAN MAC Address Spoofing, white
paper, available at http://www.logisense.com/docs/wlan-mac-spoof.pdf
[7] N. M. Haller, The S/KEY one-time password system. In Proceedings of
the ISOC Symposium on Network and Distributed System Security, 1994.
[8] L. Lamport, "Password Authentication with Insecure Communication",
Communications of the ACM, November 1981.
[9] Ethereal: A Network Protocol Analyzer, available at
http://www.ethereal.com/
[10] H. Xia and J. Brustoloni. Detecting and Blocking Unauthorized Access
in Wi-Fi Networks, in Proceedings of the Networking'2004 Conference,
IFIP, Athens, Greece, Lecture Notes in Computer Science, 3042:795-
806, Springer-Verlag, May 2004.
[11] F. Guo and T. Chiueh, ``Sequence Number-Based MAC Address Spoof
Detection,'' in Proceedings of 8th International Symposium on Recent
Advances in Intrusion Detection (RAID 2005), September 2005.
[12] Y. Uzunay, K. Bicakci: UNIDES: An Efficient Real-Time System to
Detect and Block Unauthorized Internet Access. Proceedings of 11th
International Conference on Parallel and Distributed Systems (ICPADS
2005), IEEE Computer Society, 2005.
[13] J. Bellardo and S. Savage, 802.11 Denial of Service Attacks: Real
Vulnerabilities and Practical Solutions, Proceedings of USENIX
Security, 2003.