Pushing the Limits of Address Based Authentication: How to Avoid MAC Address Spoofing in Wireless LANs

Kemal Bicakci; Yusuf Uzunay

Commenced in January 2007

Frequency: Monthly

Edition: International

Paper Count: 32799

Pushing the Limits of Address Based Authentication: How to Avoid MAC Address Spoofing in Wireless LANs

Authors: Kemal Bicakci, Yusuf Uzunay

Abstract:

It is well-known that in wireless local area networks, authenticating nodes by their MAC addresses is not secure since it is very easy for an attacker to learn one of the authorized addresses and change his MAC address accordingly. In this paper, in order to prevent MAC address spoofing attacks, we propose to use dynamically changing MAC addresses and make each address usable for only one session. The scheme we propose does not require any change in 802.11 protocols and incurs only a small performance overhead. One of the nice features of our new scheme is that no third party can link different communication sessions of the same user by monitoring MAC addresses therefore our scheme is preferable also with respect to user privacy.

Keywords: Authentication, MAC address spoofing, security, wireless networks.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1335456

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2534

References:

[1] C. Kaufman, R. Perlman and M. Speciner, Network Security Private Communication in a Public World, Prentice Hall, Second Edition, 2002.
[2] Wireless LAN Security Paper, available http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_ wp.pdf, 2002.
[3] FreeRadius, http://www.freeradius.org/
[4] G. Me, Deployment of MAC Address Authentication based on Freeradius, available http://www.wi-fitechnology.com/Papers+req-showcontent-id- 1.html
[5] Tcpdump, http://www.tcpdump.org/
[6] J. Wright, Detecting Wireless LAN MAC Address Spoofing, white paper, available at http://www.logisense.com/docs/wlan-mac-spoof.pdf
[7] N. M. Haller, The S/KEY one-time password system. In Proceedings of the ISOC Symposium on Network and Distributed System Security, 1994.
[8] L. Lamport, "Password Authentication with Insecure Communication", Communications of the ACM, November 1981.
[9] Ethereal: A Network Protocol Analyzer, available at http://www.ethereal.com/
[10] H. Xia and J. Brustoloni. Detecting and Blocking Unauthorized Access in Wi-Fi Networks, in Proceedings of the Networking'2004 Conference, IFIP, Athens, Greece, Lecture Notes in Computer Science, 3042:795- 806, Springer-Verlag, May 2004.
[11] F. Guo and T. Chiueh, ``Sequence Number-Based MAC Address Spoof Detection,'' in Proceedings of 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005), September 2005.
[12] Y. Uzunay, K. Bicakci: UNIDES: An Efficient Real-Time System to Detect and Block Unauthorized Internet Access. Proceedings of 11th International Conference on Parallel and Distributed Systems (ICPADS 2005), IEEE Computer Society, 2005.
[13] J. Bellardo and S. Savage, 802.11 Denial of Service Attacks: Real Vulnerabilities and Practical Solutions, Proceedings of USENIX Security, 2003.