Session hijacking attacks in wireless local area networks

dc.contributor.advisorXie, Geoffrey
dc.contributor.authorOnder, Hulusi
dc.contributor.corporateNaval Postgraduate School (U.S.)
dc.contributor.departmentDepartment of Computer Science
dc.contributor.secondreaderGibson, John
dc.dateMarch 2004
dc.date.accessioned2012-03-14T17:32:33Z
dc.date.available2012-03-14T17:32:33Z
dc.date.issued2004-03
dc.description.abstractWireless Local Area Network (WLAN) technologies are becoming widely used since they provide more flexibility and availability. Unfortunately, it is possible for WLANs to be implemented with security flaws which are not addressed in the original 802.11 specification. IEEE formed a working group (TGi) to provide a complete solution (code named 802.11i standard) to all the security problems of the WLANs. The group proposed using 802.1X as an interim solution to the deficiencies in WLAN authentication and key management. The full 802.11i standard is expected to be finalized by the end of 2004. Although 802.1X provides a better authentication scheme than the original 802.11 security solution, it is still vulnerable to denial-of-service, session hijacking, and man-in-the- middle attacks. Using an open-source 802.1X test-bed, this thesis evaluates various session hijacking mechanisms through experimentation. The main conclusion is that the risk of session hijacking attack is significantly reduced with the new security standard (802.11i); however, the new standard will not resolve all of the problems. An attempt to launch a session hijacking attack against the new security standard will not succeed, although it will result in a denial-of-service attack against the user.en_US
dc.description.distributionstatementApproved for public release; distribution is unlimited.
dc.description.serviceLieutenant Junior Grade, Turkish Navyen_US
dc.description.urihttp://archive.org/details/sessionhijacking109451641
dc.format.extentxvi, 133 p. : ill. (some col.)en_US
dc.identifier.urihttps://hdl.handle.net/10945/1641
dc.publisherMonterey, California. Naval Postgraduate Schoolen_US
dc.rightsCopyright is reserved by the copyright owneren_US
dc.subject.authorWireless local area networksen_US
dc.subject.authorAuthenticationen_US
dc.subject.authorSecurityen_US
dc.subject.authorSession hijackingen_US
dc.subject.author802.1Xen_US
dc.subject.author802.11en_US
dc.subject.author802.11ien_US
dc.subject.authorEncryptionen_US
dc.subject.authorAccess controlen_US
dc.subject.authorSupplicanten_US
dc.subject.authorAuthenticatoren_US
dc.subject.authorAuthentication serveren_US
dc.subject.authorOpen-source test beden_US
dc.subject.lcshWireless LANsen_US
dc.subject.lcshIEEE 80211 (Standard)en_US
dc.subject.lcshData encryption (Computer science)en_US
dc.subject.lcshAuthenticationen_US
dc.titleSession hijacking attacks in wireless local area networksen_US
dc.typeThesisen_US
dspace.entity.typePublication
etd.thesisdegree.disciplineComputer Scienceen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US
etd.thesisdegree.levelMastersen_US
etd.thesisdegree.nameM.S. in Computer Scienceen_US
etd.verifiednoen_US
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
04Mar_Onder.pdf
Size:
2.83 MB
Format:
Adobe Portable Document Format
Collections