Publication:
Session hijacking attacks in wireless local area networks

Loading...
Thumbnail Image
Authors
Onder, Hulusi
Subjects
Wireless local area networks
Authentication
Security
Session hijacking
802.1X
802.11
802.11i
Encryption
Access control
Supplicant
Authenticator
Authentication server
Open-source test bed
Advisors
Xie, Geoffrey
Date of Issue
2004-03
Date
March 2004
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Wireless Local Area Network (WLAN) technologies are becoming widely used since they provide more flexibility and availability. Unfortunately, it is possible for WLANs to be implemented with security flaws which are not addressed in the original 802.11 specification. IEEE formed a working group (TGi) to provide a complete solution (code named 802.11i standard) to all the security problems of the WLANs. The group proposed using 802.1X as an interim solution to the deficiencies in WLAN authentication and key management. The full 802.11i standard is expected to be finalized by the end of 2004. Although 802.1X provides a better authentication scheme than the original 802.11 security solution, it is still vulnerable to denial-of-service, session hijacking, and man-in-the- middle attacks. Using an open-source 802.1X test-bed, this thesis evaluates various session hijacking mechanisms through experimentation. The main conclusion is that the risk of session hijacking attack is significantly reduced with the new security standard (802.11i); however, the new standard will not resolve all of the problems. An attempt to launch a session hijacking attack against the new security standard will not succeed, although it will result in a denial-of-service attack against the user.
Type
Thesis
Description
Series/Report No
Department
Department of Computer Science
Other Units
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
xvi, 133 p. : ill. (some col.)
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Copyright is reserved by the copyright owner
Collections