Session hijacking attacks in wireless local area networks

Download
Author
Onder, Hulusi
Date
2004-03Advisor
Xie, Geoffrey
Second Reader
Gibson, John
Metadata
Show full item recordAbstract
Wireless Local Area Network (WLAN) technologies are becoming widely used since they provide more flexibility and availability. Unfortunately, it is possible for WLANs to be implemented with security flaws which are not addressed in the original 802.11 specification. IEEE formed a working group (TGi) to provide a complete solution (code named 802.11i standard) to all the security problems of the WLANs. The group proposed using 802.1X as an interim solution to the deficiencies in WLAN authentication and key management. The full 802.11i standard is expected to be finalized by the end of 2004. Although 802.1X provides a better authentication scheme than the original 802.11 security solution, it is still vulnerable to denial-of-service, session hijacking, and man-in-the- middle attacks. Using an open-source 802.1X test-bed, this thesis evaluates various session hijacking mechanisms through experimentation. The main conclusion is that the risk of session hijacking attack is significantly reduced with the new security standard (802.11i); however, the new standard will not resolve all of the problems. An attempt to launch a session hijacking attack against the new security standard will not succeed, although it will result in a denial-of-service attack against the user.
Rights
Copyright is reserved by the copyright ownerCollections
Related items
Showing items related by title, author, creator and subject.
-
BLOCKCHAIN ACCESS MANAGEMENT WITH GLOBAL COMBAT SUPPORT SYSTEM – MARINE CORPS
Schofield, Brandan R.; Snelgrove, Brittany (Monterey, CA; Naval Postgraduate School, 2019-09);The Marine Corps Operating Concept (MOC) outlines critical tasks which will have a significant impact on current Marine Corps logistics Major Automated Information Systems (MAIS), especially as tactical units operate in ... -
Conversation thread extraction and topic detection in text-based chat
Adams, Paige Holland. (Monterey, California. Naval Postgraduate School, 2008-09);Text-based chat systems are widely used within the Department of Defense, but the standard systems available do not provide robust capabilities for search, information retrieval, or information assurance. The objective ... -
Improving security in the FDDI protocol
Jones, Benjamin Edward (Monterey, California. Naval Postgraduate School, 1992-09);The arrival of high speed packet switched fiber optic LANs has allowed local area design architectures to be used for larger metropolitan area network (MANs) implementation. The current LAN security mechanisms used in ...