Session hijacking attacks in wireless local area networks
MetadataShow full item record
Wireless Local Area Network (WLAN) technologies are becoming widely used since they provide more flexibility and availability. Unfortunately, it is possible for WLANs to be implemented with security flaws which are not addressed in the original 802.11 specification. IEEE formed a working group (TGi) to provide a complete solution (code named 802.11i standard) to all the security problems of the WLANs. The group proposed using 802.1X as an interim solution to the deficiencies in WLAN authentication and key management. The full 802.11i standard is expected to be finalized by the end of 2004. Although 802.1X provides a better authentication scheme than the original 802.11 security solution, it is still vulnerable to denial-of-service, session hijacking, and man-in-the- middle attacks. Using an open-source 802.1X test-bed, this thesis evaluates various session hijacking mechanisms through experimentation. The main conclusion is that the risk of session hijacking attack is significantly reduced with the new security standard (802.11i); however, the new standard will not resolve all of the problems. An attempt to launch a session hijacking attack against the new security standard will not succeed, although it will result in a denial-of-service attack against the user.
Approved for public release, distribution is unlimited
Showing items related by title, author, creator and subject.
Jones, Benjamin Edward (Monterey, California. Naval Postgraduate School, 1992-09);The arrival of high speed packet switched fiber optic LANs has allowed local area design architectures to be used for larger metropolitan area network (MANs) implementation. The current LAN security mechanisms used in ...
Adams, Paige Holland. (Monterey, California. Naval Postgraduate School, 2008-09);Text-based chat systems are widely used within the Department of Defense, but the standard systems available do not provide robust capabilities for search, information retrieval, or information assurance. The objective ...
Santos, Alvaro K. (Monterey, California: Naval Postgraduate School, 1999-06);Airport security measures use very expensive equipment, and may keep passengers in line for several minutes. The time passengers spend in those lines can add up, and must be understood as time opportunity cost. In the ...