Authors: Wenfeng Ge, Jing Li, Srinivas Sampalli
Addresses: Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia B3H 1W5, Canada. ' Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia B3H 1W5, Canada. ' Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia B3H 1W5, Canada
Abstract: Since the ratification of the IEEE 802.11 standard, 802.11 Wireless LANs (WLANs) have been widely deployed in research, government, military and industrial environments. However, 802.11 WLANs suffer from a number of security problems. In particular, management frames in 802.11 WLANs are not protected. A number of attacks such as denial of service, impersonation and man-in-the-middle can be launched by exploiting unprotected management frames. Even the newly ratified 802.11i security standard does not protect the network against such attacks. We present a per-frame authentication scheme to protect 802.11 management frames. With this scheme, every frame received by the wireless client or access point is first authenticated and then the corresponding management function carried out. Our scheme is compatible with the original 802.11 standard and uses the most of the 802.11 standard resources. We have implemented a prototype of our scheme and built a test bed to launch management frame attacks and to demonstrate how our scheme can prevent such attacks.
Keywords: 802.11 WLANs; wireless LANs; local area networks; management frames; MAC addresses; medium access control; authentication; security challenges; denial of service; DoS attacks; management frame attacks; impersonation attacks; man-in-the-middle attacks.
International Journal of Wireless and Mobile Computing, 2009 Vol.3 No.3, pp.133 - 144
Published online: 11 Oct 2009 *Full-text access for editors Access for subscribers Purchase this article Comment on this article