Intercepting mobile communications: the insecurity of 802.11
Proceedings of the 7th annual international conference on Mobile computing and networking
A framework for wireless LAN monitoring and its applications
Proceedings of the 3rd ACM workshop on Wireless security
802.11 denial-of-service attacks: real vulnerabilities and practical solutions
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Passive and accurate traffic load estimation for infrastructure-mode wireless lan
Proceedings of the 10th ACM Symposium on Modeling, analysis, and simulation of wireless and mobile systems
A solution to spoofed PS-poll based denial of service attacks in IEEE 802.11 WLANs
ICCOM'07 Proceedings of the 11th Conference on 11th WSEAS International Conference on Communications - Volume 11
Wireless device identification with radiometric signatures
Proceedings of the 14th ACM international conference on Mobile computing and networking
Extending orchids for intrusion detection in 802.11 wireless networks
NOTERE '08 Proceedings of the 8th international conference on New technologies in distributed systems
WSEAS TRANSACTIONS on COMMUNICATIONS
Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks
Computer Standards & Interfaces
Detecting identity spoofs in IEEE 802.11e wireless networks
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A mechanism for detecting session hijacks in wireless networks
IEEE Transactions on Wireless Communications
HProxy: client-side detection of SSL stripping attacks
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Non-cryptographic authentication and identification in wireless networks
IEEE Wireless Communications
Experience with heterogenous clock-skew based device fingerprinting
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
| Hi-index | 0.00 |
The exponential growth in the deployment of IEEE 802.11-based wireless LAN (WLAN) in enterprises and homes makes WLAN an attractive target for attackers. Attacks that exploit vulnerabilities at the IP layer or above can be readily addressed by intrusion detection systems designed for wired networks. However, attacks exploiting link-layer protocol vulnerabilities require a different set of intrusion detection mechanism. Most link-layer attacks in WLANs are denial of service attacks and work by spoofing either access points (APs) or wireless stations. Spoofing is possible because the IEEE 802.11 standard does not provide per-frame source authentication, but can be effectively prevented if a proper authentication is added into the standard. Unfortunately, it is unlikely that commercial WLANs will support link-layer source authentication that covers both management and control frames in the near future. Even if it is available in next-generation WLANs equipments, it cannot protect the large installed base of legacy WLAN devices. This paper proposes an algorithm to detect spoofing by leveraging the sequence number field in the link-layer header of IEEE 802.11 frames, and demonstrates how it can detect various spoofing without modifying the APs or wireless stations. The false positive rate of the proposed algorithm is zero, and the false negative rate is close to zero. In the worst case, the proposed algorithm can detect a spoofing activity, even though it can only detect some but not all spoofed frames.