Pushing the Limits of Address Based Authentication: How to Avoid MAC Address Spoofing in Wireless LANs

It is well-known that in wireless local area networks, authenticating nodes by their MAC addresses is not secure since it is very easy for an attacker to learn one of the authorized addresses and change his MAC address accordingly. In this paper, in order to prevent MAC address spoofing attacks, we propose to use dynamically changing MAC addresses and make each address usable for only one session. The scheme we propose does not require any change in 802.11 protocols and incurs only a small performance overhead. One of the nice features of our new scheme is that no third party can link different communication sessions of the same user by monitoring MAC addresses therefore our scheme is preferable also with respect to user privacy. Keywords—Authentication, MAC address spoofing, security, wireless networks.

[1]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[2]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[3]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[4]  Kemal Bicakci,et al.  UNIDES: An Efficient Real-Time System to Detect and Block Unauthorized Internet Access , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[5]  Joshua Wright,et al.  Detecting Wireless LAN MAC Address Spoofing , 2003 .

[6]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.

[7]  José Carlos Brustoloni,et al.  Detecting and Blocking Unauthorized Access in Wi-Fi Networks , 2004, NETWORKING.