Countermeasures against MAC address spoofing in public wireless networks using lightweight agents

As wireless network usage thrivingly grows, MAC address spoofing recently poses a serious security threat to a public wireless network. In the past, several schemes have been proposed to leverage this problem. However, these previous methods incur high deployment costs in employing countermeasure protocols. In this paper, we present a lightweight agent-based access control framework to counter MAC address spoofing threats. The proposed framework has four operating modes to run according to user needs of system performance and wireless security. Therefore, the framework provides much more flexibility in employing a variety of security protocols, and performance-security trade-offs. With a prototype implementation, the preliminary experimental results indicate that the proposed framework has only 20% performance degradation in burst packet transfer under the most rigorous security consideration, which shows the potential feasibility.

[1]  Robert H. Deng,et al.  Access control protocols with two-layer architecture for wireless networks , 2007, Comput. Networks.

[2]  Russ Housley,et al.  Security flaws in 802.11 data link protocols , 2003, CACM.

[3]  Richard P. Martin,et al.  Detecting and Localizing Wireless Spoofing Attacks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[4]  Michel Barbeau,et al.  Detecting rogue devices in bluetooth networks using radio frequency fingerprinting , 2006, Communications and Computer Networks.

[5]  Paramvir Bahl,et al.  Secure wireless Internet access in public places , 2001, ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No.01CH37240).

[6]  David R. Cheriton,et al.  Detecting identity-based attacks in wireless networks using signalprints , 2006, WiSe '06.

[7]  William A. Arbaugh,et al.  Security problems in 802.11-based networks , 2003, CACM.

[8]  Michel Barbeau,et al.  Enhancing intrusion detection in wireless networks using radio frequency fingerprinting , 2004, Communications, Internet, and Information Technology.

[9]  David R. Cheriton,et al.  DoS and authentication in wireless public access networks , 2002, WiSE '02.

[10]  William A. Arbaugh,et al.  Security issues in IEEE 802.11 wireless local area networks: a survey , 2004, Wirel. Commun. Mob. Comput..

[11]  Mihaela Cardei,et al.  A Survey of Attacks and Countermeasures in Mobile Ad Hoc Networks , 2007 .

[12]  Adrian Friday,et al.  An Access Control Architecture for Metropolitan Area Wireless Networks , 2001, IDMS.

[13]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[14]  P. Schoo,et al.  Security mechanisms and security analysis: hotspot WLANs and inter-operator roaming , 2004, 2004 IEEE 59th Vehicular Technology Conference. VTC 2004-Spring (IEEE Cat. No.04CH37514).

[15]  Wade Trappe,et al.  Detecting Spoofing and Anomalous Traffic in Wireless Networks via Forge-Resistant Relationships , 2007, IEEE Transactions on Information Forensics and Security.

[16]  Barbara E. Bullock,et al.  Best Current Practices for Wireless Internet Service Provider (WISP) Roaming , 2002 .

[17]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[18]  V. Bahl,et al.  The CHOICE Network: Broadband Wireless Internet Access In Public Places , 2000 .

[19]  Yong Sheng,et al.  Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[20]  A. M. Abdullah,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1997 .

[21]  O. Ureten,et al.  Bayesian detection of Wi-Fi transmitter RF fingerprints , 2005 .

[22]  Joon S. Park,et al.  WLAN Security: Current and Future , 2003, IEEE Internet Comput..