Vis enkel innførsel

dc.contributor.advisorMjølsnes, Stig Frodenb_NO
dc.contributor.advisorEian, Martinnb_NO
dc.contributor.advisorJelle, Thomasnb_NO
dc.contributor.authorIdland, Christernb_NO
dc.date.accessioned2014-12-19T14:14:24Z
dc.date.available2014-12-19T14:14:24Z
dc.date.created2011-10-06nb_NO
dc.date.issued2011nb_NO
dc.identifier446135nb_NO
dc.identifierntnudaim:6260nb_NO
dc.identifier.urihttp://hdl.handle.net/11250/262515
dc.description.abstractIn order to provide hassle-free connection options many wireless local area network (WLAN) providers choose to have their networks completely open. In other words there is no password required in order to connect. Such open configurations do not provide any security features on the wireless medium, but are often implemented with other solutions as captive portals. A captive portal forces a Hypertext Transfer Protocol (HTTP) client to see a certain webpage, usually for authentication purposes. All other packets are blocked. Once authenticated, the client's medium access control (MAC) address is whitelisted and he will have access to the Internet.The MAC spoofing attack is easy to perform in open networks, see Appendix A. This attack can have severe consequences as the attacker masquerades as a legitimate client, potentially getting the victim caught for crime done by the attacker. The preferred way to handle these attacks has been through detection, as it can be done on the server side without complicating anything for the user. Effective and reliable detection techniques for plain and QoS enabled 802.11 networks exists [1,5]. However, no good solution exists to detect attacks when the legitimate client is no longer connected. The two main scenarios are the session hijacking attack, where the attacker forces the victim offline, and the wait-for-availability attack where the attacker waits until the legitimate client leaves the network.An algorithm based on MAC layer fingerprinting was developed to detect the class of attacks where attacker and victim are not connected simultaneously. A fingerprint is based on the behavior of a station (STA), and each STA's behavior varies due to implementation differences of the 802.11 protocol. Experiments in a real network was performed with 11 different STAs in order to determine the fingerprints. The results show that on average 2.82 of the 8 fingerprinting properties were different when comparing two fingerprints.The fingerprinting algorithm developed is capable of passively creating a fingerprint of wireless STAs without specialized equipment in realistic network conditions. Fingerprints from different STAs are unique with high probability, even when there are little data available. In addition, the technique used is accurate, fast, and requires no pre-computed databases. The algorithm used in combination with the IDS developed by Idland [1] is now able to detect all of the five different MAC spoofing attacks described in Section 2.6.2.nb_NO
dc.languageengnb_NO
dc.publisherInstitutt for telematikknb_NO
dc.subjectntnudaim:6260no_NO
dc.subjectMTKOM kommunikasjonsteknologino_NO
dc.subjectInformasjonssikkerhetno_NO
dc.titleDetecting MAC Spoofing Attacks in 802.11 Networks through Fingerprinting on the MAC Layernb_NO
dc.typeMaster thesisnb_NO
dc.source.pagenumber118nb_NO
dc.contributor.departmentNorges teknisk-naturvitenskapelige universitet, Fakultet for informasjonsteknologi, matematikk og elektroteknikk, Institutt for telematikknb_NO


Tilhørende fil(er)

Thumbnail
Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel