Wireless LAN (WLAN) spoofing detection methods - Analysis and the victim Silent case

Wireless LANs are quite popular and have found wide spread usage amongst various segments. The issue of spoofing, and its detection, in Wireless LANs has been a matter of serious debate and received wide spread attention in research community as well. Spoofing is a potent weapon in the hands of a Cyber Criminal. The very characteristics of spoofing makes the task of identification and tracking back of the perpetrator / initiator in Cyber Crimes very difficult, e.g. those relating to denial of service, session hijacking, and address masquerading attacks by changing its network identifiers in WLANs. One way to overcome the problem of spoofing is to authenticate the frames. However, in 802.11 WLANs, authentication and encryption for management and control frames is not provided. It is also observed that present MAC spoofing detection techniques bring out large number of false positives. This paper analyses the various spoofing detection methods in WLANs bringing out their pros and cons including the different level of security provided ranging from low to high. The analysis in the paper also brings out as to which particular method could be more suitable in a particular scenario and how one can easily get the reduced false positives, which has been a bane of current detection methods. The paper also presents two case scenarios, particularly highlighting the victim Silent case scenario not discussed much thus far in the current literature on the topic, to validate the results. By way of retrospect, an outline of future work is also suggested in the concluding remarks.