Title :
Client-based intrusion prevention system for 802.11 wireless LANs
Author :
Zhang, Yaqing ; Sampalli, Srinivas
Author_Institution :
Res. In Motion (RIM), Waterloo, ON, Canada
Abstract :
Denial of Service (DoS) attacks on 802.11 wireless LANs can be caused by management frames sent by rogue access points. Unfortunately, such attacks can be successful even if the wireless network is protected by a high-level security protocol such as WiFi Protected Access Version 2 (WPA2). We present a novel client-based scheme for the prevention of such intrusions. By using a Medium Access Control (MAC) filtering mechanism, the “smart” client is able to differentiate between legitimate and forged management frames. The proposed mechanism is non-cryptographic, has low overheads and can be deployed in existing IEEE 802.11 WLANs. We have built and tested a prototype of our scheme. We demonstrate that our mechanism can protect wireless clients against management frame DoS attacks launched at the MAC layer.
Keywords :
access protocols; security of data; telecommunication standards; wireless LAN; IEEE 802.11; WiFi protected access version 2; access points; client-based intrusion prevention system; denial of service attacks; high-level security protocol; management frames; medium access control filtering mechanism; wireless LAN; Authentication; Cryptography; IEEE 802.11 Standards; 802.11 Wireless LANs; Denial of Service; Management frame attacks; Medium Access Control; Wireless Security;
Conference_Titel :
Wireless and Mobile Computing, Networking and Communications (WiMob), 2010 IEEE 6th International Conference on
Conference_Location :
Niagara Falls, ON
Print_ISBN :
978-1-4244-7743-2
Electronic_ISBN :
978-1-4244-7741-8
DOI :
10.1109/WIMOB.2010.5644978
