J Shanghai Jiaotong Univ Sci

Journal of shanghai Jiaotong University (Science) ›› 2011, Vol. 16 ›› Issue (5): 586-592.doi: 10.1007/s12204-011-1193-5

• Articles • Previous Articles     Next Articles

Security Analysis of Application Layer Protocols on Wireless Local Area
Networks

Security Analysis of Application Layer Protocols on Wireless Local Area
Networks

 YANG Ming-hour (杨明豪)   

  1. (Department of Information & Computer Engineering,
    Chung Yuan Christian University, Chung Li 320)
  2. (Department of Information & Computer Engineering,
    Chung Yuan Christian University, Chung Li 320)
  • Received:2011-06-12 Online:2011-10-29 Published:2011-10-20
  • Contact: YANG Ming-hour (杨明豪) E-mail: mhyang@cycu.edu.tw

Abstract: Abstract:  This paper aims at analyzing the security issues that lie in the
application layer (AL) protocols when users connect to the Internet via a
wireless local area network (WLAN) through an access point. When adversaries
launch deauthentication flood attacks cutting users' connection,
the connection managers will automatically re-search the last access point's
extended service set identifier (ESSID) and then re-establish connection.
However, such re-connection can lead the users to a fake access point with
the same ESSID set by attackers. As the attackers hide behind users' access
points, they can pass AL's authentication and security schemes, e.g. secure
socket layer (SSL). We have proved that they can even spy on users' account
details, passwords, data and privacy.

Key words:

man-in-the-middle (MITM) attacks| session hijacking| wireless
local area network (WLAN)

摘要: Abstract:  This paper aims at analyzing the security issues that lie in the
application layer (AL) protocols when users connect to the Internet via a
wireless local area network (WLAN) through an access point. When adversaries
launch deauthentication flood attacks cutting users' connection,
the connection managers will automatically re-search the last access point's
extended service set identifier (ESSID) and then re-establish connection.
However, such re-connection can lead the users to a fake access point with
the same ESSID set by attackers. As the attackers hide behind users' access
points, they can pass AL's authentication and security schemes, e.g. secure
socket layer (SSL). We have proved that they can even spy on users' account
details, passwords, data and privacy.

关键词:

man-in-the-middle (MITM) attacks| session hijacking| wireless
local area network (WLAN)

CLC Number: