J Shanghai Jiaotong Univ Sci

Journal of Shanghai Jiaotong University(Science) >

2011 , Vol. 16 >Issue 5: 586 - 592

DOI: https://doi.org/10.1007/s12204-011-1193-5

Articles

Security Analysis of Application Layer Protocols on Wireless Local Area
Networks

Expand
  • (Department of Information & Computer Engineering,
    Chung Yuan Christian University, Chung Li 320)

Received date: 2011-06-12

  Online published: 2011-10-20

Fold

Abstract

Abstract:  This paper aims at analyzing the security issues that lie in the
application layer (AL) protocols when users connect to the Internet via a
wireless local area network (WLAN) through an access point. When adversaries
launch deauthentication flood attacks cutting users' connection,
the connection managers will automatically re-search the last access point's
extended service set identifier (ESSID) and then re-establish connection.
However, such re-connection can lead the users to a fake access point with
the same ESSID set by attackers. As the attackers hide behind users' access
points, they can pass AL's authentication and security schemes, e.g. secure
socket layer (SSL). We have proved that they can even spy on users' account
details, passwords, data and privacy.

Key words: man-in-the-middle (MITM) attacks; session hijacking; wireless
local area network (WLAN)

Cite this article

YANG Ming-hour (杨明豪) . Security Analysis of Application Layer Protocols on Wireless Local Area
Networks[J]. Journal of Shanghai Jiaotong University(Science), 2011 , 16(5) : 586 -592 . DOI: 10.1007/s12204-011-1193-5

References

1 Nessus. Tenable passive vulnerability scanner [EB/OL]. (2011-2-9).

http://www.nessus.org/pro\-ducts/tenable-passive-vulnerability-scanner.
2  Gorden A L, Loeb P M, Lucyshyn M, et al. Computer crime and security survey [R]. USA: CSI/FBI, 2006.
3 NIST SP800-48, Wireless network security: 802.11, bluetooth, and handheld devices [S].
4 GAO. Information security: Federal agencies need to improve controls over wireless networks [R]. USA: Government Accountability Office, 2005.
5  Shieh Shiuh-pyng. Security and privacy on wireless networks [J].  Science Monthly, 2005,  36(2): 444-447 (in Chinese).
6  Walker J. 802.11, security series part III: AES-based encapsulations of 802.11 data [EB/OL]. (2011-2-27). http://jcbserver.uwaterloo.ca/cs436/nandouts/ miscellaneous/Intel Wireless 3.pdf.
7  Cam-Winget C, Housley R, Wagner D, et al. Security flaws in 802.11 data link protocols [J].  Communications of the ACM, 2003,  46(5): 35-39.
8  Baek K H, Smith S W, Kotz D. A survey of WPA and 802.11i RSN authentication protocols [R]. USA: Dartmouth College Computer Science, 2004.
9  Chou Hung-Lin. Analysis of WPA security

 [EB/OL]. (2011-3-5). http://lee-1.com/hlchou/WLANWPA. html.
10Wi-Fi Alliance. Wi-Fi is everywhere [EB/OL]. (2011-4-10).

http://www.wifialliance.org/OpenSection/pdf/ WPA_NI_2003-Pres.pdf.
11  Takahashi T. WPA passive dictionary attack overview (white paper) [R]. USA: Georgia Tech Information Security Center, 2004.
12 Wireless NewsFactor. Wireless 'smart glass' knows when you need a

drink [EB/OL]. (2011-3-14).

http://www.wirelessnewsfactor.com/perl/story/17133. html.
13WNN Wi-Fi Net. Weakness in passphrase choice in WPA interface [EB/OL]. (2011-1-18). http:// wifinetnews.com/archives/002452.html.
14 NIST. National vulnerability database [EB/OL]. (2011-1-14). http://nvd.nist.gov.

...
Options
Outlines

/