WISE GUARD - MAC Address Spoofing Detection System for Wireless LANs

Kai Tao; Jing Li; Srinivas Sampalli

doi:10.5220/0002123601400147

WISE GUARD - MAC Address Spoofing Detection System for Wireless LANs

Kai Tao, Jing Li, Srinivas Sampalli

2007

Abstract

MAC (Medium Access Control) address spoofing is regarded as an important first step in a hacker’s attempt to launch a variety of attacks on 802.11 wireless LANs. Unfortunately, MAC address spoofing is hard to detect. Most current spoofing detection systems mainly use the sequence number (SN) tracking technique, which has drawbacks. Firstly, it may lead to an increase in the number of false positives. Secondly, such techniques cannot be used in systems with wireless cards that do not follow standard 802.11 sequence number patterns. Thirdly, attackers can forge sequence numbers, thereby causing the attacks to go undetected. We present a new architecture called WISE GUARD (Wireless Security Guard) for detection of MAC address spoofing on 802.11 wireless LANs. It integrates three detection techniques – SN tracking, Operating System (OS) fingerprinting and tracking and Received Signal Strength (RSS) fingerprinting and tracking. It also includes the fingerprinting of Access Point (AP) parameters as an extension to the OS fingerprinting for detection of AP address spoofing. We have implemented WISE GUARD on a test bed using off-the-shelf wireless devices and open source drivers. Experimental results show that the new design enhances the detection effectiveness and reduces false positives, in comparison with current approaches.

Download

Paper Citation

in Harvard Style

Tao K., Li J. and Sampalli S. (2007). WISE GUARD - MAC Address Spoofing Detection System for Wireless LANs . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 140-147. DOI: 10.5220/0002123601400147

in Bibtex Style

@conference{secrypt07,
author={Kai Tao and Jing Li and Srinivas Sampalli},
title={WISE GUARD - MAC Address Spoofing Detection System for Wireless LANs},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={140-147},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002123601400147},
isbn={978-989-8111-12-8},
}

in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - WISE GUARD - MAC Address Spoofing Detection System for Wireless LANs
SN - 978-989-8111-12-8
AU - Tao K.
AU - Li J.
AU - Sampalli S.
PY - 2007
SP - 140
EP - 147
DO - 10.5220/0002123601400147