WISE GUARD - MAC Address Spoofing Detection System for Wireless LANs

Kai Tao, Jing Li, Srinivas Sampalli

2007

Abstract

MAC (Medium Access Control) address spoofing is regarded as an important first step in a hacker’s attempt to launch a variety of attacks on 802.11 wireless LANs. Unfortunately, MAC address spoofing is hard to detect. Most current spoofing detection systems mainly use the sequence number (SN) tracking technique, which has drawbacks. Firstly, it may lead to an increase in the number of false positives. Secondly, such techniques cannot be used in systems with wireless cards that do not follow standard 802.11 sequence number patterns. Thirdly, attackers can forge sequence numbers, thereby causing the attacks to go undetected. We present a new architecture called WISE GUARD (Wireless Security Guard) for detection of MAC address spoofing on 802.11 wireless LANs. It integrates three detection techniques – SN tracking, Operating System (OS) fingerprinting and tracking and Received Signal Strength (RSS) fingerprinting and tracking. It also includes the fingerprinting of Access Point (AP) parameters as an extension to the OS fingerprinting for detection of AP address spoofing. We have implemented WISE GUARD on a test bed using off-the-shelf wireless devices and open source drivers. Experimental results show that the new design enhances the detection effectiveness and reduces false positives, in comparison with current approaches.

References

  1. IEEE Wireless LAN Standards (n.d.), accessed March 2007, from http://standards.ieee.org/
  2. Wright, J., 2003. Detecting Wireless LAN MAC Address Spoofing. Accessed March 2007 from http://home.jwu.edu/jwright/papers.htm
  3. Haidong, X., Brustoloni, J., Mitrou, N., Kontovasilis, K., Rouskas, G., Iliadis, I., Merakos, L., 2004. Detecting and blocking unauthorized access in Wi-Fi networks in Proceedings of the International Networking Conference, Greece, May 2004, pp. 795-806.
  4. Arkin, O., 2000. ICMP Usage in Scanning, Sys-Security Group Pub, July 2000, accessed March 2007 from
  5. http://www.syssecurity.com/archive/papers/ICMP_Scanni ng_v1.0.pdf
  6. Zalewski, M., (n.d.) Passive OS fingerprinting tool”, accessed March 2007 from http://www.networkintrusion.co.uk/osfp.htm.
  7. Bahl, P., and Padmanabhan, V.N., 2000. Radar: An inbuilding rf-based user location and tracking system. In Proceedings of the IEEE Infocom 2000, Tel-Aviv, Israel, vol. 2, Mar. 2000, pp. 775--784.
  8. Interlink Networks, 2002. A Practical Approach to Identifying and Tracking Unauthorized 802.11 cards and Access Points, White Paper, Interlink Networks, Inc., April 2002.
  9. Bardwell, J., (n.d.) “WiFi Radio Characteristics and the Cost of WLAN implementation”, White Paper, Connect802, accessed March 2007 from http://www.connect802.com/white_papers.htm.
  10. Airopeek (n.d.), accessed March 2007, from http://www.wildpackets.com
  11. Snort-wireless (n.d.), accessed March 2007, from http://snort-wireless.org
  12. WiFi Scanner, (n.d.). Accessed March 2007 from http://wifiscanner.sourceforge.net.
  13. Air Defense Enterprise, (n.d.), Accessed March 2007 from http://www.airdefense.net.
  14. Aruba Networks, (n.d.). Accessed March 2007 from http://www.arubanetworks.com.
  15. Bahl, P., Padmanabhan, V.N., and Balachandran, A., 2000. A Software System for Locating Mobile Users: Design, Evaluation, and Lessons, Technical report MSR-TR-2000-12, Feb 2000. Accessed March 2007 from http://citeseer.ist.psu.edu/bahl00software.html.
  16. Malinen, J., and contributors (n.d.). Host AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant. Accessed March 2007 from http://hostap.epitest.fi/.
Download


Paper Citation


in Harvard Style

Tao K., Li J. and Sampalli S. (2007). WISE GUARD - MAC Address Spoofing Detection System for Wireless LANs . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 140-147. DOI: 10.5220/0002123601400147


in Bibtex Style

@conference{secrypt07,
author={Kai Tao and Jing Li and Srinivas Sampalli},
title={WISE GUARD - MAC Address Spoofing Detection System for Wireless LANs},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={140-147},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002123601400147},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - WISE GUARD - MAC Address Spoofing Detection System for Wireless LANs
SN - 978-989-8111-12-8
AU - Tao K.
AU - Li J.
AU - Sampalli S.
PY - 2007
SP - 140
EP - 147
DO - 10.5220/0002123601400147