Show simple item record

An Initial Security Analysis of the IEEE 802.1X Standard

dc.contributor.authorMishra, Aruneshen_US
dc.contributor.authorArbaugh, William A.en_US
dc.date.accessioned2004-05-31T23:16:03Z
dc.date.available2004-05-31T23:16:03Z
dc.date.created2002-02en_US
dc.date.issued2002-02-26en_US
dc.identifier.urihttp://hdl.handle.net/1903/1179
dc.description.abstractThe current IEEE 802.11 standard is known to lack any viable security mechanism. However, the IEEE has proposed a long term security architecture for 802.11 which they call the Robust Security Network (RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for access control, authentication, and key management. In this paper, we present two security problems (session hijacking, and the establishment of a man-in-the-middle) we have identified and tested operationally. The existence of these flaws highlight several basic design flaws within 802.1X and its combination with 802.11. As a result, we conclude that the current combination of the IEEE 802.1X and 802.11 standards does not provide a sufficient level of security, nor will it ever without significant changes. Also UMIACS-TR-2002-10en_US
dc.format.extent280451 bytes
dc.format.mimetypeapplication/postscript
dc.language.isoen_US
dc.relation.ispartofseriesUM Computer Science Department; CS-TR-4328en_US
dc.relation.ispartofseriesUMIACS; UMIACS-TR-2002-10en_US
dc.titleAn Initial Security Analysis of the IEEE 802.1X Standarden_US
dc.typeTechnical Reporten_US
dc.relation.isAvailableAtDigital Repository at the University of Marylanden_US
dc.relation.isAvailableAtUniversity of Maryland (College Park, Md.)en_US
dc.relation.isAvailableAtTech Reports in Computer Science and Engineeringen_US
dc.relation.isAvailableAtUMIACS Technical Reportsen_US


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record