An Initial Security Analysis of the IEEE 802.1X Standard

Loading...
Thumbnail Image

Files

CS-TR-4328.ps (273.88 KB)
No. of downloads: 4024
CS-TR-4328.pdf (209.69 KB)
No. of downloads: 2237

Publication or External Link

Date

2002-02-06

Advisor

Citation

DRUM DOI

Abstract

The current IEEE 802.11 standard is known to lack any viable security mechanism. However, the IEEE has proposed a long term security architecture for 802.11 which they call the Robust Security Network (RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for access control, authentication, and key management. In this paper, we present two security problems (session hijacking, and the establishment of a man-in-the-middle) we have identified and tested operationally. The existence of these flaws highlight several basic design flaws within 802.1X and its combination with 802.11. As a result, we conclude that the current combination of the IEEE 802.1X and 802.11 standards does not provide a sufficient level of security, nor will it ever without significant changes. Also UMIACS-TR-2002-10

Notes

Rights