An Initial Security Analysis of the IEEE 802.1X Standard

Mishra, Arunesh; Arbaugh, William A.

An Initial Security Analysis of the IEEE 802.1X Standard

Files

CS-TR-4328.ps(273.88 KB)

No. of downloads: 3995

CS-TR-4328.pdf(209.69 KB)

No. of downloads: 2175

Date

2002-02-26

Authors

Mishra, Arunesh

Arbaugh, William A.

Abstract

The current IEEE 802.11 standard is known to lack any viable security mechanism. However, the IEEE has proposed a long term security architecture for 802.11 which they call the Robust Security Network (RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for access control, authentication, and key management. In this paper, we present two security problems (session hijacking, and the establishment of a man-in-the-middle) we have identified and tested operationally. The existence of these flaws highlight several basic design flaws within 802.1X and its combination with 802.11. As a result, we conclude that the current combination of the IEEE 802.1X and 802.11 standards does not provide a sufficient level of security, nor will it ever without significant changes. Also UMIACS-TR-2002-10

URI (handle)

http://hdl.handle.net/1903/1179

Collections

Technical Reports from UMIACS
Technical Reports of the Computer Science Department

Full item page