An Initial Security Analysis of the IEEE 802.1X Standard
An Initial Security Analysis of the IEEE 802.1X Standard
Loading...
Files
Publication or External Link
Date
2002-02-26
Authors
Mishra, Arunesh
Arbaugh, William A.
Advisor
Citation
DRUM DOI
Abstract
The current IEEE 802.11 standard is known to lack any viable security
mechanism. However, the IEEE has proposed a long term security
architecture for 802.11 which they call the Robust Security Network
(RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for
access control, authentication, and key management. In this paper, we
present two security problems (session hijacking, and the
establishment of a man-in-the-middle) we have identified and tested
operationally. The existence of these flaws highlight several basic
design flaws within 802.1X and its combination with 802.11. As a
result, we conclude that the current combination of the IEEE 802.1X
and 802.11 standards does not provide a sufficient level of security,
nor will it ever without significant changes.
Also UMIACS-TR-2002-10