An Initial Security Analysis of the IEEE 802.1X Standard
dc.contributor.author | Mishra, Arunesh | en_US |
dc.contributor.author | Arbaugh, William A. | en_US |
dc.date.accessioned | 2004-05-31T23:16:03Z | |
dc.date.available | 2004-05-31T23:16:03Z | |
dc.date.issued | 2002-02-06 | en_US |
dc.description.abstract | The current IEEE 802.11 standard is known to lack any viable security mechanism. However, the IEEE has proposed a long term security architecture for 802.11 which they call the Robust Security Network (RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for access control, authentication, and key management. In this paper, we present two security problems (session hijacking, and the establishment of a man-in-the-middle) we have identified and tested operationally. The existence of these flaws highlight several basic design flaws within 802.1X and its combination with 802.11. As a result, we conclude that the current combination of the IEEE 802.1X and 802.11 standards does not provide a sufficient level of security, nor will it ever without significant changes. Also UMIACS-TR-2002-10 | en_US |
dc.format.extent | 280451 bytes | |
dc.format.mimetype | application/postscript | |
dc.identifier.uri | http://hdl.handle.net/1903/1179 | |
dc.language.iso | en_US | |
dc.relation.isAvailableAt | Digital Repository at the University of Maryland | en_US |
dc.relation.isAvailableAt | University of Maryland (College Park, Md.) | en_US |
dc.relation.isAvailableAt | Tech Reports in Computer Science and Engineering | en_US |
dc.relation.isAvailableAt | UMIACS Technical Reports | en_US |
dc.relation.ispartofseries | UM Computer Science Department; CS-TR-4328 | en_US |
dc.relation.ispartofseries | UMIACS; UMIACS-TR-2002-10 | en_US |
dc.title | An Initial Security Analysis of the IEEE 802.1X Standard | en_US |
dc.type | Technical Report | en_US |