Skip to main content
SpringerLink
Log in

Security analysis of application layer protocols on wireless local area networks

  • Published:
Journal of Shanghai Jiaotong University (Science) Aims and scope Submit manuscript

Abstract

This paper aims at analyzing the security issues that lie in the application layer (AL) protocols when users connect to the Internet via a wireless local area network (WLAN) through an access point. When adversaries launch deauthentication flood attacks cutting users’ connection, the connection managers will automatically research the last access point’s extended service set identifier (ESSID) and then re-establish connection. However, such re-connection can lead the users to a fake access point with the same ESSID set by attackers. As the attackers hide behind users’ access points, they can pass AL’s authentication and security schemes, e.g. secure socket layer (SSL). We have proved that they can even spy on users’ account details, passwords, data and privacy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Nessus. Tenable passive vulnerability scanner [EB/OL]. (2011-2-9). http://www.nessus.org/products/tenable-passive-vulnerability-scanner.

  2. Gorden A L, Loeb P M, Lucyshyn M, et al. Computer crime and security survey [R]. USA: CSI/FBI, 2006.

    Google Scholar 

  3. NIST SP800-48, Wireless network security: 802.11, bluetooth, and handheld devices [S].

  4. GAO. Information security: Federal agencies need to improve controls over wireless networks [R]. USA: Government Accountability Office, 2005.

    Google Scholar 

  5. Shieh Shiuh-pyng. Security and privacy on wireless networks [J]. Science Monthly, 2005, 36(2): 444–447 (in Chinese).

    Google Scholar 

  6. Walker J. 802.11, security series part III: AES-based encapsulations of 802.11 data [EB/OL]. (2011-2-27). http://jcbserver.uwaterloo.ca/cs436/nandouts/miscellaneous/IntelWireless 3.pdf.

  7. Cam-Winget C, Housley R, Wagner D, et al. Security flaws in 802.11 data link protocols [J]. Communications of the ACM, 2003, 46(5): 35–39.

    Article  Google Scholar 

  8. Baek K H, Smith S W, Kotz D. A survey of WPA and 802.11i RSN authentication protocols [R]. USA: Dartmouth College Computer Science, 2004.

    Google Scholar 

  9. Chou Hung-Lin. Analysis of WPA security [EB/OL]. (2011-3-5). http://lee-1.com/hlchou/WLANWPA.html.

  10. Wi-Fi Alliance. Wi-Fi is everywhere [EB/OL]. (2011-4-10). http://www.wifialliance.org/OpenSection/pdf/WPANI2003-Pres.pdf.

  11. Takahashi T. WPA passive dictionary attack overview (white paper) [R]. USA: Georgia Tech Information Security Center, 2004.

    Google Scholar 

  12. Wireless NewsFactor. Wireless ’smart glass’ knows when you need a drink [EB/OL]. (2011-3-14). http://www.wirelessnewsfactor.com/perl/story/17133.html.

  13. WNN Wi-Fi Net. Weakness in passphrase choice in WPA interface [EB/OL]. (2011-1-18). http://wifinetnews.com/archives/002452.html.

  14. NIST. National vulnerability database [EB/OL]. (2011-1-14). http://nvd.nist.gov.

  15. Cisco Security Advisory. Multiple vulnerabilities in the Cisco wireless LAN controller and Cisco lightweight access points [EB/OL]. (2011-5-2). http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml.

  16. AusCert. AA-2004.02-Denial of service vulnerability in IEEE 802.11 wireless devices [EB/OL]. (2011-4-23). http://www.auscert.org.au.

  17. Remote-Exploit org. Hotspotter-automatic wireless client penetration [EB/OL]. (2011-2-15). http://www.remote-exploit.org/codeshotspotter.html.

  18. Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC). White paper on 802.11wireless network security [EB/OL]. (2011-3-20). http://www.cert.org.tw/document/docfile/Wireless_Security.pdf (in Chinese).

Download references

Author information

Authors and Affiliations

  1. Department of Information & Computer Engineering, Chung Yuan Christian University, Chung Li, 320, Taiwan

    Ming-hour Yang  (杨明豪)

Authors
  1. Ming-hour Yang  (杨明豪)
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ming-hour Yang  (杨明豪).

Additional information

Foundation item: the National Science Council (No. NSC-99-2219-E-033-001), and the Foundation of the Chung Yuan Christian University (1004) (No. CYCUEECS. 9801)

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yang, Mh. Security analysis of application layer protocols on wireless local area networks. J. Shanghai Jiaotong Univ. (Sci.) 16, 586–592 (2011). https://doi.org/10.1007/s12204-011-1193-5

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12204-011-1193-5

Key words

CLC number

Search

Navigation