Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Computer Security Principles and Practice Chapter 24 Wireless Network Security E

ID: 3569977 • Letter: C

Question

Computer Security Principles and Practice

Chapter 24 Wireless Network Security Ex. 24.1

In IEEE 802.11, open system authentication simply consists of two communications. An authentication is requested by the client, which contains the station ID (typically the MAC address). This is followed by an authentication response from the AP/router containing a success or failure message. An example of when a failure may occur is if the client's MAC address is explicitly excluded in the AP/router configuration.

a. What are the benefits of this authenticaiton scheme?

b. What are the security vulernabilities of this authentication scheme?

Explanation / Answer

a) MAC authentication has the following advantages:
User-friendliness: It is more user-friendly because when used alone after initial registration of the MAC address, the
authentication is totally transparent to the user. For instance,s/he does not need to type in a password, carry a smartcard, etc.
High-availability: Although, it is not specified in the 802.11 standard, most vendors support MAC authentication. Therefore, as we said earlier, even when other authentication mechanisms are in place, MAC authentication can be used to augment them.
Efficiency: MAC address authentication has efficiency advantage over other alternatives. Since no cryptographic
algorithm is involved, it has little performance overhead compared to default settings.

b)What are the security vulernabilities of this authentication scheme?

where the authentication is solely based on MAC addresses, the risks associated with MAC authentication are
more severe. This is because
(1) attacks can be less sophisticated
(2) we have limited countermeasures available against these attacks.

if two-factor authentication is in place. then , the attacker needs to capture the traffic and learns some authorized MAC addresses first. However in this case it is not possible for him to wait till one of the authorized users quits. Because when a user quits, his communication returns back to the initial state where no frame is forwarded by the access point. To change the state back again to authenticated-associated, the attacker needs to
authenticate himself successfully. Since the attacker does not hold the credentials for this authentication, the MAC address he has captured is useless after the authorized user quits the session. Therefore, the attacker should act while the authorized user continues communication with the access point.

Related Questions

Computer Science Network Questions - The primary contents of an IP Datagram head
Question #3748369
Computer Science Network Questions - This protocol is used to broadcast the rout
Question #3748365
Computer Science Network Questions - What is the Reserved Loopback Address? What
Question #3748368
Computer Science Networking Questions - Which bytes of the IP address are assign
Question #3750307
Computer Science Networks HW - Networks, IP Addresses, and more There are also p
Question #3571432
Computer Science OS Question: A synchronization mechanism consists of 2 atomic r
Question #3694337
Computer Science OS Question: A synchronization mechanism consists of 2 atomic r
Question #3696149
Computer Science Object Oriented Programming Question 3.13 (Invoice Class) Creat
Question #3879167
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Computer Security Principles and Practice Chapter 24 Wireless Network Security E
Next
Computer Security Principles and Practice: William Stallings Questions: 1. What

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.