I am a student of information technology and I am doing a project on avoiding MA

Question

I am a student of information technology and I am doing a project on avoiding MAC spoofing by using MAC encryption.

My goal is to encrypt the MAC address inside the packet and send that packet to the router over the WiFi network.

On the router side, I want to decrypt the MAC address from the packet and store it in such a way that no unauthorized user can see that MAC address, thus avoiding MAC spoofing.

I want to know whether is it possible to encrypt MAC address and if it is possible to decrypt that MAC address at the router side?

Explanation / Answer

You cannot encrypt the MAC address itself and "send that packet to the router" - the MAC is required to enable the packet to reach the router and enable the router to send packets back. It's simply not possible to "hide" the MAC address.

While it's theoretically possible to put some sort of signing (related to encryption) in place, using encryption primitives to attest to the validity of packet-MAC pairings, the protocols do not currently support that to the best of my knowledge. I think you'll find that anyone approaching this problem does so at a higher level - transport (IPSec) or application (HTTPS). Not least because any authentication of the physical layer is non-routable; the MAC address only has significance within the local network, and any work done to secure it will not scale more than one hop.

As an exercise allow me to suggest that you perform a packet capture of traffic during at least two routed hops (e.g., at the web client, at the web server, a router in between). Look at the MAC addresses involved. They change and have no authoritative relation to the sender or receiver. Taking the measures you've suggested to secure them would not be applicable.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.