Survey of Media Access Control address spoofing attacks detection and prevention techniques in wireless networks

Wireless networks are used to access many services such as Internet banking, e-commerce, eHealth, and from many more systems that relay sensitive information. To connect to a wireless network a user needs to be authenticated by and be associated with an access point. Management frames and control frames are used for authentication, association and giving a user access to the wireless network. Management frames and control frames are sent in clear text and can expose the wireless network to security attacks such as media access control spoofing and session hijacking attacks. An attacker with the packet sniffer software can intercept packets and extract Media Access Control addresses of the access point or other users. MAC address is used to associate a client with the access point in wireless networks. An attacker can use a spoofed Media Access Control address of the real access point to disconnect the legitimate users from the network and takeover any existing TCP session that has already been established. Since the legitimate user is already authenticated in the network, an attacker with the spoofed MAC address will not require authentication. Such an exploitation of a valid computer session to gain unauthorized access to information or services through a network is referred to as session hijacking attack. There are proposed methods for dealing with MAC address spoofing. Some methods produce lots of false positives and false negatives while others require a lot of infrastructural overhead as well as computational overhead. In this study some of the existing MAC addresses spoofing detection and prevention methods are reviewed, with strengths and weaknesses analysed. Factors considered in the analysis include reliability and robustness of the methods, and performance in terms of computational overhead and efficiency.