| 802.11 wireless LANs (WLANs) have seen tremendous growth and widespread deployment in recent years. At the same time, security concerns are also raised with these networks as a number of attacks such as Denial of Service, Session Hijacking, and Meet-In-The-Middle attacks can be launched at the MAC layer.; In this thesis a client-based mechanism is presented to protect wireless clients from MAC layer attacks. By using a MAC filtering mechanism, the "smart" client is able to differentiate between legitimate frames and forged frames. In addition the proposed scheme uses an adaptive threshold strategy for validation of sequence number gaps in frames. Besides sequence numbers, a timestamp is used to improve the precision of the dynamic threshold. Furthermore the MAC layer fingerprinting mechanism is discovered and can also be used in the system.; The proposed mechanism has low overheads and can be deployed in existing IEEE 802.11 WLANs. We have built and tested a prototype of our scheme. We demonstrate that our mechanism can protect wireless clients against a variety of management frame attacks launched at the MAC layer. |
