Create an Account
username: password:
 
  MemeStreams Logo

An Initial Security Analysis of the IEEE 802.1X Standard [PDF]

search

Jeremy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Jeremy's topics
Arts
  Literature
   Classical
   Fiction
   Horror
   Non-Fiction
   Sci-Fi/Fantasy Literature
  Movies
   Movie Genres
    Action/Adventure
    Cult Films
    Documentary
    Drama
    Horror
    Independent Films
    Film Noir
    Sci-Fi/Fantasy Films
    War
  Music
   Music Styles
    Classical
    Electronic Music
    Rap & Hip Hop
    IDM
    Jazz
    World Music
  TV
   TV Documentary
   TV Drama
   SciFi TV
Business
  Finance & Accounting
  Industries
   Tech Industry
   Telecom Industry
  Management
  Markets & Investing
Games
  Video Games
   PC Video Games
   Console Video Games
Health and Wellness
  Medicine
Home and Garden
  Cooking
  Entertaining
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
  Israeli/Palestinian
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   California
    SF Bay Area
   Events in Washington D.C.
   News for Washington D.C.
   Georgia
    Atlanta
     Atlanta Events
Science
  Biology
  History
  Math
  Medicine
  Nano Tech
  Physics
Society
  Economics
  Education
  Futurism
  International Relations
  History
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   PC Hardware
   Human Computer Interaction
   Computer Networking
   Macintosh
   Software Development
    Open Source Development
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
An Initial Security Analysis of the IEEE 802.1X Standard [PDF]
Topic: Computer Security 9:31 pm EST, Feb 15, 2002

Many of the major IT zines are running a story on this, but none I read linked directly to the paper. Here it is.

Abstract: The current IEEE 802.11 standard is known to lack any viable security mechanism. However, the IEEE has proposed a long term security architecture for 802.11 which they call the Robust Security Network (RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for access control, authentication, and key management. In this paper, we present two security problems (session hijacking, and the establishment of a man-in-the-middle) we have identified and tested operationally. The existence of these flaws highlight several basic design flaws within 802.1X and its combination with 802.11. As a result, we conclude that the current combination of the IEEE 802.1X and 802.11 standards does not provide a sufficient level of security, nor will it ever without significant changes.

Available online in Acrobat PDF, 236 KB, 12 pages.

I can't help but think that the IEEE's "RSN" will soon be recast by its critics as "Real Soon Now."

An Initial Security Analysis of the IEEE 802.1X Standard [PDF]



 
 
Powered By Industrial Memetics
RSS2.0