1st International IEEE Workshop on WIreless Systems: Advanced Research and Development

Research Article

An Experimental Evaluation of Over-The-Air (OTA) Wireless Intrusion Prevention Techniques

  • @INPROCEEDINGS{10.1109/COMSWA.2007.382464,
        author={A. Vartak and S. Ahmad and K  N Gopinath},
        title={An Experimental Evaluation of Over-The-Air (OTA) Wireless Intrusion Prevention Techniques},
        proceedings={1st International IEEE Workshop on WIreless Systems: Advanced Research and Development},
        publisher={IEEE},
        proceedings_a={WISARD},
        year={2007},
        month={7},
        keywords={experimental evaluation  intrusion prevention  wireless},
        doi={10.1109/COMSWA.2007.382464}
    }
    
  • A. Vartak
    S. Ahmad
    K N Gopinath
    Year: 2007
    An Experimental Evaluation of Over-The-Air (OTA) Wireless Intrusion Prevention Techniques
    WISARD
    IEEE
    DOI: 10.1109/COMSWA.2007.382464
A. Vartak1, S. Ahmad1, K N Gopinath1
  • 1: R&D Group, AirTight Networks, Pune, India

Abstract

Wireless Local Area Networks (WLANs) can open certain security backdoors which cannot be mitigated by conventional security mechanisms such as firewalls. This has lead to the development and quick adoption of a new suite of products that specialize in securing a network from the WLAN based security threats. Such products, known as Wireless Intrusion Prevention System (WIPS), not only detect wireless intrusions, but can also prevent them. One of the popular methods used in a WIPS for intrusion prevention is Over-The-Air (OTA) prevention which involves the transmission of specially crafted Medium Access Control (MAC) level packets over the wireless medium. Although OTA prevention is generally based on known MAC level denial-of-service techniques, there is little information available on the strengths and limitations of such techniques in mitigating unauthorized communication. In this paper, we first provide a test-bed based experimental evaluation of several (four) OTA prevention techniques in mitigating unauthorized wireless communication. Experimental results demonstrate that: (i) none of the considered OTA techniques may individually be able to prevent all the wireless threat scenarios reliably, (ii) certain techniques can fail against devices from certain vendors, and, (iii) OTA techniques require continual transmission of MAC level packets for effective blockage. Finally, we discuss the implications of the experimental results on the design of a WIPS.