An Experimental Evaluation of Over-The-Air (OTA) Wireless Intrusion Prevention Techniques

Wireless Local Area Networks (WLANs) can open certain security backdoors which cannot be mitigated by conventional security mechanisms such as firewalls. This has lead to the development and quick adoption of a new suite of products that specialize in securing a network from the WLAN based security threats. Such products, known as Wireless Intrusion Prevention System (WIPS), not only detect wireless intrusions, but can also prevent them. One of the popular methods used in a WIPS for intrusion prevention is Over-The-Air (OTA) prevention which involves the transmission of specially crafted Medium Access Control (MAC) level packets over the wireless medium. Although OTA prevention is generally based on known MAC level denial-of-service techniques, there is little information available on the strengths and limitations of such techniques in mitigating unauthorized communication. In this paper, we first provide a test-bed based experimental evaluation of several (four) OTA prevention techniques in mitigating unauthorized wireless communication. Experimental results demonstrate that: (i) none of the considered OTA techniques may individually be able to prevent all the wireless threat scenarios reliably, (ii) certain techniques can fail against devices from certain vendors, and, (iii) OTA techniques require continual transmission of MAC level packets for effective blockage. Finally, we discuss the implications of the experimental results on the design of a WIPS.