Pushing the Limits of Address Based Authentication: How to Avoid MAC Address Spoofing in Wireless LANs

It is well-known that in wireless local area networks, authenticating nodes by their MAC addresses is not secure since it is very easy for an attacker to learn one of the authorized addresses and change his MAC address accordingly. In this paper, in order to prevent MAC address spoofing attacks, the authors propose to use dynamically changing MAC addresses and make each address usable for only one session. The scheme they propose does not require any change in 802.11 protocols and incurs only a small performance overhead. One of the nice features of the new scheme is that no third party can link different communication sessions of the same user by monitoring MAC addresses therefore the scheme is preferable also with respect to user privacy.