Attacks Due to Flaw of Protocols Used in Network Access Control (NAC), Their Solutions and Issues: A Survey

Full Text (PDF, 277KB), PP.31-46

Views: 0 Downloads: 0


Snehasish Parhi 1,*

1. Department of Computer Center National Institute of Technology, Rourkela, Odisha, India

* Corresponding author.


Received: 5 Jul. 2011 / Revised: 2 Nov. 2011 / Accepted: 1 Jan. 2012 / Published: 8 Apr. 2012

Index Terms

NAC, 802.1x, EAP 802.11i, 802.11w, RADIUS


In order to ensure and enforce endpoint security, Network Access Control (NAC) is attracting considerable interest from the research community. Most NAC architectures are based on 802.1x, EAP (Extensible Authentication Protocol), EAPoL (EAP over LAN) 802.11i, 802.11w, and RADIUS (Remote Authentication Dial-In User Service) protocols. Unprotected management and control frames in some of above protocols lead to several attacks. Eliminating flaws completely in design of each protocol is a challenge. These flaws help malicious user and infected endpoint to intrude into the NAC architecture to make damage into it. Many researches have been carried out to address this issue. In this paper, we have made an attempt to explain attacks in above protocols and present a survey and analysis of different solution approaches proposed by researchers. The affect of vulnerability and attack of above protocols in NAC is also discussed. The finding of this review will provide useful insights into the vulnerabilities, attacks in above protocols, and their proposed solutions with issues, which may create a research scope for strengthening security in NAC.

Cite This Paper

Snehasish Parhi, "Attacks Due to Flaw of Protocols Used In Network Access Control (NAC), Their Solutions and Issues: A Survey ", International Journal of Computer Network and Information Security(IJCNIS), vol.4, no.3, pp.31-46, 2012. DOI:10.5815/ijcnis.2012.03.05


[1]Yabin, L., Huanguo, Z., Liqiang, Z., and Bo, Z. (2009). Research on Unified Network Access Control Architecture. International Conference on Computer and Information Technology. (Oct. 2009), pp. 295-299.
[2]Chiornita, A., Gheorghe, L., and Rosner, D. (2010). A practical analysis of EAP authentication methods. Roedunet International Conference (RoEduNet). (June 2010), pp. 31-35.
[3]Rigney C. and et. al. Remote Authentication Dial In User Service (RADIUS). RFC 2138, April 1997.
[4]Serrao, G. J. (2010). Network access control (NAC): An open source analysis of architectures and requirements. Security Technology (ICCST). IEEE International Carnahan Conference., (Oct. 2010), pp. 94-102.
[5]Wang, J., and Wu, Z. (2009). A New Model for Continuous Network Access Control of Trusted Network Connection. 5th International Conference on Wireless Communications, Networking and Mobile Computing, 2009. WiCom '09. (Sep. 2009), pp. 24-26.
[6]Calhoun P., Loughney J., Guttman E., Zorn G., and Arkko J. Diameter base protocol. Internet Engineering Task Force, (Sep. 2003). Request for Comments (RFC) 3588.
[7]Qian, Q., Li, C., and Zhang, X. (2010). On Authentication System Based on 802.1X Protocol in LAN. International Conference on Internet Technology and Applications. (Aug. 2010), pp. 1-4.
[8]Arbaugh, W. and Mishra, A. A. (2002). An Initial Security Analysis of the 802.1X Standard. (Feb. 2002). pp. 1-12. URL: /1x.pdf.
[9]IEEE 802.1x, IEEE Standards for Local and Metropolitan Area Networks: Port based Network Access Control, IEEE Standard, 2001.
[10]Ali, K. M., and Owens, T. J. (2010). Access mechanisms in Wi-Fi networks state of art, flaws and proposed solutions. 17th IEEE International Conference on Telecommunications (ICT). (Apr. 2010) pp. 280-287.
[11]Nguyen, T. D., Nguyen, D. H. M., Tran, B. N., Vu, H., and Mittal, N. (2008). A Lightweight Solution for Defending Against Deauthentication/Disassociation Attacks on 802.11 Networks. Proceedings of 17th International Conference Computer Communications and Networks, 2008. ICCCN '08. (Aug. 2008), pp. 1-6.
[12]Malekzadeh, M., Azim, A., Ghani, A., Desa, J., and Subramaniam, S. (2009). Vulnerability Analysis of Extensible Authentication Protocol (EAP) DoS Attack over Wireless Networks. ICGST International Journal on Computer Network and Internet Research CNIR. vol. 9, (July 2009), pp. 39-46.
[13]Matthew, G. (2002). 802.11 Wireless Networks: The Definitive Guide. O'Reilly. pp. 1-436.
[14]Dantu, R., Clothier, G., and Atri, A. (2007). EAP methods for wireless networks, Computer Standards & Interfaces, vol. 29, issue 3, (Mar. 2007), pp. 289-301.
[15]Park, C. (2010) Two-way Handshake protocol for improved security in IEEE 802.11 wireless LANs. Computer Communications, vol. 33, Issue 9, (June 2010), pp. 1133-1140.
[16]Kong, F. and Huang, W. (2010). IEEE 802.1x of protocol analysis and improvement. 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE). (Aug. 2010), pp. V3-282-V3-285.
[17]Zrelli, S., and Shinoda, Y. (2007). Specifying Kerberos over EAP: Towards an integrated network access and Kerberos single sign-on process, 21st International Conference on Advanced Information Networking and Applications, AINA '07., (May 2007) pp. 490-497.
[18]Ding, P. Q., Holliday, J. N., and Celik, A. (2004). Improving the security of wireless LANs by managing 802.1x disassociation. Consumer Communications and Networking Conference (CCNC). (Jan. 2004), pp. 53- 58.
[19]Alruban, A. and Everitt, E. (2011). Two Novel 802.1x Denial of Service Attacks. Intelligence and Security Informatics Conference (EISIC), 2011 European (Sept. 2011), pp. 183-190.
[20]Bhakti, M. A. C., Abdullah, A. J., and Jung, L. T. (2007). EAP-based Authentication with EAP Method Selection Mechanism: Simulation Design. 5th Student Conference on Research and Development. (Dec. 2007), pp. 1-4.
[21]Phifer, L. (2006). Fighting wireless DoS attacks. URL:,295582,sid7_gci1169024,00.html.
[22]Zhao, Y., Vemuri, S., Chen, J., Chen, Y., Zhou, H., and Fu, Z. (2009). Exception triggered DoS attacks on wireless networks. Dependable Systems & Networks. DSN '09. IEEE/IFIP International, Lisbon.
[23]Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and Levkowetz. H. (2004). Extensible Authentication Protocol (EAP). URL:
[24]Walker, J. (2000). Unsafe At Any Key Size: An Analysis of the WEP Encapsulation, tech. report 03628E, IEEE 802.11 Committee, (Mar. 2000).
[25]Borisov, N., Goldberg, I., and Wagner, D. (2001). Intercepting mobile communications: The insecurity of 802.11. In Proc. of the 7th Annual ACMIIEEE International Conf on Mobile Computing and Networking - Mobicom'01, Rome, Italy, (July 2001), pp. 180-189.
[26]Fluhrer, S., Mantin, l., and Shamir, A. (2001). Weaknesses in the key scheduling algorithm of RC4. The 8th Annual International Workshop on Selected Areas in Cryptography, pp. 1-24.
[27]Stubblefield, A., Ioannidis, J., and Rubin, A. (2001). Using the Fluhrer, Mantin, and Shamir Attack to Break WEP. Technical Report TD-4ZCPZZ, AT&T Labs.
[31]Jueneman, R., Matyas, S., and Meyer, C. (1985). Message authentication. IEEE Comm. Magazine, 23(9), (Sept. 1985), pp. 29-40.
[32]Stubblebine S. G. and Gligor V. D. (1992) On message integrity in cryptographic protocols. In Proc. of the IEEE Symposium on Research in Security and Privacy, pp. 85-105.
[33]Core SDI. CRC32 compensation attack against ssh-1.5, (July 1998). Website:
[34]Arbaugh, W. A., Shankar, N. and Wang J. (2001) Your 802.11 Network has no Clothes. In Proc. of the First IEEE International Conf on Wireless LANs and Home Networks, (Dec. 2001) pp. 131-144.
[35]Wang, W., and Wang, H. (2011). Weakness in 802.11w and an improved mechanism on protection of management frame. International Conference on Wireless Communications and Signal Processing (WCSP), (Nov 2011), pp. 1-4.
[36]URL: Equivalent _Privacy.
[37]URL: 802.11i-2004.
[38]URL: Protected _Access.
[40]He, C., and Mitchell, J. C. (2005). Security analysis and improvements for IEEE 802.11i. The 12th Annual Network and Distributed System Security Symposium, pp. 1-20.
[41]Eum, S., Cho, S., Choi, H., and Choo, H. (2008). A Robust Session Key Distribution in 802.11i. International Conference on Computational Sciences and Its Applications, ICCSA '08. (June 2008), pp. 201-206.
[42]Xing, X., Shakshuki, E., Benoit, D., and Sheltami, T. (2008). Security Analysis and Authentication Improvement for IEEE 802.11i Specification. Global Telecommunications Conference, IEEE GLOBECOM (Nov. 2008), pp. 1-5.
[43]Liu, J., Ye, X., Zhang J. and Li, J. (2008). Security verification of 802.11i 4-way handshake protocol. Proceedings of the IEEE International Conference on Communications, pp. 1642-1647.
[44]Xiaodong, Z., and Maode, M. (2010). Security improvements of IEEE 802.11i, 4-way handshake scheme, International Conference on Communication Systems (ICCS), IEEE, (Nov. 2010), pp. 667-671.
[45]He, C. and Mitchell C. (2004) Analysis of the 802.11i 4-way Handshake, In Proceedings of the ACM Workshop on Wireless Security, Philadelphia, PA, USA, (Oct. 2004), pp. 43–50.
[46]IEEE 802.11, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, IEEE Standard, (2007).
[47]Aslam, B., Islam, M., H., and Khan, S. A. (2006). 802.11 Disassociation DoS Attack and Its Solutions: A Survey. The First Proceedings of Mobile Computing and Wireless Communication (MCWC) International Conference. (Sept. 2006), pp. 221-226.
[48]Wang, L. and Srinivasan, B., (2010). Analysis and Improvements over DoS Attacks against IEEE 80.11i Standard, second International Conference on Network Security, Wireless Communications and Trusted Computing, pp. 109-113.
[49]Bellardo, J. and Savage S. 802.11 Denial-of-Service attacks: real vulnerabilities and practical solutions. In Proc. of the USENIX Security Symposium, (Aug. 2003), pp. 15-28.
[50]Bicakci K., and Tavli, B. (2009). Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks, Computer Standards & Interfaces, vol. 31, issue 5, (Sep. 2009), pp. 931-941.
[51]Zhao S., Shoniregun, C. A., and Imafidon, C., (2008). Addressing the vulnerability of the 4-way handshake of 802.11i, Third International Conference on Digital Information Management, ICDIM 2008, (Nov. 2008), pp. 351-356.
[52]IEEE Standard 802.11w-2007, IEEE-SA Standards Board, (Sep. 2009).
[53]Liu., C. and Yu, J. (2008). Rogue Access Point Based DoS Attacks against 802.11 WLANs. Fourth Advanced International Conference on Telecommunications, AICT '08. (June 2008), pp. 271-276.
[55]Hill, J. (2001). An Analysis of the RADIUS Authentication Protocol. URL:
[56]Hosia, A. (2003). Comparison between RADIUS and Diameter", Helsinki University of Technology, Telecommunications Software and Multimedia Laboratory,pp. 1-15. ( T110.551/2003/papers/11.pdf).
[57]López, G., Cánovas, O., Gómez, A. F., Jiménez, J. D., and Marín R., (2007). A network access control approach based on the AAA architecture and authorization attributes, Journal of Network and Computer Applications, vol. 30, issue 3, (Aug. 2007), pp. 900-919.
[58]Bypassing Network Access Control Systems. URL:
[59]NAC Architecture. URL: /US/netsol/ns466/networking_solutions_package.html.
[60]NAP Architecture. URL: technet/network/nap/ naparch.mspx.
[61]TCG Specification Trusted Network Connect -TNC Architecture for Interoperability Revision 1.3, Trusted Computing Group, (2008). URL:
[62]What's Up With NAC Standards?
[63]IETA NEA. URL: charter/nea-charter.
[64]Network Access Control Technologies. URL: Network_ Access_Control_Technologies.pdf.
[65]Tutorial: Network Access Control (NAC). URL:
[66]802.1x and NAC: Best Practices for Effective Network access Control:
[67]Network Access Control Technologies. URL:
[68]TCG Trusted Network Connect TNC Architecture for interoperability. URL: tnc_architecture_v1_1_r2.pdf.