DATE: Thursday, October 30, 2003
TIME: Noon - 1 pm
PLACE: Hamerschag Hall D-210

José Carlos Brustoloni
University of Pittsburgh

Blocking Theft of Service in Wireless Hotspots

The SSL-secured user authentication scheme typically employed in commercial wireless hotspots has the virtues of being intuitive and not requiring special client software or hardware. Unfortunately, it is insecure. We describe two attacks, session hijacking and freeloading, that allow an attacker to use an authenticated user's session. The second attack is novel and does not require special tools. Surprisingly, it is strengthened by the (widely recommended) use of personal firewalls. We propose and evaluate novel defenses against these attacks, session id checking and MAC sequence number tracking, both of which are transparent to clients and do not require changes in client computers. Our experiments demonstrate that (1) commercial hotspots and academic Wi-Fi networks are vulnerable to session hijacking and freeloading, and (2) session ID checking and MAC sequence number tracking are effective against these attacks and have little overhead.

José Brustoloni obtained his Ph.D. degree in Computer Science from Carnegie Mellon University, after getting an M.S. degree in Electrical Engineering from University of São Paulo, Brazil, and a B.E. degree in Electronics Engineering from Instituto Tecnológico de Aeronáutica, Brazil.

José joined the University of Pittsburgh's faculty as an Assistant Professor in August of 2002. Previously, he was a researcher at Bell Laboratories, Lucent Technologies. His research interests include computer networks, operating systems, security, quality of service, and embedded systems.

For Further Seminar Info: