{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:13:23Z","timestamp":1750306403143,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,6,22]],"date-time":"2015-06-22T00:00:00Z","timestamp":1434931200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,6,22]]},"DOI":"10.1145\/2766498.2766513","type":"proceedings-article","created":{"date-parts":[[2015,6,23]],"date-time":"2015-06-23T13:03:05Z","timestamp":1435064585000},"page":"1-11","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Injection attacks on 802.11n MAC frame aggregation"],"prefix":"10.1145","author":[{"given":"Pieter","family":"Robyns","sequence":"first","affiliation":[{"name":"Expertise Centre for Digital Media, Diepenbeek, Belgium"}]},{"given":"Peter","family":"Quax","sequence":"additional","affiliation":[{"name":"Expertise Centre for Digital Media, Diepenbeek, Belgium"}]},{"given":"Wim","family":"Lamotte","sequence":"additional","affiliation":[{"name":"Expertise Centre for Digital Media, Diepenbeek, Belgium"}]}],"member":"320","published-online":{"date-parts":[[2015,6,22]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"161 Million Consumer Wi-Fi Access Points Shipped in 2013","author":"Research ABI","year":"2015","unstructured":"ABI Research . 161 Million Consumer Wi-Fi Access Points Shipped in 2013 ; 802.11ac Sales Rapidly Accelerating , 2015 (accessed). https:\/\/www.abiresearch.com\/press\/1391-million-consumer-wi-fi-access-\\points-shipped-. ABI Research. 161 Million Consumer Wi-Fi Access Points Shipped in 2013; 802.11ac Sales Rapidly Accelerating, 2015 (accessed). https:\/\/www.abiresearch.com\/press\/1391-million-consumer-wi-fi-access-\\points-shipped-."},{"key":"e_1_3_2_1_2_1","volume-title":"BlackHat USA","author":"Barisani A.","year":"2013","unstructured":"A. Barisani and D. Bianco . Fully arbitrary 802.3 packet injection: maximizing the Ethernet attack surface . BlackHat USA , August , 2013 . http:\/\/dev.inversepath.com\/download\/802.3\/whitepaper.txt. A. Barisani and D. Bianco. Fully arbitrary 802.3 packet injection: maximizing the Ethernet attack surface. BlackHat USA, August, 2013. http:\/\/dev.inversepath.com\/download\/802.3\/whitepaper.txt."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/49.840210"},{"key":"e_1_3_2_1_4_1","volume-title":"Atheros ath9k transmit path documentation","author":"Chadd A.","year":"2015","unstructured":"A. Chadd . Atheros ath9k transmit path documentation , 2015 (accessed). https:\/\/github.com\/erikarn\/ath9k-docs\/blob\/master\/ath9k-xmit.txt. A. Chadd. Atheros ath9k transmit path documentation, 2015 (accessed). https:\/\/github.com\/erikarn\/ath9k-docs\/blob\/master\/ath9k-xmit.txt."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2004.1313274"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666620.2666624"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11276-005-1766-z"},{"key":"e_1_3_2_1_8_1","volume-title":"A Survival Guide. O'Reilly","author":"Gast M. S.","year":"2012","unstructured":"M. S. Gast . 802.11n : A Survival Guide. O'Reilly , 2012 . M. S. Gast. 802.11n: A Survival Guide. O'Reilly, 2012."},{"key":"e_1_3_2_1_9_1","first-page":"1","volume-title":"Sarnoff symposium","author":"Ginzburg B.","year":"2007","unstructured":"B. Ginzburg and A. Kesselman . Performance analysis of A-MPDU and A-MSDU aggregation in IEEE 802.11 n . In Sarnoff symposium , pages 1 -- 5 . IEEE, 2007 . B. Ginzburg and A. Kesselman. Performance analysis of A-MPDU and A-MSDU aggregation in IEEE 802.11 n. In Sarnoff symposium, pages 1--5. IEEE, 2007."},{"key":"e_1_3_2_1_10_1","volume-title":"Phantom Boundaries and Cross-layer Illusions in 802.15. 4 Digital Radio","author":"Goodspeed T.","year":"2014","unstructured":"T. Goodspeed . Phantom Boundaries and Cross-layer Illusions in 802.15. 4 Digital Radio . 2014 . T. Goodspeed. Phantom Boundaries and Cross-layer Illusions in 802.15. 4 Digital Radio. 2014."},{"key":"e_1_3_2_1_11_1","first-page":"1","volume-title":"28th Chaos Communications Congress","author":"Goodspeed T.","year":"2011","unstructured":"T. Goodspeed and S. Bratus . 802.11 Packets in Packets, A Standard Compliant Exploit of Layer 1 . In 28th Chaos Communications Congress , pages 1 -- 60 , 2011 . T. Goodspeed and S. Bratus. 802.11 Packets in Packets, A Standard Compliant Exploit of Layer 1. In 28th Chaos Communications Congress, pages 1--60, 2011."},{"key":"e_1_3_2_1_12_1","first-page":"54","volume-title":"WOOT","author":"Goodspeed T.","year":"2011","unstructured":"T. Goodspeed , S. Bratus , R. Melgares , R. Shapiro , and R. Speers . Packets in Packets: Orson Welles' In-Band Signaling Attacks for Modern Radios . In WOOT , pages 54 -- 61 , 2011 . T. Goodspeed, S. Bratus, R. Melgares, R. Shapiro, and R. Speers. Packets in Packets: Orson Welles' In-Band Signaling Attacks for Modern Radios. In WOOT, pages 54--61, 2011."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2010.5394032"},{"key":"e_1_3_2_1_14_1","volume-title":"IEEE","author":"IEEE Computer Society","year":"2012","unstructured":"IEEE Computer Society . Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE 802.11 Standard , IEEE , September 2012 . IEEE Computer Society. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE 802.11 Standard, IEEE, September 2012."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2627393.2627408"},{"key":"e_1_3_2_1_16_1","volume-title":"NetGear WG311v1 Wireless Driver 2.3.1 - 10 SSID Heap Buffer Overflow Vulnerability","author":"Butti Laurent","year":"2015","unstructured":"Laurent Butti . NetGear WG311v1 Wireless Driver 2.3.1 - 10 SSID Heap Buffer Overflow Vulnerability , 2015 (accessed). http:\/\/www.exploit-db.com\/exploits\/29167\/. Laurent Butti. NetGear WG311v1 Wireless Driver 2.3.1 - 10 SSID Heap Buffer Overflow Vulnerability, 2015 (accessed). http:\/\/www.exploit-db.com\/exploits\/29167\/."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2006.925"},{"key":"e_1_3_2_1_18_1","unstructured":"M. Ossmann. Unambiguous Encapsulation 2013. https:\/\/www.mail-archive.com\/langsec-discuss@mail.langsec.org\/msg00000.html.  M. Ossmann. Unambiguous Encapsulation 2013. https:\/\/www.mail-archive.com\/langsec-discuss@mail.langsec.org\/msg00000.html."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2008.4557042"},{"key":"e_1_3_2_1_21_1","volume-title":"April","author":"Robyns Pieter","year":"2015","unstructured":"Pieter Robyns . MAC frame aggregation injection implementation , April 2015 . https:\/\/github.com\/rpp0\/aggr-inject. Pieter Robyns. MAC frame aggregation injection implementation, April 2015. https:\/\/github.com\/rpp0\/aggr-inject."},{"key":"e_1_3_2_1_22_1","volume-title":"April","author":"Robyns Pieter","year":"2015","unstructured":"Pieter Robyns . Packet trace of the Beacon injection experiment , April 2015 . http:\/\/research.edm.uhasselt.be\/~probyns\/traces\/beacon_inj.tar.gz. Pieter Robyns. Packet trace of the Beacon injection experiment, April 2015. http:\/\/research.edm.uhasselt.be\/~probyns\/traces\/beacon_inj.tar.gz."},{"key":"e_1_3_2_1_23_1","volume-title":"April","author":"Robyns Pieter","year":"2015","unstructured":"Pieter Robyns . Packet trace of the remote host scan experiment , April 2015 . http:\/\/research.edm.uhasselt.be\/~probyns\/traces\/inj_host_scan.tar.gz.tar.gz. Pieter Robyns. Packet trace of the remote host scan experiment, April 2015. http:\/\/research.edm.uhasselt.be\/~probyns\/traces\/inj_host_scan.tar.gz.tar.gz."},{"key":"e_1_3_2_1_24_1","volume-title":"Atheros ath9k_htc transmit path documentation","author":"Atheros Qualcomm","year":"2015","unstructured":"Qualcomm Atheros . Atheros ath9k_htc transmit path documentation , 2015 (accessed). https:\/\/github.com\/qca\/open-ath9k-htc-firmware\/blob\/master\/target_firmware\/wlan\/if_owl.c#L1343. Qualcomm Atheros. Atheros ath9k_htc transmit path documentation, 2015 (accessed). https:\/\/github.com\/qca\/open-ath9k-htc-firmware\/blob\/master\/target_firmware\/wlan\/if_owl.c#L1343."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2012.2222000"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/MWC.2008.4454703"},{"key":"e_1_3_2_1_27_1","volume-title":"TX A-MPDU aggregation","author":"Foundation The Linux","year":"2015","unstructured":"The Linux Foundation . TX A-MPDU aggregation , 2015 (accessed). https:\/\/www.kernel.org\/doc\/htmldocs\/80211\/aggregation.html. The Linux Foundation. TX A-MPDU aggregation, 2015 (accessed). https:\/\/www.kernel.org\/doc\/htmldocs\/80211\/aggregation.html."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/PIMRC.2008.4699837"},{"key":"e_1_3_2_1_29_1","volume-title":"Wi-Fi Certified Passpoint","author":"Alliance Wi-Fi","year":"2015","unstructured":"Wi-Fi Alliance . Wi-Fi Certified Passpoint , 2015 (accessed). http:\/\/www.wi-fi.org\/discover-wi-fi\/wi-fi-certified-passpoint. Wi-Fi Alliance. Wi-Fi Certified Passpoint, 2015 (accessed). http:\/\/www.wi-fi.org\/discover-wi-fi\/wi-fi-certified-passpoint."},{"key":"e_1_3_2_1_30_1","volume-title":"Wi-Fi network statistics","author":"Logging Database Wireless Geographic","year":"2015","unstructured":"Wireless Geographic Logging Database . Wi-Fi network statistics , 2015 (accessed). https:\/\/wigle.net\/stats. Wireless Geographic Logging Database. Wi-Fi network statistics, 2015 (accessed). https:\/\/wigle.net\/stats."},{"key":"e_1_3_2_1_31_1","first-page":"1722","volume-title":"Personal","author":"Yeo J.","year":"2003","unstructured":"J. Yeo and A. Agrawala . Packet error model for the IEEE 802.11 MAC protocol . In Personal , Indoor and Mobile Radio Communications, 2003 ., volume 2 , pages 1722 -- 1726 . IEEE , 2003. J. Yeo and A. Agrawala. Packet error model for the IEEE 802.11 MAC protocol. In Personal, Indoor and Mobile Radio Communications, 2003., volume 2, pages 1722--1726. IEEE, 2003."}],"event":{"name":"WiSec'15: 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","US Army Research Office US Army Research Office","NSF National Science Foundation","SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing"],"location":"New York New York","acronym":"WiSec'15"},"container-title":["Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2766498.2766513","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2766498.2766513","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:07:31Z","timestamp":1750223251000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2766498.2766513"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,6,22]]},"references-count":30,"alternative-id":["10.1145\/2766498.2766513","10.1145\/2766498"],"URL":"https:\/\/doi.org\/10.1145\/2766498.2766513","relation":{},"subject":[],"published":{"date-parts":[[2015,6,22]]},"assertion":[{"value":"2015-06-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}