270 likes | 386 Vues
Using Random Bit Authentication to Defend IEEE 802.11 DoS Attacks. Ying-Sung Lee, Hsien-Te Chien, Wen-Nung Tsai Department of Computer Science and Information Engineering, National Chiao-Tung University. Outline. Introduction Relate Works Proposed Protocol Experimental Conclusion.
E N D
Using Random Bit Authentication to Defend IEEE 802.11 DoS Attacks Ying-Sung Lee, Hsien-Te Chien, Wen-Nung Tsai Department of Computer Science and Information Engineering, National Chiao-Tung University WLAN Security Lab Meeting
Outline • Introduction • Relate Works • Proposed Protocol • Experimental • Conclusion WLAN Security Lab Meeting
Introduction • The basically focuses of WLAN security • Confidentiality • Integrity • Availability • Launching DoS attack is easily • Tools are easily got. • Attackers don’t need sophisticated equipments. • Attackers only need moderate skills. WLAN Security Lab Meeting
Relate Works • DoS attacks against 802.11 networks • DoS attacks against 802.11i networks • One-bit lightweight authentication WLAN Security Lab Meeting
DoS Attacks Against 802.11 Networks • Deauthentication and disassociation flooding attacks under 802.11 networks. • Attackers pretend to be the AP or the STA and disconnect an active connection by spoofing the deauthentication messages. • A defensive mechanism (J. Bellardo & S. Savage) • Delaying the responses of deauthenticaition or disassociation requests. WLAN Security Lab Meeting
Deauthentication and disassociation flooding attacks under 802.11 networks <Figure 1> WLAN Security Lab Meeting
Traffic Jamming DoS attack • Attackers try to exhaust resource of network devices (e.g. AP). • The devices of victims will be unable to provide network service for legal network node. WLAN Security Lab Meeting
DoS Attacks Against 802.11i Networks • Deauthentication and disassociation attacks against 802.11i network. • 802.11i have an application called Central Manager. • Central Manager (CM) • Works between STA & AP • The purpose of CM is to confirm the disassociation if the request will be accepted. • EAPOL-Failure and EAPOL-Logoff message attacks. • It’s suggested to use the Central Manager to protect EAPOL. WLAN Security Lab Meeting
One-bit lightweight authentication • Statistical One-bit Lightweight Authentication (SOLA) protocol (Henric Johnson) • Proposed to detected unauthorized access in 802.11 networks. • STAs & AP agree on a secret key. • Generated identical random authentication stream and then STAs add one bit from the stream into the MAC layer header. WLAN Security Lab Meeting
Enhanced lightweight authentication • Some synchronization problem due to the frame loss in the wireless networks. • They examined the redundancy exist in the MAC header, and adopted 3-bit authentication mechanism. • Sender & receiver generated a random bit generator by sharing a seed velue. • The generator is used to output 3-bit unit into the output frame at a time. WLAN Security Lab Meeting
Proposed Protocol to defend 802.11 DoS attacks • General management frame format • Unused management frame control fields WLAN Security Lab Meeting
Authentication frame body • That gives us 13 ~ 15 unused bits. WLAN Security Lab Meeting
Reason codes in deauthentication and disassociation WLAN Security Lab Meeting
Association request and response • 11 bits are reserved for capability information. • 11 bits are reserved (802.11b only 8 bits) • Be inserted random authentic bits. WLAN Security Lab Meeting
Random bit authentication • Session key is generated for each communication based on the shared key. • STAs use the shared session key and algorithm to generate the same bit stream. • Divide the stream into 8 units. (“N” random bits) WLAN Security Lab Meeting
Experimental • Testing environment. WLAN Security Lab Meeting
Testing environment • Tools and utilities. • Host AP • 802.11b • Kismet • Capture the packets • Ethereal • Display the results of Kismet. • void11 • A free implementation of some basic 802.11b attacks. WLAN Security Lab Meeting
Testing procedures WLAN Security Lab Meeting
Testing results • Bandwidth Consumptions of Normal FTP sessions Average duration Graph WLAN Security Lab Meeting
Bandwidth Consumptions of FTP sessions under Attacks Duration of Deauth & Disassoc flooding attacks WLAN Security Lab Meeting
Random bit authentication defending mechanism • Delay is compare the duration of two testing results • Delay (1): • Deauth attacks & normal FTP session duration • Delay (2): • Deauth attacks & FTP session under attacks WLAN Security Lab Meeting
The result demonstrated • More random authentication bits, attacks are more difficult. WLAN Security Lab Meeting
Don’t use the random bit • FTP session was blocked when the attacker attacks. • After attacks, the FTP session delayed. WLAN Security Lab Meeting
Using 6 random bits • The effect of attacks were alleviated. • The author increased the number of random bits up to 8 and 9, and found defended successfully. WLAN Security Lab Meeting
Conclusion • The authors think their theory could defend against the DoS attacks on 802.11 networks (and similar DoS attacks). • They also thought their design is efficient and simple to defend against the DoS attacks. WLAN Security Lab Meeting