analysis and improvements over dos attacks against ieee 802 11i standard
Download
Skip this Video
Download Presentation
Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard

Loading in 2 Seconds...

play fullscreen
1 / 11

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard - PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard. Networks Security, Wireless Communications and Trusted Computing(NSWCTC) , 2010 Author : Li Wang , Balasubramaniam Srinivasan Reporter : Ming- Chieh Lee Date : 2013/10/07. Outline.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard' - julio


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
analysis and improvements over dos attacks against ieee 802 11i standard

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard

Networks Security, Wireless Communications and Trusted Computing(NSWCTC) , 2010

Author : Li Wang, Balasubramaniam Srinivasan

Reporter : Ming-Chieh Lee

Date : 2013/10/07

outline
Outline
  • Introductionof IEEE 802.11i Standard
  • DoS attack
    • De-authentication / Disassociation Attacks
    • DoS attacks to 4-way handshakes
  • Conclusion
ieee 802 11i standard
IEEE 802.11i Standard
  • IEEE 802.11i : A security standard of 802.11 series WLAN
    • RSN (Robust Security Network)
    • Supplicant,Authenticator , Authentication Server
    • RSNA Establishment Procedures
    • Network and Security Capability Discovery
    • 802.11 Open System Authentication and Association
    • EAP/802.1X/RADIUS Authentication
    • 4-Way Handshake
    • Group Key Handshake
    • Secure Data Communications
de authentication disassociation attacks
De-authentication/ DisassociationAttacks
  • management frames are unprotected
  • all WLAN users can be disconnected by broadcasting the frameby setting the destination address as FF:FF:FF:FF:FF:FF

Attacker

Attacker

Authenticator

Supplicant

Supplicant

Authenticator

Authentication request

Authentication request

Authentication response

Authentication response

Association request

Association request

Association response

Association response

De-authentication

Disassociation

data

data

Disassociation

De-authentication

proposed mechanism to prevent this attack
Proposed Mechanism to Prevent this Attack
  • Before PTK is generated
      • defer the execution for 5 sec
  • After the PTK exchange protocol
      • protected by the sequence number (SN) and KCK
proposed mechanism to prevent this attack1
Proposed Mechanism to Prevent this Attack
  • authenticator wants to de-authenticate or disassociate all the supplicants
      • broadcast messages with secret key K
      • (message)
      • comparison with the received one in Message 3 of 4-way Handshake
4 way handshake
4-way Handshake
  • Handshake Goals
    • Confirm the possession of PMK
    • Derive a fresh session key(PTK) for data transmission
    • PTK = PRF{PMK, AA, SPA, ANonce, SNonce}

Supplicant(PMK)

Authenticator(PMK)

{AA , ANonce , SN ,msg1}

Derive PTK

{SPA , SNonce ,SN , msg2 ,(SNonce , SN , msg2) }

Derive PTK

Verify MIC

{AA , Anonce ,SN+1 , msg3 ,(Anonce , SN+1 , msg3) }

Verify MIC

install PTK

{SPA ,SNonce , SN+1 , msg4 ,(SNonce ,SN+1 , msg4) }

Verify MIC

install PTK

dos attack in 4 way handshake phase
DoS attack in 4-way Handshake phase

Attacker

Supplicant(PMK)

Authenticator(PMK)

{AA , ANonce , SN ,msg1}

Derive PTK

{SPA , SNonce ,SN , msg2 ,(SNonce , SN , msg2) }

Derive PTK

Verify MIC

{AA , ANonce’ , SN ,msg1}

Calculate PTK’

{AA , ANonce ,SN+1 , msg3 ,(ANonce , SN+1 , msg3) }

Weak point: No protection of Message 1

PTK ≠ PTK’

Verify MIC fail - > discard

Timeout - > De-authentication

slide9

DoS attack in 4-way Handshakephase

Supplicant(PMK)

Authenticator(PMK)

Attacker

{AA , ANonce , SN ,msg1}

Derive PTK

{SPA , SNonce ,SN , msg2 ,(SNonce , SN , msg2) }

Derive PTK

Verify MIC

{AA , ANonce’ , SN ,msg1}

Calculate PTK’

Store PTK’ & ANonce’

{AA , ANonce’’ , SN ,msg1}

memory exhaustion attack

{AA , ANonce’’’ , SN ,msg1}

{AA , , SN ,msg1}

Calculate

Store &

9/11

enhanced 3 way handshake
Enhanced 3-way Handshake
  • Solution
  • ANonce is not involved in the PTK generation
    • PTK = PRF{PMK, AA, SPA, SNonce}
  • supplicant won’t store the received ANonce

Authenticator(PMK)

Supplicant(PMK)

{AA , ANonce , SN ,msg1}

Derive PTK

  • Advantages
    • Eliminate the memory DoS attack

Verify ANonce

Derive PTK

Verify MIC

install PTK

{SPA , ANonce , SNonce ,SN , msg2 (ANonce , SNonce , SN,msg2) }

Verify SNonce

Verify MIC

install PTK

{AA , SNonce ,SN+1 , msg3 ,(SNonce , SN+1 , msg3) }

10/11

conclusions
Conclusions
  • IEEE 802.11i standard was defined in order to overcome thevulnerabilities in WEP and WPA but still it is not secure against DoS attacks
  • de-authentication/ disassociation attacks
    • hybrid mechanism
  • 4-wayHandshakeattacks
    • Parallel instances exist => Forged Message 1 attack
    • Keep all states =>memory exhaustionattack
    • Enhanced 3-way Handshake
ad