Analysis and improvements over dos attacks against ieee 802 11i standard
Download
1 / 11

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard PowerPoint PPT Presentation


  • 63 Views
  • Uploaded on
  • Presentation posted in: General

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard. Networks Security, Wireless Communications and Trusted Computing(NSWCTC) , 2010 Author : Li Wang , Balasubramaniam Srinivasan Reporter : Ming- Chieh Lee Date : 2013/10/07. Outline.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Analysis and improvements over dos attacks against ieee 802 11i standard

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard

Networks Security, Wireless Communications and Trusted Computing(NSWCTC) , 2010

Author : Li Wang, Balasubramaniam Srinivasan

Reporter : Ming-Chieh Lee

Date : 2013/10/07


Outline

Outline

  • Introductionof IEEE 802.11i Standard

  • DoS attack

    • De-authentication / Disassociation Attacks

    • DoS attacks to 4-way handshakes

  • Conclusion


Ieee 802 11i standard

IEEE 802.11i Standard

  • IEEE 802.11i : A security standard of 802.11 series WLAN

    • RSN (Robust Security Network)

    • Supplicant,Authenticator , Authentication Server

    • RSNA Establishment Procedures

    • Network and Security Capability Discovery

    • 802.11 Open System Authentication and Association

    • EAP/802.1X/RADIUS Authentication

    • 4-Way Handshake

    • Group Key Handshake

    • Secure Data Communications


De authentication disassociation attacks

De-authentication/ DisassociationAttacks

  • management frames are unprotected

  • all WLAN users can be disconnected by broadcasting the frameby setting the destination address as FF:FF:FF:FF:FF:FF

Attacker

Attacker

Authenticator

Supplicant

Supplicant

Authenticator

Authentication request

Authentication request

Authentication response

Authentication response

Association request

Association request

Association response

Association response

De-authentication

Disassociation

data

data

Disassociation

De-authentication


Proposed mechanism to prevent this attack

Proposed Mechanism to Prevent this Attack

  • Before PTK is generated

    • defer the execution for 5 sec

  • After the PTK exchange protocol

    • protected by the sequence number (SN) and KCK


  • Proposed mechanism to prevent this attack1

    Proposed Mechanism to Prevent this Attack

    • authenticator wants to de-authenticate or disassociate all the supplicants

      • broadcast messages with secret key K

      • (message)

      • comparison with the received one in Message 3 of 4-way Handshake


    4 way handshake

    4-way Handshake

    • Handshake Goals

      • Confirm the possession of PMK

      • Derive a fresh session key(PTK) for data transmission

      • PTK = PRF{PMK, AA, SPA, ANonce, SNonce}

    Supplicant(PMK)

    Authenticator(PMK)

    {AA , ANonce , SN ,msg1}

    Derive PTK

    {SPA , SNonce ,SN , msg2 ,(SNonce , SN , msg2) }

    Derive PTK

    Verify MIC

    {AA , Anonce ,SN+1 , msg3 ,(Anonce , SN+1 , msg3) }

    Verify MIC

    install PTK

    {SPA ,SNonce , SN+1 , msg4 ,(SNonce ,SN+1 , msg4) }

    Verify MIC

    install PTK


    Dos attack in 4 way handshake phase

    DoS attack in 4-way Handshake phase

    Attacker

    Supplicant(PMK)

    Authenticator(PMK)

    {AA , ANonce , SN ,msg1}

    Derive PTK

    {SPA , SNonce ,SN , msg2 ,(SNonce , SN , msg2) }

    Derive PTK

    Verify MIC

    {AA , ANonce’ , SN ,msg1}

    Calculate PTK’

    {AA , ANonce ,SN+1 , msg3 ,(ANonce , SN+1 , msg3) }

    Weak point: No protection of Message 1

    PTK ≠ PTK’

    Verify MIC fail - > discard

    Timeout - > De-authentication


    Analysis and improvements over dos attacks against ieee 802 11i standard

    DoS attack in 4-way Handshakephase

    Supplicant(PMK)

    Authenticator(PMK)

    Attacker

    {AA , ANonce , SN ,msg1}

    Derive PTK

    {SPA , SNonce ,SN , msg2 ,(SNonce , SN , msg2) }

    Derive PTK

    Verify MIC

    {AA , ANonce’ , SN ,msg1}

    Calculate PTK’

    Store PTK’ & ANonce’

    {AA , ANonce’’ , SN ,msg1}

    memory exhaustion attack

    {AA , ANonce’’’ , SN ,msg1}

    {AA , , SN ,msg1}

    Calculate

    Store &

    9/11


    Enhanced 3 way handshake

    Enhanced 3-way Handshake

    • Solution

    • ANonce is not involved in the PTK generation

      • PTK = PRF{PMK, AA, SPA, SNonce}

    • supplicant won’t store the received ANonce

    Authenticator(PMK)

    Supplicant(PMK)

    {AA , ANonce , SN ,msg1}

    Derive PTK

    • Advantages

      • Eliminate the memory DoS attack

    Verify ANonce

    Derive PTK

    Verify MIC

    install PTK

    {SPA , ANonce , SNonce ,SN , msg2 (ANonce , SNonce , SN,msg2) }

    Verify SNonce

    Verify MIC

    install PTK

    {AA , SNonce ,SN+1 , msg3 ,(SNonce , SN+1 , msg3) }

    10/11


    Conclusions

    Conclusions

    • IEEE 802.11i standard was defined in order to overcome thevulnerabilities in WEP and WPA but still it is not secure against DoS attacks

    • de-authentication/ disassociation attacks

      • hybrid mechanism

    • 4-wayHandshakeattacks

      • Parallel instances exist => Forged Message 1 attack

      • Keep all states =>memory exhaustionattack

      • Enhanced 3-way Handshake


  • Login