analysis and improvements over dos attacks against ieee 802 11i standard n.
Download
Skip this Video
Download Presentation
Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard

Loading in 2 Seconds...

play fullscreen
1 / 11

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard - PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard. Networks Security, Wireless Communications and Trusted Computing(NSWCTC) , 2010 Author : Li Wang , Balasubramaniam Srinivasan Reporter : Ming- Chieh Lee Date : 2013/10/07. Outline.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard' - julio


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
analysis and improvements over dos attacks against ieee 802 11i standard

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard

Networks Security, Wireless Communications and Trusted Computing(NSWCTC) , 2010

Author : Li Wang, Balasubramaniam Srinivasan

Reporter : Ming-Chieh Lee

Date : 2013/10/07

outline
Outline
  • Introductionof IEEE 802.11i Standard
  • DoS attack
    • De-authentication / Disassociation Attacks
    • DoS attacks to 4-way handshakes
  • Conclusion
ieee 802 11i standard
IEEE 802.11i Standard
  • IEEE 802.11i : A security standard of 802.11 series WLAN
    • RSN (Robust Security Network)
    • Supplicant,Authenticator , Authentication Server
    • RSNA Establishment Procedures
    • Network and Security Capability Discovery
    • 802.11 Open System Authentication and Association
    • EAP/802.1X/RADIUS Authentication
    • 4-Way Handshake
    • Group Key Handshake
    • Secure Data Communications
de authentication disassociation attacks
De-authentication/ DisassociationAttacks
  • management frames are unprotected
  • all WLAN users can be disconnected by broadcasting the frameby setting the destination address as FF:FF:FF:FF:FF:FF

Attacker

Attacker

Authenticator

Supplicant

Supplicant

Authenticator

Authentication request

Authentication request

Authentication response

Authentication response

Association request

Association request

Association response

Association response

De-authentication

Disassociation

data

data

Disassociation

De-authentication

proposed mechanism to prevent this attack
Proposed Mechanism to Prevent this Attack
  • Before PTK is generated
      • defer the execution for 5 sec
  • After the PTK exchange protocol
      • protected by the sequence number (SN) and KCK
proposed mechanism to prevent this attack1
Proposed Mechanism to Prevent this Attack
  • authenticator wants to de-authenticate or disassociate all the supplicants
      • broadcast messages with secret key K
      • (message)
      • comparison with the received one in Message 3 of 4-way Handshake
4 way handshake
4-way Handshake
  • Handshake Goals
    • Confirm the possession of PMK
    • Derive a fresh session key(PTK) for data transmission
    • PTK = PRF{PMK, AA, SPA, ANonce, SNonce}

Supplicant(PMK)

Authenticator(PMK)

{AA , ANonce , SN ,msg1}

Derive PTK

{SPA , SNonce ,SN , msg2 ,(SNonce , SN , msg2) }

Derive PTK

Verify MIC

{AA , Anonce ,SN+1 , msg3 ,(Anonce , SN+1 , msg3) }

Verify MIC

install PTK

{SPA ,SNonce , SN+1 , msg4 ,(SNonce ,SN+1 , msg4) }

Verify MIC

install PTK

dos attack in 4 way handshake phase
DoS attack in 4-way Handshake phase

Attacker

Supplicant(PMK)

Authenticator(PMK)

{AA , ANonce , SN ,msg1}

Derive PTK

{SPA , SNonce ,SN , msg2 ,(SNonce , SN , msg2) }

Derive PTK

Verify MIC

{AA , ANonce’ , SN ,msg1}

Calculate PTK’

{AA , ANonce ,SN+1 , msg3 ,(ANonce , SN+1 , msg3) }

Weak point: No protection of Message 1

PTK ≠ PTK’

Verify MIC fail - > discard

Timeout - > De-authentication

slide9

DoS attack in 4-way Handshakephase

Supplicant(PMK)

Authenticator(PMK)

Attacker

{AA , ANonce , SN ,msg1}

Derive PTK

{SPA , SNonce ,SN , msg2 ,(SNonce , SN , msg2) }

Derive PTK

Verify MIC

{AA , ANonce’ , SN ,msg1}

Calculate PTK’

Store PTK’ & ANonce’

{AA , ANonce’’ , SN ,msg1}

memory exhaustion attack

{AA , ANonce’’’ , SN ,msg1}

{AA , , SN ,msg1}

Calculate

Store &

9/11

enhanced 3 way handshake
Enhanced 3-way Handshake
  • Solution
  • ANonce is not involved in the PTK generation
    • PTK = PRF{PMK, AA, SPA, SNonce}
  • supplicant won’t store the received ANonce

Authenticator(PMK)

Supplicant(PMK)

{AA , ANonce , SN ,msg1}

Derive PTK

  • Advantages
    • Eliminate the memory DoS attack

Verify ANonce

Derive PTK

Verify MIC

install PTK

{SPA , ANonce , SNonce ,SN , msg2 (ANonce , SNonce , SN,msg2) }

Verify SNonce

Verify MIC

install PTK

{AA , SNonce ,SN+1 , msg3 ,(SNonce , SN+1 , msg3) }

10/11

conclusions
Conclusions
  • IEEE 802.11i standard was defined in order to overcome thevulnerabilities in WEP and WPA but still it is not secure against DoS attacks
  • de-authentication/ disassociation attacks
    • hybrid mechanism
  • 4-wayHandshakeattacks
    • Parallel instances exist => Forged Message 1 attack
    • Keep all states =>memory exhaustionattack
    • Enhanced 3-way Handshake