Open Access

Static and Dynamic 4-Way Handshake Solutions to Avoid Denial of Service Attack in Wi-Fi Protected Access and IEEE 802.11i

  • Floriano De Rango1Email author,
  • Dionigi Cristian Lentini1 and
  • Salvatore Marano1
EURASIP Journal on Wireless Communications and Networking20062006:047453

DOI: 10.1155/WCN/2006/47453

Received: 10 October 2005

Accepted: 13 June 2006

Published: 16 October 2006

Abstract

This paper focuses on WPA and IEEE 802.11i protocols that represent two important solutions in the wireless environment. Scenarios where it is possible to produce a DoS attack and DoS flooding attacks are outlined. The last phase of the authentication process, represented by the 4-way handshake procedure, is shown to be unsafe from DoS attack. This can produce the undesired effect of memory exhaustion if a flooding DoS attack is conducted. In order to avoid DoS attack without increasing the complexity of wireless mobile devices too much and without changing through some further control fields of the frame structure of wireless security protocols, a solution is found and an extension of WPA and IEEE 802.11 is proposed. A protocol extension with three "static" variants and with a resource-aware dynamic approach is considered. The three enhancements to the standard protocols are achieved through some simple changes on the client side and they are robust against DoS and DoS flooding attack. Advantages introduced by the proposal are validated by simulation campaigns and simulation parameters such as attempted attacks, successful attacks, and CPU load, while the algorithm execution time is evaluated. Simulation results show how the three static solutions avoid memory exhaustion and present a good performance in terms of CPU load and execution time in comparison with the standard WPA and IEEE 802.11i protocols. However, if the mobile device presents different resource availability in terms of CPU and memory or if resource availability significantly changes in time, a dynamic approach that is able to switch among three different modalities could be more suitable.

[12345678910111213141516171819202122]

Authors’ Affiliations

(1)
Department of Electronics Informatics and Systems (D.E.I.S.), University of Calabria

References

  1. Adoba B: WEP2 Security Analysis. IEEE doc.:802.11-00/253, May 2001, http://www.cs.umd.edu/waa/attack/frame.htm
  2. Arbaugh WA: An inductive Chosen Plaintext Attack, against WEP/WEP2. Presentations to IEEE 802.11 TGi, May 2001Google Scholar
  3. Arbaugh WA, Shankar N, Wang J, Zhang K: Your 802.11 network has no clothes. Proceedings of the 1st IEEE International Conference on Wireless LANs and Home Networks, December 2001, Suntec City, SingaporeGoogle Scholar
  4. Bellardo J, Savage S: 802.11 Denial of service attacks: real vulnerabilities and practical solutions. Proceedings of the 12th USENIX Security Symposium, August 2003, Washington, DC, USAGoogle Scholar
  5. Borisov N, Goldberg I, Wagner D: Intercepting mobile communications: the insecurity of 802.11. Proceedings of the 7th Annual International Conference on Mobile Computing and Networking (MOBICOM '01), July 2001, Rome, Italy 180-188.View ArticleGoogle Scholar
  6. Calhoun PR, Farrell S, Bulley W: Diameter CMS Security Application. March 2002, http://www.diameter.org/drafts/latest/draft-ietf-aaa-diameter-cms-sec-04.txt
  7. CERT : DoS Attack. http://www.cert.org/tech_tips/denial_of_service.html
  8. Edney J, Arbaugh WA: Real 802.11 Security: WiFi-Protected Access and 802.11i. Addison Wesley, New York, NY, USA; 2003.Google Scholar
  9. Faria DB, Cheriton DR: DoS and authentication in wireless public access networks. Proceedings of the ACM Workshop on Wireless Security (WiSe '02), September 2002, Atlanta, Ga, USA 47-56.View ArticleGoogle Scholar
  10. Fhurer S, Mantin I, Shamir A: Weaknesses in the key scheduling algorithm of RC4. Proceedings of the 8th Annual Workshop on Selected Areas in Cryptography (SAC '01), August 2001, Toronto, CanadaGoogle Scholar
  11. He C, Mitchell JC: Analysis of the 802.111 4-way handshake. Proceedings of the ACM Workshop on Wireless Security (WiSe '04), October 2004, Philadelphia, Pa, USA 43-50.Google Scholar
  12. He C, Mitchell JC: Security analysis and improvements for IEEE 802.11i. Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS '05), February 2005, San Diego, Calif, USAGoogle Scholar
  13. Mishra A, Arbaugh WA: An initial security analysis of the IEEE 802.1X standard. In Tech. Rep. CS-TR-4328. University of Maryland, College Park, Md, USA; February 2002.Google Scholar
  14. Mishra A, Petroni NL Jr., Arbaugh WA, Fraser T: Security issues in IEEE 802.11 wireless local area networks: a survey. Wireless Communications and Mobile Computing 2004,4(8):821-833. 10.1002/wcm.257View ArticleGoogle Scholar
  15. Stallings W: Cryptography and Network Security. 3rd edition. Prentice Hall, Englewood Cliffs, NJ, USA; 2003.Google Scholar
  16. IEEE Standard for Information technology—Telecommunications and Information exchange between systems—Local and metropolitan area networks - Specific requirements, Part 11, Amendment 10: Medium Access Control (MAC) Security Enhancements, IEEE Std 802.11i-2005Google Scholar
  17. IEEE Standard 802.11-1999 Information technology—Telecommunications and Information exchange between systems—Local and metropolitan exchange between systems—Local and metropolitan area networks—Specific requirements—Part11: Wireless LAN Medium Access Control and Physical Layer Specifications,1999Google Scholar
  18. Moen V, Raddum H, Hole KJ: Weaknesses in the temporal key hash of WPA. ACM SIGMOBILE Mobile Computing and Communications Review 2004,8(2):76-83. 10.1145/997122.997132View ArticleGoogle Scholar
  19. Moskovitz R: Weakness in Passphrase Choice in WPA Interface. November 2003, http://wifinetnews.com/archives/002452.html
  20. Park JS, Dicoi D: WLAN security: current and future. IEEE Internet Computing 2003,7(5):60-65. 10.1109/MIC.2003.1232519View ArticleGoogle Scholar
  21. Rigney C, Willens S, Rubens A, Sympson W: Remote Authentication Dial In User Service (RADIUS). RFC 2865, June 2000Google Scholar
  22. Schuba CL, Krsul IV, Kuhn MG, Spafford EH, Sundaram A, Zamboni D: Analysis of a denial of service attack on TCP. Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, May 1997, Oakland, Calif, USA 208-223.Google Scholar

Copyright

© Floriano De Rango et al. 2006

This article is published under license to BioMed Central Ltd. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.