- Research Article
- Open Access
Static and Dynamic 4-Way Handshake Solutions to Avoid Denial of Service Attack in Wi-Fi Protected Access and IEEE 802.11i
EURASIP Journal on Wireless Communications and Networking volume 2006, Article number: 047453 (2006)
This paper focuses on WPA and IEEE 802.11i protocols that represent two important solutions in the wireless environment. Scenarios where it is possible to produce a DoS attack and DoS flooding attacks are outlined. The last phase of the authentication process, represented by the 4-way handshake procedure, is shown to be unsafe from DoS attack. This can produce the undesired effect of memory exhaustion if a flooding DoS attack is conducted. In order to avoid DoS attack without increasing the complexity of wireless mobile devices too much and without changing through some further control fields of the frame structure of wireless security protocols, a solution is found and an extension of WPA and IEEE 802.11 is proposed. A protocol extension with three "static" variants and with a resource-aware dynamic approach is considered. The three enhancements to the standard protocols are achieved through some simple changes on the client side and they are robust against DoS and DoS flooding attack. Advantages introduced by the proposal are validated by simulation campaigns and simulation parameters such as attempted attacks, successful attacks, and CPU load, while the algorithm execution time is evaluated. Simulation results show how the three static solutions avoid memory exhaustion and present a good performance in terms of CPU load and execution time in comparison with the standard WPA and IEEE 802.11i protocols. However, if the mobile device presents different resource availability in terms of CPU and memory or if resource availability significantly changes in time, a dynamic approach that is able to switch among three different modalities could be more suitable.
Adoba B: WEP2 Security Analysis. IEEE doc.:802.11-00/253, May 2001, http://www.cs.umd.edu/waa/attack/frame.htm
Arbaugh WA: An inductive Chosen Plaintext Attack, against WEP/WEP2. Presentations to IEEE 802.11 TGi, May 2001
Arbaugh WA, Shankar N, Wang J, Zhang K: Your 802.11 network has no clothes. Proceedings of the 1st IEEE International Conference on Wireless LANs and Home Networks, December 2001, Suntec City, Singapore
Bellardo J, Savage S: 802.11 Denial of service attacks: real vulnerabilities and practical solutions. Proceedings of the 12th USENIX Security Symposium, August 2003, Washington, DC, USA
Borisov N, Goldberg I, Wagner D: Intercepting mobile communications: the insecurity of 802.11. Proceedings of the 7th Annual International Conference on Mobile Computing and Networking (MOBICOM '01), July 2001, Rome, Italy 180-188.
Calhoun PR, Farrell S, Bulley W: Diameter CMS Security Application. March 2002, http://www.diameter.org/drafts/latest/draft-ietf-aaa-diameter-cms-sec-04.txt
CERT : DoS Attack. http://www.cert.org/tech_tips/denial_of_service.html
Edney J, Arbaugh WA: Real 802.11 Security: WiFi-Protected Access and 802.11i. Addison Wesley, New York, NY, USA; 2003.
Faria DB, Cheriton DR: DoS and authentication in wireless public access networks. Proceedings of the ACM Workshop on Wireless Security (WiSe '02), September 2002, Atlanta, Ga, USA 47-56.
Fhurer S, Mantin I, Shamir A: Weaknesses in the key scheduling algorithm of RC4. Proceedings of the 8th Annual Workshop on Selected Areas in Cryptography (SAC '01), August 2001, Toronto, Canada
He C, Mitchell JC: Analysis of the 802.111 4-way handshake. Proceedings of the ACM Workshop on Wireless Security (WiSe '04), October 2004, Philadelphia, Pa, USA 43-50.
He C, Mitchell JC: Security analysis and improvements for IEEE 802.11i. Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS '05), February 2005, San Diego, Calif, USA
Mishra A, Arbaugh WA: An initial security analysis of the IEEE 802.1X standard. In Tech. Rep. CS-TR-4328. University of Maryland, College Park, Md, USA; February 2002.
Mishra A, Petroni NL Jr., Arbaugh WA, Fraser T: Security issues in IEEE 802.11 wireless local area networks: a survey. Wireless Communications and Mobile Computing 2004,4(8):821-833. 10.1002/wcm.257
Stallings W: Cryptography and Network Security. 3rd edition. Prentice Hall, Englewood Cliffs, NJ, USA; 2003.
IEEE Standard for Information technology—Telecommunications and Information exchange between systems—Local and metropolitan area networks - Specific requirements, Part 11, Amendment 10: Medium Access Control (MAC) Security Enhancements, IEEE Std 802.11i-2005
IEEE Standard 802.11-1999 Information technology—Telecommunications and Information exchange between systems—Local and metropolitan exchange between systems—Local and metropolitan area networks—Specific requirements—Part11: Wireless LAN Medium Access Control and Physical Layer Specifications,1999
Moen V, Raddum H, Hole KJ: Weaknesses in the temporal key hash of WPA. ACM SIGMOBILE Mobile Computing and Communications Review 2004,8(2):76-83. 10.1145/997122.997132
Moskovitz R: Weakness in Passphrase Choice in WPA Interface. November 2003, http://wifinetnews.com/archives/002452.html
Park JS, Dicoi D: WLAN security: current and future. IEEE Internet Computing 2003,7(5):60-65. 10.1109/MIC.2003.1232519
Rigney C, Willens S, Rubens A, Sympson W: Remote Authentication Dial In User Service (RADIUS). RFC 2865, June 2000
Schuba CL, Krsul IV, Kuhn MG, Spafford EH, Sundaram A, Zamboni D: Analysis of a denial of service attack on TCP. Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, May 1997, Oakland, Calif, USA 208-223.
About this article
Cite this article
De Rango, F., Lentini, D.C. & Marano, S. Static and Dynamic 4-Way Handshake Solutions to Avoid Denial of Service Attack in Wi-Fi Protected Access and IEEE 802.11i. J Wireless Com Network 2006, 047453 (2006) doi:10.1155/WCN/2006/47453
- Execution Time
- Mobile Device
- Security Protocol
- Authentication Process
- Successful Attack