Skip to main content

Static and Dynamic 4-Way Handshake Solutions to Avoid Denial of Service Attack in Wi-Fi Protected Access and IEEE 802.11i


This paper focuses on WPA and IEEE 802.11i protocols that represent two important solutions in the wireless environment. Scenarios where it is possible to produce a DoS attack and DoS flooding attacks are outlined. The last phase of the authentication process, represented by the 4-way handshake procedure, is shown to be unsafe from DoS attack. This can produce the undesired effect of memory exhaustion if a flooding DoS attack is conducted. In order to avoid DoS attack without increasing the complexity of wireless mobile devices too much and without changing through some further control fields of the frame structure of wireless security protocols, a solution is found and an extension of WPA and IEEE 802.11 is proposed. A protocol extension with three "static" variants and with a resource-aware dynamic approach is considered. The three enhancements to the standard protocols are achieved through some simple changes on the client side and they are robust against DoS and DoS flooding attack. Advantages introduced by the proposal are validated by simulation campaigns and simulation parameters such as attempted attacks, successful attacks, and CPU load, while the algorithm execution time is evaluated. Simulation results show how the three static solutions avoid memory exhaustion and present a good performance in terms of CPU load and execution time in comparison with the standard WPA and IEEE 802.11i protocols. However, if the mobile device presents different resource availability in terms of CPU and memory or if resource availability significantly changes in time, a dynamic approach that is able to switch among three different modalities could be more suitable.



  1. 1.

    Adoba B: WEP2 Security Analysis. IEEE doc.:802.11-00/253, May 2001,

  2. 2.

    Arbaugh WA: An inductive Chosen Plaintext Attack, against WEP/WEP2. Presentations to IEEE 802.11 TGi, May 2001

  3. 3.

    Arbaugh WA, Shankar N, Wang J, Zhang K: Your 802.11 network has no clothes. Proceedings of the 1st IEEE International Conference on Wireless LANs and Home Networks, December 2001, Suntec City, Singapore

    Google Scholar 

  4. 4.

    Bellardo J, Savage S: 802.11 Denial of service attacks: real vulnerabilities and practical solutions. Proceedings of the 12th USENIX Security Symposium, August 2003, Washington, DC, USA

    Google Scholar 

  5. 5.

    Borisov N, Goldberg I, Wagner D: Intercepting mobile communications: the insecurity of 802.11. Proceedings of the 7th Annual International Conference on Mobile Computing and Networking (MOBICOM '01), July 2001, Rome, Italy 180-188.

    Chapter  Google Scholar 

  6. 6.

    Calhoun PR, Farrell S, Bulley W: Diameter CMS Security Application. March 2002,

  7. 7.

    CERT : DoS Attack.

  8. 8.

    Edney J, Arbaugh WA: Real 802.11 Security: WiFi-Protected Access and 802.11i. Addison Wesley, New York, NY, USA; 2003.

    Google Scholar 

  9. 9.

    Faria DB, Cheriton DR: DoS and authentication in wireless public access networks. Proceedings of the ACM Workshop on Wireless Security (WiSe '02), September 2002, Atlanta, Ga, USA 47-56.

    Chapter  Google Scholar 

  10. 10.

    Fhurer S, Mantin I, Shamir A: Weaknesses in the key scheduling algorithm of RC4. Proceedings of the 8th Annual Workshop on Selected Areas in Cryptography (SAC '01), August 2001, Toronto, Canada

    Google Scholar 

  11. 11.

    He C, Mitchell JC: Analysis of the 802.111 4-way handshake. Proceedings of the ACM Workshop on Wireless Security (WiSe '04), October 2004, Philadelphia, Pa, USA 43-50.

    Google Scholar 

  12. 12.

    He C, Mitchell JC: Security analysis and improvements for IEEE 802.11i. Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS '05), February 2005, San Diego, Calif, USA

    Google Scholar 

  13. 13.

    Mishra A, Arbaugh WA: An initial security analysis of the IEEE 802.1X standard. In Tech. Rep. CS-TR-4328. University of Maryland, College Park, Md, USA; February 2002.

    Google Scholar 

  14. 14.

    Mishra A, Petroni NL Jr., Arbaugh WA, Fraser T: Security issues in IEEE 802.11 wireless local area networks: a survey. Wireless Communications and Mobile Computing 2004,4(8):821-833. 10.1002/wcm.257

    Article  Google Scholar 

  15. 15.

    Stallings W: Cryptography and Network Security. 3rd edition. Prentice Hall, Englewood Cliffs, NJ, USA; 2003.

    Google Scholar 

  16. 16.

    IEEE Standard for Information technology—Telecommunications and Information exchange between systems—Local and metropolitan area networks - Specific requirements, Part 11, Amendment 10: Medium Access Control (MAC) Security Enhancements, IEEE Std 802.11i-2005

  17. 17.

    IEEE Standard 802.11-1999 Information technology—Telecommunications and Information exchange between systems—Local and metropolitan exchange between systems—Local and metropolitan area networks—Specific requirements—Part11: Wireless LAN Medium Access Control and Physical Layer Specifications,1999

  18. 18.

    Moen V, Raddum H, Hole KJ: Weaknesses in the temporal key hash of WPA. ACM SIGMOBILE Mobile Computing and Communications Review 2004,8(2):76-83. 10.1145/997122.997132

    Article  Google Scholar 

  19. 19.

    Moskovitz R: Weakness in Passphrase Choice in WPA Interface. November 2003,

  20. 20.

    Park JS, Dicoi D: WLAN security: current and future. IEEE Internet Computing 2003,7(5):60-65. 10.1109/MIC.2003.1232519

    Article  Google Scholar 

  21. 21.

    Rigney C, Willens S, Rubens A, Sympson W: Remote Authentication Dial In User Service (RADIUS). RFC 2865, June 2000

  22. 22.

    Schuba CL, Krsul IV, Kuhn MG, Spafford EH, Sundaram A, Zamboni D: Analysis of a denial of service attack on TCP. Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, May 1997, Oakland, Calif, USA 208-223.

    Google Scholar 

Download references

Author information



Corresponding author

Correspondence to Floriano De Rango.

Rights and permissions

Open Access This article is distributed under the terms of the Creative Commons Attribution 2.0 International License ( ), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Reprints and Permissions

About this article

Cite this article

De Rango, F., Lentini, D.C. & Marano, S. Static and Dynamic 4-Way Handshake Solutions to Avoid Denial of Service Attack in Wi-Fi Protected Access and IEEE 802.11i. J Wireless Com Network 2006, 047453 (2006).

Download citation


  • Execution Time
  • Mobile Device
  • Security Protocol
  • Authentication Process
  • Successful Attack