Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.

Similar presentations


Presentation on theme: "Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010."— Presentation transcript:

1 Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010 Author : Li Wang, Balasubramaniam Srinivasan Reporter : Ming-Chieh Lee Date : 2013/10/07

2 Outline Introduction of IEEE i Standard DoS attack -De-authentication / Disassociation Attacks -DoS attacks to 4-way handshakes Conclusion 2/11

3 IEEE i Standard IEEE i : A security standard of series WLAN RSN (Robust Security Network) Supplicant, Authenticator, Authentication Server RSNA Establishment Procedures ­Network and Security Capability Discovery ­ Open System Authentication and Association ­EAP/802.1X/RADIUS Authentication ­4-Way Handshake ­Group Key Handshake ­Secure Data Communications 3/11

4 De-authentication/ Disassociation Attacks management frames are unprotected all WLAN users can be disconnected by broadcasting the frame by setting the destination address as FF:FF:FF:FF:FF:FF 4/11 Authentication response Association request Association response Authentication request data De-authentication Attacker Authentication response Association request Association response Authentication request data Disassociation Attacker Disassociation Supplicant Authenticator

5 Proposed Mechanism to Prevent this Attack 1.Before PTK is generated ­defer the execution for 5 sec 2.After the PTK exchange protocol ­protected by the sequence number (SN) and KCK 5/11

6 Proposed Mechanism to Prevent this Attack 6/11

7 4-way Handshake Handshake Goals ­Confirm the possession of PMK ­Derive a fresh session key(PTK) for data transmission ­PTK = PRF{PMK, AA, SPA, ANonce, SNonce} 7/11 Supplicant(PMK) Authenticator(PMK) {AA, ANonce, SN, msg1} Derive PTK Verify MIC install PTK Verify MIC install PTK

8 DoS attack in 4-way Handshake phase 8/11 Supplicant(PMK) Authenticator(PMK) {AA, ANonce, SN, msg1} Derive PTK Verify MIC Attacker {AA, ANonce’, SN, msg1} Calculate PTK’ PTK ≠ PTK’ Verify MIC fail - > discard Timeout - > De-authentication Weak point : No protection of Message 1

9 DoS attack in 4-way Handshake phase 9/11 Supplicant(PMK)Authenticator(PMK) {AA, ANonce, SN, msg1} Derive PTK Verify MIC Attacker {AA, ANonce’, SN, msg1} Calculate PTK’ Store PTK’ & ANonce’ {AA, ANonce’’, SN, msg1} {AA, ANonce’’’, SN, msg1} memory exhaustion attack

10 Enhanced 3-way Handshake 10/11 Supplicant(PMK)Authenticator(PMK) {AA, ANonce, SN, msg1} Derive PTK Verify ANonce Derive PTK Verify MIC install PTK Verify SNonce Verify MIC install PTK Solution ­ANonce is not involved in the PTK generation PTK = PRF{PMK, AA, SPA, SNonce} ­supplicant won’t store the received ANonce Advantages ­Eliminate the memory DoS attack

11 Conclusions IEEE i standard was defined in order to overcome the vulnerabilities in WEP and WPA but still it is not secure against DoS attacks de-authentication/ disassociation attacks -hybrid mechanism 4-way Handshake attacks -Parallel instances exist => Forged Message 1 attack -Keep all states => memory exhaustion attack -Enhanced 3-way Handshake 11/11


Download ppt "Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010."

Similar presentations


Ads by Google