Doc.: IEEE 802.11-08/1021r3 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: 2008-09-09 Authors:

Slides:



Advertisements
Similar presentations
Doc.: IEEE /309r0 Submission 2/8/2014 Michael Livshitz, MetalinkSlide 1 Issues With Off-channel TDLS Date: Authors:
Advertisements

Doc.: IEEE /300R0 Submission May 2002 Terry Cole, AMDSlide 1 Slides to Assist with Joint Meeting of TgE and TgG Terry Cole AMD Fellow
Doc.: IEEE /0465r0 Submission March 2011 Mark RISON, CSRSlide 1 A-MPDUs with U-APSD Authors:
Doc.: IEEE /2163r0 Submission July 2007 Cam-Winget, Smith, WalkerSlide 1 A-MPDU Security Issues Notice: This document has been prepared to assist.
A-MPDU Delimiter Changes
Doc.: IEEE /0703r0 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Issues and Solutions to IEEE n A-MPDU Denial of Service.
Doc.: IEEE /0755r1 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Review of n A-MPDU DoS Issues – Progress and Status Authors:
Doc.: IEEE /1021r1 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: Authors:
Doc.: IEEE /0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 1 TGn LB124 – A detect and mitigate solution to the BA DoS problems.
Doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.
Doc.: IEEE /0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.
Doc.: IEEE /0026r0 Submission Dec Luke Qian, Doug Smith Cisco Systems, IncSlide 1 BA Reordering for A-MPDU Notice: This document has been.
Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.:IEEE /0859r0 July 2012 Simone Merlin, Qualcomm Inc Short Block Ack Date: Authors:
Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
Doc.: IEEE /0074r0 Submission NDP Type PS-Poll Frame Follow-Up Date: Authors: Slide 1Young Hoon Kwon, Huawei.
Doc.: IEEE /1521r2 Submission January 2012 Marc Emmelmann, FOKUSSlide 1 AP and Network Discovery Enhancements Date: Authors:
Doc.: IEEE /0640r0 Submission Jun Li, Thomson Inc..Slide 1 Requirements and Implementations for Intra-flow/Intra-AC DiffServ Date:
Doc.: r0-I Submission July 22, 2003 Paul Lambert, Airgo NetworksSlide 1 Enabling Encryption in Hotspots by Decoupling the Privacy Field from.
Submission doc.: IEEE /0328r0 Nokia Internal Use Only March 2012 Slide 1 Date: Authors: PS-Poll Enhancements Chittabrata Ghosh, Nokia.
PS-Poll TXOP Using RTS/CTS Protection
Doc. : IEEE /0411r1 TGac Submission Selective Segment Retransmission of VHT Compressed Beamforming Date: Slide 1 Authors: Illsoo Sohn,
Doc.:IEEE /xxxxr0 Submission Nov. 8, 2010 Notification on Change of BW & Rx Nss Joshua Zhao, et al1 Date: Authors:
Doc.:IEEE /0037r0 Submission Jan. 17, 2011 Yong Liu, MarvellSlide 1 BW Indication in Non-HT Frames Date: Authors:
Doc.: IEEE /1277r0 Submission MU-MIMO support for Heterogeneous Devices Date: Authors: Nov 2010 Slide 1Byeongwoo Kang, LG Electronics.
Slide 1 doc.: IEEE /1092r0 Submission Simone Merlin, Qualcomm Incorporated September 2010 Slide 1 ACK Protocol and Backoff Procedure for MU-MIMO.
Doc.: IEEE /2439r0 Submission September 2007 L.Chu Etc.Slide 1 Forwarding at Intermediate and Destination Mesh Points (MP) using 6-Address Scheme.
Doc.: IEEE /1434r0 Submission November 2013 Slide 1 CID 1376: NDP BlockAck Bitmap Protection Date: Authors: Alfred Asterjadhi, et.
Doc.: IEEE /0094r2 Submission Jan 2012 Slide 1 Authors: MAC Header Design for Small Data Packet for ah Date: Lv kaiying, ZTE.
Doc.: IEEE /0840r1 Submission AP Assisted Medium Synchronization Date: Authors: September 2012 Minyoung Park, Intel Corp.Slide 1.
Submission doc.: IEEE /1289r2 Michelle Gong, IntelSlide 1 RTS/CTS Operation for Wider Bandwidth Date: Authors: Nov
Doc.: IEEE /0079r0 Submission Interference Signalling Enhancements Date: xx Mar 2010 Allan Thomson, Cisco SystemsSlide 1 Authors:
Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
Doc.:IEEE /0313r1 Submission Robert Stacey (Intel) March 12, 2010 Slide 1 Rekeying Protocol Fix Authors: Date:
Doc.: IEEE /250r0 Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: IEEE :
Doc.: IEEE /0150r11 Submission July 2015 Ganesh Venkatesan (Intel Corporation)Slide 1 GCR using SYNRA for GLK Date: Authors:
Doc.: IEEE /0615r0 Submission May 2008 Naveen K. Kakani, Nokia IncSlide 1 Multicast Transmission in WLAN Date: Authors:
Flow control for EDMG devices
Flow control for EDMG devices
Requirements and Implementations for Intra-flow/Intra-AC DiffServ
Requirements and Implementations for Intra-flow/Intra-AC DiffServ
May 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Considerations on general MAC frame] Date Submitted:
Block Ack Security Authors: May 2008 Date: May 2008
Multicast/Broadcast Communication With Acknowledge
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Improved Delayed ACK response Frame for.
Traffic Class Control in MBSS
Beacon Protection Date: Authors: July 2018 July 2018
GAPA - Efficient, More Reliable Multicast
July 2008 doc.: IEEE /0833r0 July 2008 A Proposed Scale-down Solution to A-MPDU DoS Related Comments in LB 129 Date: Authors: Luke.
<month year> <doc.: IEEE doc> September 2010
A Simplified Solution For Critical A-MPDU DoS Issues
CID#89-Directed Multicast Service (DMS)
Block Ack Security Date: Authors: May 2008 May 2008
Rekeying Protocol Fix Date: Authors: Month Year
Group Block Acknowledgements for Multicast Traffic
May 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Considerations on general MAC frame] Date Submitted:
A Simplified Solution For Critical A-MPDU DoS Issues
Requirements and Implementations for Intra-flow/Intra-AC DiffServ
Beacon Protection Date: Authors: July 2018 July 2018
WUR Security Proposal Date: Authors: September 2017
WUR Security Proposal Date: Authors: September 2017
Interference Signalling Enhancements
Requirements and Implementations for Intra-flow/Intra-AC DiffServ
More Reliable GroupCast Proposal Presentation
GCR using SYNRA for GLK Date: Authors: July 2015 Month Year
Review of n A-MPDU DoS Issues – Progress and Status
Unsolicited Block ACK Extension
Traffic Filter based Wakeup Service
July 2008 doc.: IEEE /0833r0 July 2008 A Proposed Scale-down Solution to A-MPDU DoS Related Comments in LB 129 Date: Authors: Luke.
Discussion on Multi-link Acknowledgement
Presentation transcript:

doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: Authors:

doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 2 Abstract Current operation rules for A-MPDU and BAR facilitate a number of Denial of Service (DoS) attacks as presented in /0703r0. This submission proposes a simplified solution to mitigate the most damaging and easiest-to-launch ones.

doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 3 Overview for the Issues Per current 11n A-MPDU/BA rules, advanced SN in data frames or BAR can advance the left edge of the BA re-ordering buffer on the receiver. However, –BAR is a control frame which is not encrypted, nor has any authentication information –SN in a data frame is not protected with encryption. As a result, a receiver running BA can be exposed to DoS attacks by rogue devices which move the receiver BA reordering buffer with falsely advanced SN, potentially causing subsequent valid frames to be discarded Such identified DoS attacks include: (Ref /0703) 1)Forged packets with advanced Sequence Numbers (SN) 2)Captured and Replayed packets with modified SN. 3)Captured and Replayed packets with advanced SN without modification. 4)False Block ACK Request (BAR) with advanced SN. 5)False BA to prevent retransmission. They can cause severe performance degradation, such as drop of voice calls, lost connection for TCP traffic etc.

doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 4 Uniqueness of the DoS Issues Hit-and-run type of attack as only one packet is needed to cause the DoS. So an attacker does not need to be at the spot to launch attacks persistently, making it hard to identify or catch the attackers. Significantly long period of DoS for a single attack At the order of tens of seconds. Can cause disassociations or dropped sessions, especially problematic for tcp sessions and voice connections A regular DoS, CTS with excessive NAV setting for example, can only cause a DoS for a period of tens of ms, several order of magnitudes less than that of an A-MPDU DoS, and will have to repeatedly launch the attacks.

doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 5 The Proposed Approach The proposed solution focuses on one of the two easiest- to-launch DoS for a better acceptance in TGn: False Block ACK Request (BAR) with advanced SN. Note 1- The another is Forged packets with advanced Sequence Numbers (SN), addressed by switching the blocks of BA reordering and decryption Note2 - Both are fire and forget attacks whereby an attacker need nothing but a single packet to launch a DoS.

doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 6 A Simpler Solution Introduce a capability bit to signal the protection for backward compatibility Transmitter rules: –Never sends BAR with a SN which would cause the receiver to advance the left edge over a hole –Sends an 11w type of encrypted management action frame, the protected ADDBA, to advance the left edge of the receiver window over a hole when needed. Overload the existing ADDBA request frame ADDBA request already contains all the required information Only need to allow an ADDBA request to be used during an established BA session to move the left edge of receiver window Receiver rules: –On receiving a BAR which advances the left edge of receiver window over a hole, drop the BAR and flag a DoS attack (immediate detection of attack upon receipt of just one frame from attacker), and tear down BA session to minimize disruption –On receiving a protected ADDBA for an established BA session, adjust the left edge as requested.

doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 7 A Capability Bit for Negotiation: RSN Element changes A bit for signaling the capability: PBAC – Protected BAR Capable –Indicates capability to perform modified BAR rules and decryption ordering If both STA advertise PBAC=1, then PBAC SHALL be used –If at least one STA of a pair advertises PBAC=0, then PBA SHALL NOT be used –STA that supports PBAC must also indicate TGw (e.g. dot11RSNAProtectedManagementFramesEnabled) Pre-Auth PTKSA Replay Counter GTKSA Replay Counter Reserved No Pairwise PeerKey Enabled PBAC SPP A-MSDU Capable & Required Resv B0B1B2B3B4B5B6B8B9B10B11B12B13B15 Modified RSN Capabilities subfield of the RSN Element

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.