DoS Attacks On Wireless Voice Over IP Systems By Brendon Wesley Supervisor- Noria Foukia.

Slides:

Advertisements

Similar presentations

IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card.

Advertisements

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Denial-of-Service Attacks Real Vulnerabilities and Practical Solutions John Bellardo and Stefan Savage Department of Computer Science and Engineering.

Handoff Delay for b Wireless LANs Masters Project defense Anshul Jain Committee: Dr. Henning Schulzrinne, Columbia University Dr. Zongming Fei, University.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Wireless Local Area Networks (WLAN)

Networks Olga Agnew Bryant Likes Daewon Seo.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

IEEE Wireless LAN Standard

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Romney Bake Brian Peterson Clay Stephens Michael Hatheway.

WLAN What is WLAN? Physical vs. Wireless LAN

VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.

Voice Traffic Performance over Wireless LAN using the Point Coordination Function Wei Supervisor: Prof. Sven-Gustav Häggman Instructor: Researcher Michael.

Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

Wireless LAN Advantages 1. Flexibility 2. Planning 3. Design

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

Wireless Networking.

Security Considerations for IEEE Networks Karthikeyan Mahadevan.

Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.

CWNA Guide to Wireless LANs, Second Edition

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

MAANAS GODUGUNUR SHASHANK PARAB SAMPADA KARANDIKAR.

Presented by: Dr. Munam Ali Shah

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Guided by: Jenela Prajapati Presented by: (08bec039) Nikhlesh khatra.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Wireless Router Chapter 7.

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

WEP Protocol Weaknesses and Vulnerabilities

Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

An Empirical Analysis of the IEEE MAC Layer Handoff Process Arunesh Mishra Minho Shin William Arbaugh University of Maryland,College Park,MD.

20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.

Lecture 24 Wireless Network Security

LAN Switching and Wireless Basic Switch Concepts and Configuration.

Ad Hoc Network.

Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.

Your Wireless Network has No Clothes* William A. Arbaugh, Narendar Shankar Y.C. Justin Wan University of Maryland Presentation by Eddy Purnomo,

Dependability in Wireless Networks By Mohammed Al-Ghamdi.

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.

Security in Wireless Networks Mike Swift CSE b Summer 2003.

Wireless Security Presented by Colby Carlisle. Wireless Networking Defined A type of local-area network that uses high-frequency radio waves rather than.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

Services Distribution Services (for APs) – Association – mobile stations connect themselves to base stations – Reassociation – a station may change.

Musical Instruments Connecting to a Mixer using Tal Kesari & Shimon Korenman Advisor: Dr. Chen Avin.

Wireless LAN Requirements (1) Same as any LAN – High capacity, short distances, full connectivity, broadcast capability Throughput: – efficient use wireless.

IEEE Wireless LAN Standard

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Wireless LANs.

CSE 4905 Network Security Overview

Wireless LAN Security 4.3 Wireless LAN Security.

Seminar class presentation Student: Chuming Chen & Xinliang Zheng

WLAN Security Antti Miettinen.

Antti Miettinen (modified by JJ)

Presentation transcript:

DoS Attacks On Wireless Voice Over IP Systems By Brendon Wesley Supervisor- Noria Foukia

Abstract As converged wireless networks become increasingly widespread, there is an assumption that such systems now have strong confidentiality and reliability. While the flaws in WiFi confidentiality mechanisms namely ‘WEP’ have been highly documented, the concern of reliability has gone reasonably unnoticed. The reliability flaws in WiFi are still evident in the majority of today's WiFi devices. IEEE standard resolving this weakness will not be released until This paper Outlines various DoS attacks used on networks and demonstrates a proof of concept implementation as to how effective they are against a VoIP call.

Quality of Service (QoS) Quality of service (QoS) is a general term that is used to describe a number of metrics that themselves describe a specific measure of performance in a network or service. The QoS of a system is determined by four main factors: Latency – 150ms one way delay Jitter – time varying wireless channel Packet loss – 3% maximum for VoIP Bandwidth – Depends on security, codec's etc. N.B - Paper Address other QoS considerations in the specification. (MAC layer of )

Denial of service attacks A denial of service attack ( DoS) is used to overload the victims resources to an extent that it can no longer provide a service to authentic clients. wVoIP is extremely vulnerable to DoS attacks because access to the transmission medium is open to anybody with hardware. Because real-time traffic such as VoIP and video conferencing media is intolerable of even small delays it is relatively easy to disrupt the service long enough to make it unacceptable for the users.

management frames a/b/g management frames are used to initiate, manage or discontinue communication between two clients ( in ad-hoc mode) or between client's and Access Points (infrastructure mode). They are not confidential! and not authenticated! Security mechanisms such as WEP, WPA and WPA2 currently provide security services only for data frames, leaving management frames in a readable and forgeable state. This is a major flaw!

State of Connection As specified by the Medium Access Control (MAC) and Physical Layer (PHY) Specifications in IEEE A client within a infrastructure network may be in 1 of 3 states at a time. 1-Unauthenticated and Unassociated. 2-Authenticated and unassociated. 3-Authenticated and associated.

Types of management frames Authentication Frame Authentication provides a way for stations to identify themselves to an AP. It is then the AP’s job to decide if authentication will be granted to the client or not. Open system or shared key.

Authentication Attack. During the authentication process there are a number of packets that need to be exchanged between a client and the AP. A buffer is used to temporarily hold this information while authentication is taking place. Because the size of the buffer limits the number of authentication requests that the AP can process at any one time, it is possible to flood authentication frames to the AP with a pool of random MAC source addresses.

Deauthentication Frame If a client or AP wishes to exit the authenticated state, either party may transmit a deauthentication frame. This causes the device(s) to exit the authenticated-associated state and terminate all further communications. This frame is rather a notification of the clients or access points intention opposed to a request

De authentication attack A de authentication frame will also disassociate the station. This is because a client cannot be associated without being authenticated as specified by one of the three rules above. This message can be used by an attacker masquerading as either the client or AP and send one of these frames by spoofing the Source Address of the device. The client or AP will immediately discontinue communication with the other.

Association request Frame After a client has successfully authenticated with one or more access points, it needs to associate with it in order to utilize its services. An association frame is sent to the AP specifying parameters such as supported data rates and more importantly the SSID of the AP. Disassociation frame A disassociation frame is used by a client or AP to effectively stop communication. This frees up the resources used to maintain the communication. It gives the client the capacity to migrate to a neighboring AP in the same BSS with minimal delay.

Disassociation flooding attack The disassociation attack operates on a very similar principle to the deauthentication attack. In this case a disassociation frame is sent to the AP or client by an attacker (by spoofing the client and AP MAC addresses). This will make an AP believe that the client has sent a disassociation frame and wishes to disassociate. Client will attempt to maintain communication so will re-associate. The attacker will continuously send disassociation frames to the AP to keep it in the disassociated state.

My Implementation Access Point: D-Link Airplus Xtreme G wireless router. Client 1: Compaq Laptop (windows XP) with Enterasys g wireless network adapter. Client 2: Compaq Laptop (Windows XP) with Linksys g USB wireless network adapter Attacker: Insite PC (Linux Kernel Fedora Core 5) Sniffer: HP Laptop (Windows XP) running Ethereal and airodump-ng

Aireplay-ng

Ethereal Packet Capture

DoS attack

Protection For sensitive management frames w (task group w) is an IEEE standard that is due for release in April 2008 to provide a degree of protection for management frames. Extend the functionality of i (WPA2) to provide encryption and integrity not only for data frames but some types of management frames as well.

Management Frame

Recommendations Utilise a timer when a station sends a deauthentication frame to the access point. Within a certain time period if the station sends data frames to the AP then it will not deauthenticate the station and assume an attack has occurred. Week form of protection which is not practical to implement. Hard to modify firmware of devices! Contacted RoamAD (converged voice/data networks) how their commercial WiFi networks were protected. Very surprised to find that not many companies do much outside of the spec. as lack of interoperability between systems and platforms, incompatible hardware, difficult upgrades of software and hardware. Wait until w!

What else is in the report? Security in VoIP Frequency jamming WiMax Management frames WiFi VoIP networks in new Zealand. A threat to 3G?? What do commercial wLAN providers do to mitigate the affects of DoS attacks on VoIP in NZ? Bottleneck at crypto engine (IPsec)

Acknowledgments Noria Foukia (Supervisor) Cameron Kerr (Linux Guru) Da Deng (Acting H.O.D)