Protecting Privacy in WLAN with DoS Resistance using Client Puzzle Team 7 Yanisa Akkarawichai Rohan Shah CSC 774 – Advanced Network Security Prof. Peng.

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

CSC 774 Advanced Network Security

CSC 774 Advanced Network Security

A Survey of Secure Wireless Ad Hoc Routing

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Online Security Tuesday April 8, 2003 Maxence Crossley.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security Awareness: Applying Practical Security in Your World

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

1 Wireless LAN Security Presented by Vikrant Karan.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

IEEE Wireless Local Area Networks (WLAN’s).

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From ： Proceeding of the First International Conference on Security and Privacy for.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Security and Wireless LANs Or Fun and Profit With Your Neighbor’s Bandwidth Chris Murphy MIT Information Systems.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

The Case for Public Work Wu-chang Feng, Ed Kaiser Supported by:

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.

A History of WEP The Ups and Downs of Wireless Security.

Wireless Network Security Dr. John P. Abraham Professor UTPA.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

Chapter 5 WIRELESS NETWORK SECURITY

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

Improved Access Point Selection MobiSys2006. Outline INTRODUCTION FIELD STUDY VIRGIL EVALUATION CONCLUSION.

CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Mehmud Abliz, Taieb Znati, ACSAC (Dec., 2009). Outline Introduction Desired properties Basic scheme Improvements to the basic scheme Analysis Related.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

1 A VPN based approach to secure WLAN access John Floroiu

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.

Computer Science 1 Using Directional Antennas to Prevent Wormhole Attacks Presented by: Juan Du Nov 16, 2005.

Lecture 24 Wireless Network Security

National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE

Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Your Wireless Network has No Clothes* William A. Arbaugh, Narendar Shankar Y.C. Justin Wan University of Maryland Presentation by Eddy Purnomo,

Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Dos and Don’ts of Client Authentication on the Web Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster Presented: Jesus F. Morales.

Lecture Notes Thursday Sue B. Moon.

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

Exploits Data Communications Benjamin W. Siegel VCU Information Systems.

Denial of Service Attacks and Countermeasures Analysis Dang Nguyen Duc School of Engineering ( )

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Re-evaluating the WPA2 Security Protocol

Wireless Attacks: WEP Module Type: Basic Method Module Number: 0x00

A Wireless LAN Security Protocol

Presentation transcript:

Protecting Privacy in WLAN with DoS Resistance using Client Puzzle Team 7 Yanisa Akkarawichai Rohan Shah CSC 774 – Advanced Network Security Prof. Peng Ning

Outline Overview of Security issues in Access Point Discovery Our proposed approach Security Analysis Future work

Overview of Based on the exchange of request/response messages Rely on an access point as a central node No well defined physical boundaries Exposure to malicious stations within the range widespread deployment makes based networks an attractive target for potential attackers.

Network Discovery Protocol

Security issues in Access Point Discovery Information leaks physical fingerprint of the radio transmitter logical MAC-layer fingerprint access point BSSID SSID(s) in Beacon and Probe Response willingness to associate with an SSID SSID in authentication and association exchanges TLS certificates in EAP-TLS physical location of the clients and AP association between clients and APs (implicitly associates APs with each other)

Security issues in Access Point Discovery Denial of Service Probe request Flood Authentication Attack Association Attack

Possible countermeasure MAC address spoof detection - analysis of sequence number pattern of the captured traffic Cryptographically protecting management and control frames Cryptographic (client) puzzles Protocol repair Using Neighbor Signal Threshold to determine client’s proximity Other non-cryptographic solutions – Delaying the effects of requests – Define a new interpretation of the duration field – Decreasing the retry limit

Why Client Puzzle? Before authenticating the user or committing resources, check the intent of the user/client. Guard against DoS attacks.

Desired properties of client puzzle Creating a puzzle and verifying the solution is inexpensive for the server/AP. Puzzle requires the client to perform computations. The puzzle difficulty can be easily adjusted by the AP. The puzzle can be solved on most types of client hardware. It is not possible to pre-compute solutions to the puzzles. While the client is solving the puzzle, the server does not need to store the solution or other client-specific data. If the same puzzle may be given to several clients, knowing the solution of one or more clients does not help a new client in solving the puzzle. A client can reuse a puzzle by creating several instances of it.

Proposed Approach

Security Analysis Anti- DoS attack Use of Client Puzzle requires the client to commit to resources early on and hence discourages DoS attacks. Anti- replay attack Using nonce and timestamp discourages any anti-replay attacks. Information Privacy An attacker observing the discovery protocol cannot learn the network name, but only a random generated temporary identifier (R-SSID) and is encrypted with the shared key

Security Analysis Puzzle Difficulty (k)Time Required (ms)

Security Analysis

Thank you !!! Questions?