Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.

Published byElaine Laine Modified over 9 years ago

Similar presentations

Presentation on theme: "Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010."— Presentation transcript:

1 Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010 Author : Li Wang, Balasubramaniam Srinivasan Reporter : Ming-Chieh Lee Date : 2013/10/07

2 Outline Introduction of IEEE 802.11i Standard DoS attack -De-authentication / Disassociation Attacks -DoS attacks to 4-way handshakes Conclusion 2/11

3 IEEE 802.11i Standard IEEE 802.11i : A security standard of 802.11 series WLAN RSN (Robust Security Network) Supplicant, Authenticator, Authentication Server RSNA Establishment Procedures ­Network and Security Capability Discovery ­802.11 Open System Authentication and Association ­EAP/802.1X/RADIUS Authentication ­4-Way Handshake ­Group Key Handshake ­Secure Data Communications 3/11

4 De-authentication/ Disassociation Attacks management frames are unprotected all WLAN users can be disconnected by broadcasting the frame by setting the destination address as FF:FF:FF:FF:FF:FF 4/11 Authentication response Association request Association response Authentication request data De-authentication Attacker Authentication response Association request Association response Authentication request data Disassociation Attacker Disassociation Supplicant Authenticator

5 Proposed Mechanism to Prevent this Attack 1.Before PTK is generated ­defer the execution for 5 sec 2.After the PTK exchange protocol ­protected by the sequence number (SN) and KCK 5/11

6 Proposed Mechanism to Prevent this Attack 6/11

7 4-way Handshake Handshake Goals ­Confirm the possession of PMK ­Derive a fresh session key(PTK) for data transmission ­PTK = PRF{PMK, AA, SPA, ANonce, SNonce} 7/11 Supplicant(PMK) Authenticator(PMK) {AA, ANonce, SN, msg1} Derive PTK Verify MIC install PTK Verify MIC install PTK

8 DoS attack in 4-way Handshake phase 8/11 Supplicant(PMK) Authenticator(PMK) {AA, ANonce, SN, msg1} Derive PTK Verify MIC Attacker {AA, ANonce’, SN, msg1} Calculate PTK’ PTK ≠ PTK’ Verify MIC fail - > discard Timeout - > De-authentication Weak point : No protection of Message 1

9 DoS attack in 4-way Handshake phase 9/11 Supplicant(PMK)Authenticator(PMK) {AA, ANonce, SN, msg1} Derive PTK Verify MIC Attacker {AA, ANonce’, SN, msg1} Calculate PTK’ Store PTK’ & ANonce’ {AA, ANonce’’, SN, msg1} {AA, ANonce’’’, SN, msg1} memory exhaustion attack

10 Enhanced 3-way Handshake 10/11 Supplicant(PMK)Authenticator(PMK) {AA, ANonce, SN, msg1} Derive PTK Verify ANonce Derive PTK Verify MIC install PTK Verify SNonce Verify MIC install PTK Solution ­ANonce is not involved in the PTK generation PTK = PRF{PMK, AA, SPA, SNonce} ­supplicant won’t store the received ANonce Advantages ­Eliminate the memory DoS attack

11 Conclusions IEEE 802.11i standard was defined in order to overcome the vulnerabilities in WEP and WPA but still it is not secure against DoS attacks de-authentication/ disassociation attacks -hybrid mechanism 4-way Handshake attacks -Parallel instances exist => Forged Message 1 attack -Keep all states => memory exhaustion attack -Enhanced 3-way Handshake 11/11

Download ppt "Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010."

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
IEEE 802.11i: A Retrospective Bernard Aboba Microsoft March 2004.

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
Analysis of the 802.11i 4-Way Handshake Changhua He, John C Mitchell Stanford University WiSE, Oct. 1, 2004.

Analysis of the i 4-Way Handshake Changhua He, John C Mitchell Stanford University WiSE, Oct. 1, 2004.
Doc.: IEEE 802.11-10/0560r0 Submission May 2010 Ashish Shukla, MarvellSlide 1 TDLS TPK Handshake Date: 2010-05-15 Authors:

Doc.: IEEE /0560r0 Submission May 2010 Ashish Shukla, MarvellSlide 1 TDLS TPK Handshake Date: Authors:
CN8816: Network Security 1 Security in Wireless LAN 802.11i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
Analysis of the 802.11i 4-Way Handshake Changhua He, John C Mitchell 2004 ACM International Workshop on Wireless Security (WiSe'04) Sang-Rok Kim Dependable.

Analysis of the i 4-Way Handshake Changhua He, John C Mitchell 2004 ACM International Workshop on Wireless Security (WiSe'04) Sang-Rok Kim Dependable.
Security Analysis and Improvements for IEEE i

Security Analysis and Improvements for IEEE i
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
TGai FILS Authentication Protocol

TGai FILS Authentication Protocol
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Security Analysis and Improvements for IEEE 802.11i Changhua He, John C Mitchell Stanford University NDSS’05, Feb. 03, 2005.

Security Analysis and Improvements for IEEE i Changhua He, John C Mitchell Stanford University NDSS’05, Feb. 03, 2005.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
研 究 生:蔡憲邦 指導教授:柯開維 博士 Design of Efficient and Secure Multiple Wireless Mesh Network 具安全性及自我組織能力的 無線網狀網路.

研 究 生:蔡憲邦 指導教授:柯開維 博士 Design of Efficient and Secure Multiple Wireless Mesh Network 具安全性及自我組織能力的 無線網狀網路.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.

Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
802.11i Wireless Networking Authentication Protocol J. Mitchell CS 259.

802.11i Wireless Networking Authentication Protocol J. Mitchell CS 259.

Similar presentations

Ads by Google