Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-08/0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 1 TGn LB124 – A detect and mitigate solution to the BA DoS problems.

Published byJustin MacGregor Modified over 11 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-08/0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 1 TGn LB124 – A detect and mitigate solution to the BA DoS problems."— Presentation transcript:

1 doc.: IEEE 802.11-08/0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 1 TGn LB124 – A detect and mitigate solution to the BA DoS problems Date: 2008-05-09 Authors:

2 doc.: IEEE 802.11-08/0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 2 Summary BA DoS attacks do exist Two complementary types of solution exist –Harden Prevents attack from being effective – i.e. no DoS from BA attacks (other less targeted DoS attacks still exist) May require hardware changes Requires support from both peers –Detect & Mitigate Detects attack after it has occurred Some MSDUs will be lost for each attack Effective with Draft 2.0 devices as recipient Driver-level modifications may suffice – may be capable of being retrofitted?

3 doc.: IEEE 802.11-08/0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 3 Detection Draft 2.0 recipients –An attack leaves WinStart_R in an anomalous state –A BA will be generated with a SSN that is later than the originators window. This suffices to detect the event. –But this is ineffective when the recipient uses partial state, and the partial state is flushed following the attack, but before a BA has been sent. Draft 5.0 recipients –In addition to the above, the recipient can detect an attack in a number of ways, within: scoreboard, re-ordering buffer MIC check and replay detection. –After detecting an attack, a draft 5.0 recipient sends a BA-SYNC- REQUEST frame to the originator. (Could be protected, non-real- time. Could re-use DELBA with reason BA DoS attack.)

4 doc.: IEEE 802.11-08/0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 4 Mitigation Draft 2.0 recipients –There are a number of ways to reset state, including: sending 2**12/winsize dummy data frames to push the winstart_B to a known position. (preferrred) Send a DELBA followed by ADDBA to recreate the BA agreement in a known state. –Either solution will cause the loss of up to a windows worth of data. Draft 5.0 recipients –Add a new protected management action frame BA-SYNC, which carries a new SSN. –Recipient advances the SSN to just past its current window. –Will loose up to a windows worth of data

5 doc.: IEEE 802.11-08/0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 5 Negotiation The only negotiation necessary is for the originator to know whether it is dealing with a draft 2.0 recipient or not. As the BA DoS vulnerability is not strictly a HT issue, we can add to the extended capabilities field a bit called Supports BA re-sync, which indicates support for the new BA management frames and associated behavior.

6 doc.: IEEE 802.11-08/0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 6 Straw Polls Vote yes or no for each in turn A: Do you think BA DoS is an issue we should fix in TGn? B: Do you support (in concept) a mitigation & detect (only) solution? C: Do you support (in concept) both mitigation & detect and hardening solutions? D: Do you support (in concept) only a hardening solution?

Download ppt "Doc.: IEEE 802.11-08/0562r0 Submission May 2008 Adrian Stephens, Intel CorporationSlide 1 TGn LB124 – A detect and mitigate solution to the BA DoS problems."

Similar presentations

Doc.: IEEE 802.11-08/309r0 Submission 2/8/2014 Michael Livshitz, MetalinkSlide 1 Issues With Off-channel TDLS Date: 2008-03-05 Authors:

Doc.: IEEE /309r0 Submission 2/8/2014 Michael Livshitz, MetalinkSlide 1 Issues With Off-channel TDLS Date: Authors:
Doc.: IEEE 802.11-12/0960r1 Submission July 2012 Stephen McCann, RIMSlide 1 ISD SG Closing Report Date: 2011-07-19 Authors:

Doc.: IEEE /0960r1 Submission July 2012 Stephen McCann, RIMSlide 1 ISD SG Closing Report Date: Authors:
Doc.: IEEE 802.11-07/2163r0 Submission July 2007 Cam-Winget, Smith, WalkerSlide 1 A-MPDU Security Issues Notice: This document has been prepared to assist.

Doc.: IEEE /2163r0 Submission July 2007 Cam-Winget, Smith, WalkerSlide 1 A-MPDU Security Issues Notice: This document has been prepared to assist.
A-MPDU Delimiter Changes

A-MPDU Delimiter Changes
Doc.: IEEE 802.11-08/0703r0 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Issues and Solutions to IEEE 802.11n A-MPDU Denial of Service.

Doc.: IEEE /0703r0 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Issues and Solutions to IEEE n A-MPDU Denial of Service.
Doc.: IEEE 802.11-08/0755r1 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Review of 802.11n A-MPDU DoS Issues – Progress and Status Authors:

Doc.: IEEE /0755r1 Submission March 2008 Luke Qian etc, Cisco Systems, IncSlide 1 Review of n A-MPDU DoS Issues – Progress and Status Authors:
Doc.: IEEE 802.11-08/1021r1 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: 2008-09-04 Authors:

Doc.: IEEE /1021r1 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: Authors:
Doc.: IEEE 802.11-08/0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.

Doc.: IEEE /0833r2 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.
Doc.: IEEE 802.11-08/1021r3 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: 2008-09-09 Authors:

Doc.: IEEE /1021r3 Submission September 2008 Luke Qian etc.Slide 1 A Simplified Solution For Critical A-MPDU DoS Issues Date: Authors:
Doc.: IEEE 802.19-05/0006r0 Submission March 2005 Steve Shellhammer, Intel CorporationSlide 1 What is a CA document? Notice: This document has been prepared.

Doc.: IEEE /0006r0 Submission March 2005 Steve Shellhammer, Intel CorporationSlide 1 What is a CA document? Notice: This document has been prepared.
Doc.: IEEE 802.11-08/0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.

Doc.: IEEE /0833r3 Submission July 2008 Luke Qian etc, CiscoSlide 1 A Proposed Scaled-down Solution to A- MPDU DoS Related Comments in LB 129.
Doc.: IEEE 802.11-09/0953r0 Submission Sept 2009 Adrian Stephens, Intel CorporationSlide 1 802.11 TGmb Editor Report - Sept 2009 Date: 2009-09-21 Authors:

Doc.: IEEE /0953r0 Submission Sept 2009 Adrian Stephens, Intel CorporationSlide TGmb Editor Report - Sept 2009 Date: Authors:
Doc.: IEEE 802.11-09/0953r1 Submission November 2009 Adrian Stephens, Intel CorporationSlide 1 802.11 TGmb Editor Report - Nov 2009 Date: 2009-11-03 Authors:

Doc.: IEEE /0953r1 Submission November 2009 Adrian Stephens, Intel CorporationSlide TGmb Editor Report - Nov 2009 Date: Authors:
Doc.: IEEE 802.11-09/0444r0 Submission May 2009 Adrian Stephens, Intel CorporationSlide 1 802.11 TGmb Editors Report – May 2009 Date: 2009-05-11 Authors:

Doc.: IEEE /0444r0 Submission May 2009 Adrian Stephens, Intel CorporationSlide TGmb Editors Report – May 2009 Date: Authors:
Doc.: IEEE 802.11-09/0445r0 Submission May 2009 Adrian Stephens, Intel CorporationSlide 1 802.11 TGn Editor Report May 2009 Date: 2009-05-11 Authors:

Doc.: IEEE /0445r0 Submission May 2009 Adrian Stephens, Intel CorporationSlide TGn Editor Report May 2009 Date: Authors:
Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Doc.: IEEE 802.11-10/0259r02 Submission Date: 2010-03-15 802.11ad New Technique Proposal March 2010 Yuichi Morioka, Sony CorporationSlide 1 Authors:

Doc.: IEEE /0259r02 Submission Date: ad New Technique Proposal March 2010 Yuichi Morioka, Sony CorporationSlide 1 Authors:
Doc.: IEEE 802.11-08/0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: 2008-07-13 Authors:

Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.: IEEE 802.11-10/1282r0 Submission November 2010 Eldad Perahia, Intel CorporationSlide 1 PLCP Rx Procedure Date: 2009-11-08 Authors:

Doc.: IEEE /1282r0 Submission November 2010 Eldad Perahia, Intel CorporationSlide 1 PLCP Rx Procedure Date: Authors:
Doc.: IEEE 802.11-13/0295r0 Submission PRAW Follow Up Date: 2013-3-18 Authors: March 2013.

Doc.: IEEE /0295r0 Submission PRAW Follow Up Date: Authors: March 2013.

Similar presentations

Ads by Google