skip to main content
10.1145/1352533.1352541acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
research-article

Wireless client puzzles in IEEE 802.11 networks: security by wireless

Published: 31 March 2008 Publication History

Abstract

Resource-depletion attacks against IEEE 802.11 access points (APs) are commonly executed by flooding APs with fake authentication requests. Such attacks may exhaust an AP's memory resources and result in denied association service, thus enabling more sophisticated impersonation attacks accomplished by rogue APs.
This work introduces the concept of wireless client puzzles, a protection method which assists an AP to preserve its resources by discarding fake requests, while allowing legitimate clients to successfully join the network. Rather than conditioning a puzzle's solution on computational resources of highly heterogeneous clients, the puzzles utilize peculiarities of a wireless environment such as broadcast communication and signal propagation which provide more invariant properties. Using an implementation of the proposed scheme, we demonstrate its effectiveness within a realistic scenario. Based on the insights from the implementation a simulation is used to extend the threat model and to scale up the scenario. Simulations verify our implementation results and show that the impact of flooding rate is decreased by 75% even if an attacker changes its position or manipulates its signal strength, while ≈ 90% of the legitimate stations are still able to successfully associate during an attack.

References

[1]
OmNeT++: Discrete Event Simulation System http://www.omnetpp.org/.
[2]
M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately Hard, Memory-bound Functions. ACM Transactions on Internet Technology, 5(2):299--327, May 2005.
[3]
T. Aura, P. Nikander, and J. Leiwo. DOS-Resistant Authentication with Client Puzzles. In Revised Papers from the 8th International Workshop on Security Protocols, pages 170--177, 2001.
[4]
Claude Castelluccia and Pars Mutaf. Shake them up!: A Movement-based Pairing Protocol for CPU-constrained Devices. In MobiSys '05: Proceedings of the 3rd international conference on Mobile systems, Applications, and Services, pages 51--64, 2005.
[5]
M. Demirbas and Y. Song. An RSSI-based Scheme for Sybil Attack Detection in Wireless Sensor Networks. In WOWMOM '06: Proceedings of the 2006 International Symposium on World of Wireless, Mobile and Multimedia Networks, pages 564--570, June 2006.
[6]
D. B. Faria and D. R. Cheriton. Detecting Identity-based Attacks in Wireless Networks using Signalprints. In WiSe '06: Proceedings of the 5th ACM workshop on Wireless Security, pages 43--52, September 2006.
[7]
R. Floeter. README file of void11 - Wireless LAN Security Framework. http://www.wlsec.net/void11.
[8]
L. E. Holmquist, F. Mattern, B. Schiele, P. Alahuhta, M. Beigl, and H.-W. Gellersen. Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts. In UbiComp '01: Proceedings of the 3rd international conference on Ubiquitous Computing, pages 116--122, September 2001.
[9]
A. Juels and J. Brainard. Client Puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks. In Proceedings of the Network and Distributed Security Systems (NDSS'99), pages 151--165. IEEE Computer Society, February 1999.
[10]
M. C. Lee and Chun-Kan Fung. A Public-key based Authentication and Key Establishment Protocol coupled with a Client Puzzle. J. Am. Soc. Inf. Sci. Technol., 54(9):810--823, 2003.
[11]
J. Leiwo, T. Aura, and P. Nikander. Towards Network Denial of Service Resistant Protocols. In Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures, pages 301--310, August 2000.
[12]
I. Martinovic, F. A. Zdarsky, A. Bachorek, C. Jung, and J. B. Schmitt. Phishing in the Wireless: Implementation and Analysis. In Proceedings of the 22nd IFIP International Information Security Conference (SEC 2007), pages 145--156, May 2007.
[13]
I. Martinovic, F. A. Zdarsky, and J. B. Schmitt. Regional-based Authentication Against DoS Attacks in Wireless Networks. In Q2SWinet '07: Proceedings of the 3rd ACM Workshop on QoS and Security for Wireless and Mobile Networks, pages 176--179, September 2007.
[14]
J. Mirkovic and P. Reiher. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. SIGCOMM Computer Communication Review (CCR), 34(2), 2004.
[15]
A. Perrig, R. Canetti, D. Tygar, and D. Song. The TESLA Broadcast Authentication Protocol. Cryptobytes, Volume 5, No. 2 (RSA Laboratories, Summer/Fall 2002), pp. 2--13. Available at www.rsa.com/rsalabs/cryptobytes/cryptobytes_v5n2.pdf.
[16]
F. Stajano and R. Anderson. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In Proceedings of the 7th International Workshop on Security Protocols, pages 172--194, April 2000.
[17]
A. Varshavsky, A. LaMarca, and E. de Lar. Enabling Secure and Spontaneous Communication between Mobile Devices using Common Radio Environment. In Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications, February 2007.
[18]
M. Čagalj, S. Čapkun, R. Rengaswamy, I. Tsigkogiannis, M. Srivastava,and J.-P. Hubaux. Integrity (I) Codes: Message Integrity Protection and Authentication Over Insecure Channels. In SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pages 280--294, May 2006.
[19]
S. Čapkun, R. Rengaswamy, I. Tsigkogiannis, and M. Srivastava. Implications of Radio Fingerprinting on the Security of Sensor Networks. In Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks, September 2007.

Cited By

View all
  • (2018)Proof of Work Without All the WorkProceedings of the 19th International Conference on Distributed Computing and Networking10.1145/3154273.3154333(1-10)Online publication date: 4-Jan-2018
  • (2017)Analysis of the Impact of AuthRF and AssRF Attacks on IEEE 802.11e-based Access PointMobile Networks and Applications10.1007/s11036-016-0753-122:5(834-843)Online publication date: 1-Oct-2017
  • (2012)Wireless vulnerability of SCADA systemsProceedings of the 50th annual ACM Southeast Conference10.1145/2184512.2184590(331-332)Online publication date: 29-Mar-2012
  • Show More Cited By

Index Terms

  1. Wireless client puzzles in IEEE 802.11 networks: security by wireless

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      WiSec '08: Proceedings of the first ACM conference on Wireless network security
      March 2008
      234 pages
      ISBN:9781595938145
      DOI:10.1145/1352533
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 31 March 2008

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. client puzzles
      2. denial-of-service (DoS)
      3. impersonation attacks
      4. wireless security

      Qualifiers

      • Research-article

      Conference

      WISEC '08
      Sponsor:
      WISEC '08: First ACM Conference on Wireless Network Security
      March 31 - April 2, 2008
      VA, Alexandria, USA

      Acceptance Rates

      Overall Acceptance Rate 98 of 338 submissions, 29%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)2
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 16 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2018)Proof of Work Without All the WorkProceedings of the 19th International Conference on Distributed Computing and Networking10.1145/3154273.3154333(1-10)Online publication date: 4-Jan-2018
      • (2017)Analysis of the Impact of AuthRF and AssRF Attacks on IEEE 802.11e-based Access PointMobile Networks and Applications10.1007/s11036-016-0753-122:5(834-843)Online publication date: 1-Oct-2017
      • (2012)Wireless vulnerability of SCADA systemsProceedings of the 50th annual ACM Southeast Conference10.1145/2184512.2184590(331-332)Online publication date: 29-Mar-2012
      • (2012)Secure client puzzles based on random beaconsProceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II10.1007/978-3-642-30054-7_15(184-197)Online publication date: 21-May-2012
      • (2009)Jamming for goodProceedings of the second ACM conference on Wireless network security10.1145/1514274.1514298(161-168)Online publication date: 16-Mar-2009
      • (2009)Counter-FloodingProceedings of the 2009 Fifth International Conference on Networking and Services10.1109/ICNS.2009.88(376-382)Online publication date: 20-Apr-2009
      • (2009)Fast track articlePervasive and Mobile Computing10.1016/j.pmcj.2009.03.0025:5(510-525)Online publication date: 1-Oct-2009
      • (2009)Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networksComputer Standards & Interfaces10.1016/j.csi.2008.09.03831:5(931-941)Online publication date: 1-Sep-2009
      • (2009)Turning the Tables: Using Wireless Communication Against an AttackerKommunikation in Verteilten Systemen (KiVS)10.1007/978-3-540-92666-5_17(205-216)Online publication date: 2009
      • (2009)Chaotic communication improves authentication: protecting WSNs against injection attacksSecurity and Communication Networks10.1002/sec.942:2(117-132)Online publication date: 14-Jan-2009
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media