Ivan Martinovic
Matthias Wilhelm
ABSTRACT
Resource-depletion attacks against IEEE 802.11 access points (APs) are commonly executed by flooding APs with fake authentication requests. Such attacks may exhaust an AP's memory resources and result in denied association service, thus enabling more sophisticated impersonation attacks accomplished by rogue APs.
This work introduces the concept of wireless client puzzles, a protection method which assists an AP to preserve its resources by discarding fake requests, while allowing legitimate clients to successfully join the network. Rather than conditioning a puzzle's solution on computational resources of highly heterogeneous clients, the puzzles utilize peculiarities of a wireless environment such as broadcast communication and signal propagation which provide more invariant properties. Using an implementation of the proposed scheme, we demonstrate its effectiveness within a realistic scenario. Based on the insights from the implementation a simulation is used to extend the threat model and to scale up the scenario. Simulations verify our implementation results and show that the impact of flooding rate is decreased by 75% even if an attacker changes its position or manipulates its signal strength, while ≈ 90% of the legitimate stations are still able to successfully associate during an attack.
- OmNeT++: Discrete Event Simulation System http://www.omnetpp.org/.Google Scholar
- M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately Hard, Memory-bound Functions. ACM Transactions on Internet Technology, 5(2):299--327, May 2005. Google ScholarDigital Library
- T. Aura, P. Nikander, and J. Leiwo. DOS-Resistant Authentication with Client Puzzles. In Revised Papers from the 8th International Workshop on Security Protocols, pages 170--177, 2001. Google ScholarDigital Library
- Claude Castelluccia and Pars Mutaf. Shake them up!: A Movement-based Pairing Protocol for CPU-constrained Devices. In MobiSys '05: Proceedings of the 3rd international conference on Mobile systems, Applications, and Services, pages 51--64, 2005. Google ScholarDigital Library
- M. Demirbas and Y. Song. An RSSI-based Scheme for Sybil Attack Detection in Wireless Sensor Networks. In WOWMOM '06: Proceedings of the 2006 International Symposium on World of Wireless, Mobile and Multimedia Networks, pages 564--570, June 2006. Google ScholarDigital Library
- D. B. Faria and D. R. Cheriton. Detecting Identity-based Attacks in Wireless Networks using Signalprints. In WiSe '06: Proceedings of the 5th ACM workshop on Wireless Security, pages 43--52, September 2006. Google ScholarDigital Library
- R. Floeter. README file of void11 - Wireless LAN Security Framework. http://www.wlsec.net/void11.Google Scholar
- L. E. Holmquist, F. Mattern, B. Schiele, P. Alahuhta, M. Beigl, and H.-W. Gellersen. Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts. In UbiComp '01: Proceedings of the 3rd international conference on Ubiquitous Computing, pages 116--122, September 2001. Google ScholarDigital Library
- A. Juels and J. Brainard. Client Puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks. In Proceedings of the Network and Distributed Security Systems (NDSS'99), pages 151--165. IEEE Computer Society, February 1999.Google Scholar
- M. C. Lee and Chun-Kan Fung. A Public-key based Authentication and Key Establishment Protocol coupled with a Client Puzzle. J. Am. Soc. Inf. Sci. Technol., 54(9):810--823, 2003. Google ScholarDigital Library
- J. Leiwo, T. Aura, and P. Nikander. Towards Network Denial of Service Resistant Protocols. In Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures, pages 301--310, August 2000. Google ScholarDigital Library
- I. Martinovic, F. A. Zdarsky, A. Bachorek, C. Jung, and J. B. Schmitt. Phishing in the Wireless: Implementation and Analysis. In Proceedings of the 22nd IFIP International Information Security Conference (SEC 2007), pages 145--156, May 2007.Google ScholarCross Ref
- I. Martinovic, F. A. Zdarsky, and J. B. Schmitt. Regional-based Authentication Against DoS Attacks in Wireless Networks. In Q2SWinet '07: Proceedings of the 3rd ACM Workshop on QoS and Security for Wireless and Mobile Networks, pages 176--179, September 2007. Google ScholarDigital Library
- J. Mirkovic and P. Reiher. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. SIGCOMM Computer Communication Review (CCR), 34(2), 2004. Google ScholarDigital Library
- A. Perrig, R. Canetti, D. Tygar, and D. Song. The TESLA Broadcast Authentication Protocol. Cryptobytes, Volume 5, No. 2 (RSA Laboratories, Summer/Fall 2002), pp. 2--13. Available at www.rsa.com/rsalabs/cryptobytes/cryptobytes_v5n2.pdf.Google Scholar
- F. Stajano and R. Anderson. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In Proceedings of the 7th International Workshop on Security Protocols, pages 172--194, April 2000. Google ScholarDigital Library
- A. Varshavsky, A. LaMarca, and E. de Lar. Enabling Secure and Spontaneous Communication between Mobile Devices using Common Radio Environment. In Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications, February 2007. Google ScholarDigital Library
- M. Čagalj, S. Čapkun, R. Rengaswamy, I. Tsigkogiannis, M. Srivastava,and J.-P. Hubaux. Integrity (I) Codes: Message Integrity Protection and Authentication Over Insecure Channels. In SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pages 280--294, May 2006. Google ScholarDigital Library
- S. Čapkun, R. Rengaswamy, I. Tsigkogiannis, and M. Srivastava. Implications of Radio Fingerprinting on the Security of Sensor Networks. In Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks, September 2007.Google Scholar
Index Terms
- Wireless client puzzles in IEEE 802.11 networks: security by wireless
Recommendations
The Feasibility of Launching Reduction of Quality (RoQ) Attacks in 802.11 Wireless Networks
ICPADS '08: Proceedings of the 2008 14th IEEE International Conference on Parallel and Distributed SystemsIn this paper, we discuss wireless Reduction of Quality (RoQ) attacks against the transmission control protocol (TCP). RoQ attacks can dramatically degrade the TCP performance with a less number of wireless jamming attacking packets, which makes them ...
The Moderately Hard DoS-Resistant Authentication Protocol on Client Puzzles
Denial-of-service (DoS) attacks against server resources exhaustion are a major security threat to the Internet. A number of defense mechanisms have been proposed against such attacks. Recently, Aura et al. proposed a solution to resist DoS attacks ...
Defending Web Services against Denial of Service Attacks Using Client Puzzles
ICWS '11: Proceedings of the 2011 IEEE International Conference on Web ServicesThe interoperable and loosely-coupled web services architecture, while beneficial, can be resource-intensive, and is thus susceptible to denial of service (DoS) attacks in which an attacker can use a relatively insignificant amount of resources to ...
Comments