DoS Attacks against IEEE 80211i Standard Networks Security Wireless Communications and Trusted ComputingNSWCTC 2010 Author Li Wang Balasubramaniam Srinivasan Reporter Ming Chieh ID: 218124
Download Presentation The PPT/PDF document "Analysis and Improvements over" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard
Networks Security, Wireless Communications and Trusted Computing(NSWCTC) , 2010
Author : Li Wang
,
Balasubramaniam
Srinivasan
Reporter : Ming-
Chieh
Lee
Date : 2013/10/07Slide2
Outline
Introduction of IEEE 802.11i Standard DoS attack De-authentication / Disassociation AttacksDoS attacks to 4-way handshakes Conclusion
2
/11Slide3
IEEE 802.11i Standard
IEEE 802.11i : A security standard of 802.11 series WLAN
RSN (Robust Security Network) Supplicant, Authenticator , Authentication Server RSNA Establishment Procedures Network and Security Capability Discovery802.11 Open System Authentication and AssociationEAP/802.1X/RADIUS Authentication
4-Way Handshake
Group Key Handshake
Secure Data Communications
3
/11Slide4
De-authentication/ Disassociation Attacks
management frames are unprotected
all WLAN users can be disconnected by broadcasting the frame by setting the destination address as FF:FF:FF:FF:FF:FF 4/11
Authentication response
Association request
Association response
Authentication request
data
De-authentication
De-authentication
Attacker
Authentication response
Association request
Association response
Authentication request
data
Disassociation
Attacker
Disassociation
Supplicant
Supplicant
Authenticator
AuthenticatorSlide5
Proposed Mechanism to Prevent this Attack
Before PTK is
generated
defer the execution for 5 secAfter the PTK exchange protocolprotected by the sequence number (SN) and KCK5/11Slide6
Proposed Mechanism to Prevent this Attack
authenticator wants to de-authenticate or disassociate all the supplicants
broadcast messages with secret key K
(message)
comparison with the received one in Message 3 of 4-way Handshake
6
/11Slide7
4-way Handshake
Handshake
Goals
Confirm the possession of PMKDerive a fresh session key(PTK) for data transmission PTK = PRF{PMK, AA, SPA, ANonce, SNonce
}
7
/11
Supplicant(PMK)
Authenticator(PMK)
{AA ,
ANonce
, SN ,
msg1}
{SPA ,
SNonce
,
SN , msg2 ,
(SNonce , SN , msg2) }
{AA ,
Anonce
,
SN+1 , msg3 ,
(Anonce , SN+1 , msg3) }
{SPA ,
SNonce
, SN+1 , msg4 ,
(SNonce ,SN+1 , msg4) }
Derive PTK
Derive PTK
Verify MIC
Verify MICinstall PTK
Verify MICinstall PTKSlide8
DoS attack in 4-way Handshake
phase
8
/11Supplicant(PMK)
Authenticator(PMK)
{AA ,
ANonce
, SN ,
msg1}
{SPA ,
SNonce
,
SN , msg2 ,
(
SNonce
, SN , msg2) }
{AA ,
ANonce
,
SN+1 , msg3 ,
(
ANonce , SN+1 , msg3) }
Derive PTK
Derive PTKVerify MIC
Attacker
{AA ,
ANonce
’
, SN , msg1}
Calculate PTK’
PTK ≠ PTK’Verify MIC fail - > discard
Timeout - > De-authentication
Weak point : No protection of Message 1Slide9
DoS
attack in
4-way
Handshake phase
9
/11
Supplicant(PMK)
Authenticator(PMK)
{AA ,
ANonce
, SN ,
msg1}
{SPA ,
SNonce
,
SN , msg2 ,
(
SNonce
, SN , msg2) }
Derive PTK
Derive PTK
Verify MIC
Attacker
{AA ,
ANonce
’
, SN ,
msg1}
Calculate PTK’
Store PTK’ &
ANonce’
{AA ,
ANonce
’’
, SN ,
msg1}
{AA ,
, SN ,
msg1}
{AA ,
ANonce’’’ , SN , msg1}
Calculate
Store
&
memory exhaustion attackSlide10
Enhanced 3-way Handshake
10
/11
Supplicant(PMK)
Authenticator(PMK)
{AA ,
ANonce
, SN ,
msg1}
{SPA ,
ANonce
,
SNonce
,
SN , msg2
(
ANonce
,
SNonce
, SN,
msg2) }
{AA ,
SNonce
,
SN+1 , msg3 ,
(
SNonce , SN+1 , msg3) }
Derive PTK
Verify
ANonceDerive PTKVerify MICinstall PTK
Verify
SNonceVerify MICinstall PTK
Solution
ANonce is not involved in the PTK generation
PTK = PRF{PMK, AA, SPA, SNonce
}supplicant won’t store the received ANonce
Advantages
Eliminate the memory
DoS
attackSlide11
Conclusions
IEEE 802.11i standard was defined in order to overcome the
vulnerabilities in WEP and WPA but still it is not secure against DoS attacks de-authentication/ disassociation attackshybrid mechanism4-way Handshake attacksParallel instances exist => Forged Message 1 attack
Keep
all states =>
memory exhaustion attackEnhanced 3-way Handshake11/
11