802.11网络去认证/反关联攻击的轻量级防御方案

2008 Proceedings of 17th International Conference on Computer Communications and Networks Pub Date : 2008-11-17 DOI:10.1109/ICCCN.2008.ECP.51

T. Nguyen, Duc H. M. Nguyen, B.N. Tran, H. Vu, N. Mittal

{"title":"802.11网络去认证/反关联攻击的轻量级防御方案","authors":"T. Nguyen, Duc H. M. Nguyen, B.N. Tran, H. Vu, N. Mittal","doi":"10.1109/ICCCN.2008.ECP.51","DOIUrl":null,"url":null,"abstract":"In this paper we investigate a special type of denial of service (DoS) attack on 802.11-based networks, namely deauthentication/disassociation attack. In the current IEEE 802.11 standards, whenever a wireless station wants to leave the network, it sends a deauthentication or disassociation frame to the access point. These two frames, however, are sent unencrypted and are not authenticated by the access point. Therefore, an attacker can launch a DoS attack by spoofing these messages and thus disabling the communication between a wireless device and its access point. We propose an efficient solution based on a one way hard function to verify that a deauthentication/disassociation frame is from a legitimate station. We implement our solution on some 802.11 devices and the experimental results show that our protocol is highly effective against this DoS attack.","PeriodicalId":314071,"journal":{"name":"2008 Proceedings of 17th International Conference on Computer Communications and Networks","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"50","resultStr":"{\"title\":\"A Lightweight Solution for Defending Against Deauthentication/Disassociation Attacks on 802.11 Networks\",\"authors\":\"T. Nguyen, Duc H. M. Nguyen, B.N. Tran, H. Vu, N. Mittal\",\"doi\":\"10.1109/ICCCN.2008.ECP.51\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we investigate a special type of denial of service (DoS) attack on 802.11-based networks, namely deauthentication/disassociation attack. In the current IEEE 802.11 standards, whenever a wireless station wants to leave the network, it sends a deauthentication or disassociation frame to the access point. These two frames, however, are sent unencrypted and are not authenticated by the access point. Therefore, an attacker can launch a DoS attack by spoofing these messages and thus disabling the communication between a wireless device and its access point. We propose an efficient solution based on a one way hard function to verify that a deauthentication/disassociation frame is from a legitimate station. We implement our solution on some 802.11 devices and the experimental results show that our protocol is highly effective against this DoS attack.\",\"PeriodicalId\":314071,\"journal\":{\"name\":\"2008 Proceedings of 17th International Conference on Computer Communications and Networks\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-11-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"50\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Proceedings of 17th International Conference on Computer Communications and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCN.2008.ECP.51\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Proceedings of 17th International Conference on Computer Communications and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2008.ECP.51","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 50

摘要

在本文中，我们研究了基于802.11的网络上的一种特殊类型的拒绝服务(DoS)攻击，即去认证/解关联攻击。在当前的IEEE 802.11标准中，当一个无线站想要离开网络时，它会向接入点发送一个去认证或解除关联的帧。然而，这两个帧是不加密发送的，并且不由接入点进行身份验证。因此，攻击者可以通过欺骗这些消息来发起DoS攻击，从而禁用无线设备与其接入点之间的通信。我们提出了一种基于单向硬函数的有效解决方案来验证去认证/解关联帧来自合法站。我们在一些802.11设备上实现了我们的解决方案，实验结果表明我们的协议对这种DoS攻击是非常有效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Lightweight Solution for Defending Against Deauthentication/Disassociation Attacks on 802.11 Networks

In this paper we investigate a special type of denial of service (DoS) attack on 802.11-based networks, namely deauthentication/disassociation attack. In the current IEEE 802.11 standards, whenever a wireless station wants to leave the network, it sends a deauthentication or disassociation frame to the access point. These two frames, however, are sent unencrypted and are not authenticated by the access point. Therefore, an attacker can launch a DoS attack by spoofing these messages and thus disabling the communication between a wireless device and its access point. We propose an efficient solution based on a one way hard function to verify that a deauthentication/disassociation frame is from a legitimate station. We implement our solution on some 802.11 devices and the experimental results show that our protocol is highly effective against this DoS attack.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 Proceedings of 17th International Conference on Computer Communications and Networks

自引率

0.00%

发文量