Advertisement

Fragility of the Robust Security Network: 802.11 Denial of Service

  • Martin Eian
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5536)

Abstract

The upcoming 802.11w amendment to the 802.11 standard eliminates the 802.11 deauthentication and disassociation Denial of Service (DoS) vulnerabilities. This paper presents two other DoS vulnerabilities: one vulnerability in draft 802.11w implementations discovered by IEEE 802.11 TGw, and one new vulnerability in 802.11, which is still present in the 802.11w amendment. Attacks exploiting the first vulnerability are significantly more efficient than any known 802.11 DoS attacks, while attacks exploiting the second vulnerability have efficiency and feasability equivalent to a disassociation attack. This paper provides an experimental verification of these attacks, demonstrating their feasability using freely available software and off the shelf hardware. Finally, the root cause of these vulnerabilities is discussed and a backwards compatible solution proposed.

Keywords

Wireless Security Denial of Service 802.11 802.11i 802.11w 

References

  1. 1.
  2. 2.
  3. 3.
    Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP), IETF RFC 3748 (2004)Google Scholar
  4. 4.
    Bellardo, J., Savage, S.: 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions. In: SSYM 2003: Proceedings of the 12th conference on USENIX Security Symposium (2003)Google Scholar
  5. 5.
    Bittau, A., Handley, M., Lackey, J.: The Final Nail in WEP’s Coffin. In: SP 2006: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 386–400 (2006)Google Scholar
  6. 6.
    Epstein, J.: SA Teardown Protection for 802.11w, IEEE TGw DCN 2441, Rev 3 (2007)Google Scholar
  7. 7.
    Epstein, J.: SA Teardown Protection, IEEE TGw DCN 2461, Rev 8 (2007)Google Scholar
  8. 8.
    Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the Key Scheduling Algorithm of RC4. In: Proceedings of the 4th Annual Workshop on Selected Areas of Cryptography, pp. 1–24 (2001)Google Scholar
  9. 9.
    The Institute of Electrical and Electronics Engineers, Inc.: IEEE Std 802.11-1999. IEEE, New York (1999)Google Scholar
  10. 10.
    The Institute of Electrical and Electronics Engineers, Inc.: IEEE Std 802.11i-2004. IEEE, New York (2004)Google Scholar
  11. 11.
    The Institute of Electrical and Electronics Engineers, Inc.: IEEE Std 802.11X-2004. IEEE, New York (2004)Google Scholar
  12. 12.
    The Institute of Electrical and Electronics Engineers, Inc.: IEEE P802.11w/D3.0. IEEE, New York (2007)Google Scholar
  13. 13.
    The Institute of Electrical and Electronics Engineers, Inc.: IEEE Std 802.11-2007. IEEE, New York (2007)Google Scholar
  14. 14.
    Meadows, C.: A Formal Framework and Evaluation Method for Network Denial of Service. In: IEEE Computer Security Foundations Workshop, p. 4 (1999)Google Scholar
  15. 15.
    Tews, E., Weinmann, R.P., Pyshkin, A.: Breaking 104 Bit WEP in Less Than 60 Seconds. In: Cryptology ePrint Archive, Report 2007/120 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Martin Eian
    • 1
  1. 1.Department of TelematicsNorwegian University of Science and TechnologyNorway

Personalised recommendations