Abstract
This paper proposes a highly efficient cryptographic denial of service attack against 802.11 networks using 802.11i TKIP and CCMP. The attacker captures one frame, then modifies and transmits it twice to disrupt network access for 60 seconds. We analyze, implement and experimentally validate the attack. We also propose a robust solution and recommendations for network administrators.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
IEEE: IEEE Std 802.11-2007, New York, NY, USA (2007)
IEEE: IEEE Std 802.11i-2004, New York, NY, USA (2004)
Bellardo, J., Savage, S.: 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions. In: Proceedings of the 12th USENIX Security Symposium. USENIX Association, Berkeley (2003)
Aime, M.D., Calandriello, G., Lioy, A.: Dependability in wireless networks: Can we rely on WiFi? IEEE Security and Privacy 5, 23–29 (2007)
Devine, C., d’Otreppe, T., Beck, M.: Aircrack-ng (2009), http://www.aircrack-ng.org
Smith, J.: Denial of service: Prevention, modelling and detection (2007)
Glass, S., Muthukkumarasamy, V.: A study of the TKIP cryptographic DoS attack. In: Proceedings of the 15th IEEE International Conference on Networks, ICON 2007, pp. 59–65. IEEE, New York (2007)
Tews, E., Beck, M.: Practical attacks against WEP and WPA. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 2009, pp. 79–86. ACM, New York (2009)
IEEE: IEEE Std 802.11e-2005, New York, NY, USA (2005)
Halvorsen, F.M., Haugen, O., Eian, M., Mjølsnes, S.F.: An improved attack on TKIP. In: Proceedings of the 14th Nordic Conference on Secure IT Systems, NordSec 2009. LNCS, vol. 5838, pp. 120–132. Springer, Heidelberg (2009)
Könings, B., Schaub, F., Kargl, F., Dietzel, S.: Channel switch and quiet attack: New DoS attacks exploiting the 802.11 standard. In: Proceedings of the IEEE 34th Conference on Local Computer Networks, LCN 2009, pp. 14–21 (2009)
IEEE: IEEE Std 802.11h-2003, New York, NY, USA (2003)
Harkins, D.: Attacks against Michael and Their Countermeasures. In: IEEE 802.11 Working Group Document 03/211r0, New York, NY, USA (2003)
The OpenWrt Project: OpenWrt (2009), http://www.openwrt.org
Malinen, J.: hostapd: IEEE 802.11 AP, IEEE 802.1X / WPA / WPA2 / EAP / RADIUS Authenticator (2009), http://hostap.epitest.fi/hostapd
Zarate, J.: Tomato Firmware (2009), http://www.polarcloud.com/tomato
Plummer, D.C.: RFC 826: An Ethernet Address Resolution Protocol (1982), http://tools.ietf.org/html/rfc826
Droms, R.: RFC 2131: Dynamic Host Configuration Protocol (1997), http://tools.ietf.org/html/rfc2131
Cisco Systems Inc.: Enterprise Mobility 4.1 Design Guide, San Jose, CA, USA (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Eian, M. (2010). A Practical Cryptographic Denial of Service Attack against 802.11i TKIP and CCMP. In: Heng, SH., Wright, R.N., Goi, BM. (eds) Cryptology and Network Security. CANS 2010. Lecture Notes in Computer Science, vol 6467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17619-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-17619-7_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17618-0
Online ISBN: 978-3-642-17619-7
eBook Packages: Computer ScienceComputer Science (R0)