|
|
|
|
|
|
New Vulnerabilities to DoS Attacks in 802.11 Networks
Early WLAN system became famous, unfortunately, due to insecurity and easiness-to-attack related to widespread diffusion of war-driving and air-sniffing tools (e.g. Airsnort, Netstumbler). Main attacks were related to the weakness of authentication and confidentiality mechanism adopted and, often, to cryptographic implementation flaws of algorithms defined by standards. Furthermore, some vendors didn’t consider other dangerous upper layer attacks[2]. The introduction of WPA and 802.11i solved most of the problems related to authentication, confidentiality and integrity aspects providing new security frameworks and raising[3] the WLAN global security level with the adoption of ▪ new authentication mechanism (EAP), ▪ new integrity check function (MIC, Michael) and ▪ new confidentiality solutions (TKIP and AES). At the moment, most concerns regard the third aspect of computer security, named availability: providing computer resources implies the need to preserve legitimate user access to them, avoiding access prevention. Resources access denying attacks are called Denial of Service (DoS).  As a rule of thumb, DoS attacks are not technically elegant, merely forcing the system to crash with resource exhaustion or forcing the service to stop. In particular, in a networked environment, well known DoS attacks, placed at IP and TCP layers, can be implemented, regardless of physical network, by malformed packets (e.g. Land, Teardrop) or with packet floods (e.g. Syn flood, Smurf). With regard to WLAN network layer-2, DoS attacks are not new (Airjack tool is available since 2002!): for example, stations can perform DoS attacks, via wlan_jack, impersonating the Access point after stealing its MAC address and, then, sending a Deauthentication message to the LAN broadcast address. This causes the disassociation of all the station from the AP, preventing the access of every station to the WLAN. This paper, part of work thesis[4] of (A1), depicts, instead, a new DoS attack scheme to WLAN. ------------------------------------------------------------ [1] f.ferreri@caspur.it [2] http://www.wi-fitechnology.com/WiFi_Reports_and_Papers/SNMP_use_over_WLAN.html [3] Obviously, it’s not a WLAN panacea. For example, in proprietary implementation (e.g. LEAP), http://asleap.sourceforge.net/. [4] Università degli Studi di Roma “Tor Vergata”, Dipartimento di Informatica Sistemi e Produzione in conjunction with CNR-IAC, Rome and CASPUR, Rome.
|
Previous (1/7) 
Next (3/7) 
| Forums:
| Our News on:
| "We need to think of ways to bring wireless-fidelity applications to the developing world so as to make use of unlicensed radio spectrum to deliver cheap and fast Internet access". Kofi Annan, November 5th, 2002 |
