Protecting Privacy in WLAN with DoS Resistance using Client PuzzleTeam 7Yanisa AkkarawichaiRohan ShahCSC 774 Advanced Network Security

Prof. Peng Ning

OutlineOverview of 802.11Security issues in Access Point DiscoveryOur proposed approachSecurity AnalysisFuture work

Overview of 802.11

Based on the exchange of request/response messagesRely on an access point as a central nodeNo well defined physical boundariesExposure to malicious stations within the range widespread deployment makes 802.11-based networks an attractive target for potential attackers.

802.11 Network Discovery Protocol

Security issues in Access Point DiscoveryInformation leaksphysical fingerprint of the radio transmitterlogical MAC-layer fingerprintaccess point BSSIDSSID(s) in Beacon and Probe Responsewillingness to associate with an SSIDSSID in authentication and association exchangesTLS certificates in EAP-TLSphysical location of the clients and APassociation between clients and APs (implicitly associates APs with each other)

Security issues in Access Point DiscoveryDenial of Service

Probe request FloodAuthentication AttackAssociation Attack

Possible countermeasureMAC address spoof detection - analysis of sequence number pattern of the captured trafficCryptographically protecting management and control framesCryptographic (client) puzzlesProtocol repairUsing Neighbor Signal Threshold to determine clients proximity Other non-cryptographic solutionsDelaying the effects of requestsDefine a new interpretation of the duration fieldDecreasing the retry limit

Why Client Puzzle?Before authenticating the user or committing resources, check the intent of the user/client.Guard against DoS attacks.

Desired properties of client puzzleCreating a puzzle and verifying the solution is inexpensive for the server/AP.Puzzle requires the client to perform computations. The puzzle difficulty can be easily adjusted by the AP.The puzzle can be solved on most types of client hardware.It is not possible to pre-compute solutions to the puzzles.While the client is solving the puzzle, the server does not need to store the solution or other client-specific data.If the same puzzle may be given to several clients, knowing the solution of one or more clients does not help a new client in solving the puzzle.A client can reuse a puzzle by creating several instances of it.

Proposed Approach

Security AnalysisAnti- DoS attackUse of Client Puzzle requires the client to commit to resources early on and hence discourages DoS attacks.Anti- replay attackUsing nonce and timestamp discourages any anti-replay attacks.Information Privacy An attacker observing the discovery protocol cannot learn the network name, but only a random generated temporary identifier (R-SSID) and is encrypted with the shared key

Security Analysis

Puzzle Difficulty (k)Time Required (ms)1673.29618239.11820917.348227352.3672483921.16526210304.113

Security Analysis

Thank you !!!

Questions?