Advertisement

A Novel Proof of Work Model Based on Pattern Matching to Prevent DoS Attack

  • Ali Ordi
  • Hamid Mousavi
  • Bharanidharan Shanmugam
  • Mohammad Reza Abbasy
  • Mohammad Reza Najaf Torkaman
Part of the Communications in Computer and Information Science book series (CCIS, volume 166)

Abstract

One of the most common types of denial of service attack on 802.11 based networks is resource depletion at AP side. APs meet such a problem through receiving flood probe or authentication requests which are forwarded by attackers whose aim are to make AP unavailable to legitimate users. The other most common type of DoS attack takes advantage of unprotected management frame. Malicious user sends deauthentication or disassociation frame permanently to disrupt the network. However 802.11w has introduced a new solution to protect management frames using WPA and WPA2, they are unprotected where WEP is used. This paper focuses on these two common attacks and proposes a solution based on letter envelop protocol and proof-of-work protocol which forces the users to solve a puzzle before completing the association process with AP. The proposed scheme is also resistant against spoofed puzzle solutions attack.

Keywords

Network Wireless Client Puzzle Letter Envelop Denial of Service attack Connection request flooding attack Spoofed disconnect attack 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Nasreldin, M., Aslan, H., El-Hennawy, M., El-Hennawy, A.: WiMax Security. In: 22nd International Conference on Advanced Information Networking and Applications - Workshops (Aina Workshops 2008), pp. 1335–1340 (2008)Google Scholar
  2. 2.
    Yu, P.H., Pooch, U.W.: A Secure Dynamic Cryptographic And Encryption Protocol For Wireless Networks. In: EUROCON 2009, pp. 1860–1865. IEEE, St.-Petersburg (2009)CrossRefGoogle Scholar
  3. 3.
    Gast, M.: 802.11® Wireless Networks The Definitive Guide. O’Reilly, Sebastopol (2005)Google Scholar
  4. 4.
    Bellardo, J., Savage, S.: 802.11 Denial-of-Service Attacks:Real Vulnerabilities and Practical Solutions. In: SSYM 2003 Proceedings of the 12th conference on USENIX Security Symposium, Washington, D.C., USA, vol. 12 (2003)Google Scholar
  5. 5.
    He, C., Mitchell, J.C.: Security analysis and improvements for IEEE802.11i. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005), pp. 90–110 (2005)Google Scholar
  6. 6.
    Liu, C.-H., Huang, Y.-Z.: The analysis for DoS and DDoS attacks of WLAN. In: Second International Conference on MultiMedia and Information Technology, pp. 108–111 (2010)Google Scholar
  7. 7.
    Bicakci, K., Tavli, B.: Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks. Computer Standards & Interfaces 31(5), 931–941 (2009)CrossRefGoogle Scholar
  8. 8.
    Ding, P., Holliday, J., Celik, A.: Improving The Security of Wireless LANs By Managing 802.1x Disassociation. In: First IEEE Consumer Communications and Networking Conference,CCNC 2004, pp. 53–58 (2004)Google Scholar
  9. 9.
    IEEE Std 802.11wTM (September 30, 2009)Google Scholar
  10. 10.
    Zhang, Y., Sampalli, S.: Client-based Intrusion Prevention System for 802.11 Wireless LANs. In: IEEE 6th Intemational Conference on Wireless and Mobile Computing. Networking and Communications, Niagara Falls, Ontario, pp. 100–107 (2010)Google Scholar
  11. 11.
    Fayssal, S., Kim, N.U.: Performance Analysis Toolset for Wireless Intrusion Detection Systems. In: IEEE 2010 International Conference on High Performance Computing and Simulation (HPCS), Caen, France, pp. 484–490 (2010)Google Scholar
  12. 12.
    Nguyen, T.D., Nguyen, D.H.M., Tran, B.N., Vu, H., Mittal, N.: A lightweight solution for defending against deauthentication/disassociation attacks on 802.11 networks, pp. 1–6. IEEE, Los Alamitos (2008)Google Scholar
  13. 13.
    Dong, Q., Gao, L., Li, X.: A New Client-Puzzle Based DoS-Resistant Scheme of IEEE 802.11i Wireless Authentication Protocol. In: 3rd International Conference on Biomedical Engineering and Informatics (BMEI 2010), pp. 2712–2716 (2010)Google Scholar
  14. 14.
    Dwork, C., Naor, M.: Pricing via Processing or Combatting Junk Mail, pp. 139–147. Springer, Heidelberg (1992)zbMATHGoogle Scholar
  15. 15.
    Jules, A., Brainard, J.: A Cryptographic Countermeasure against Connection Depletion Attacks, pp. 151–165. IEEE Computer Society, Los Alamitos (1999)Google Scholar
  16. 16.
    Shi, T.-j., Ma, J.-f.: Design and analysis of a wireless authentication protocol against DoS attacks based on Hash function. Aerospace Electronics Information Engineering and Control 28(1), 122–126 (2006)Google Scholar
  17. 17.
    Dong, Q., Gao, L., Li, X.: A New Client-Puzzle Based DoS-Resistant Scheme of IEEE 802.11i Wireless Authentication Protocol. In: 3rd International Conference on Biomedical Engineering and Informatics (BMEI 2010), pp. 2712–2716 (2010)Google Scholar
  18. 18.
    Laishun, Z., Minglei, Z., Yuanbo, G.: A Client Puzzle Based Defense Mechanism to Resist DoS Attacks in WLAN. In: 2010 International Forum on Information Technology and Applications, pp. 424–427. IEEE Computer Society, Los Alamitos (2010)CrossRefGoogle Scholar
  19. 19.
    Abliz, M., Znati, T.: A Guided Tour Puzzle for Denial of Service Prevention. In: 2009 Annual Computer Security Applications Conference, pp. 279–288 (2009)Google Scholar
  20. 20.
    Nguyen, T.N., Tran, B.N., Nguyen, D.H.M.: A Lightweight Solution For Wireless Lan: Letter-Envelop Protocol. IEEE, Los Alamitos (2008)Google Scholar
  21. 21.
    IEEE Std 802.11TM (June 12, 2007)Google Scholar
  22. 22.
    Nguyen, T.D., Nguyen, D.H.M., Tran, B.N., Vu, H., Mittal, N.: A lightweight solution for defending against deauthentication/disassociation attacks on 802.11 networks, pp. 1–6. IEEE, Los Alamitos (2008)Google Scholar
  23. 23.
    Abliz, T.Z.M.: A Guided Tour Puzzle for Denial of Service Prevention. In: 2009 Annual Computer Security Applications Conference, pp. 279–288 (2009)Google Scholar
  24. 24.
    Patarin, J., Montreuil, A.: Benes and Butterfly Schemes Revisited. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 92–116. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Feng, W.-C., Kaiser, E., Feng, W.-C., Luu, A.: The Design and Implementation of Network Puzzles. In: Proceedings of IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2005, Miami, Florida, USA, pp. 2372–2382 (2005)Google Scholar
  26. 26.
    Nasreldin, M., Aslan, H., El-Hennawy, M., El-Hennawy, A.: WiMax Security. In: 22nd International Conference on Advanced Information Networking and Applications - Workshops (Aina Workshops 2008), pp. 1335–1340 (2008)Google Scholar
  27. 27.
    Dwork, C., Naor, M.: Pricing via Processing or Combatting Junk Mail, pp. 139–147. Springer, Heidelberg (1992)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ali Ordi
    • 1
  • Hamid Mousavi
    • 2
  • Bharanidharan Shanmugam
    • 1
  • Mohammad Reza Abbasy
    • 1
  • Mohammad Reza Najaf Torkaman
    • 1
  1. 1.Advance Informatics School (AIS)Universiti Teknologi MalaysiaKLMalaysia
  2. 2.Faculty of Engineering (FOE)Multimedia UniversityCyberjayaMalaysia

Personalised recommendations