DoS and authentication in wireless public access networks

As WEP has been shown to be vulnerable to multiple attacks, a huge effort has been placed on specifying an access control mechanism to be used in wireless installations. However, properties of the wireless environment have been exploited to perform multiple DoS attacks against current solutions, such as 802.11/802.1X. In this paper we discuss the main wireless idiosyncrasies and the need for taking them into account when designing an access control mechanism that can be used in both wireless and wired networks. We present the design of a mobility-aware access control mechanism suitable for both wireless and wired environments and show how the DoS attacks discussed can be prevented by implementing secure association and other essential services. The architecture proposed here, composed of the SIAP and SLAP protocols, uses public keys together with the RSA and AES encryption algorithms to provide a flexible service.

[1]  William A. Arbaugh,et al.  YOUR 802.11 WIRELESS NETWORK HAS NO CLOTHES , 2001 .

[2]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[3]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[4]  William A. Arbaugh,et al.  An Initial Security Analysis of the IEEE 802.1X Standard , 2002 .

[5]  Hari Balakrishnan,et al.  An end-to-end approach to host mobility , 2000, MobiCom '00.

[6]  Voon Chin Phua,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1999 .

[7]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[8]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[9]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[10]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[11]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[12]  M. Bellare,et al.  HMAC: Keyed-Hashing for Message Authentication, RFC 2104 , 2000 .

[13]  Morris J. Dworkin,et al.  SP 800-38A 2001 edition. Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[15]  Mary Baker,et al.  Analysis of a local-area wireless network , 2000, MobiCom '00.

[16]  Paramvir Bahl,et al.  Dynamic Host Configuration for Managing Mobility Between Public and Private Networks , 2001, USITS.

[17]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[18]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[19]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[20]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[21]  Jesse Walker,et al.  Unsafe at any key size; An analysis of the WEP encapsulation , 2000 .

[22]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[23]  R. Wilder,et al.  Wide-area Internet traffic patterns and characteristics , 1997, IEEE Netw..

[24]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[25]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[26]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[27]  Paramvir Bahl,et al.  Secure wireless Internet access in public places , 2001, ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No.01CH37240).