A new security model to prevent denial‐of‐service attacks and violation of availability in wireless networks

Wireless networks are deployed in many critical areas, such as health care centers, hospitals, police departments, and airports. In these areas, communication through the networks plays a vital role, and real-time connectivity along with constant availability of the networks is highly important. However, one of the most serious threats against the networks availability is the denial-of-service attacks. In wireless networks, clear text form of control frames is a security flaw that can be exploited by the attackers to bring the wireless networks to a complete halt. To prevent the denial-of-service attacks against the wireless networks, we propose two distinct security models. The models are capable of preventing the attacks by detecting and discarding the forgery control frames belonging to the attackers. The models are implemented and evaluated under various experiments and trials. The results have proved that the proposed models significantly improve the security performance of the wireless networks. This gives advantage of safe communication that can substantially enhance the network availability while maintaining the quality of the network performance. Copyright © 2011 John Wiley & Sons, Ltd.

[1]  J.-P. Hubaux,et al.  Impact of Denial of Service Attacks on Ad Hoc Networks , 2008, IEEE/ACM Transactions on Networking.

[2]  Andrey I. Lyakhov,et al.  Synchronization and beaconing in IEEE 802.11s mesh networks , 2008, 2008 International Conference on Telecommunications.

[3]  Bart Preneel,et al.  Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms , 2008, CRYPTO.

[4]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[5]  Ethan Heilman Attacks Against Permute-Transform-Xor Compression Functions and Spectral Hash , 2009, IACR Cryptol. ePrint Arch..

[6]  S. Shanmugavel,et al.  Anomaly detection of the NAV attack in MAC layer under non-time and time-constrained environment , 2006, 2006 IFIP International Conference on Wireless and Optical Communications Networks.

[7]  Pramod K. Varshney,et al.  Protecting Wireless Networks against a Denial of Service Attack Based on Virtual Jamming , 2003 .

[8]  Quynh H. Dang,et al.  Recommendation for Applications Using Approved Hash Algorithms , 2009 .

[9]  Ruby B. Lee,et al.  Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures , 2004, PDCS.

[10]  Keting Jia,et al.  Distinguishing and Second-Preimage Attacks on CBC-Like MACs , 2009, CANS.

[11]  Meikang Qiu,et al.  Jamming ACK Attack to Wireless Networks and a Mitigation Approach , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[12]  Bülent Tavli,et al.  Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks , 2009, Comput. Stand. Interfaces.

[13]  Hugo Krawczyk,et al.  HMAC-based Extract-and-Expand Key Derivation Function (HKDF) , 2010, RFC.

[14]  Rohit Negi,et al.  DoS analysis of reservation based MAC protocols , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[15]  Abderrahim Benslimane,et al.  Impacts and solutions of control packets vulnerabilities with IEEE 802.11 MAC , 2009 .

[16]  Jianping Yin,et al.  DDoS Attack Detection Using Three-State Partition Based on Flow Interaction , 2009, FGIT-SecTech.