A formal analysis of IEEE 802.11w deadlock vulnerabilities

Formal methods can be used to discover obscure denial of service (DoS) vulnerabilities in wireless network protocols. The application of formal methods to the analysis of DoS vulnerabilities in communication protocols is not a mature research area. Although several formal models have been proposed, they lack a clear and convincing demonstration of their usefulness and practicality. This paper bridges the gap between theory and practice, and shows how a simple protocol model can be used to discover protocol deadlock vulnerabilities. A deadlock vulnerability is the most severe form of DoS vulnerabilities, thus checking for deadlock vulnerabilities is an essential part of robust protocol design. We demonstrate the usefulness of the proposed method through the discovery and experimental validation of deadlock vulnerabilities in the published IEEE 802.11w amendment to the 802.11 standard. We present the complete procedure of our approach, from model construction to verification and validation. An Appendix includes the complete model source code, which facilitates the replication and extension of our results. The source code can also be used as a template for modeling other protocols.

[1]  Georgios Kambourakis,et al.  Signaling-Oriented DoS Attacks in UMTS Networks , 2009, ISA.

[2]  Martin Eian,et al.  Fragility of the Robust Security Network: 802.11 Denial of Service , 2009, ACNS.

[3]  Martin Eian,et al.  A Practical Cryptographic Denial of Service Attack against 802.11i TKIP and CCMP , 2010, CANS.

[4]  John C. Mitchell,et al.  Analysis of EAP-GPSK Authentication Protocol , 2008, ACNS.

[5]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[6]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[7]  Frank Kargl,et al.  Channel switch and quiet attack: New DoS attacks exploiting the 802.11 standard , 2009, 2009 IEEE 34th Conference on Local Computer Networks.

[8]  Ning Zhang,et al.  Analysis of mobile WiMAX security: Vulnerabilities and solutions , 2008, 2008 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems.

[9]  Martin Eian,et al.  The modeling and comparison of wireless network denial of service attacks , 2011, MobiHeld '11.

[10]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[11]  Md. Sohail Ahmad,et al.  Short paper: security evaluation of IEEE 802.11w specification , 2011, WiSec '11.

[12]  Yao Zhao,et al.  Automatic Vulnerability Checking of IEEE 802.16 WiMAX Protocols through TLA+ , 2006, 2006 2nd IEEE Workshop on Secure Network Protocols.