A new security framework to prevent denial of service and replay attacks for IEEE 802.11 wireless networks
暂无分享,去创建一个
The widespread use of IEEE 802.11 wireless networks demands enhancement in their security. One aspect of security is availability at which the network resources are accessible upon requests made from the authorized users. Persistent availability of the networks is essential particularly when it comes to critical areas such as healthcare centers, hospitals, police departments, military services, and airports. The main threats against availability of the networks are Denial of Service (DoS) and replay attacks. The attacks immediately shutdown the network and make it entirely unavailable for the authorized users. Despite the presence of different security protocols in wireless networks, such as WEP,WPA, and WPA2, wireless networks are extremely vulnerable to DoS and replay attacks. This vulnerability has never been addressed by IEEE 802.11 standard even in the latest wireless security protocol (WPA2). Protection offered by the IEEE 802.11 security protocols does not cover control frames. The wireless control frames are transmitted in clear-text form and there is no way for recipients to verify their validity. The unprotected control frames can be exploited by the attackers to carry out DoS attacks. In order to prevent DoS attacks and guarantee wireless network availability, a new security framework is proposed which is called Authorized Control Frames (ACF). By considering the resource limitation in the wireless networks, the ACF is designed so that while it provides sufficient level of security and high efficiency, it avoids unnecessary overheads. The ACF framework comprises two distinct countermeasures called ACF-noncryptographic and ACF-cryptographic. The ACF-non-cryptographic countermeasure proposes a lightweight security model without involving cryptographic algorithms. The ACF-cryptographic countermeasure proposes four distinct models; two models are based on SHA1 and SHA2, and another two models are based on modified SHA1 and SHA2. Furthermore, a new replay attack protection mechanism with secure time synchronization is proposed and embedded in the all five proposed models. The proposed models prevent DoS and replay attacks by detecting and discarding forgery control frames belong to the attackers and thereby guarantee availability of the IEEE 802.11 wireless networks. In order to implement the models, two simulation environments were developed to represent the current model and the proposed models respectively. Seven distinct experiments were carried out to evaluate the proposed models. The experiments were used to determine reliability of the simulation tool, analyze behavior of the proposed models and determine their capabilities to prevent wireless DoS and replay attacks, determine detection accuracy of the proposed models, compare effectiveness of the proposed models, verify lifetime overhead and security cost of the proposed models, and evaluate performance of the replay-preventing mechanism. The results of the experiments show that the five proposed models successfully prevent DoS and replay attacks. The proposed models provide 100% performance improvement for the wireless networks under the attacks compared to the current model. Comparing the proposed models with each other shows that the best performance of the wireless networks is achieved when utilizing the ACF-non-cryptographic countermeasure. When comparing the four proposed models of the ACF-cryptographic countermeasure, the results show better performance for the models that are based on modified SHA1 and SHA2.