Exception triggered DoS attacks on wireless networks

Security protocols are not as secure as we assumed. In this paper, we identified a practical way to launch DoS attacks on security protocols by triggering exceptions. Through experiments, we show that even the latest strongly authenticated protocols such as PEAP, EAP-TLS and EAP-TTLS are vulnerable to these attacks. Real attacks have been implemented and tested against TLS-based EAP protocols, the major family of security protocols for Wireless LAN, as well as the Return Routability of Mobile IPv6, an emerging lightweight security protocol in new IPv6 infrastructure. DoS attacks on PEAP, one popular TLS-based EAP protocol were performed and tested on a major university's wireless network, and the attacks were highly successful. We further tested the scalability of our attack through a series of ns-2 simulations. Countermeasures for detection of such attacks and improvements of the protocols to overcome these types of DoS attacks are also proposed and verified experimentally.

[1]  A. M. Abdullah,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1997 .

[2]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[3]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[4]  Aleksandar Kuzmanovic,et al.  A Poisoning-Resilient TCP Stack , 2007, 2007 IEEE International Conference on Network Protocols.

[5]  Dan Simon,et al.  The EAP-TLS Authentication Protocol , 2008, RFC.

[6]  Dan Simon,et al.  PPP EAP TLS Authentication Protocol , 1999, RFC.

[7]  Charles E. Perkins,et al.  Mobility support in IPv6 , 1996, MobiCom '96.

[8]  Vitaly Shmatikov,et al.  Finite-State Analysis of SSL 3.0 , 1998, USENIX Security Symposium.

[9]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[10]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[11]  Yao Zhao,et al.  Automatic Vulnerability Checking of IEEE 802.16 WiMAX Protocols through TLA+ , 2006, 2006 2nd IEEE Workshop on Secure Network Protocols.

[12]  Simon Blake-Wilson,et al.  Funk Request for Comments : 5281 Unaffiliated Category : Informational , 2008 .

[13]  Jari Arkko,et al.  Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) , 2006, RFC.

[14]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[15]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[16]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[17]  Henrik Petander,et al.  MIPL mobile IPv6 for Linux , 2002 .

[18]  James T. Yu,et al.  An Analysis of DoS Attacks on Wireless LAN , 2006, Wireless and Optical Communications.

[19]  John C. Mitchell,et al.  Analysis of EAP-GPSK Authentication Protocol , 2008, ACNS.

[20]  Ivan Martinovic,et al.  Phishing in the Wireless: Implementation and Analysis , 2007, SEC.

[21]  Henry Haverinen,et al.  Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) , 2006, RFC.

[22]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[23]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[24]  Hao Zhou,et al.  The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST) , 2007, RFC.

[25]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[26]  Hannes Tschofenig,et al.  The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method , 2008, RFC.

[27]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[28]  Guevara Noubir,et al.  Low-power DoS attacks in data wireless LANs and countermeasures , 2003, MOCO.