H. Cherifi, J.M. Zain, and E. El-Qawasmeh (Eds.): DICTAP 2011, Part I, CCIS 166, pp. 508–520, 2011. © Springer-Verlag Berlin Heidelberg 2011

A Novel Proof of Work Model Based on Pattern Matching to Prevent DoS Attack

Ali Ordi1, Hamid Mousavi2, Bharanidharan Shanmugam1, Mohammad Reza Abbasy1, and Mohammad Reza Najaf Torkaman1

1 Universiti Teknologi Malaysia, Advance Informatics School (AIS), KL, Malaysia oali2@live.utm.my, bharani@ic.utm.my, {ramohammad2,rntmohammad2}@live.utm.my

2 Multimedia University, Faculty of Engineering (FOE), Cyberjaya, Malaysiab Sepentamino@hotmail.com

Abstract. One of the most common types of denial of service attack on 802.11 based networks is resource depletion at AP side. APs meet such a problem through receiving flood probe or authentication requests which are forwarded by attackers whose aim are to make AP unavailable to legitimate users. The other most common type of DoS attack takes advantage of unprotected man-agement frame. Malicious user sends deauthentication or disassociation frame permanently to disrupt the network. However 802.11w has introduced a new so-lution to protect management frames using WPA and WPA2, they are unpro-tected where WEP is used. This paper focuses on these two common attacks and proposes a solution based on letter envelop protocol and proof-of-work pro-tocol which forces the users to solve a puzzle before completing the association process with AP. The proposed scheme is also resistant against spoofed puzzle solutions attack.

Keywords: Network, Wireless, Client Puzzle, Letter Envelop, Denial of Ser-vice attack, Connection request flooding attack, Spoofed disconnect attack.

1 Introduction

Wireless networks are finding a special position in the digital world. Despite growing the popularity of IEEE 802.11 based network, they are vulnerable to many attacks [1]. Several security methods and standards like WPA2, EAP, 802.11i, and 802.11w have been ratified to fix some of these vulnerabilities. However many serious attacks still threaten this type of networks [2] like Denial of service or DoS attack that targets the availability of the network services.

There are two modes in which wireless networks operate: ad-hock mode and infra-structure mode [3]. This paper focuses on infrastructure mode in which a non-AP sta-tion (STA) tries to connect to an access point (AP) to exchange data with network. STAs must authenticate themselves to AP before exchanging data. Despite the bene-fits of authentication process and also association process, there are several signs that they are prone to become an avenue for denying service [4]. In other words, an at-tacker can forward flood authentication or association request frames using spoofed MAC address to exhaust the AP’s resources [5].

A Novel Proof of Work Model Based on Pattern Matching to Prevent DoS Attack 509

There are two most common types of DoS attack on wireless network in infrastruc-ture mode: connection request flooding that leads to resources depletion attack and deauthentication and disassociation attack [6].

In the first scenario, attacker sends flood connection request frames whether probe, authentication or association request towards AP. Authentication process has been designed as a stateful process. So AP has to allocate an amount of its memory to each request to store STA information. As a result, if AP receives a large number of re-quest frames over a relatively short time, it will encounter a serious problem: memory exhaustion [7].

The next scenario, i.e. Deauthentication and disassociation attack or spoofed dis-connect attack, takes advantage of a flaw in IEEE standard 802.11 where management frames are left unprotected [8]. IEEE standard 802.11w employs message integrity code (MIC) to protect management frames. MIC uses shared secret key which is de-rived by EAPOL 4-way handshake process. This means standard 802.11w can be used where WPA or WPA2 is used as security protocol [9]. Hence, attacker can send spoofed deauthentication or disassociation frames to disrupt the network connections where WEP or other security protocol is used. As a result, legitimate STA will have to pass authentication and association processes after each attack, if he or she wants to keep its connection. Frequently forwarding deauthentication or disassociation man-agement frames by attacker, makes AP unavailable to legitimate users.

Since APs are not able to distinguish between the legitimate management frame and spoofed management frame, finding an efficient and effective anti-DoS scheme is very difficult [10]. Several security methods and even standards are being used to prevent DoS attacks. However they are not able to eliminate the threat of this type of attack on wireless network completely. Even some of them add extra overhead on AP’s resources that raises the probability of running resources depletion attack [6].

This paper proposes a new solution to protect 802.11 based networks against two types of DoS attack, which are the connection request flooding attack and spoofed disconnect attack. To do so, the proposed scheme takes advantage of client puzzle and letter envelop protocols.

This paper is organized as the following: The next section will explain the details of the connection request flooding attack as well as spoofed disconnect attack on 802.11 based networks in infrastructure mode. Section 3will deal with client puzzle protocol. In Section 4, the details of proposed solution will be discussed. The analysis of the security of this approach based on probability theory and client puzzle proto-col’s general properties will be provided before the conclusion.

2 DoS Attack on Wireless Network

Fayssal and Uk Kim [11] have classified wireless network attacks in six categories: Identity spoofing, Eavesdropping, Vulnerability, Denial of Service (DoS), Replay, and Rogue Access Point attacks.

Dos Attacks as one of the most common attacks against 802.11 based networks employ useless traffic such as beacon, probe request, association, authentication, ARP, and data flood. This cumulative traffic degrades the performance of the wireless network and even hinders normal user to access network resources.

510 A. Ordi et al.

There are several types of DoS attack including:

1. Authentication frame attack whose aim to de-authenticate current connectivity from AP

2. AP association and authentication buffer overflow or connection request flooding attack

3. Physical layer attack 4. Disassociation and deauthentication attack or spoofed disconnect attack 5. Network setting attack

This paper focuses on two of these attacks: connection request flooding attack and abusing disassociation and deauthentication management frame which called Farewell attack [12] or spoofed disconnect attack.

2.1 Spoofed Disconnect Attack

IEEE 802.11i states that the relationship between STA and AP places in one of the four following states:

1. Initial start state, unauthenticated, unassociated 2. Authenticated and not associated 3. Authenticated and associated 4. Authenticated, associated and 802.1x authenticated

As shown in Fig.1, after identifying the certain AP and completing the mutual authen-tication process using exchanging several authentication messages, both AP and STA move to state 2; authenticated and not associated state. In this stage STA sends associa-tion request to AP. As soon as receiving the AP’s association response frame, both AP

Fig. 1. Relationship between state variables and services

State 2:

Authenticated,

Unassociated

State 1:

Unauthenticated,

Unassociated

State 3:

Authenticated,

Associated

Deauthentication

Notification

Disassociation

Notification

Successful

Association or Re-

association

Successful

Authentication

Deauthentication

Notification

A Novel Proof of Work Model Based on Pattern Matching to Prevent DoS Attack 511

and STA come to state 3. If they are in an open-system authentication network, they will be able to exchange data in state 3. Otherwise, if shared-key authentication is used, AP and STA will complete 802.1x authentication process and migrate to state 4.

According to IEEE standard 802.11,if a disassociation frame is received, both asso-ciated peers will move from state 3 or 4 back to state 2.Similarly, a deauthentication frame forces both AP and STA to transit to state 1 no matter whether they were in state 2, 3 or 4. Since standard 802.11 has left these management frames unprotected, they have become a valuable target for DoS attacks. Even though, IEEE standard 802.11w solves this problem by protecting management frames, 802.11wtakes advantage of WPA and WPA2 security protocol. in other words, the wireless networks that use other security protocol such as WEP are still prone to spoofed disconnect attack. Technical-ly, 802.11w has been disabled in capable APs by default and needs to be enabled ma-nually. Therefore, in such circumstances malicious users simply launch spoofed dis-connect attack using broadcasting spoofed deauthentication and disassociation frames.[13]

2.2 Connection Request Flooding Attack

As mention in previous sub section, IEEE standard 802.11i defines four different states that AP and STA place in one of them respectively. To move to each state, AP and STA need to exchange several messages. They pursue the following procedure.

Initially STA sends probe request frame to find an AP and AP replies by probe re-sponse frame including some necessary information to establish connection. To jump to state 2, STA forwards authentication request message and receives AP’s reply through authentication response frame. Finally, association request and response mes-sagesare exchanged to bring AP and STA to state 3.As shown in figure 2, Beacon frames which periodically are broadcasted by AP, paly an alternative role for probe process: probe request and response messages.

Fig. 2. 802.11 (Open System) authentication and Association procedure

AttackerBeacon Frame (optional)

Probe Request

Probe Respond (security parameters)

Authentication Request

Authentication Respond

Association Request (security parameters)

Association Respond

512 A. Ordi et al.

During the above procedure, AP has to store some STA information in each state which is used for moving to superior states. Being stateful, authentication and asso-ciation procedure is susceptible to exhaust the memory resources. Attacker simply sends out flood requests towards AP. As a result, these flooding requests exhaust AP’s finite storage resources and leave AP in an overload status. Consequently, AP would not be able to serve legitimate users. This type of attack can be run based on each of the three types of requests: probe request, authentication request, and associa-tion request. [13] Like spoofed disconnect attack, Attackers exploit spoofed MAC addresses to launch such an attack.

3 Client-Puzzle Based Anti-DoS Attack Scheme

Initially the client puzzle scheme has been introduced by Dwork and Naor[14] to combat junk mail. Later, Jules and Brainard [15] took advantage of cryptographic client puzzle scheme to defend against resource depletion attack in servers. They fol-lowed the aim of balancing resource (CPU and Memory) consumption between both sides of a communication. In their method, client which is intended to connect to a server has to spend some time in order to solve a puzzle which has been established by server. Hence attacker will not able to flood request messages before solving their respective puzzles in a relatively short time.

To prevent connection request flooding attack that leads to resource depletion attack on wireless network, several schemes have been proposed based on client puzzle pro-tocol[16] [17] [18]. As APs involve serious computational and storage resources limi-tation compared to server, these practices may bring up other resources depletion for wireless network like computational resources depletion or even memory exhaustion.

In [19], authors discuss the specifications of a good cryptographic puzzle scheme included of: Puzzle fairness, Computation guarantee, Efficiency, Adjustability of difficulty, Correlation-free, Stateless, Tamper-resistance, and Non-parallelizability while [17] categorizes these puzzles in terms of CPU resource-exhausting and memo-ry resource-exhausting puzzles.

4 Anti-DoS Attack Mechanism Design

As mentioned earlier, our solution is going to repel two types of DoS attack; resource depletion which is launched by probe, authentication and association flood requests and spoofed disconnect attack that is run through sending out spoofed deauthentica-tion and disassociation frames. To do that, we will employ both client puzzle and let-ter-envelop protocols[20].

4.1 Puzzle Construction

As it turns out, to prevent resource depletion, particularly memory exhausting, the proposed scheme consumes memory as little as possible. To establish the puzzle, AP

A Novel Proof of Work Model Based on Pattern Matching to Prevent DoS Attack 513

initially generates two random numbers, Ni and K. The length of Ni, L, can be changed from zero to sixty three bits to adjust the puzzle difficulty. AP considers K as a 32-bit number. To create the pattern, AP calculates six values between zero and 127 using Ni. Then AP needs to consider a 128-bit number and marks its six bit positions which are computed in previous stage. If LSB (Ni) =0 then the value of each position will be opposite of the value of its peer. Otherwise they peer to peer will have the same value. AP after creating the pattern establishes hash function h0 using Ni, AP’s MAC address, L, and HK as parameters. Whenever AP receives a probe request frame, it will send a probe response frame back containing h0, L, and HK. STA ex-tracts these values and finds Ni by brute force method. Then STA generate a 32-bit random number, R, and calculates HR=hash (R). Then STA creates the pattern using Ni and applies it over HR. STA sends an authentication request frame containing HR, and h0. Finally AP verifies the pattern to decide whether accept or deny the request.

The following procedure describes the proposed solution step by step. Table 1 summarizes the notations that are used in this procedure.

Table 1. Proposed Scheme Notation

Notation Description

K 32-bit random number generated by AP Ni The puzzle answer L The length of Ni X The numerical value of 7 first bit of Ni Y The numerical value of 7 second bit of Ni Z LSB(Ni) hash A cryptography hash function - MD5 MACx MAC Address of station x R 32-bit random number generated by STA

Not equal V(x) The value of the xth bit

1. Generate 32-bit random number K and calculate HK = hash (K)1

2. Generate L-bit random number Ni (0 63)

3. Calculate the following equation:

a. h0 = hash (Ni|| HK || L || MACAP )

4. Extract 7 first and second bits of Ni and calculate the corresponding numerical

values, x and y.(0 ≤ x ≤ 127, 0 ≤ y ≤ 127)

5. Calculate 2 and 2 and subtract from 127if needed ( 128 , 128)

1 This process is performed only once when AP comes up.

514 A. Ordi et al.

6. Calculate 2 and 2 and subtract from 127 if needed

( 128 , 128)

7. Consider z =LSB(Ni)

8. Create a pattern based on z, x, , , y, ,

a. If z=0 then V(x) V(y), V( ) V ( ), V ( ) V( )

b. If z=1thenV(x) V(y), V( ) V ( ), V ( ) V( )

c. For example if x=24 and y=65 then

i. 2 2 24 and 2 2 65 130128 130 127

ii. " 2 2 48 and 2 3 2

iii. If z=1 then the values of these 6 positions must be as following:

1. Value of 65th bit = Value of 24th bit

a. E.g. if V(24)= 0 then V(65) must be zero.

2. Value of 3rd bit Value of 48th bit

3. Value of 96th Value of 6th bit

iv. If z=0 then the values of these 6 positions must be as following:

1. Value of 65th bit Value of 24th bit

a. E.g. if V(24)= 0 then V(65) must be 1.

2. Value of 3rdbit Value of 48th bit

3. Value of 6th Value of 96th bit

9. In probe respond frame, add h0, HK, L

When a STA applies for communication through probe request, AP forwards puzzle’s information including h0, HK, and L by probe response frame.

To complete the communication procedures, STA pursues the following steps:

10. Extract HK, h0, L

11. Make up the following equation and find Ni by using of brute force method:

a. h0 = hash (Ni || HK || L || MACAP )

12. Generate 32-bit random number R and calculate HR= hash(R)

13. Extract 7 first and second bits of Ni and calculate the corresponding numerical

value (x, y)

14. Calculate 2 and 2 and subtract from 127 if needed (x’<128,

y’<128)

15. Calculate " 2 and " 2 and subtract from 127 if needed (x”<128,

y”<128)

16. Consider z =LSB (Ni)

A Novel Proof of Work Model Based on Pattern Matching to Prevent DoS Attack 515

17. If z=0 then the value bits of positions y, y’, y” of HR should be change to the op-

posed value of bits of positions x, x’, x” respectively.

18. If z=1 then the value bits of positions y, y’, y” of HR should be change to the

same value of bits of positions x, x’, x” respectively.

19. Send h0 and changed HR to AP through authentication request frame

20. Store R and HK

Generally, APs expect to meet authentication requests frames including puzzle solu-tion after expiring certain time, texp, based on difficulty which is determined by L. Otherwise AP discard the received authentication request frames. When AP rece-ives an authentication request frame, after texp, do the following steps to verify the solution:

21. Check the h0 to verify the validity of puzzle

22. Look up the received HR within associated HR list to prevent flood repetitious

puzzle (also to prevent reply attack). If AP finds the received HR in associated

HR list, the frame is discarded.

23. Compare HR to pattern which has been formed in stage 8

As we utilize MD5 as hash algorithm, number 127 is used in stages 5, 6, 14, and 15 because the output of this type of hash function is 128 bits (in stage 12),and so a vail-able positions are between 0 and 127.

When stage 23 is passed, based on the handshaking procedure, AP forwards au-thentication respond frame and allocates a certain size of memory for STA’s informa-tion along with HR.

AP can adjust the puzzle difficulty by means of L when it senses the attack. A va-riable, δ, help AP to sense the attack. Δ shows the number of services which AP can serve based on available resources. When a probe request is received, δ is decreased. Even though, Ni changes periodically based on predefined time, the following rules are applied by AP:

If δ has not been changed during Ni life time, old Ni would be valid for next cycle.

If δ is less than 25% of available resources, then Ni immediately will be replaced with a new and stronger one (L would be larger).

However, at any time when AP realizes that attack has been eliminated, it would back to its normal activities. In other word, it decreases the difficulty of Ni, i.e. L, even down to zero.

4.2 Anti-spoofed Disconnect Attack Mechanism

Disassociation and deauthentication frames body include a field that called reason code that shows why these frames have been issued.

516 A. Ordi et al.

Table 2. Reason codes

Reason Code Description

2 Previous authentication no longer valid 3 Deauthenticated because sending STA is leaving (or has left) IBSS or ESS 4 Disassociated due to inactivity 5 Disassociated because AP is unable to handle all currently associated STAs 6 Class 2 frame received from non-authenticated STA 7 Class 3 frame received from non-associated STA 8 Disassociated because sending STA is leaving (or has left) BSS 9 STA requesting (re)association is not authenticated with responding STA

As listed in Table 2[21], deauthentication or disassociation frame is issued in fol-lowing three scenarios2:

1. When the STA goes offline; reason code 3 or 8. 2. When the AP goes offline; reason code 3. 3. When AP terminates some current associated STAs because it cannot serve all

STAs; reason code 5.

Fig. 3. Deauthentication attack

In each aforementioned scenario, when a STA or AP receives a deauthentication or disassociation frame in our proposed scheme, before terminating the connection, they do the following stage:

2 If STA has not been passed the state 2 or 3 infigure 1, the frame would be discarded; reason

code = 2,6,7,9.

A Novel Proof of Work Model Based on Pattern Matching to Prevent DoS Attack 517

1. Scenario 1

a. STA sends R through the deauthentication or disassociation frame to AP.

b. AP calculates H’R=hash(R) and compares to stored HR.

c. If H’R HR, AP terminates the communication, otherwise AP discards the

frame.

2. Scenario 2

a. AP broadcast K through deauthentication frame to all STAs.

b. STAs calculate H’K=hash (K) and compare to stored HK.

c. If H’K=HK, STAs terminate the communication, otherwise they discard these

frame.

Since Scenario 3 occurs rarely [22], STAs ignore disassociation frames for this case in our scheme.

Fig. 4. Anti- Farewell attack mechanism

5 Security Analysis

The main purpose of this paper is to put an attacker in troubles when he or she wants to forward too many authentication requests towards AP. To do so, the following gen-eral conditions [23] should be satisfied:

Computation guarantee and Adjustability of difficulty: We assume that hash functions resist against pre-image solution, so the attacker has to only solve the puzzle

518 A. Ordi et al.

through brute force approach. Hence, he or she needs enough time to find the correct solution. In other words, the attacker has to look for the solution in a range of 2L poss-ible answers. Even though this range may be reduced to 2L/2 possible answers [24], he or she still has to spend enough time to find the puzzle’s solution. Moreover, AP can simply increase L, the difficulty of the puzzle, when it senses the attack or decrease L when the attack subsides.

Correlation free and Tamper-resistance: An attacker cannot learn Ni by examining the other STA’s answers, because in our scheme each STA should implement the pat-tern over its own HR that is normally unique.

Efficiency: This scheme resists against the puzzle verification attack where an attacker forwards too many authentication requests with fake solution. That means the puzzle verification is done just by looking for correct pattern in a received HR, a significantly low computational process.

Puzzle fairness: When AP receives an authentication request containing puzzle solu-tion during the lifetime of texp, the frame is discarded. As a result, the attacker has to wait until the texp is expired. So he or she will have much limited time to attack with certain Ni.

Stateless: AP normally allocates a fixed- memory to store the puzzle information: h0 and corresponding pattern. Hence, since the puzzle acts as stateless function, AP nev-er meets memory exhausting in a short time.

In addition to these general conditions, our scheme also meets two more conditions:

1. AP generates Ni after predefined time iff δ has been changed. Consequently AP preserves its resources for more cycles unlike [17] which producing Ni periodi-cally even without any request.

2. We use MD5 as the hash algorithm whose output of 128-bit. Undoubtedly, using SHA1 or other algorithms needs to modify stages 4, 5, 6, 13, 14, and 15

If an attacker wants to reach correct pattern without solving the puzzle, he or she will have to try 128×128×2 different cases. If the attacker can launch 1500 spoofed frame per second [25], at least 21 seconds is needed to check all these cases. Considering this time and δ, the attacker will be forced to find Ni through brute force if he or she wants to run efficient attack.

Furthermore, when AP receives a probe request, it does not store any information related to STA. So the increasing the requests cannot exhaust the AP’s resources. Moreover, the memory allocated to h0 and corresponding pattern is cleared after changing the Ni, meaning that the algorithm uses a fixed-size memory to handle the puzzle.

Additionally, AP in stage 22 of the proposed algorithm, checks the received HR with existing associated HRs. AP will discard frame If HR exits. As a result, this stage guarantees our scheme as an anti-replay attack mechanism.

A Novel Proof of Work Model Based on Pattern Matching to Prevent DoS Attack 519

6 Conclusion

This paper offered an anti-DoS attack solution based on the proof-of-work protocol and one way hard function. The proposed scheme protects 802.11 based networks against both resource depletion attacks which are launched through flood probe, au-thentication, and association requests as well as spoofed disconnect attack. This solu-tion also protects the 802.11 based networks against forged solution of the client puz-zle which may bypass the client puzzle protocol. Furthermore, it decreases the verifi-cation process significantly. The future study can focus on finding a smarter mechan-ism to realize DoS attack to adjust parameter L.

References

[1] Nasreldin, M., Aslan, H., El-Hennawy, M., El-Hennawy, A.: WiMax Security. In: 22nd International Conference on Advanced Information Networking and Applications - Workshops (Aina Workshops 2008), pp. 1335–1340 (2008)

[2] Yu, P.H., Pooch, U.W.: A Secure Dynamic Cryptographic And Encryption Protocol For Wireless Networks. In: EUROCON 2009, pp. 1860–1865. IEEE, St.-Petersburg (2009)

[3] Gast, M.: 802.11® Wireless Networks The Definitive Guide. O’Reilly, Sebastopol (2005)

[4] Bellardo, J., Savage, S.: 802.11 Denial-of-Service Attacks:Real Vulnerabilities and Prac-tical Solutions. In: SSYM 2003 Proceedings of the 12th conference on USENIX Security Symposium, Washington, D.C., USA, vol. 12 (2003)

[5] He, C., Mitchell, J.C.: Security analysis and improvements for IEEE802.11i. In: Pro-ceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005), pp. 90–110 (2005)

[6] Liu, C.-H., Huang, Y.-Z.: The analysis for DoS and DDoS attacks of WLAN. In: Second International Conference on MultiMedia and Information Technology, pp. 108–111 (2010)

[7] Bicakci, K., Tavli, B.: Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks. Computer Standards & Interfaces 31(5), 931–941 (2009)

[8] Ding, P., Holliday, J., Celik, A.: Improving The Security of Wireless LANs By Manag-ing 802.1x Disassociation. In: First IEEE Consumer Communications and Networking Conference,CCNC 2004, pp. 53–58 (2004)

[9] IEEE Std 802.11wTM (September 30, 2009) [10] Zhang, Y., Sampalli, S.: Client-based Intrusion Prevention System for 802.11 Wireless

LANs. In: IEEE 6th Intemational Conference on Wireless and Mobile Computing. Net-working and Communications, Niagara Falls, Ontario, pp. 100–107 (2010)

[11] Fayssal, S., Kim, N.U.: Performance Analysis Toolset for Wireless Intrusion Detection Systems. In: IEEE 2010 International Conference on High Performance Computing and Simulation (HPCS), Caen, France, pp. 484–490 (2010)

[12] Nguyen, T.D., Nguyen, D.H.M., Tran, B.N., Vu, H., Mittal, N.: A lightweight solution for defending against deauthentication/disassociation attacks on 802.11 networks, pp. 1–6. IEEE, Los Alamitos (2008)

[13] Dong, Q., Gao, L., Li, X.: A New Client-Puzzle Based DoS-Resistant Scheme of IEEE 802.11i Wireless Authentication Protocol. In: 3rd International Conference on Biomedi-cal Engineering and Informatics (BMEI 2010), pp. 2712–2716 (2010)

520 A. Ordi et al.

[14] Dwork, C., Naor, M.: Pricing via Processing or Combatting Junk Mail, pp. 139–147. Springer, Heidelberg (1992)

[15] Jules, A., Brainard, J.: A Cryptographic Countermeasure against Connection Depletion Attacks, pp. 151–165. IEEE Computer Society, Los Alamitos (1999)

[16] Shi, T.-j., Ma, J.-f.: Design and analysis of a wireless authentication protocol against DoS attacks based on Hash function. Aerospace Electronics Information Engineering and Control 28(1), 122–126 (2006)

[17] Dong, Q., Gao, L., Li, X.: A New Client-Puzzle Based DoS-Resistant Scheme of IEEE 802.11i Wireless Authentication Protocol. In: 3rd International Conference on Biomedi-cal Engineering and Informatics (BMEI 2010), pp. 2712–2716 (2010)

[18] Laishun, Z., Minglei, Z., Yuanbo, G.: A Client Puzzle Based Defense Mechanism to Resist DoS Attacks in WLAN. In: 2010 International Forum on Information Technology and Applications, pp. 424–427. IEEE Computer Society, Los Alamitos (2010)

[19] Abliz, M., Znati, T.: A Guided Tour Puzzle for Denial of Service Prevention. In: 2009 Annual Computer Security Applications Conference, pp. 279–288 (2009)

[20] Nguyen, T.N., Tran, B.N., Nguyen, D.H.M.: A Lightweight Solution For Wireless Lan: Letter-Envelop Protocol. IEEE, Los Alamitos (2008)

[21] IEEE Std 802.11TM (June 12, 2007) [22] Nguyen, T.D., Nguyen, D.H.M., Tran, B.N., Vu, H., Mittal, N.: A lightweight solution

for defending against deauthentication/disassociation attacks on 802.11 networks, pp. 1–6. IEEE, Los Alamitos (2008)

[23] Abliz, T.Z.M.: A Guided Tour Puzzle for Denial of Service Prevention. In: 2009 Annual Computer Security Applications Conference, pp. 279–288 (2009)

[24] Patarin, J., Montreuil, A.: Benes and Butterfly Schemes Revisited. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 92–116. Springer, Heidelberg (2006)

[25] Feng, W.-C., Kaiser, E., Feng, W.-C., Luu, A.: The Design and Implementation of Net-work Puzzles. In: Proceedings of IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2005, Miami, Florida, USA, pp. 2372–2382 (2005)

[26] Nasreldin, M., Aslan, H., El-Hennawy, M., El-Hennawy, A.: WiMax Security. In: 22nd International Conference on Advanced Information Networking and Applications - Workshops (Aina Workshops 2008), pp. 1335–1340 (2008)

[27] Dwork, C., Naor, M.: Pricing via Processing or Combatting Junk Mail, pp. 139–147. Springer, Heidelberg (1992)