TEMPLATE DESIGN © 2008

www.PosterPresentations.com

Current Work

An adversary can send a flood of Probe Request frames using MAC spoofing to represent a large number of nodes scanning the wireless network. This can heavily overload and consume the computation power and memory resources of the AP which can lead to a Denial-of-Service.

An adversary can send a flood of Probe Request frames using MAC spoofing to represent a large number of nodes scanning the wireless network. This can heavily overload and consume the computation power and memory resources of the AP which can lead to a Denial-of-Service.

An improved authentication model for IEEE 802.11-2007 to prevent Probe Request DoS Attacks.Researcher: Mrs. Deepthi Ratnayake Director of Studies: Prof. Hassan Kazemian

Introduction

Aim

Progress

To find an effective method to recognise rogue Probe Request frames, and prevent an AP from triggering a Probe Response.

To find an effective method to recognise rogue Probe Request frames, and prevent an AP from triggering a Probe Response.

Probe Request Flood Attacks are designed to manipulate a 802.11 request/respond design flaw, i.e. each request message sent by a STA must be responded with a response message sent by the AP.

Probe Request Flood Attacks are designed to manipulate a 802.11 request/respond design flaw, i.e. each request message sent by a STA must be responded with a response message sent by the AP.

BSS

Test1-PC (User)Windows XP

Intel(R) PRO/Wireless LAN 2100 3B Mini PCI Adapter

MAC: Intel_5b:dd:b3

Test3-PC (Attacker)BackTrack4 (Linux)

Intel® PRO/Wireless 2200BG Wireless Connection

MAC: Intel_a5:23:37

Test-AP (Access Point) MAC: Netgrar_42:cf:c0

• Sniffing and simulation of attacks on a test bed using available s/w tools.

• Seeking and intelligent model to implement the solution.

The Issue

• Detect MAC Spoofing by Monitoring Sequence Number Field

• Identifying STAs by Physical Layer Attributes

• Keep a “Safe List” of known attributes and give priority to “Safe List”.

• Pattern Recognition of “Transactions” and filter peculiar Probe Requests.

Length - Bytes

2 2 6 6 6 2 6 Variable Variable 4

FieldFrame Control

Duration ID

DA SA BSSIDSequence Control

SSIDSupported

RatesEstended

Supported RatesFCS

MAC HEADER FRAME BODY CRC

Probe Request Frame

Length - Bits

2 2 4 1 1 1 1 1 1 1 1

FieldProtocol Version

Type

Sub Type

To DS

From DS

More Frag

Retry

Power Management

More Data

WEP

Reserved

FRAME CONTROL

Test2-PC (User)Windows Vista

Intel® PRO/Wireless 2200BG Wireless Connection

MAC: Intel_39:c9:33

Reference

Possible Solutions

Bulbul, H. I., Batmaz, I., and Ozel, M. 2008. Wireless network security: comparison of WEP (Wired Equivalent Privacy) mechanism, WPA (Wi-Fi Protected Access) and RSN (Robust Security Network) security protocols. Proceedings of the 1st international Conference on Forensic Applications and Techniques in Telecommunications, information, and Multimedia and Workshop [Online] pp. 1-6 Available at http://0-delivery.acm.org.emu.londonmet.ac.uk/10.1145/1370000/1363229/a9-bulbul.pdf?key1=1363229&key2=5901319321&coll=ACM&dl=ACM&CFID=30100573&CFTOKEN=55282196 [Accessed: 7th April 2009].

Broadcom Corporation. 2005. Broadcom, HP and Linksys make Wi-Fi® installation as easy as pushing a button [Online]. Available at: http://www.broadcom.com/press/release.php?id=659800 [Accessed: 15 October 2008].

IEEE, 2004, "IEEE Standard for Information technology- Telecommunications and information exchange between systems- Local and metropolitan area networks- Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements", IEEE Std 802.11i-2004 [Online] Available at http://0-ieeexplore.ieee.org.emu.londonmet.ac.uk/stamp/stamp.jsp?arnumber=1318903&isnumber=29229 [Accessed: 22 March 2009].

He, C. Mitchell, J.C. 2005, Security analysis and improvements for IEEE 802.11i. The 12th Annual Network and Distributed System Security Symposium (NDSS'05), [Online] pp. 90-110 Available at http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/NDSS05-1107.pdf [Accessed: 16th April 2009].

Porter, T. Zmolek, A. Kanclirz, J. Rosela, A. 2006. Practical VoIP security: your hands-on guide to voice over IP (VoIP) security . Hingham, MA: Syngress.

Riley, S. 2005. Mitigating the threats of rogue machines—802.1X or IPsec? [Online]. Available at: http://technet.microsoft.com/en-gb/library/cc512611.aspx [Accessed: 18 October 2008].

Bulbul, H. I., Batmaz, I., and Ozel, M. 2008. Wireless network security: comparison of WEP (Wired Equivalent Privacy) mechanism, WPA (Wi-Fi Protected Access) and RSN (Robust Security Network) security protocols. Proceedings of the 1st international Conference on Forensic Applications and Techniques in Telecommunications, information, and Multimedia and Workshop [Online] pp. 1-6 Available at http://0-delivery.acm.org.emu.londonmet.ac.uk/10.1145/1370000/1363229/a9-bulbul.pdf?key1=1363229&key2=5901319321&coll=ACM&dl=ACM&CFID=30100573&CFTOKEN=55282196 [Accessed: 7th April 2009].

Broadcom Corporation. 2005. Broadcom, HP and Linksys make Wi-Fi® installation as easy as pushing a button [Online]. Available at: http://www.broadcom.com/press/release.php?id=659800 [Accessed: 15 October 2008].

IEEE, 2004, "IEEE Standard for Information technology- Telecommunications and information exchange between systems- Local and metropolitan area networks- Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements", IEEE Std 802.11i-2004 [Online] Available at http://0-ieeexplore.ieee.org.emu.londonmet.ac.uk/stamp/stamp.jsp?arnumber=1318903&isnumber=29229 [Accessed: 22 March 2009].

He, C. Mitchell, J.C. 2005, Security analysis and improvements for IEEE 802.11i. The 12th Annual Network and Distributed System Security Symposium (NDSS'05), [Online] pp. 90-110 Available at http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/NDSS05-1107.pdf [Accessed: 16th April 2009].

Porter, T. Zmolek, A. Kanclirz, J. Rosela, A. 2006. Practical VoIP security: your hands-on guide to voice over IP (VoIP) security . Hingham, MA: Syngress.

Riley, S. 2005. Mitigating the threats of rogue machines—802.1X or IPsec? [Online]. Available at: http://technet.microsoft.com/en-gb/library/cc512611.aspx [Accessed: 18 October 2008].