Security of 802.11i based wireless local area networks

Abstract

Even with ratification of 802.11i, WLANs remain vulnerable to Denial of Service (DoS) attacks due to unprotected and unauthenticated Management and Control Frames. These include Deauthentication, Disassociation, Request To Send (RTS), Clear To Send (CTS), Acknowledgement (ACK) and Power Saving Poll (PS- Poll) message attacks. Different defense techniques and protocols have been proposed to counter these threats. These either possess certain deficiencies or have implementation complexities and no solution encompassing all such attacks has yet been proposed. Moreover, a vulnerability related to Advance Encryption Standard (AES) Counter with Cipher Block Chaining Message Authentication Code Protocol (CCMP), used for Confidentiality and Integrity assurance in 802.11i, has also been recently identified. It exploits weak nonce construction mechanism of AES CCMP to calculate initial counter value, lowering effective key length from 128 bits to 85 bits. Hence, Time Memory Trade-OFF (TMTO) attack becomes a possibility. No solution has yet been proposed for AES CCMP vulnerability. The purpose of this thesis is to devise effective practical countermeasures against DoS attacks based on Management and Control Frames of 802.11 and AES CCMP related vulnerability of 802.11i. The defense mechanism designed for DoS attacks is based on authenticating said messages with a Pseudo Random Number, calculated using Pairwise Transient Key (PTK) that is inaccessable to adversaries. The countermeasure proposed for AES CCMP vulnerability involves strengthening of the nonce construction mechanism of AES CCMP by randomization. Both defense mechanisms have been implemented and tested on actual hardware using a test network. The proposed techniques successfully counter the threats, are simple to implement by a software upgrades and do not require hardware upgradation.