DoS and authentication in wireless public access networks
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
An RSSI-based Scheme for Sybil Attack Detection in Wireless Sensor Networks
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
Detecting identity-based attacks in wireless networks using signalprints
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
802.11 denial-of-service attacks: real vulnerabilities and practical solutions
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Wireless client puzzles in IEEE 802.11 networks: security by wireless
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Hi-index | 0.00 |
In this work we focus on resource depletion attacks within IEEE 802.11 networks. This type of DoS attacks is used to exhaust access points' resources resulting in denying service to legitimate clients and rising the opportunity for more sophisticated attacks. It is usually based on flooding an access point (AP) with a high number of fake authentication requests. This paper introduces a protection method which assists APs to selectively block fake requests sent by an attacker, while at the same time allowing other legitimate clients to successfully join the network. For this purpose we introduce the concept of regions, estimates on client's relative locations. The concept itself is similar to a known protection against DoS attacks based on client puzzles in wired networks, yet had to be adjusted to the peculiarities of wireless networks. Rather than utilizing CPU or memory-based resources that are highly variable among wireless clients we take advantage of wireless characteristics such as broadcast communication, signal propagation, and dense deployment of IEEE 802.11 technology. The proposed protection enables a tradeoff between security and performance thus providing its adaptation to different network configurations.