Research On Dos-resistant Technology Of Access Authentication Protocol In Wlan

With the rapid development of wireless communication technology, more and more users began using wireless devices to connect to the Internet. The wireless environment is characterized by openness, thus makes it vulnerable to the threat of attacks. IEEE 802.11i protocol was published by IEEE to provide a good security protection on 802.11 WLAN. But DoS attack still threatens WLAN, especially IEEE 802.11i protocol itself. This work mainly focuses on association and authentication request flood DoS attacks in IEEE 802.11i RSNA procedure. In order to solve the problem, we propose two different ways as follows.Firstly, a new client-puzzle based DoS-resistant scheme of IEEE 802.11i wireless authentication protocol is proposed to improve the DoS-resistant ability of IEEE 802.11i wireless networks. The difference between our method and traditional client puzzle scheme is employing beacon frame to distribute the parameters of cryptographic puzzle on the basis of hash function. By listening on the wireless channels to get the AP's beacon frame, users construct a puzzle with the seed in the beacon frame and solve it by brute-force computation. The answers to the puzzle and other parameters constructing the puzzle are sent by authentication request. Whether providing the association to a station depends on the verification of puzzle by AP. This method keeps a good resource balance between the AP and stations, reducing the affection of resource depletion attack and the potential resource-exhausting in traditional client puzzle scheme.Secondly, because of much different performance on wireless devices, traditional client puzzle scheme may bring some overload. So we research a new DoS-resistant scheme named wireless client puzzle, which constructs puzzle by regions. Analyses of wireless client puzzle shows that there are still some security problems. We use wireless sensors to realize wireless client puzzle scheme. We design a new scheme called sensors-random-choosing scheme and use HMAC to enhance the security of wireless client puzzle scheme. Meanwhile, by simple deployed wireless sensor network, we can also make an approximate location. This helps us to find the DoS attacker immediately and makes wireless client puzzle scheme more functional.