| The flexibility, portability and high efficiency of wireless networks has primely cater to the increasing demand of mobile work. As the main network form of the wireless network, wireless local area network(WLAN) has gained great application effect in business, hospital, education and military areas. Especially, after the generation of 802.11n standard, WLAN has presented a more driving progress tendency and a more broad application foreground. However, as the great popularity of WLAN, the security problem of it also has become the main concern of users, aimed to solve this problem, many security protocols and mechanisms have been proposed, but these protocols and mechanisms mainly focused on the confidentiality of data and authenticity of entity, few of them have the ability to protect the availability of network, this vulnerability lead the denial of service attacks have become a serious problem to WLAN.In this paper, we first analyze the theory of denial of service attacks in WLAN, and then we progress an in-depth study of how to cope with wireless DoS attacks, the main work and innovations are as the followings:(1) we completely analyze and conclude the denial of service attacks in WLAN, and then classify DoS attacks into four types according to the attack theory and target: DoS attacks in physical layer, DoS attacks in MAC layer, DoS attacks against security protocol, DoS attacks against driver and firmware.(2) From the detection view, we propose a specification based adaptive method to detect wireless DoS attacks that launched by attackers that use management and EAP frames in WLAN. In our method, we build the detection specification according to the protocol and security constrain. If the protocol changed, we just need to build the specification of the new protocol and add it into our detection specification, and our method could dynamically adjust the detection threshold according to the network traffic. In this paper, we make use of the open source wireless intrusion detection system snort-wireless as the basic of our experiment, then we design and realize the wireless DoS attacks detection system based on our proposed detection method, our system could be used to detect and monitor the operating environment of WLAN.(3) From the defense view, we propose a client puzzle based method and an authentication extended based method respectively to resist two classic and familiar types of DoS attacks in WLAN during station and access point establish connection that is Deauthenticartion/ Disassociation and Authentication/Association attacks. These two method embed the parameters into already existing frames in WLAN, no need to add any new message exchanges, neither need to modify the current 802.11 protocol stack, the proposed methods could help the security staff to build secure wireless device that embed the secure resist function for special usage. Then we design program of station and access point respectively, and realize the secure association system for WLAN based on our proposed method. |
PDF Full Text Request