| With the widely applications of wireless network, its security issues become one of the focuses of the concerns. Due to the limitations of open links and computing resources, wireless networks are more vulnerable to the threat of various attacks compared to the fixed network. Especially, some of the existing wireless network security authentication mechanisms are very vulnerable to denial of service (DoS) attacks due to the defects in design. DoS attacks are the biggest threats to the networks, and the defense of DoS attack is very difficult. In this thesis, the DoS-resistant technologies in two typical wireless LAN authentication mechanisms are studied. One is in the central infrastructure wireless network that is widely deployed, such as WLAN. The IEEE802.11i protocol, as the main protocol of WLAN, has little consideration about the effectiveness of protocol, especially in the accessing and authentication of WLAN, which makes the wireless access point (AP) be the preferred target of DoS attackers. The other is in Vehicular Ad Hoc network (VANET) without a center. In VANETs, there are some defects in the signature-based broadcast authentication mechanism, which is very vulnerable to DoS attacks. Two feasible solutions are proposed to solve the above problems.Firstly, a low-cost RFID tags based DoS-resistant scheme of the access authentication is proposed to solve the problems caused by the defeat of the IEEE802.11i protocol, which greatly reduces the effect of DoS attacks on the AP. In the proposed scheme, a new construction method of Client Puzzle is designed based on the low-cost RFID tag. The tag is attached on the wireless device (STA) that has the function of RFID reader. The submission of accessing authentication request of STA should carry the puzzle solution which is computed secretly by the attached tag according to the AP’s broadcasting parameters. Compared with the traditional DoS-resistant shemes, This proposed scheme not only avoids the influence of the computing power differences of wireless devices on the DoS-resistant effect, but also solves the problem that new DoS attacks are introduced in the authentication mechanism when the traditional scheme is used. Meanwhile, the proposed scheme is able to balance the usage of the resource between STA and AP as possible as it can, and has smaller effect on the wireless accessing.Secondly, a Client puzzle based broadcast authentication mechanism is proposed to resist the DoS attacks to the broadcast messages in VANETs, which combines strong and weak authentication. In the proposed scheme, the Client puzzle is based on quadratic residue and the parameters for constructing puzzle carried in beacon are broadcast by RSU, which does not increase extra steps. In addition, in order to improve the DoS-resistant ability, of the whole protocol, the self-certified public key mechnism is used for public key management, which is able to reduce the overhead of signaling and calculation of certificate based cryptosystem.The simulation results show that the proposed schemes have good DoS-resistant performance and feasiblity of the deployment. |
PDF Full Text Request