Skip to main content
SpringerLink
Log in

Performance Study of 802.11w for Preventing DoS Attacks on Wireless Local Area Networks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Faked deauthentication and disassociation frames introduce serious denial of service (DoS) attacks on wireless local area networks (WLANs), and these attacks include deauthentication flooding (DeauthF) and disassociation flooding (DisassF). IEEE 802.11w standard was introduced to extend 802.11i functionalities for preventing DeauthF and DisassF, and so far there has been no detailed theoretical and experimental study on the performance of 802.11w for resolving these attacks. We implemented a prototype at the lab to perform detailed study on the performance of 802.11w for preventing rogue AP based DoS attacks, and the study shows that the current IEEE 802.11w standard cannot resolve DeauthF and DisassF at high attacking rates. Then, based on 802.11 wireless station (STA) modules, a STA-based queuing model is developed to derive a mathematical model for explaining 802.11w performance variations under DeauthF and DisassF attacks. Furthermore, using frame sequence checking and frame queuing, we propose a traffic shaping (TS) scheme to enhance the current IEEE 802.11w standard, and experimental results show that the proposed approach of 802.11w-TS is effective in preventing low-rate and high-rate DeauthF and DisassF attacks under various attacking scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Bellardo, J. & Savage, S. (2003). 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions. In Proceedings of the 12th USENIX security symposium, Washington, DC, USA, August 4–8, 2003.

  2. Ding, P., Holliday, J. & Celik, A. (2004). Improving the security of wireless LANs by managing 802.1x disassociation. In Proceedings of the IEEE consumer communications and networking conference, Las Vegas, NV, USA, January 5–8, 2004.

  3. LaRoche, P., & Zincir-Heywood, A. N. (2006). 802.11 de-authentication attack detection using genetic programming. In P. Collet, M. Tomassini, M. Ebner, S. Gustafson & A. Ekárt (Eds.), Lecture notes in computer science (Vol. 3905, pp. 1–12). Berlin: Springer.

  4. Milliken, J., Selis, V., Yap, K. M., & Marshall, A. (2013). Impact of metric selection on wireless deauthentication DoS attack performance. IEEE Wireless Communication Letters, 2(5), 571–574.

    Article  Google Scholar 

  5. IEEE WG. (2009). IEEE standard for information technology telecommunications and information exchange between systems local and metropolitan area networks specific requirements, Part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications, amendment 4: Protected management frames. Approved on September 11, 2009 by IEEE SA-Standards Board, IEEE Press.

  6. Johnson, H., Nilsson, A., Fu, J., Wu, S. F., Chen, A. & Huang, H. (2002). SOLA: A one-bit identity authentication protocol for access control. In Proceedings of IEEE global telecommunications conference, Taipei, Taiwan (pp. 768–772), November 17–21, 2002.

  7. Wang, H. & Velayutham, A. (2003). An enhanced one-bit identity authentication protocol for access control in IEEE 802.11. In Proceedings of IEEE military communications conference, Boston, MA, USA (pp. 839–843), October 13–16, 2003.

  8. Aslam, B., Islam, M. H. & Khan, S. A. (2006). Pseudo randomized sequence number based solution to 802.11 disassociation denial of service attack. In Proceedings of the first international conference on mobile computing and wireless communication (MCWC 2006), Amman, Jordan (pp. 215–220), September 17–20, 2006.

  9. Khan, M. A. & Hasan, A. (2008). Pseudo random number based authentication to counter denial of service attacks on 802.11. In 5th IFIP international conference on wireless and optical communications networks (WOCN ‘08), Surabaya, East Java, Indonesia (pp. 1–5), May 5–7, 2008.

  10. Nguyen, T. D., Nguyen, D., Tran, B. N., Vu, H. & Mittal, N. (2008). A lightweight solution for defending against deauthentication/disassociation attacks on 802.11 networks. In Proceedings of 17th international conference on computer communications and networks (ICCCN ‘08), St. Thomas, US Virgin Islands (pp. 1–6), August 3–7, 2008.

  11. Agarwal, M., Biswas, S. & Nandi, S. (2013). Detection of de-authentication denial of service attack in 802.11 networks. In 2013 annual IEEE India conference (INDICON), Mumbai, India (pp. 1–6), December 13–15, 2013.

  12. Mar, J., Yeh, Y. C. & Hsiao, I. F. (2010). An ANFIS-IDS against deauthentication DoS attacks for a WLAN. In 2010 international symposium on information theory and its applications (ISITA), Taichung, Taiwan (pp. 548–553), October 17–20, 2010.

  13. Sohail Ahmad, Md. & Tadakamadla, S. (2011). Short paper: security evaluation of IEEE 802.11w specification. In Proceedings of the fourth ACM conference on wireless network security, Hamburg, Germany (pp. 53–58), June 14–17, 2011.

  14. Wang, W. & Wang, H. (2011). Weakness in 802.11w and an improved mechanism on protection of management frame. In 2011 international conference on wireless communications and signal processing (WCSP), Nanjing, China (pp. 1–4), November 9–11, 2011.

  15. Eian, M. & Mjolsnes, S. F. (2012). A formal analysis of IEEE 802.11w deadlock vulnerabilities. In 2012 Proceedings IEEE INFOCOM, Orlando, Florida, USA (pp. 918–926), March 25–30, 2012.

  16. Eian, M. (2009). Fragility of the robust security network: 802.11 denial of service. In M. Abdalla, D. Pointcheval, P.-A. Fouque & D. Vergnaud (Eds.), Lecture notes in computer science (Vol. 5536, pp. 400–416). Berlin: Springer.

  17. Raju, K., & Krishnam, V. (2013). Formal verification of IEEE 802.11 authentication protocols. Journal of Networks, 8(4), 769–778.

    Article  Google Scholar 

  18. OpenWrt Web Site. (2015). https://openwrt.org. Last Accessed on 27 April 2015.

  19. Ath9k Driver Web Site. (2015). http://www.linuxwireless.org/en/users/Drivers/ath9k. Last Accessed on 27 April 2015.

  20. Hostapd Web Site. (2015). http://w1.fi/hostapd. Last Accessed on 27 April 2015.

  21. Void11 Web Site. (2009). http://wirelessdefence.org/Contents/Void11Main.htm. Last Accessed on 25 January 2009.

  22. IEEE WG. (2007). Standard for LAN/MAN—Specific requirements part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications (Revision of IEEE Std 802.11-1999, pp. 837–838), June 12, 2007.

  23. Wall, D., Faircloth, J., Barrett, J., & Kanclirz, J. (2004). Managing and securing a cisco SWAN [ILLUSTRATED] (pp. 429–430). Rockland, MA: Syngress.

    Google Scholar 

  24. IEEE WG. (1999). Part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications (pp. 278–295). New York: IEEE.

    Google Scholar 

  25. Ding, Q., Zhang, X., Li, X. & Zhou, X. (2008). Reputation based access point selection in 802.11 network. In Third international conference on convergence and hybrid information technology, Busan, Korea (pp. 324–329), November 11–13, 2008.

  26. Wu, Y., Niu, Z., & Zhu, J. (2005). Study of the TCP upstream/downstream unfairness issue with per-flow queuing over infrastructure-mode WLANs. Wireless Communications and Mobile Computing, 5(4), 459–471.

    Article  Google Scholar 

  27. Dao-Thi, T. H. & Mairesse, J. (2006). Queueing systems I: Zero-automatic networks. In Proceedings of the 1st international conference on performance evaluation methodologies and tools, Pisa, Italy, October 11–13, 2006.

  28. Draief, M., Mairesse, J., & O’Connell, N. (2003). Joint burke’s theorem and RSK representation for a queue and a store. Discrete Mathematics and Theoretical Computer Science, Paris, France, AC, pp. 69–82.

  29. Menascé, D. A., & Almeida, V. A. F. (1998). Capacity planning for web performance: Metrics, models, and methods. Upper Saddle River, NJ: Prentice Hall.

    Google Scholar 

  30. Menascé, D. A., Almeida, V. A. F., & Dowdy, L. W. (2004). Performance by design: Computer capacity planning by example. Upper Saddle River, NJ: Prentice Hall.

    Google Scholar 

  31. Barnett, Rich, & Philip, Schmidt. (2004). Schaum’s outline of theory and problems of elementary algebra. New York, NY: McGraw-Hill.

    Google Scholar 

Download references

Acknowledgments

This work is supported by the Science and Technology Project of Fujian Province (2013N0031), the Provincial Universities Scientific Research Special Plan of the Education Department of Fujian Province (No. JK2012051), the Fujian Provincial Natural Science Foundation (No. 2012J01283, 2012J01282), and the Provincial Teaching Quality Reform Project—Network Engineering Major Comprehensive Reform (ZL2012ZG4).

Author information

Authors and Affiliations

  1. School of Information Engineering, Fujian Key Lab of Agriculture IOT Application, IOT Application Engineering Research Center of Fujian Province Colleges and Universities, Sanming University, Sanming, 365004, China

    Chibiao Liu & Jinming Qiu

Authors
  1. Chibiao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jinming Qiu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chibiao Liu.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Liu, C., Qiu, J. Performance Study of 802.11w for Preventing DoS Attacks on Wireless Local Area Networks. Wireless Pers Commun 95, 1031–1053 (2017). https://doi.org/10.1007/s11277-016-3812-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3812-9

Keywords

Search

Navigation