S-38.310 Thesis Seminar on Networking Technology - PowerPoint PPT Presentation

About This Presentation
Title:

S-38.310 Thesis Seminar on Networking Technology

Description:

S-38.310 Thesis Seminar on Networking Technology Topic: Investigation of Denial of Service(Dos) attack in Wireless LAN Author: Jing Jin Instructor: Michael Hall ... – PowerPoint PPT presentation

Number of Views:118
Avg rating:3.0/5.0
Slides: 32
Provided by: Jin120
Category:

less

Transcript and Presenter's Notes

Title: S-38.310 Thesis Seminar on Networking Technology


1
S-38.310 Thesis Seminar on Networking Technology
  • Topic
  • Investigation of Denial of Service(Dos) attack in
    Wireless LAN
  • Author Jing Jin
  • Instructor Michael Hall
  • Supervisor Prof. Sven-Gustav Häggman
  • S-72 Communication Engineering laboratory

2
Presentation Outline
  • Wireless LAN(WLAN) background knowledge
  • Denial of Service (DoS) background knowledge
  • Different kinds of DoS tools and attacks
  • The threats of DoS over WLAN
  • The current defending strategies

3
Objectives and Scope
  • The objective of this Thesis is to
  • describe the current research on Denial of
    Service (DoS) attacks in Wireless LAN (WLAN)
  • to evaluate the possible solution against DoS
    attacks in Wireless LAN

4
WLAN Architecture
5
IEEE 802.11 Standards
  • 802.11b is the most popular one, it operates at
    speeds of up to 11Mbps in 2.4GHz frequency band
  • 802.11a/g standards operate at up to 54Mbps in
    5GHz frequency band
  • All of them follow the same MAC layer protocol
  • Security is the biggest problem of 802.11
    standards.
  • Here we concentrate more on 802.11b

6
HIPERLAN HIPERLAN/2
  • Developed by ETSI BRAN
  • The purpose is to allow flexible wireless data
    networks without the need for an existing wired
    infrastrcture
  • HIPERLAN type 1 provide 20Mbit/s with 5GHz range,
    multimedia application are possible
  • HIPERLAN/2 is specified for short range radio
    access in 5GHz band for mobile terminals
  • High-speed transmission, connection-oriented, QoS
    support, security support
  • However, it is not widely used worldwide

7
Chinese WLAN standard-WAPI (1)
  • WLAN Authentication and Privacy Infrastructure
    (WAPI) is the Chinese proprietary encryption
    standard for IEEE 802.11
  • WAPI addresses weaknesses in the original Wi-Fi
    secuirty specification.
  • WAPI is similar in IEEE 802.11 standards but
    different security protocol,which is called GB
    15629.11. However, WAPI is not part of IEEE
    802.11 standards
  • The major difference betweeen them is in
    authentication and privacy
  • WAPI and IEEE 802.11 are not compatible

8
Chinese WLAN standard-WAPI (2)
  • WAPI requires both the wireless device(STA) and
    the access point (AP) to authenticate themselves
  • The authentication is done by presenting their
    public key based certificate to a third party
  • Once both the STA and the AP are authenticated,
    an Encryption Negotiation process is started

9
DoS attacks (1)
  • ISO 7498-2 defines DoS as The prevention of
    authorized access to resources or the delaying of
    time critical operations.
  • DoS is a threat that prevents legitimate users
    getting access to the information or resource
    that they need
  • According to CERT/CC (CERT Coordination Center)
    report, DoS incidents grew at a rate around 50
    per year greater than growth of Internet hosts
  • DoS attacks over the Internet can be target at a
    user, a host computer or a network

10
DoS attack (2)
  • In a DoS attack, an attacker attempts
  • To inhibit legitmate network traffic by flooding
    the network with useless traffic
  • To deny access to a service by disrupting
    connections between two parties
  • To block the access of a particular individual to
    a service
  • To disrupt the specific system or service itself

11
Distributed DoS(DDoS)
  • A new form of DoS, also called multiple DoS
  • A multitude of compromised system attack a single
    target
  • In order to facilitate DDoS, the attacker needs
    to have thousands of compromised hosts, the
    process is automated
  • DDoS attacks become more effective and difficult
    to prevent
  • Common DDoS tools Trinoo, TFN, Stacheldraht

12
DoS attacking tools
  • Trinoo
  • Stacheldraht

13
Trinoo
  • Trinoo is not a virus, but an attack tool
    released in late December 1999 that performs a
    distributed Denial of Service attack. Trinoo
    daemons were originally found in Solaris 2.x
    systems.
  • Trinoo also has a client component that is used
    to control the master component. This lets the
    hacker control multiple master components
    remotely. The client can communicate with the
    master component by sending various commands.

14
Trinoo architecture


attacker
attacker
master
master
master
daemon
daemon
daemon
daemon
daemon
15
Stacheldraht (German for barbed wire) (1)
  • Adds encryption between the communication of the
    attacker and masters adds automated update of
    agents

16
Stacheldraht (2)
  • The methods used to install the handler/agent
    will be the same as installing any program on a
    compromised UNIX system
  • Ability to upgrade the agents on demand. Employs
    rcp command using a stolen account at some site
    as a cache.

17
Stacheldraht Network


client
client
handler
handler
handler
agent
agent
agent
agent
agent
18
DoS is a big WLAN issue
  • To initiate a DoS attack, the attacker sends a
    continuous stream of meaningless information to
    access points (APs) in WLAN
  • It causes WLAN unusable
  • DoS over WLAN may be as simple as RF generator in
    2.4GHz band to aim the RF channel
  • DoS over WLAN may also be sophisticated as
    spoofing 802.11 disassociation management frames
    to wireless terminals

19
Brute force
  • DoS attacks are mainly implemented by
  • Brute force
  • There are two forms of brute force
  • - Packet-based brute force attack
  • It brings significant overhead of network
  • - Very strong radio signals
  • Disrupt the network

20
Brute force implementation
  • Packet-based brute force attack
  • - use other computers on the network to send
    useless packets all the time
  • Very strong radio signals
  • - use a very powerful transmitter in a
    relatively close range
  • However, the use of very strong radio signal is
    risky because the WLAN owners can find the
    attacker by AirMagnet tool.

21
Types of DoS attacks over WLAN(1)
  • DoS attacks target many different layers of the
    wireless network
  • Application layer(OSI layer 7)
  • - sending large amount of legitimate requests to
    an application
  • Transport layer(OSI layer 4)
  • - sending many TCP connection requests to a host

22
Types of DoS attacks over WLAN(2)
  • Network layer (OSI layer 3)
  • - conducted by sending a large amount of IP data
    to a network
  • Data link layer (OSI layer 2)
  • - data link attacks are launched to disable the
    ability of hosts to access the local network.
  • - target either a host or a network

23
Types of DoS attacks over WLAN(3)
  • Physical layer( OSI layer 1)
  • - backhoe attack, a heavy-equipment operator
    accidentally cut a communication cable, take down
    services potentially
  • - creating a device that produces lots of noise
    at 2.4GHz frequency is both easy and cheap
  • - Cordless phones have the capability to take an
    802.11 network offline

24
2.4GHz or 5GHz freuqncy??
  • 2.4GHz WLANs can experience interference from
    cordless phones, microwaves...and 5GHz system is
    relatively free from interfering sources.
  • Interoperability 2.4G and 5GHz systems are not
    directly compatible.
  • 5GHz systems can provide enhanced security over
    2.4GHz systems because of less range.
  • Densely-populated environments and multi-media
    applications will benefit from the use of 5GHz.
    2.4GHz products are inexpensive and capable of
    supporting most application requirements.

25
Defenses(1)
  • Network Ingress and Egress Filtering
  • Rate limiting and Unicast reverse path forwarding
    (ip verify unicast reverse_path, rate limit)
  • Audit Hosts for DDoS tools (find_dos)
  • Audit Networks for DDoS tools (RID)
  • Have an Incident Response Team (IRT)
  • Have/enforce policies
  • Buy Insurance !

26
Defenses (2)
  • Both technical and management solutions are put
    into considerations
  • Wi-Fi Protected Access(WPA) is a new WLAN
    security standard for 802.11 networks which is
    comprised of Temporal Key Integrity
    Protocol(TKIP) encryption and 802.1x technolgy.
  • However, WPA is vulnerable to DoS attacks.

27
Defenses (3)
  • The ways to respond to a DoS attack
  • Absorb the attack
  • - plans additional capacity before an attack
    begins
  • Degrade services
  • -noncritical services can be degraded, or
    disable them if necessary
  • Shut down services
  • - Shut down services until the attack has
    subsided

28
Defenses (4)
  • The fundamental protection solutions against
    DoS
  • updating firewalls
  • installing up-to-date patches
  • turn off network services when they are not in
    use
  • deploy DoS detection tools, such as AirDefense,
    AirMagnet
  • perform extensive site surveys before deploying
    APs

29
Conclusions (1)
  • There is no comprehensive solution against DoS
    attacks over WLAN currently
  • Take external coutnermeasures, such as tracing
    the attacks, enforcing related law, and
    enterprise usage policy systems
  • 5GHz range networks are both practical and
    market-rewarding

30
Conclusion (2)
  • WLANs are not as vulnerable as the wired LAN to
    the DoS attacks
  • If attackers cut down the power of the wired LAN,
    all the wired networks are down
  • However, WLAN can be switched to the ad hoc
    configuration with laptops or other battery
    powered computers

31
Future research works
  • Simulation study and countermeasure policies by
    using Ethernet to construct environment for
    testing DoS behaviors over WLAN
  • How to develop and integrate an effective
    wireless security policy in an enterprise
  • New technologies, such as DNA fingerprints, may
    improve the network authentication
Write a Comment
User Comments (0)
About PowerShow.com