A robust scheme to defend against disassociation and deauthentication DoS attacks in WLAN networks

摘要

Wireless 802.11 (also known as WLAN) has many flaws that expose the medium to numerous types of attacks. WLAN control frame consists of three major parts; data, management and control frames. Data frame is whereby data carried on, in the meantime, management and control frames are both responsible for maintaining the communication between the clients and the access point. The absence of encryption at both of these two frames exposes the medium to inevitable various types of DoS attacks at Data Link Layer. The attacker might spoof the unencrypted Deauthentication/Disassociation message together with the MAC address of the targeted access point and keep retransmitting it to all clients causing a continuous disconnection in WLAN networks. Wireless 802.11w standards has succeeded mitigating the flaw by encrypting the frames, yet only when WPA2 encryption is enforced. In this paper, we developed an enhanced proposed WLAN scheme to mitigate Deauthentication and Disassociation DoS attacks on WLAN networks. The proposed scheme is based on modifying the last twenty bits of the management frame in 802.11n standard using an enhanced version of Linear Congruential Algorithm called MAX algorithm. This is to provide a layer of authentication with no need to enforce WPA2 encryption. The proposed scheme is evaluated using CommeView Simulator and showed to be robust by slowing the attacks in an average of 3551 second on both encrypted and unencrypted networks.