s-38.310 thesis seminar on networking technology
DESCRIPTION
S-38.310 Thesis Seminar on Networking Technology. Topic: Investigation of Denial of Service(Dos) attack in Wireless LAN Author : Jing Jin Instructor : Michael Hall Supervisor: Prof. Sven-Gustav Häggman S-72 Communication Engineering laboratory. Presentation Outline. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/1.jpg)
1
S-38.310 Thesis Seminar on Networking
Technology
Topic:Investigation of Denial of
Service(Dos) attack in Wireless LAN
Author: Jing JinInstructor: Michael Hall
Supervisor: Prof. Sven-Gustav HäggmanS-72 Communication Engineering laboratory
![Page 2: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/2.jpg)
2
Presentation Outline
• Wireless LAN(WLAN) background knowledge• Denial of Service (DoS) background knowledge• Different kinds of DoS tools and attacks• The threats of DoS over WLAN• The current defending strategies
![Page 3: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/3.jpg)
3
Objectives and Scope
The objective of this Thesis is to
• describe the current research on Denial of Service (DoS) attacks in Wireless LAN (WLAN)
• to evaluate the possible solution against DoS attacks in Wireless LAN
![Page 4: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/4.jpg)
4
WLAN Architecture
![Page 5: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/5.jpg)
5
IEEE 802.11 Standards
• 802.11b is the most popular one, it operates at speeds of up to 11Mbps in 2.4GHz frequency band
• 802.11a/g standards operate at up to 54Mbps in 5GHz frequency band
• All of them follow the same MAC layer protocol• Security is the biggest problem of 802.11
standards.• Here we concentrate more on 802.11b
![Page 6: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/6.jpg)
6
HIPERLAN & HIPERLAN/2
• Developed by ETSI BRAN• The purpose is to allow flexible wireless data
networks without the need for an existing wired infrastrcture
• HIPERLAN type 1 provide 20Mbit/s with 5GHz range, multimedia application are possible
• HIPERLAN/2 is specified for short range radio access in 5GHz band for mobile terminals
• High-speed transmission, connection-oriented, QoS support, security support
• However, it is not widely used worldwide
![Page 7: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/7.jpg)
7
Chinese WLAN standard-WAPI (1)
• WLAN Authentication and Privacy Infrastructure (WAPI) is the Chinese proprietary encryption standard for IEEE 802.11
• WAPI addresses weaknesses in the original Wi-Fi secuirty specification.
• WAPI is similar in IEEE 802.11 standards but different security protocol,which is called GB 15629.11. However, WAPI is not part of IEEE 802.11 standards
• The major difference betweeen them is in authentication and privacy
• WAPI and IEEE 802.11 are not compatible
![Page 8: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/8.jpg)
8
Chinese WLAN standard-WAPI (2)
• WAPI requires both the wireless device(STA) and the access point (AP) to authenticate themselves
• The authentication is done by presenting their public key based certificate to a third party
• Once both the STA and the AP are authenticated, an Encryption Negotiation process is started
![Page 9: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/9.jpg)
9
DoS attacks (1)
• ISO 7498-2 defines DoS as ”The prevention of authorized access to resources or the delaying of time critical operations.”
• DoS is a threat that prevents legitimate users getting access to the information or resource that they need
• According to CERT/CC (CERT Coordination Center) report, DoS incidents grew at a rate around 50% per year greater than growth of Internet hosts
• DoS attacks over the Internet can be target at a user, a host computer or a network
![Page 10: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/10.jpg)
10
DoS attack (2)
In a DoS attack, an attacker attempts• To inhibit legitmate network traffic by
flooding the network with useless traffic• To deny access to a service by disrupting
connections between two parties• To block the access of a particular
individual to a service• To disrupt the specific system or service
itself
![Page 11: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/11.jpg)
11
Distributed DoS(DDoS)
• A new form of DoS, also called multiple DoS• A multitude of compromised system attack a
single target• In order to facilitate DDoS, the attacker needs to
have thousands of compromised hosts, the process is automated
• DDoS attacks become more effective and difficult to prevent
• Common DDoS tools: Trinoo, TFN, Stacheldraht
![Page 12: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/12.jpg)
12
DoS attacking tools
• Trinoo
• Stacheldraht
![Page 13: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/13.jpg)
13
Trinoo
• Trinoo is not a virus, but an attack tool released in late December 1999 that performs a distributed Denial of Service attack. Trinoo daemons were originally found in Solaris 2.x systems.
• Trinoo also has a client component that is used to control the master component. This lets the hacker control multiple master components remotely. The client can communicate with the master component by sending various commands.
![Page 14: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/14.jpg)
14
Trinoo architecture
attacker attacker
master mastermaster
daemon daemon daemon daemon daemon
![Page 15: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/15.jpg)
15
Stacheldraht (German for ”barbed wire”) (1)
• Adds encryption between the communication of the attacker and masters; adds automated update of agents
![Page 16: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/16.jpg)
16
Stacheldraht (2)
• The methods used to install the handler/agent will be the same as installing any program on a compromised UNIX system
• Ability to upgrade the agents on demand. Employs “rcp” command using a stolen account at some site as a cache.
![Page 17: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/17.jpg)
17
Stacheldraht Network
client client
handler handlerhandler
agent agent agent agent agent
![Page 18: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/18.jpg)
18
DoS is a big WLAN issue
• To initiate a DoS attack, the attacker sends a continuous stream of meaningless information to access points (APs) in WLAN
• It causes WLAN unusable• DoS over WLAN may be as simple as RF
generator in 2.4GHz band to aim the RF channel• DoS over WLAN may also be sophisticated as
spoofing 802.11 disassociation management frames to wireless terminals
![Page 19: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/19.jpg)
19
Brute force
DoS attacks are mainly implemented by
Brute force
There are two forms of brute force:
- Packet-based brute force attack
It brings significant overhead of network
- Very strong radio signals
Disrupt the network
![Page 20: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/20.jpg)
20
Brute force implementation
• Packet-based brute force attack:- use other computers on the network to send useless packets all the time
• Very strong radio signals - use a very powerful transmitter in a relatively
close rangeHowever, the use of very strong radio signal is
risky because the WLAN owners can find the attacker by AirMagnet tool.
![Page 21: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/21.jpg)
21
Types of DoS attacks over WLAN(1)
DoS attacks target many different layers of the wireless network
• Application layer(~OSI layer 7)
- sending large amount of legitimate requests to an application
• Transport layer(~OSI layer 4)
- sending many TCP connection requests to a host
![Page 22: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/22.jpg)
22
Types of DoS attacks over WLAN(2)
• Network layer (~OSI layer 3)
- conducted by sending a large amount of IP data to a network
• Data link layer (~OSI layer 2)
- data link attacks are launched to disable the ability of hosts to access the local network.
- target either a host or a network
![Page 23: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/23.jpg)
23
Types of DoS attacks over WLAN(3)
• Physical layer( ~OSI layer 1)- ”backhoe attack”, a heavy-equipment operator accidentally cut a communication cable, take down services potentially- creating a device that produces lots of noise at 2.4GHz frequency is both easy and cheap- Cordless phones have the capability to take an 802.11 network offline
![Page 24: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/24.jpg)
24
2.4GHz or 5GHz freuqncy??
• 2.4GHz WLANs can experience interference from cordless phones, microwaves...and 5GHz system is relatively free from interfering sources.
• Interoperability: 2.4G and 5GHz systems are not directly compatible.
• 5GHz systems can provide enhanced security over 2.4GHz systems because of less range.
• Densely-populated environments and multi-media applications will benefit from the use of 5GHz. 2.4GHz products are inexpensive and capable of supporting most application requirements.
![Page 25: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/25.jpg)
25
Defenses(1)
• Network Ingress and Egress Filtering• Rate limiting and Unicast reverse path
forwarding (ip verify unicast reverse_path, rate limit)
• Audit Hosts for DDoS tools (find_dos)• Audit Networks for DDoS tools (RID)• Have an Incident Response Team (IRT)• Have/enforce policies• Buy Insurance !
![Page 26: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/26.jpg)
26
Defenses (2)
• Both technical and management solutions are put into considerations
• Wi-Fi Protected Access(WPA) is a new WLAN security standard for 802.11 networks which is comprised of Temporal Key Integrity Protocol(TKIP) encryption and 802.1x technolgy.
• However, WPA is vulnerable to DoS attacks.
![Page 27: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/27.jpg)
27
Defenses (3)
The ways to respond to a DoS attack:• Absorb the attack
- plans additional capacity before an attack begins
• Degrade services-noncritical services can be degraded, or disable them if necessary
• Shut down services- Shut down services until the attack has subsided
![Page 28: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/28.jpg)
28
Defenses (4)
The fundamental protection solutions against DoS:
• updating firewalls• installing up-to-date patches• turn off network services when they are not in
use• deploy DoS detection tools, such as AirDefense,
AirMagnet• perform extensive site surveys before deploying
APs
![Page 29: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/29.jpg)
29
Conclusions (1)
• There is no comprehensive solution against DoS attacks over WLAN currently
• Take external coutnermeasures, such as tracing the attacks, enforcing related law, and enterprise usage policy systems
• 5GHz range networks are both practical and market-rewarding
![Page 30: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/30.jpg)
30
Conclusion (2)
• WLANs are not as vulnerable as the wired LAN to the DoS attacks
• If attackers cut down the power of the wired LAN, all the wired networks are down
• However, WLAN can be switched to the ad hoc configuration with laptops or other battery powered computers
![Page 31: S-38.310 Thesis Seminar on Networking Technology](https://reader035.vdocuments.mx/reader035/viewer/2022070404/56813b21550346895da3d802/html5/thumbnails/31.jpg)
31
Future research works
• Simulation study and countermeasure policies by using Ethernet to construct environment for testing DoS behaviors over WLAN
• How to develop and integrate an effective wireless security policy in an enterprise
• New technologies, such as DNA fingerprints, may improve the network authentication