以隨機位元認證機制抵禦802.11無線網路阻絶式攻擊

Abstract

IEEE 802.11(a,b,g)無線網路方便佈建的方式與便宜的價格，已使802.11(a,b,g)無線網路普遍的建置在家庭、學校、民間企業、政府機構及公共場所。然而無線電波的特性，使無線網路與傳統的有線網路，多了許多安全性的考量。 WEP是802.11(a,b,g)無線網路的安全性機制，早被證實存在許多弱點且容易被破解，WPA及802.11i是802.11(a,b,g)無線網路安全性的加強版。802.11i改善了802.11(a,b,g)無線網路資料傳送的完整性(integraty)及可信性(confidentiality)，但在可用性(availability)卻沒有嚴謹的考量與設計，因此使得802.11系列的無線網路，容易遭受阻絶性攻擊(Denial of Service attack)。 本研究即利用802.11在MAC層的封包標頭結構，以共有金鑰的假設下，在認證（(de)authentication）及連結（(dis)association）封包中，以隨機方式加入3到4個位元，作為無線網路存取點（AP）和工作端（STA）的雙方溝通的認證機制，配合MAC層封包標頭中的Sequence Counter欄位連續數質的特性，設計有效過濾偽造的阻絶式攻擊封包的機制。 本研究設計的抵禦無線網路阻絶式攻擊機制，經實作與模擬實驗後證明我們所設計的隨機位元認證機制，能有效的抵禦802.11無線網路阻絶式攻擊。

IEEE 802.11 network is prevailing, but the security issue is an important concern. WEP is the security mechanism in 802.11 specification. It has been proved that WEP is vulnerable and easy to be cracked. 802.11i is the enhanced version of security for 802.11 networks. The 802.11i focuses on integrity and confidentiality of transmitting data. The availability of 802.11 network is not considered properly. The management frames of 802.11 are not protected by any key based authentication. It causes the 802.11 network vulnerable to Denial of Service attacks. We designed a so called random bit authentication mechanism to defend Denial of Service attacks against 802.11 networks. We replace some unused bits in the MAC header of the 802.11 management frames with some authentication bits. The AP and STA can authenticate each other according to these authentication bits. We also exploited the characteristic of Sequence Number field in MAC header of the 802.11 frames to design an effective mechanism to filter out attacking frames. In our implementation and experiments, it shows that our two-phase filtering mechanism is effective and lightweight to defend IEEE 802.11 Denial of Service attacks.