DoS and Authentication in Wireless Public Access Networks Daniel B Faria dbfaria cs stanford edu David R Cheriton cheriton cs stanford edu Computer Science Department Stanford University Stanford CA 94305 9040 ABSTRACT have taken this service to another level and enabled seamless communication in which a user does not even know her point of connection to the network These computing facilities however have increased the need for more restrictive access control mechanisms given the di culty to physically restrict the access to wireless access points Current practice on dealing with wired ports has been to physically secure the enterprise network by hiding the wires inside walls and securing the switches and routers in locked wiring closets We view this portion of the network as the true intranet The only points of physical exposure are the RJ 45 ports in the wall outlets and the wireless access antennae distributed around the environment We call this part of the network the public access network Providing security involves many trade o s The number and complexity of mechanisms implemented in a security architecture depend on the assumptions made about the environment in which they are supposed to operate Recently wireless security has been given considerable attention a consequence of the vulnerabilities found by the research community in current standards Wireless security research has contributed to make clear that one should make as few assumptions as possible about the physical security provided by the network infrastructure For example the way association and authentication are integrated in 802 11 802 1X networks is the main reason for the attacks already reported 16 Disassociation attacks session hijacking and the implementation of rogue access points are examples of attacks that can be mounted over a 802 11 wireless network given the invalid assumption made by 802 1X that secure association is provided Fewer assumptions about physical security generate more robust solutions but special attention should also be paid to the amount of mechanism provided With security every mechanism has the potential of creating a vulnerability or enabling denial of service DoS attacks We therefore support the idea that less mechanism is better restricting the provided services to the ones that are really essential to creating a secure solution Going back to wireless networks we see secure association as an important service to provide The challenge is therefore to make as few assumptions as possible about the network while providing a robust solution based on a small number of protocols and services The rst objective of this paper is to show that the DoS attacks e ective against current access control solutions are made possible by the lack of implementation of essential services or wrong assumptions made about the environment As WEP has been shown to be vulnerable to multiple attacks a huge e ort has been placed on specifying an access control mechanism to be used in wireless installations However properties of the wireless environment have been exploited to perform multiple DoS attacks against current solutions such as 802 11 802 1X In this paper we discuss the main wireless idiosyncrasies and the need for taking them into account when designing an access control mechanism that can be used in both wireless and wired networks We present the design of a mobility aware access control mechanism suitable for both wireless and wired environments and show how the DoS attacks discussed can be prevented by implementing secure association and other essential services The architecture proposed here composed of the SIAP and SLAP protocols uses public keys together with the RSA and AES encryption algorithms to provide a exible service Categories and Subject Descriptors C 2 2 Computer Systems Organization Network Protocols General Terms Design Security Keywords DoS Security Wireless Networks 1 INTRODUCTION The advent of portable and mobile computing has motivated the introduction of public access networks available in airport lounges cafes and inside universities and enterprise environments being sometimes shared by both local users and visitors Advances in wireless communications Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page To copy otherwise to republish to post on servers or to redistribute to lists requires prior specific permission and or a fee WiSe 02 September 28 2002 Atlanta Georgia USA Copyright 2002 ACM 1 58113 585 8 02 0009 5 00 47 protocol Together with authorization it provides the network administrator with the ability to implement client differentiation while allowing the user to authenticate network entities Other desirable properties related to the key establishment protocol include key freshness guarantees forward secrecy and DoS resistance 15 After the user is authenticated an access veri cation mechanism should be available The provider is interested in verifying permissions and performing accounting and billing tasks The user wants guarantees over the integrity over transmitted packets and that attackers cannot a ect the accounting process executed by the provider These requisites are usually achieved using cryptographic message authentication codes which also provide message integrity and a replay detection mechanism Interoperability is especially important in wireless networks as users expect to move between networks as smoothly as possible Interoperability and simple user interface are key factors to achieve user satisfaction The user may want to extend the con dentiality provided by end to end mechanisms e g based on IPSec 12 or TLS 9 keeping secret all data transferred over the wireless link As the wireless medium extends the reach of attackers applications not usually protected by higher layer mechanisms can take advantage of this service In this paper we focus on features i to iii above and how the absence of some of the related services creates security vulnerabilities DoS attacks based on the lack of correct authentication constructs receive special attention in the paper especially when dealing with wireless networks section 3 Section 4 shows how 802 1X based solutions are vulnerable to these authentication based attacks while attacks mounted