A formal analysis of IEEE 802.11w deadlock vulnerabilities

Proceedings - IEEE INFOCOM

Volumn , Issue , 2012, Pages 918-926

  Eian, Martin ^a   Mjølsnes, Stig F ^a  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

802.11W; DENIAL OF SERVICE; EXPERIMENTAL VALIDATIONS; FORMAL ANALYSIS; FORMAL MODEL; MODEL CONSTRUCTION; ROBUST PROTOCOL; SIMPLE PROTOCOL; SOURCE CODES; THEORY AND PRACTICE; VERIFICATION AND VALIDATION;

NETWORK PROTOCOLS; STANDARDS;

FORMAL METHODS;

EID: 84861639032     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFCOM.2012.6195841     Document Type: Conference Paper

References (22)

1. J. Bellardo and S. Savage, "802.11 denial-of-service attacks: Real vulnerabilities and practical solutions," in Proceedings of the 12th USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, 2003.
2. M. Eian, "Fragility of the robust security network: 802.11 denial of service," in Proceedings of the 7th International Conference on Applied Cryptography and Network Security, ser. Lecture Notes in Computer Science, vol. 5536. Springer-Verlag, 2009, pp. 400-416.
3. -, "A practical cryptographic denial of service attack against 802.11i TKIP and CCMP," in Proceedings of the Ninth International Conference on Cryptology And Network Security, ser. Lecture Notes in Computer Science, vol. 6467. Springer-Verlag, 2010, pp. 62-75.
4. B. Könings, F. Schaub, F. Kargl, and S. Dietzel, "Channel switch and quiet attack: New DoS attacks exploiting the 802.11 standard," in LCN 2009: Proceedings of the IEEE 34th Conference on Local Computer Networks, 2009, pp. 14-21.
5. T. Han, N. Zhang, K. Liu, B. Tang, and Y. Liu, "Analysis of mobile WiMAX security: Vulnerabilities and solutions," in Mobile Ad Hoc and Sensor Systems, 2008. MASS 2008. 5th IEEE International Conference on, 2008, pp. 828 -833.
6. G. Kambourakis, C. Kolias, S. Gritzalis, and J. Hyuk-Park, "Signaling-oriented DoS attacks in UMTS networks," in Advances in Information Security and Assurance, ser. Lecture Notes in Computer Science. Springer-Verlag, 2009, vol. 5576, pp. 280-289.
7. IEEE, IEEE Std 802.11-2007, IEEE Standard for Information technology - Telecommunications and information exchange between systems -Local and metropolitan area networks - Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, New York, NY, USA, 2007.
8. -, IEEE Std 802.11i-2004, IEEE 802.11-1999 Amendment 6: Medium Access Control (MAC) Security Enhancements, New York, NY, USA, 2004.
9. -, IEEE Std 802.11w-2009, IEEE 802.11-2007 Amendment 4: Protected Management Frames, New York, NY, USA, 2009.
10. M. S. Ahmad and S. Tadakamadla, "Short paper: security evaluation of IEEE 802.11w specification," in Proceedings of the fourth ACM conference on Wireless network security, ser. WiSec '11. New York, NY, USA: ACM, 2011, pp. 53-58.
11. C. Meadows, "A formal framework and evaluation method for network denial of service," IEEE Computer Security Foundations Workshop, vol. 00, p. 4, 1999.
12. J. Mitchell, A. Roy, P. Rowe, and A. Scedrov, "Analysis of EAP-GPSK authentication protocol," in Proceedings of the 6th International Conference on Applied Cryptography and Network Security, ser. Lecture Notes in Computer Science, vol. 5037. Springer-Verlag, 2008, pp. 309-327.
13. P. Narayana, R. Chen, Y. Zhao, Y. Chen, Z. Fu, and H. Zhou, "Automatic vulnerability checking of IEEE 802.16 WiMAX protocols through TLA+," in Secure Network Protocols, 2006. 2nd IEEE Workshop on, 2006, pp. 44 -49.
14. J. Malinen, "hostapd: IEEE 802.11 AP, IEEE 802.1X / WPA / WPA2 / EAP / RADIUS Authenticator," 2011, http://hostap.epitest.fi/hostapd.
15. J. Epstein, SA Teardown Protection for 802.11w, IEEE TGw DCN 2441, Rev 3, 2007, https://mentor.ieee.org/802.11/file/07/11-07-2441-03-000wsa-teardown- protection.ppt.
16. J. Malinen, "Linux WPA/WPA2/IEEE 802.1X Supplicant," 2011, http://hostap.epitest.fi/wpa supplicant.
17. M. Eian and S. F. Mjølsnes, "The modeling and comparison of wireless network denial of service attacks," in Proceedings of the 3rd ACM SOSP Workshop on Networking, Systems, and Applications on Mobile Handhelds, ser. MobiHeld '11. New York, NY, USA: ACM, 2011, pp. 7:1-7:6.
18. G. J. Holzmann, "The model checker SPIN," IEEE Trans. Softw. Eng., vol. 23, pp. 279-295, May 1997.
19. IEEE, IEEE Std 802.11h-2003, IEEE 802.11-1999 Amendment 5: Spectrum and Transmit Power Management Extensions in the 5 GHz band in Europe, New York, NY, USA, 2003.
20. C. Devine, T. d'Otreppe, and M. Beck, "Aircrack-ng," 2011, http://www.aircrack-ng.org.
21. The OpenWrt Project, "OpenWrt," 2011, http://www.openwrt.org.
22. M. Eian and S. F. Mjølsnes, "802.11w promela model," 2011, http://www.item.ntnu.no/~eian/80211w.pml.