1 / 12

Security Procedure for Long Sleeper

This paper discusses the IEEE 802.11w standard for protected management frames and proposes a security association procedure for long sleepers to prevent DoS attacks in Wi-Fi networks.

akelsey
Download Presentation

Security Procedure for Long Sleeper

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Procedure for Long Sleeper Authors: Date: 2013-01-13 YonghoSeok, LG Electronics

  2. Authors: YonghoSeok, LG Electronics

  3. Authors: YonghoSeok, LG Electronics

  4. Introduction • IEEE 802.11w is a standard for supporting a protected management frame • Wi-Fi Alliance also provides a certification program for the protected management frame as one of core programs • Protected Management Frames: Wi-Fi CERTIFIED WPA2 with Protected Management Frames provides a WPA2-level of protection for unicast and multicast management action frames, http://www.wi-fi.org/certification/programs • One of mandatory features of the protected management frame is a Security Association (SA) Query procedure Yongho Seok, LG Electronics

  5. Background of SA Query Procedure • If an AP has a valid security association for a non-AP STA • The SME shall reject the Association Request by generating an MLME-ASSOCIATE.response primitive with ResultCode “Association request rejected temporarily; try again later.” • The SME shall include in the MLME-ASSOCIATE.response primitive a Timeout Interval element with Timeout interval type set to 3 (Association Comeback time), specifying a comeback time when the AP would be ready to accept an association with this STA. • Following this, the SME shall issue one MLME-SAQuery.request primitive addressed to the STA every dot11AssociationSAQueryRetryTimeout TUs until a matching MLME-SAQuery.confirm primitive is received or dot11AssociationSAQueryMaximumTimeout TUs from the beginning of the SA Query procedure have passed. Yongho Seok, LG Electronics

  6. Background of SA Query Procedure • Security Association Query Procedure Example Association Comeback Time • dot11AssociationSAQueryMaximumTimeout Association Response SA Query Request Association Response AP AP and STA have a validsecurity association SA Query Response STA Association Request Association Request Attacker Result Code: “Association requested rejected temporarily: try again later.” Result Code: “Association requested rejected temporarily: try again later.” Yongho Seok, LG Electronics

  7. Background of SA Query Procedure • Security Association Query Procedure Example Association Comeback Time • dot11AssociationSAQueryMaximumTimeout AP and STA have a validsecurity association SA Query Request Association Response SA Query Request Association Response AP Association Request Association Request STA Result Code: “Association requested rejected temporarily: try again later.” Result Code: “Success.” Attacker STA is recovered from a failure Yongho Seok, LG Electronics

  8. Problem Definition • Low power STA may wake up with very long interval (e.g., 10 minutes) • So, long sleepers may not received SA Query Request frame even though they have a valid security association • If an MLME-SAQuery.confirm primitive with an outstanding transaction identifier is not received within dot11AssociationSAQueryMaximumTimeout period, the SME shall allow the association process to be started without starting an additional SA Query procedure. • dot11AssociationSAQueryMaximumTimeout specifies the number of time units (TUs) that an AP can wait, from the scheduling of the first SA Query Request to allow association process to be started without starting additional SA Query procedure if a successful SA Query Response is not received. And a default value is 1 second. Yongho Seok, LG Electronics

  9. Problem Definition • Because STA does not reply to SA Query Request frame, an attacker can be associated with AP and it destroys the security association of the STA. Association Comeback Time • dot11AssociationSAQueryMaximumTimeout Association Response SA Query Request Association Response SA Query Request AP STA Association Request Association Request Attacker Result Code: “Association requested rejected temporarily: try again later.” Result Code: “Success.” Yongho Seok, LG Electronics

  10. Proposal • AP Behavior • For protecting a security association from DoS attack, AP should provide dot11AssociationSAQueryMaximumTimeout value to a non-AP STA • STA Behavior • For protecting DoS attack, the non-AP STA shall wake to listen to SA Query Request frame with the interval of dot11AssociationSAQueryMaximumTimeout Yongho Seok, LG Electronics

  11. Conclusion • In this contribution, we propose a security association procedure for a long sleeper • For protecting DoS attack, AP needs to provide dot11AssociationSAQueryMaximumTimeout value to its associated STA Yongho Seok, LG Electronics

  12. Straw Poll • Do you support that an AP include dot11AssociationSAQueryMaximumTimeout in Association Response frame or Re-association Response frame with status code set to success? Yongho Seok, LG Electronics

More Related