A POLICY-BASED ARCHITECTURE FOR PROTECTING 802.11 WLANS AGAINST DDOS ATTACKS

Alan Marshall, Wenzhe Zhou

2004

Abstract

The security mechanisms available in 802.11WLANs are considered to be extremely vulnerable to malicious attacks. This paper proposes a policy-based architecture to protect 802.11 WLANs against Distributed Denial of Service (DDoS) attacks. The architecture proposed is based on the 802.1X standard, which forms the basis of the Robust Security Network (RSN) framework. The main focus of our work is to develop a policy-based server that can control certain actions taken by WLAN access points so that proper countermeasures will be taken whenever a DDoS attack occurs. The policies are both rule and case based and are contained in a Policy Based Security Server (PBSS). The approach taken is to simulate the behaviour of this architecture when faced with a range of DDoS attack strategies, and to use this to characterise the type of security policies required by the PBSS.

References

  1. L.Sherriff, “Virus Launches DDOS for mobile phones”, http://www.theregister.co.uk/content/1/12394.html
  2. Jon Edney, William A. Arbaugh, “Real 802.11 Security----Wi-Fi Protected Access and 802.11i”, Addison Wesley, July, 2003
  3. The 802.11 Security Web Page http://www.drizzle.com/aboba/IEEE/
  4. Nikita Borisov, Ian Goldberg, David Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11”, http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf
  5. CERT Coordination Center, “Denial of Service Attacks”, http://www.cert.org/tech_tips/denial_of_service.html, 2001
  6. J.Mirkovic, J.Martin, P.Reiher, “A Taxonomy of DDOS Attacks and DDOS Defense Mechanisms”, ACM CCR, July, 2002
  7. CERT Coordination Center, “Trends in Denial Of Service Attack Technology” http://www.cert.org/archive/pdf/DoS_trends.pdf, Oct, 2001
  8. IEEE 802.11 Tgi, Tim Moore, Bernard Aboba, “Authenticated fast handoff”, http://www.drizzle.com/aboba/IEEE/11-01-TBD-I-Au thenticated-FastHandoff.ppt
  9. Mishr, A., and W.A.Arbaugh. 2002. “An Initial Security Analysis of the IEEE 802.1X Standard.” Technical Report CS-TR-4328. College Park, University of Maryland.
  10. IEEE. “Standard for local and metropolitan area networks: Standard for port based network access control”. IEEE Draft P802.1X/D11, March 2001.
Download


Paper Citation


in Harvard Style

Marshall A. and Zhou W. (2004). A POLICY-BASED ARCHITECTURE FOR PROTECTING 802.11 WLANS AGAINST DDOS ATTACKS . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE, ISBN 972-8865-15-5, pages 107-112. DOI: 10.5220/0001393901070112


in Bibtex Style

@conference{icete04,
author={Alan Marshall and Wenzhe Zhou},
title={A POLICY-BASED ARCHITECTURE FOR PROTECTING 802.11 WLANS AGAINST DDOS ATTACKS },
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,},
year={2004},
pages={107-112},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001393901070112},
isbn={972-8865-15-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,
TI - A POLICY-BASED ARCHITECTURE FOR PROTECTING 802.11 WLANS AGAINST DDOS ATTACKS
SN - 972-8865-15-5
AU - Marshall A.
AU - Zhou W.
PY - 2004
SP - 107
EP - 112
DO - 10.5220/0001393901070112