802.11无线局域网应用中的安全攻击防护策略的研究PDF电子书下载

CHAPTER 1 Introduction 1

1.1 Motivations 1

1.2 Crypto attacks on WLANs 2

1.2.1 Traffic analysis 2

1.2.2 Eavesdropping 4

1.2.3 Man-in-the-middle 5

1.2.4 Session hijack 6

1.2.5 Masquerading 7

1.2.6 Unauthorized access 7

1.2.7 Replay（or Playback） 8

1.2.8 Tampering 9

1.2.9 Forgery 10

1.3 Approaches to resolve crypto attacks 10

1.3.1 Wired equivalent privacy 10

1.3.2 802.11i（TKIP,CCMP） 14

1.3.3VPN solution against crypto attacks 21

1.4 Denial of service（DoS） 22

1.5 Related DoS research work 25

1.6 Proposed approaches and contributions 26

1.6.1 Contributions to resolve crypto attacks 26

1.6.2 Contributions to resolve DoS attacks 27

1.7 Outline 27

CHAPTER 2 Experimental Methodologies 35

2.1 Summary of tools 35

2.1.1 Pcattcp 36

2.1.2 WireShark 36

2.1.3 FreeRadius server 36

2.1.4 HostAP 36

2.1.5 Void11 attacking tool 37

2.1.6 Wireless sniffer 38

2.1.7 Network simulation 38

2.2 Performance measurements 38

2.2.1 TCP throughput 38

2.2.2 Round trip time 40

2.2.3 TCP time-sequence graph 40

2.2.4 UDP throughput and packet loss 41

2.3 Experimental design 42

2.3.1 Network emulation of AuthRF and AssRF attacks 42

2.3.2 Network emulation of DeauthF/DisassF attacks 43

2.4 Queuing model 44

CHAPTER 3 Protect Wireless LANs using VPN over 802.11i 49

3.1 Introduction 49

3.2 Five S problems of enterprise WLANs 50

3.2.1 Security attacks on wireless communication（SAOWC） 51

3.2.2 Stealing wireless resources（SWR） 52

3.2.3 Sniffing internal traffic（SIT） 52

3.2.4 Sharing internal resources（SIR） 53

3.2.5 Security backward compatibility（SBC） 53

3.2.6 Summary of 5S problems 53

3.3 Security approaches for five S problems 54

3.3.1 WEP 54

3.3.2 WEP-802.1X 55

3.3.3 VPN/WEP-802.1X 55

3.3.4 802.11i（TKIP,CCMP） 56

3.3.5 VPN over 802.11i（TKIP,CCMP） 57

3.3.6 Summary of security approach 58

3.4 Experiments and methodologies 59

3.5 Performance analyses 60

3.5.1 Throughput vs.security measures 60

3.5.2 Overheads of security approaches 61

3.5.3 Performance of VPN/802.11i-TKIP 62

3.6 Theoretical analyses of performances 63

3.6.1 Theoretical analyses of WLAN throughputs 63

3.6.2 Analysis of packet encryption time 65

3.6.3 Analysis of packet transmission time 65

3.6.4 Performances of VPN/802.11i 66

3.7 Conclusions 68

CHAPTER 4 AuthRF and AssRF DoS Attacks 72

4.1 Empirical study of AuthRF and AssRF attacks 72

4.1.1 Hardware sensitivity 74

4.1.2 Traffic sensitivity 75

4.1.3 Empirical study of AuthRF/AssRFon TCP traffic 75

4.1.4 Empirical study of AuthRF/AssRF on UDP traffic 77

4.2 Queuing models of WLANs 79

4.3 Qualitative performance analyses 83

4.3.1 Data and management frame flows under AuthRF/AssRF 84

4.3.2 Difference between upstream UDP and other data streams 85

4.3.3 AuthRF/AssRF effects vs.attacking rates 85

4.4 Quantitative performance analyses 87

4.4.1 Analysis of TCP RTT 88

4.4.2 Analysis of UDP packet loss 90

4.5 Discussion of performance results 93

4.5.1 TCP performance results 95

4.5.2 Upstream UDP packet loss 96

4.5.3 Downstream UDP packet loss 97

4.5.4 Data sending rate sensitivity analysis 99

4.6 Approaches to resolve DoS attacks 100

4.6.1 Request authentication 101

4.6.2 Reduction of duplicate requests 102

4.6.3 Reduction of response retransmission 103

4.6.4 Round robin transmission 105

4.6.5 Comprehensive performance study of RA,R DR,RRR and RRT 106

4.6.6 Comparisons of RA,RDR,RRR and RRT 109

4.7 Conclusions 110

CHAPTER 5 DeauthF and DisassF Attacks 113

5.1 Effects of DeauthF and DisassF on traditional WLANs 113

5.1.1 DeauthF/DisassF hardware sensitivity 113

5.1.2 DeauthF and DisassF attacks on TCP/UDP traffic 114

5.1.3 802.11 operations under RAP attacks 116

5.2 802.11w-Protection of management frames 118

5.2.1 802.11w standard background 118

5.2.2 802.11w implementation 120

5.2.3 Validation of 802.11w implementations 122

5.2.4 Evaluation of 802.11w 124

5.3 STA-based queuing model 126

5.4 Qualitative analysis 128

5.4.1 TCP data flow 128

5.4.2 UDP data flow 130

5.4.3 Analysis of TCP RTT and UDP packet loss 130

5.5 Approach to resolve DeauthF/DisassF attacks 132

5.6 Conclusions 135

CHAPTER 6 RAP DoS Attacks with Markov Chain Model 137

6.1 Introduction 137

6.2 Experimental methodologies 138

6.2.1 WLAN DoS experiments 138

6.2.2 WLAN DoS simulation 139

6.3 Theoretical studies of DoS attacks 140

6.3.1 Markov chain model 140

6.3.2 Wireless client Markov chain model 140

6.3.3 Analyses of DeauthF and DisassF 142

6.4 Implementation of 802.11w 143

6.4.1 Deauthentication and disassociation frames 143

6.4.2 Hash function for authentication 144

6.4.3 Encryption mechanisms for authentication 144

6.5 Analyses of 802.11w 145

6.5.1 Normal WLAN 145

6.5.2 WLAN under DeauthF 145

6.5.3 802.11w-enabled WLAN under DeauthF 146

6.5.4 802.11w-TPF enabled WLAN under DeauthF 147

6.5.5 Summary of four cases 148

6.6 Conclusions 149

CHAPTER 7 DoS Attacks against Wireless VoIP 150

7.1 Introduction 150

7.2 Backgrounds of DoS attacks on WVoIP 152

7.3 Experimental Design of WVoIP 155

7.4 DoS attacks on WVoIP 157

7.4.1 Authentication request flooding attack on WVoIP 158

7.4.2 Association request flooding attack over WVoIP 160

7.4.3 RAP based deauthentication flooding attack over WVoIP 161

7.4.4 RAP based disassociatiot flooding attack 164

7.4.5 Solutions to DoS attacks on WVoIP 166

7.5 Conclusions 170

CHAPTER 8 Layer-3 Forwarding on Wireless LANs 172

8.1 Introduction 172

8.2 Bridging with layer-3 forwarding 176

8.2.1 Layer-2 bridging and IP routing 176

8.2.2 Layer-3 forwarding（L3F） process 177

8.3 Experimental design 178

8.4 Performance results 181

8.5 Conclusions 183

CHAPTER 9 Wireless Device Server Based Sensor Management Systems 186

9.1 Introduction 186

9.2 Wireless device server based management system 188

9.2.1 Multiple tier and hierarchy architecture of WDSBISFMS 189

9.2.2 WDSBISFMS functionalities 190

9.2.3 WDSBISFMS implementation examples 192

9.3 Application examples of WDSBISFMS 193

9.3.1 WDSBISFMS for fixed sensors 193

9.3.2 WDSBISFMS for mobile sensors 194

9.3.3 WDSBISFMS for airplane imaging system 196

9.3.4WDSBISFMS for monitoring data center 197

9.4 Sensor technologies and sensor management standardization 199

9.5 Conclusions 200

CHAPTER 10 Summary of Contributions and Future Works 202

10.1 Contributions on the experimental studies 202

10.1.1 Design of experiments 202

10.1.2 Data collection and performance metrics 203

10.1.3 Enhancement of tools 204

10.1.4 Enhancement of NS-2 simulations 204

10.2 Contributions on the theoretical modeling 204

10.2.1 VPN performance overhead analysis 204

10.2.2 Queuing model for the authentication and association process 205

10.2.3 Queuing model for the deauthentication and disassociation process 205

10.3 Solutions to enhance WLAN security 205

10.3.1 Integrated solution 205

10.3.2 Solutions to AuthRF and AssRF attacks 206

10.3.3 Enhancement to 802.11w 206

10.4 Future work 206

Derivation of Trand Ta 208

Derivation of RX response time（t2） 210

Derivation of TX2 response time（t5） 212