An anti-DoS attack architecture for wireless IT Infrastructure

Widespread deployment of wireless solutions in corporate and government computing infrastructure implies that lots of sensitive information and data is carried over the air. The threats of intrusion and denial of service is real since wireless networks have broadcasted traffic. IEEE 802.11 defines WEP, WPA and WPA2 security protocols as possible countermeasures. The most recent model defined by IEEE, the WPA2 emphasizes data confidentiality, integrity and authentication but pays little attention to availability issues. Management and control frames in WPA2 are still sent in clear making the model vulnerable to DoS attacks. The failure recovery processes require re-authentication and re-association a fact which makes the model easily exploited by various DoS attacks that includes authentication and association frames flooding. In this paper, we propose a drop policy for DoS authentication and Association flooding. We assume deployment of the current IEEE 802.11i provides enough confidentiality, integrity and authentication schemes. We use simulation in OPNET to show that our security model performs better to provide improved security in terms of availability under Denial of service attack.