A new client-puzzle based DoS-resistant scheme of IEEE 802.11i wireless authentication protocol

As a type of DoS attacks, resource depletion attacks against IEEE 802.11i protocol exhaust access points (AP) resources. To realize such an attack flooding requests is commonly used. The legitimate user´s networks access will be obstructed. This work mainly focuses on request and authentication request flood DoS attacks. A new client-puzzle based DoS-resistant scheme of IEEE 802.11i wireless authentication protocol is proposed to improve the DoS-resistant ability of IEEE 802.11i wireless networks. The difference between our method and traditional client puzzle scheme is employing beacon frame to distribute the parameters of cryptographic puzzle on the basis of hash function. By listening on the wireless channels to get the AP´s beacon frame, users construct a puzzle with the seed in the beacon frame and solve it by brute-force computation. The answers to the puzzle and other parameters constructing the puzzle are sent by authentication request. Whether providing the association to a station depends on the verification of puzzle by AP. This method keeps a good resource balance between the AP and stations, reducing the affection of resource depletion attack and the potential resource-exhausting in traditional client puzzle scheme.