Title :
Two Novel 802.1x Denial of Service Attacks
Author :
Alruban, Abdulrahman ; Everitt, Dr Emlyn
Author_Institution :
Comput. Syst. Security, Univ. of Glamorgan, Cardiff, UK
Abstract :
Denial of Service (DoS) attacks are among the most common security issues threatening today´s 802.11 networks. In this paper, we have proposed two 802.1x DoS attacks, EAP-NAK and EAP-Notification flooding attacks. These effectively disrupt the authentication process between the legitimate wireless supplicants and the network authentication server. The evaluation of these attacks against EAP is performed using well-suited metrics which highlight their impact on the targeted network in practice. Furthermore, we discuss possible techniques to detect these attacks, such as configuring the WIDS to create a performance baseline of the wireless network. Lastly, several techniques and solutions were discussed which can be applied to the 802.11i standard in order to enhance the security of the 802.1x for dealing with DoS attacks, such as the use of a process delay time technique.
Keywords :
computer network security; message authentication; performance evaluation; protocols; wireless LAN; 802.11 networks; 802.11i standard; 802.1x DoS attacks; 802.1x denial of service attacks; EAP-NAK; EAP-notification flooding attacks; WIDS; authentication process; legitimate wireless supplicants; network authentication server; performance baseline; security issues; wireless network; Authentication; Computer crime; Floods; Servers; Wireless LAN; Wireless networks; 802.11 Denial of Service; EAP DoS; IEEE 802.1x Security;
Conference_Titel :
Intelligence and Security Informatics Conference (EISIC), 2011 European
Conference_Location :
Athens
Print_ISBN :
978-1-4577-1464-1
Electronic_ISBN :
978-0-7695-4406-9
DOI :
10.1109/EISIC.2011.49
