未來工作

本研究提出的機制除了可以解決 IEEE 802.11 的 Deauthentication/

Disassociation 氾濫式攻擊外，底下列出三點未來研究將會應用或擴充的部份：

（1）應用於 802.11i 網路上的 EAPOL-Failure 與 EAPOL-Logoff 阻絕服務攻擊上，

因為這兩個訊框都是未加密且以明文傳送，所以攻擊者亦可以利用這個缺陷讓正 常使用者無法取得網路服務。

（2）此外本研究的機制亦可用於省電模式攻擊（Power Saving mode attacks）方 面，因為在省電模式中 TIM（Traffic Indication Map）欄位亦是為加密的，攻擊 者可以假造假的 TIM 後傳給受害者，使得受害者無法收到自己的資料。本研究 的機制可以驗證來源性，所以未來將應用於這個攻擊上。

（3）使用隨機位元串來防禦探測/身份認證/連結要求氾濫攻擊

（Probe/Authentication/Association request flooding attacks）。

（4）本論文是使用模擬的方式來實驗，未來將會進行實體裝置的測試，我們大 膽預測實驗結果會與本研究模擬結果相符。

Reference

[1] S.D. Chien, “Using Random Bit Authentication to Defend IEEE 802.11 DoS Attacks” ,簡 先得碩士論文 理學院網路學習學程 國立交通大學, May 2006

[2] Changhua He, John C. Mitchell. “Analysis of the 802.11i 4-way handshake”. In Proceedi ngs of the 2004 ACM workshop on wireless security, ACM Press, New York, USA, 200 4, Pages: 43–50.

[3] Changhua He, John C Mitchell. “Security analysis and improvements for IEEE 802.11i”.

Network and Distributed System Security Symposium Conference Proceedings, 2005, http:

//www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/NDSS05-1107.pdf.

[4] Ferreri F., Bernaschi M., Valcamonici L. “Access points vulnerabilities to DoS attacks in 802.11 networks”. Wireless Communications and Networking Conference, Vol. 1, March 2004, pages: 634–638

[5] Boland, H.; Mousavi, H. “Security issues of the IEEE 802.11b wireless LAN”. Electrical and Computer Engineering, Canadian Conference, Vol 1, May 2004 Pages: 333-336 [6] Felix Wu, Henric Johnson, and Arne Nilson, “SOLA：Lightweight Security for Access Co

ntrol in IEEE 802.11” IT Professional Volume 6, Issue 3, May-June 2004 Page(s):10-16 Digital Object Identifier 10,1109/MITP,2004,21

[7] Henric Johnson, Arne Nilsson, Judy Fu, S, Felix Wu, Albert Chen and He Huang, “SOL A: A one-bit identity authentication protocol for access control in IEEE 802.11”, GLOBE COM, IEEE Global Telecommunications Conference, vol, 21, no, 1, November 2002, pag es: 777–781

[8] H, Wang, A, Velayutham, and Y, Guan, ”A Lightweight Authentication Protocol for Acce ss Control in IEEE 802.11”, In Proceedings of IEEE Globecom 2003, San Francisco, C A, December 1-5, 2003

[9] Wang, H,; Aravind Velayutham, “An enhanced one-bit identity authentication protocol for access control in IEEE 802.11” Military Communication Conference, 2003,MILCOM 20 03 IEEE Volume 2, 13-16 Oct, 2003 Page(s):839 - 843 Vol,2 Digital Object Identifier 1 0,1109/MILCOM,2003,1290221

[10] Kui Ren, Hyunrok Lee, Kyusuk Han, Park J, Kwangjo Kim, “An Enhanced Lightweight Authentication Protocol for Access Control in Wireless LANs” Networks, 2004, (ICON 2 004), Proceedings, 12th IEEE International Conference onVolume 2, 16-19 Nov, 2004 Pa ge(s):444 - 450 vol,2 Digital Object Identifier 10,1109/ICON,2004,1409206

[11] Chibiao Liu,”802.11 Disassociation Denial of Service（DoS）attacks” Scholl of CTI DePa ul University

[12] Ge, Wenfeng, S. Sampalli, "A Novel Scheme For Prevention of Management Frame Atta cks on Wireless LANs", March 29, 2005

[13] Ping Ding, JoAnne Holliday, Aslihan Celik. “Improving the Security of Wireless LANs b y Managing 802.1X Disassociation”, In Proceedings of the IEEE Consumer Communicati ons and Networking Conference, Las Vegas, NV, January 2004

[14] J. Bellardo, and S. Savage. “802.11 Denial-of-Service attacks: real vulnerabilities and prac tical solutions”. In Proceedings of the 12th USENIX Security Symposium, Washington, D.C., August 4-8, 2003

[15] Mohammed, L.A.; Issac, B., “DoS Attacks and Defence Mechanisms in Wireless Network s” Mobile Technology Application and System,2005 2^nd International Conference on 15-1 7 Nov. 2005 Page(s):8 pp

[16] William Stallings, “Cryptography and Network Security：Principles and Practice, Second e dition” Published 1999 ISBN：0-13-869017-0

[17] .S.K. Park and K.W. Miller, “Random Number Generators Good ones are Hard to Find,”

Communications of the ACM Vol. 31, No. 10, pp. 1192-1201, 1988

[18] Lehmer, D “Mathmatical Method in Large-Scale Computings” Proceeding, 2^nd Symposium on Large-Scale Digital Calculating Machinery,Cambridge：Harvard University Press, 1951 [19] BRUCE SCHNEIER “APPLIED CRYPTOGRAPHY Protocols, Algorithms,and Source Co

de in C second edition” 1996

[20] Pepyne, D,L,; Yu-Chi Ho; Qinghua Zheng, “SPRiNG：synchronized random numbers for wireless security” Wireless Communications and Networking, 2003, WCNC 2003, 2003 I EEE Volume 3, 16-20 March 2003 Page(s):2027 - 2032 vol,3 Digital Object Identifier 1 0,1109/WCNC,2003,1200698

[21] Jesse R. Walker, "Unsafe at any key size: an analysis of the WEP encapsulation, " Tec h. Rep. 03628E, IEEE 802.11 committee, March2000.

[22] J. Walker, “802.11 Key Management Series: Part I: Key Management for WEP and TKI P,” available on-line

[23] Stubblefield, A., Ioannidis, J., and Rubin, A. “Using the Fluhrer, Mantin, and Shamir atta ck to break WEP”. In Proceedings of the 2002 Network and Distributed Systems Securit y Symposium, 2002, pages: 17–22

[24] M. Luby, Pseudorandomness and Cryptographic Applications, Princeton University Press1 996

[25] IEEE Standard 802.11i. “Local and metropolitan area networks- Specific requirements Par t 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specificat ions Amendment 6: Medium Access Control (MAC) Security Enhancements”. IEEE Std 8 02.11i-2004

[26] IEEE Standard 802.11. “Local and metropolitan area networks- Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specificati ons: Medium Access Control (MAC) Security Enhancements”. ANSI/IEEE Std 802.11, 19

[27] Joshua Wright. “Detecting Wireless LAN MAC Address Spoofing”. GCIH, CCNA, 2003, http://home.jwu.edu/jwright/papers/wlan-mac-spoof.pdf.

[28] Jodi Haasz. “Re: P802.11w - Amendment to Standard [FOR] Information Technology-Tel ecommunications and Information Exchange between systems-Local and Metropolitan netw orks-Specific requirements-Part 11: Wireless LAN Medium Access Control (MAC) and P hysical Layer (PHY) specifications: Protected Management Frames”, IEEE 802.11w appro ved letter, March 22 2005, http://standards.ieee.org/board/nes/projects/802-11w.pdf

[29] DB Faria, DR Cheriton. “DoS and authentication in wireless public access networks” Pro ceedings of the ACM workshop on Wireless security, 2002 - portal.acm.org

[30] D. Chen, J. Deng, and P. K. Varshney, "Protecting Wireless Networks against a Denial o f Service Attack Based on Virtual Jamming," The Ninth ACM Annual International Conf erence on Mobile Computing and Networking (MobiCom 2003)

[31] Mattbew S.Gast , 802.11 Wireless Networks: The Definitive Guide , O’REILLY 2002 [32] Jesse Walker. Status of Project IEEE 802.11 Task Group w: Protected Management Fram

es. http://grouper.ieee.org/groups/802/11/Reports/tgw_update.htm [33] RFC 2875, http://www.ietf.org/rfc/rfc2875.txt

[34] NCTUns 3.0 , http://nsl.csie.nctu.edu.tw/nctuns.html [35] Crypto++ Library, http://www.cryptopp.com/benchmarks.html

[36] Wikipedia, the free encyclopedia. “Denial-of-Service attack” http://en.wikipedia.org/wiki/ D enial-of-Service attack

[37] Wikipedia, the free encyclopedia. “Diffie-Hellman key exchange” http://en.wikipedia.org/wi ki/Diffie-Hellman