Lightweight authentication on 802.11

Since the 802.11 management frames are easily forged and exploited by the attacker to launch DoS attacks, it is important to protect the critical frames such as deauthentication frames and disassociation frames. However, we must keep in mind that the computing and memory resources of mobile devices are limited. The use of sophisticated encryption and decryption processes would dominate other kinds of DoS attacks. The lightweight authentication on 802.11 privides another approach to solve the DoS attacks against 802.11 networks.

3.3.1 One-bit lightweight authentication

SOLA, Statistical One-bit Lightweight Authentication, is a new identity authentication protocol proposed to detect unauthorized access in 802.11 network.

It assumes that no encryption will be used at the link layer and that IPSec is used for end-to-end security at the network layer. The main idea is to compute an identical random authentication stream in the STA and the AP, and then add one bit from this stream into the MAC layer header for identity authentication. The goals of SOLA are secure and useful, cheap and robust [11].

We briefly decribe SOLA protocol with the following key words: ASG, packet format, and synchronization algorithm [11].

ASG (Authentication Stream Generator): The purpose is to generate an authentication stream that cannot be guessed by an attacker. It is assumed that the STA and the AP will share a session key. Based on this session key the random

authentication stream is generated from the ASG.

Packet Format: Inserting this new identification bit in the packet is an important issue. The authentication bit would be inserted into IEEE 802.11 MAC header of the data packet, and the “failed” or “succeeded” bit, from the AP to the STA, will be inserted in the response ACK packet. In the simulations, the most significant bit in the sequence control field and the most significant bit in the duration field are used for the data packet and for the ACK packet, respectively..

Synchronization Algorithm: Due to packet loss and other reasons for failures, the bit stream will not be synchronized. So, SOLA designed a synchronization mechanism to mitigate the problem.

The major purpose of SOLA protocol is to detect an attack. SOLA protocol offers a statistical way to identify the origin of the packets for the purpose of access control.

The authors claim that the SOLA protocol is well suited in a wireless resource-constrained environment. Furthermore, it is possible to develop a framework to detect Denial of Service attacks or an adversary who tries to attack the network by guessing the identity authentication bit [11].

H. Wang et al. followed the lightweight authentication ideas, but criticized that a severe problem exists in the synchronization algorithm of [11]. They developed a workable synchronization algorithm [12]. H. Wang et al. incorporated the synchronization mechanism into the current IEEE 802.11 network. They concluded that their lightweight authentication for access control contains the following feature [12]:

Lightweight: Only one bit is added into each frame in the proposed scheme and is easily processed.

Simplicity: No encryption or decryption is needed for the proposed scheme.

Continuous authentication: The system is always authenticating hosts. Continuous

authentication is suitable for wireless networks since lower overhead is needed in authentication process.

High efficiency: When non-synchronization is detected, the synchronization algorithm can resynchronize in a short time.

Fault tolerance: When the BER (Bit Error Rate) is high, the system can tell there are malicious attackers and wireless errors [12].

They claimed that they would “show some evaluation results later to approve the high efficiency and fault tolerance”, but we cannot find the results they promised.

Both of the researchers focused on sycronization algorithm and the statistical analysis. Implementation on real wireless environment is not sufficiently considered.

Based on the above analysis, lightweight, mutual and per-packet authentication are feasible approaches for enhancing the security of 802.11 networks.

3.3.2 Enhanced lightweight authentication

Kui Ren et al., found that the sever synchronization problem exists in Johnson’s work on the lightweight authentication due to the frame loss problem in the wireless networks [20]. They also criticized that the researches of Wang et al., were still not efficient.The loss of frames happen frequently in wireless networks, and non-synchronization between communication parties occurs frequently too. It results in additional communication delay, which could be critical to many realtime applications.

Kui Ren et al. proposed an enhanced lightweight authentication protocol for access control at the MAC layer in wireless LAN. They examined the redundancy existed in the MAC header, and adopted an enhanced 3-bit authentication mechanism [20]. ( see Figure 7, the part of data frame control field )

Figure 7 Adaption of frame format to the Kui’s proposed protocol [20]

Figure 8 Overview of Kui’s proposed protocol [20]

As shown in Figure 8, Kui’s proposed protocol works as follows [20]. At the beginning, the sender and the receiver establish a common random bit stream generator by sharing a seed value. The random bit stream generator continuously outputs 3 bits as a unit which was then inserted into frame control field of the sending data frame.

The receiver will generate the same authentication bit stream as that of the sender.

Upon receiving a frame, the receiver first checks the 3-bit authentication value. If the value matches that of the receiver’s, the frame is authenticated and is processed further.

On the other hand, when the ACK-failure frame was sent, 7-bit counter value is inserted into the MAC frame header. As shown in Figure 7 (see the part of ACK frame

control field), seven corresponding bits are chosen based on the structure of the frame control field of the ACK frame. It is known that the 7 bits in the control frame are simply set to 0. The 7-bit counter contains the synchronization information between the communicating parties [20]. The details are, however, beyond the scope of our research.

The authors also offered a statistical way to identify the origin of the data frame for the purpose of detecting an attack. They asserted that the protocol is fully compatible with current IEEE 802.11 frame structure and provides a highly efficient identity authentication scheme [20].

Howerever, all of the researchers described in sections 3.3.1 and 3.3.2 were certain that the lightweight authentication utilized in the wireless network is a feasible approach. In summary, the lightweight authentication mechanism, if it is applyed to the 802.11 network, contains some benefits: lightweight, mutual authentication per frame, high efficiency, and backward compatibility.