/MAC DoS. A Coding Scheme Using Matched Filter Resistant against DoS Attack to PHY/MAC Layer in Wireless Communications

Vol. 51 No. 9 1499 1506 (Sep. 2010) /MAC DoS 1 2 2 MAC DoS MAC 10 9 MAC DoS LAN Ethernet A Coding Scheme Using Matched Filter Resistant against DoS Attack to PHY/MAC Layer in Wireless Communications Ryuzou Nishi, 1 Yoshiaki Hori 2 and Kouichi Sakurai 2 In a wireless communication, there is an essential issue. The issue is that wireless communication channel is open in the range where the radio signal can reach. This means that wireless communication is sensitive against DoS attack in PHY/MAC layer. We propose the approach using matched filter in MAC layer as a countermeasure against DoS attack to PHY/MAC layer. We use a random number as a message distribution key of matched filter. We analyzed the probability of receiving the forged message, and the probability of missing the legitimate message. As result, in home network, we have found the two probabilities are less than 10 9. This means that our proposal mitigates the effect of DoS attack to PHY/MAC layer to the level of a wired channel (Ethernet). 1. 1.1 LAN 1) MAC DoS LAN IEEE802.11 MAC DoS 9),11) DoS LAN LAN LAN IEEE802.11i DoS DoS 2),3) DoS 2) 6) LAN IEEE802.11b DoS 3 LAN IEEE802.11b DoS DoS 1 Panasonic Communications Co., Ltd. 2 Kyushu University 1499 c 2010 Information Processing Society of Japan

1500 /MAC DoS 1.2 LAN DoS MAC DoS 1.3 DoS 1.3.1 DoS DoS 2),4) 1.1 DoS 1.3.2 MAC DoS MAC DoS wireless frame flooding 12) deauthntication/disassociation 9),10) deauthntication/disassociation 4-way handshake 9),11) LAN IEEE802.11i 4-way handshake 4-way handshake 4-way handshake EAPOL-Logoff/Start 12) LAN EAPOL EAPOL-Logoff/Start EAPOL EAP-Logoff/Start 12) EAP EAP-Logoff/Start EAP wireless frame flooding 4-way handshake 9),11) EAPOL-Logoff/Start EAP-Logoff/Start wireless frame flooding 4-way handshake 1.4 LAN MAC DoS LAN IEEE802.11i 8) DoS LAN LAN DoS LAN DoS LAN 1.5 10 9 10 9 LAN 10 9 7). DoS LAN 2 3 4

1501 /MAC DoS DoS 5 2. 1.3 4-way handshake He 9) 3 a. DoS b. MIC Message Integrity Code DoS c. 4-way handshake MIC 4-way handshake DoS a c b DoS DoS 11) b DoS DoS MAC DoS One Time Pad One Time Pad One Time Pad One Time Pad 3. 3.1 MAC SNR Signal to Noise Ratio BER Bit Error Rate y(t) y(t) = s(τ)h(t τ) dτ (1) s(t) h(t) s(τ) =h(t τ) (2) (2) (1) y(t) = s(τ)s(τ) dτ (3) s(t) s (t) = s(t) s(t) s(t) s(t) 3.2 1 MAC MAC

1502 /MAC DoS Fig. 1 1 Overview of proposal method. 4 Fig. 4 Receiver-side block diagram. 2 Fig. 2 Sender-side block diagram. 5 Fig. 5 Receiver-side timing chart. 1 1 3 Fig. 3 Sender-side timing chart. 3.3 2 3 2 +1 1 3 1 N a 1,a 2,...,a N 1 a i =+1or 1 3.4 4 5 4 MAC N a 1,a 2,...,a N +1

1503 /MAC DoS 1 +N N +1 1 α N +1 α N 1 α 0 1 α N α N 3.5 a. b. DoS b a 4. 4.1 4.2 DoS S i A 1 a i i =1 NN S i = A a i (4) R i (6) S i S i = A a i (5) R i = S i + S i (6) IS N IS = R i a i = N (S i + S i) a i ( N ) ( N ) = S i a i + S i a i ( N ) ( N ) = A a i a i + A a i a i ( N ) = A N + A a i a i (7) 1 2 X i = a i a i (8) X i X 1,X 2,,X N X ( i =+1or 1 N N ) (7) 2 a i a i = X 1+X 2+ +X N N 3.4 (7)

1504 /MAC DoS Fig. 6 6 Probability of error detection. Fig. 7 7 Probability of missing. α N +1 α N 1 N α N A = ca c c =1 (7) 2 α N DoS Pe Pe =(1/ 2πN) exp(x 2 /2N) dx (9) αn α =0.8 6 N 50 10 9 c <1 (7) 2 α N c A = A c >1 A = A c =2 2 6.9 10 4 DoS α α 1 α 1 Pm N err Pm N Pm =1 N C i (1 err) i err N i (10) i=αn err =0.01 8) N =64 (10) 7 7 α 0.87 10 9 α N α N Pm N α N =64 α =0.8 10 9 LAN Ethernet 7) BER: Bit Error Rate 10 9

1505 /MAC DoS LAN Ethernet DoS LAN Ethernet (7) 2 DoS 4.3 4-way handshake 4.4 MAC 64 63 DoS LAN IEEE802.11i 8) 4-way handshake 13) 4-way handshake 8msec 64 8 63 504 msec 4-way handshake 5. MAC DoS LAN MAC DoS 1) Aissi, S., Dabbous, N. and Prasad, A.R.: Security for Mobile Networks and Platforms, Artech House (2006). 2) Simon, M.K., Omura, J.K., Scholtz, R.A. and Levitt, B.K.: Spread Spectrum Communication, Volume 1, Computer Science Press (1976). 3) Turin, G.L.: An Introduction to digital matched filters, Proc. IEEE, Vol.64, pp.1092 1112 (July 1976). 4) Nakagawa, M.: Fundamental and Application of Spread Spectrum Communication Techniques, TRICEPS (1987). (in Japanese) 5) Homes, J.K.: Coherent Spread Spectrum System, KRIEGER (1982). 6) Scholtz, R.: The Origins of Spread-Spectrum Communications, IEEE Trans. Communications, Vol.30, Issue 5, Part 2, pp.822 854 (May 1982). 7) IEEE Std 802.3-2005 Part 3: Carrier sense multiple access with collision detection

1506 /MAC DoS (CSMA/CD) access method and physical layer specifications (2005). 8) IEEE Std 802.11i-2004: Medium Access Control (MAC) Security Enhancements, Amendment 6 to IEEE Standard for Information technology Telecommunications and information exchange between systems Local and metropolitan area networks Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (2004). 9) He, C. and Mitchel, J.C.: Security Analysis and Improvements for IEEE 802.11i, the 12th Annual Network and Distributed System Security Symposium (NDSS 05 ) (Feb. 2005). 10) Lin, G. and Noubir, G.: On link layer denial of service in data wireless LANs, Journal on Wireless Comm. and Mob. Computing (Aug. 2004). 11) He, C. and Mitchel, J.C.: Analysis of the 802.11i 4-Way Handshake, Proc. 2004 ACM Workshop on Wireless Security, pp.43 50 (2004). 12) Inoue, D., Nomura, R. and Kuroda, M.: Transient MAC address scheme for untraceability and DoS attack resiliency on wireless network, Wireless Telecommunications Symposium, pp.15 23 (Apr. 2005). 13) WPA Packet Capture Explained. http://www.aircrack-ng.org/doku.php?id=wpa capture ( 21 11 30 ) ( 22 6 3 ) 1986 1986 1991 2004 2005 1992 1994 2002 1994 2003 2003 2004 2004 1986 1988 1993 1993 1994 2002 2004