In this paper we investigate a special type of denial of service (DoS) attack on 802.11-based networks, namely deauthentication/disassociation attack. In the current IEEE 802.11 standards, whenever a wireless station wants to leave the network, it sends a deauthentication or disassociation frame to the access point. These two frames, however, are sent unencrypted and are not authenticated by the access point. Therefore, an attacker can launch a DoS attack by spoofing these messages and thus disabling the communication between these wireless devices and their access point. We propose an efficient solution based on a one way hard function to verify that a deauthentication frame is from a legitimate station. We implement our solution on some 802.11 devices and the experimental results show that our protocol is highly effective against this DoS attack.
Thuc D. Nguyen, Duc H. M. Nguyen, Bao N. Tran, Hai