Abstract

In this paper we investigate a special type of denial of service (DoS) attack on 802.11-based networks, namely deauthentication/disassociation attack. In the current IEEE 802.11 standards, whenever a wireless station wants to leave the network, it sends a deauthentication or disassociation frame to the access point. These two frames, however, are sent unencrypted and are not authenticated by the access point. Therefore, an attacker can launch a DoS attack by spoofing these messages and thus disabling the communication between a wireless device and its access point. We propose an efficient solution based on a one way hard function to verify that a deauthentication/disassociation frame is from a legitimate station. We implement our solution on some 802.11 devices and the experimental results show that our protocol is highly effective against this DoS attack.