Abstract

IEEE802.11 wireless local Area Networks (WLAN) are widely deployed as extension to corporate wired LAN infrastructures. The implication of including WLAN as part of the computing infrastructure means more critical information and data is carried over the air. The threats of intrusion and denial of service is real since wireless networks have broadcasted traffic. IEEE 802.11 defines WEP, WPA and WPA2 security protocols as possible countermeasures. The most recent model defined by IEEE, the WPA2 emphasizes data confidentiality, integrity and authentication but pays little attention to availability issues. Management and control frames in WPA2 are still sent in clear making the model vulnerable to DoS attacks. The failure recovery processes requires reauthentication and reassociation a fact which makes the model easily exploited by various DoS attacks. WPA2, defines a hybrid network that implements both WEP and TKIP together with WPA2 which creates a vulnerability called security level roll back attack thus making the strong confidentiality and Integrity measures in WPA2 be as weak as WEP. In this paper, we propose an integrated security model (ISM) that incorporates a drop policy to defend against DoS attacks. We assume the use CCMP to provide Confidentiality and Integrity and use EAP-TTLS/802.11x with RADIUS to provide authentication. We use simulation in OPNET to show that our security model performs better to provide improved security in terms of confidentiality, integrity, authenticity and availability.