Performance Study of 802.11w for Preventing DoS Attacks on Wireless Local Area Networks

Faked deauthentication and disassociation frames introduce serious denial of service (DoS) attacks on wireless local area networks (WLANs), and these attacks include deauthentication flooding (DeauthF) and disassociation flooding (DisassF). IEEE 802.11w standard was introduced to extend 802.11i functionalities for preventing DeauthF and DisassF, and so far there has been no detailed theoretical and experimental study on the performance of 802.11w for resolving these attacks. We implemented a prototype at the lab to perform detailed study on the performance of 802.11w for preventing rogue AP based DoS attacks, and the study shows that the current IEEE 802.11w standard cannot resolve DeauthF and DisassF at high attacking rates. Then, based on 802.11 wireless station (STA) modules, a STA-based queuing model is developed to derive a mathematical model for explaining 802.11w performance variations under DeauthF and DisassF attacks. Furthermore, using frame sequence checking and frame queuing, we propose a traffic shaping (TS) scheme to enhance the current IEEE 802.11w standard, and experimental results show that the proposed approach of 802.11w-TS is effective in preventing low-rate and high-rate DeauthF and DisassF attacks under various attacking scenarios.