Effective Authentication Technique for Distributed Denial of Service Attacks in Wireless Local Area Networks

Abstract

Problem statement: In 802.11-based Wireless LAN (WLAN), there is an mproved risk of security attacks. To defeat concealed attacks, there is a necessity to authenticate both access points and wireless stations. Approach: We propose a defensive technique for DDoS attack in WLAN. This authentication technique includes an Authentication Server (AS) in addition to the Wireless Station (WS) and Access Point (AP). Results: The authentication server holds both normal and attacker databases. The attacker database can be constructed from the outcome of fuzzy decision making. After WS and AP registers itself with AS, WS sends authentication request message to AS through the nearest AP. Before granting the session key for the WS, the AS checks the occurrence of WS in the attacker database. If it is found to be an attacker, AS denies the session key for the WS, there by isolating the WS from further communications. In order to prevent the authentication request flooding attacks, traffic pattern filtering rule is implemented. Conclusion/Recommendations: By simulation results, we show that the proposed technique is more efficient defensive mechanism against DDoS attack.