Quadratic congruence equation-based method for resisting denial-of-service attacks of wireless network

Abstract

The invention discloses a quadratic congruence equation-based method for resisting denial-of-service attacks of a wireless network, which belongs to the technical field of network safety, and mainly solves the problem that the DoS (Denial-of-Service) attacks exist in a wireless access authentication process of an IEEE (Institute of Electrical and Electronic Engineers) 802.11i protocol. The method is implemented by the following steps: an AP (Access Point) adds parameters used for constructing a puzzle into a beacon frame and broadcasts the beacon frame periodically by using the beacon frame in the IEEE 802.11i protocol; a client STA (Special Temporary Authority) acquires the beacon frame, extracts puzzle parameters from the beacon frame, constructs and solves the puzzle in combination with the current global parameters of the wireless network, adds the puzzle parameters and the solution into an authentication request message, and sends an authentication request message to the AP; and the AP receives an open system authentication message of the STA, and the AP sends the authentication request message to the STA to complete the association process when the solution of the puzzle is correct, or the request of the STA is terminated. When the method is adopted, the negotiation times increased to construct the puzzle in a traditional client puzzle scheme are reduced, and the negotiation efficiency and the DoS attach resistance of the wireless access authentication protocol are improved.

Description

technical field [0001] The invention belongs to the technical field of network security and relates to a method for resisting wireless network denial of service attacks, which can be used to reduce the influence of denial of service attacks on the wireless network access authentication process. technical background [0002] Denial of service DoS attack has become the first major problem in network security due to its characteristics of easy implementation, difficulty in tracking, and serious consequences. Its main purpose is to make the services provided in the network lose their availability. In a wireless network, due to the limitations of wireless network equipment performance and bandwidth resources, it is more vulnerable than wired networks in terms of anti-attack capabilities, and is more vulnerable to DoS attacks and more serious damage. [0003] As a key device for sending and receiving data in a wireless LAN, the access point AP often becomes the security bottleneck...

AI Technical Summary

Problems solved by technology

Although this method has a better anti-DoS attack capability, but because the solutions used to verify the puzzle answer in the scheme are already connected users, and there may be malicious users among these connected users who reply the wrong puzzle verification message, so this method There is no guarantee that the puzzle verification result is credible, and there are security flaws

Images