IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.8, August 2008 1 Manuscript received August 5, 2008. Manuscript revised August 20, 2008. An Experimental Evaluation of DoS Attack and Its Impact on Throughput of IEEE 802.11 Wireless Networks Mina Malekzadeh, Abdul Azim Abdul Ghani, Jalil Desa, and Shamala Subramaniam Department of Communication Technology and Networks, Faculty of Computer Science and Information Technology, University of Putra Malaysia Summary In recent years, wireless LAN (WLAN) has gained popularity in a variety of locations. This has lead to development of high level security protocols for WLAN. The newest protocol IEEE 802.11i ratified to provide strong data encryption but it can not prevent Denial of Service (DoS) attacks on WLAN. This paper in a testbed, conducts an experimental framework to implement and quantify common types of DoS attacks against WLAN throughput. The results of implementation of our experiments shows that how easily DoS attacks can be performed on WLAN which causes to reduce throughput of communication considerably to make inaccessible wireless connection for its authorized members. Key words: DoS attack, wireless network, network security, management frame, IEEE 802.11 1. Introduction Cheap price of wireless devices and being easy to install, make wireless networks more popular and widely deployed. Different security protocols were proposed and implemented over WLAN to make it more reliable [1]. The latest protocol, IEEE 802.11i (WPA2) [5, 6, 8, 9, 12, 13, 14], provides strong data encryption by using advanced encryption standard (AES) [11] algorithm. It also provides a high level data integrity by using IEEE 802.1x [10] protocol. Therefore IEEE 802.11i can address most issues on data security over WLAN however this protocol does not protect WLAN against DoS attacks [1, 2, 4, 7, 13]. Major DoS attacks on WLAN arise from management frames vulnerabilities which are not protected by 802.11i protocol [2, 7]. Hence these frames can be used by any attacker to launch different types of DoS attacks. Major DoS attacks on WLANs include authentication request flooding (AuthRF), association request flooding (AssRF), deauthentication flooding (DeauthF) and disassociation flooding [1, 4, 13]. These DoS attacks cause the WLAN or some of its wireless nodes out of services. In this paper we implement a variety of common DoS attacks in a tested WLAN, which is using IEEE 802.11i security protocol to demonstrate existing vulnerability of the protocol. Then by an experimental framework we quantify the effect of DoS attacks on WLAN throughput. The remaining sections of this paper are organized as follows. Section 2 details the most common DoS attacks over the WLANs. In section 3 we present our experimental design to implement the DoS attacks over WLAN along the performance metrics. Demonstration of DoS attacks and experimental results with discussion presented in section 4. Section 6 discusses the results of the experiments. Conclusions are provided at the end of this paper. 2. DoS Attacks against 802.11 Networks Some management frames exchanges between Access Point (AP) and stations to make a physical connection [1]. These frames are not protected by any of the current wireless security protocols. Therefore an attacker by using these frames can start a variety of DoS attacks. In this paper we investigate the most common DoS attacks over wireless network as DeauthF, AuthRF, and AssRF attacks. In DeauthF attack [3], intruder sends continually forgery deauthentication frames to its victim to make it unavailable for the other legal clients of the WLAN. Since deauthentication is a notification, the victim can not ignore it and it has to implement its function and be disconnected from the network. This attack can be done even worse when the attacker chooses the AP as its victim. In this case all legal clients are disconnected and the whole network becomes unavailable. In AuthRF attack [3], when the legitimate AP receives the authentication request with a faked source MAC address, it sends out an authentication response to the faked wireless client. Since the faked wireless client does not exist, the AP cannot receive the acknowledgement frame for the transmitted authentication response frame. The AP keeps sending out several authentication response frames which overload the WLAN since to process these authentication requests consumes a great deal of the AP’s resources. As a result, the AP has little resource to serve the other clients, and these wireless clients may either suffer poor communications or lose the communication completely. In AssRF attack [3], when the AP receives an association request with a faked source MAC address, it checks its buffer and finds that the faked wireless client