关键词：IEEE802.11u；的DoS攻击；复出延迟；U盾
摘 要：With the increasing popularity of IEEE802.11u-based Wi-Fi CERTIFIED Passpoint program, the IEEE802.11u protocol is being implemented in a large number of Wi-Fi equipments. This paper thoroughly analyzes the security vulnerabilities of IEEE802.11u and discovers three potential attacks: Bogus GAS Response, GAS Initial Request Flooding and Wireless I/O Blocking Attack with GAS Response Burst. The possible countermeasures are fully discussed and suggested, among which how to defend the wireless I/O blocking attack is the focus of the paper since its harm is verified to be beyond IEEE802.11u protocol itself and can severely degrade the performance of Wi-Fi networks. Experimental results with real HP AP product show that the proposed countermeasures can effectively protect the AP from the attacks. Moreover, they do not require any change to the original IEEE 802.11u standard, so it can be easily deployed into current IEEE802.11u-enabled Wi-Fi networks. We believe the works of this paper opens a good starting point for researchers to prompt the maturity of IEEE8011.u standard.