DiscoSec is available with source from our download page.

DiscoSec is the first Open-Source WLAN driver that provides protection against the most common attacks on the IEEE 802.11 MAC layer. With an innovative design focusing on performance as well as an efficient implementation we were able to unite the seemingly contradictory goals performance and security. Our system offers reliable protection of wireless communication right from the beginning without sacrificing throughput.

More Information on DiscoSec is provided in the paper Design, Implementation, and Performance Analysis of DiscoSec – Service Pack for Securing WLANs PDF (and a german abstract PDF).

Updated Version available!

The new major version DiscoSec is now available for download. With a direct integration into the new generic IEEE 802.11 MAC layer mac80211 of the Linux kernel, DiscoSec is now independent from kernel versions and specific chipsets. It provides a hardware-independent protection to IEEE 802.11 networks against common Denial-of-Service attacks. The new version is published under the GPLv2.

Requirements

  • Recent kernel version (>= 2.6.28) for mac80211 support, but backports should also work
  • OpenSSL >= 0.9.8, with enabled elliptic curve cryptography support (with development headers)
  • libnl >= 1.1

Installation

DiscoSec is now easily integrable to existing WLAN networks, as most of the devices supported by the Linux kernel are using mac80211. It can be added simply by patching the network source files in the kernel directory. Installation instructions can be found in the README file included in the download package.

A separate patchset for OpenWRT is included for easy use on access point hardware that offers Linux support.

Usage

DiscoSec can now be configured using the provided tool ds_config, which can be used to change all parameters that are offered directly from the user space. Instructions for the usage are located in the README file.

Future Work

A future goal is an adaptive access control mechanism that limits and controls the load of the Access Point, since new authentications can be a heavy burden on the AP if the authentication rate is not controlled.

Previous Versions

This section describes the legacy version of DiscoSec that was integrated into the MadWifi device driver.

DiscoSec components

  • CMAC module - frame authentication using AES-CMAC (DiscoSec implements RFC 4493),
  • DiscoSecDaemon - key exchange in user space based on Elliptic Curve Diffie-Hellman
  • Wireless device driver - implemented in the 802.11 network stack included in MadWifi.

Requirements

  • Linux kernel version from 2.6.14 to 2.6.18
    • Netlink socket support in the kernel
    • AES, SHA-1 and SHA-256 support of the kernel Crypto API
  • OpenSSL 0.9.8d+ with development header files (for elliptic curve support)
  • Atheros-based chipset

Installation & Usage

  • Read README_DISCOSEC and INSTALL_DISCOSEC included in the sources for in-depth instructions.

Download

Source Code: DiscoSec-2.0.zip (updated 2009-10-20)

Old Version: DiscoSec-0.11.zip

Go to top