Rejecting the attack: Source authentication for Wi-Fi management frames using CSI Information

Comparing to well protected data frames, Wi-Fi management frames (MFs) are extremely vulnerable to various attacks. Since MFs are transmitted without encryption or authentication, attackers can easily launch various attacks by forging the MFs. In a collaborative environment with many Wi-Fi sniffers, such attacks can be easily detected by sensing the anomaly RSS changes. However, it is quite difficult to identify these spoofing attacks without assistance from other nodes. By exploiting some unique characteristics (e.g., rapid spatial decorrelation, independence of Txpower, and much richer dimensions) of 802.11n Channel State Information (CSI), we design and implement CSITE, a prototype system to authenticate the Wi-Fi management frames on PHY layer merely by one station. Our system CSITE, built upon off-the-shelf hardware, achieves precise spoofing detection without collaboration and in-advance fingerprint. Several novel techniques are designed to address the challenges caused by user mobility and channel dynamics. To verify the performances of our solution, we conduct extensive evaluations in various scenarios. Our test results show that our design significantly outperforms the RSS-based method. We observe about 8 times improvement by CSITE over RSS-based method on the falsely accepted attacking frames.

[1]  Pasi Fränti,et al.  Outlier Detection Using k-Nearest Neighbour Graph , 2004, ICPR.

[2]  Shaojie Tang,et al.  Locating sensors in the forest: A case study in GreenOrbs , 2012, 2012 Proceedings IEEE INFOCOM.

[3]  Srdjan Capkun,et al.  Attacks on physical-layer identification , 2010, WiSec '10.

[4]  Jie Yang,et al.  Determining the Number of Attackers and Localizing Multiple Adversaries in Wireless Spoofing Attacks , 2009, IEEE INFOCOM 2009.

[5]  Yunhao Liu,et al.  Locating sensors in the wild: pursuit of ranging quality , 2010, SenSys '10.

[6]  Md. Sohail Ahmad,et al.  Short paper: security evaluation of IEEE 802.11w specification , 2011, WiSec '11.

[7]  Stig Fr. Mjølsnes,et al.  A formal analysis of IEEE 802.11w deadlock vulnerabilities , 2012, 2012 Proceedings IEEE INFOCOM.

[8]  Michel Barbeau,et al.  Detecting Impersonation Attacks in Future Wireless and Mobile Networks , 2005, MADNES.

[9]  Srikanth V. Krishnamurthy,et al.  Denial of Service Attacks in Wireless Networks: The Case of Jammers , 2011, IEEE Communications Surveys & Tutorials.

[10]  Yunhao Liu,et al.  Location, Localization, and Localizability , 2010, Journal of Computer Science and Technology.

[11]  Theodore S. Rappaport,et al.  Wireless communications - principles and practice , 1996 .

[12]  Theodore S. Rappaport,et al.  Wireless Communications: Principles and Practice (2nd Edition) by , 2012 .

[13]  Prasant Mohapatra,et al.  Identity-based attack detection in mobile wireless networks , 2011, 2011 Proceedings IEEE INFOCOM.

[14]  Sneha Kumar Kasera,et al.  Advancing wireless link signatures for location distinction , 2008, MobiCom '08.

[15]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[16]  Richard P. Martin,et al.  Detecting and Localizing Wireless Spoofing Attacks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[17]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.

[18]  Yong Sheng,et al.  Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[19]  Peng Ning,et al.  Enhanced wireless channel authentication using time-synched link signature , 2012, 2012 Proceedings IEEE INFOCOM.

[20]  Songwu Lu,et al.  SCAN: self-organized network-layer security in mobile ad hoc networks , 2006, IEEE Journal on Selected Areas in Communications.

[21]  Priyanka Jadhav,et al.  Wireless Intrusion Detection System , 2010 .

[22]  Yunhao Liu,et al.  WILL: Wireless indoor localization without site survey , 2012, 2012 Proceedings IEEE INFOCOM.

[23]  John C. Mitchell,et al.  Security Analysis and Improvements for IEEE 802.11i , 2005, NDSS.

[24]  William A. Arbaugh,et al.  Your 80211 wireless network has no clothes , 2002, IEEE Wirel. Commun..

[25]  Min Gao,et al.  FILA: Fine-grained indoor localization , 2012, 2012 Proceedings IEEE INFOCOM.

[26]  Srihari Nelakuditi,et al.  SpinLoc: spin once to know your location , 2012, HotMobile '12.

[27]  Tom Minka,et al.  Spot Localization using PHY Layer Information , 2012 .

[28]  J. Sobana,et al.  Detection and Localization of Multiple Spoofing Attackers in Wireless Networks , 2014 .

[29]  Sneha Kumar Kasera,et al.  Robust location distinction using temporal link signatures , 2007, MobiCom '07.

[30]  Philip S. Yu,et al.  Outlier detection for high dimensional data , 2001, SIGMOD '01.

[31]  Prawit Chumchu,et al.  A new MAC address spoofing detection algorithm using PLCP header , 2011, The International Conference on Information Networking 2011 (ICOIN2011).