The Feasibility of Launching Reduction of Quality (RoQ) Attacks in 802.11 Wireless Networks

In this paper, we discuss wireless reduction of quality (RoQ) attacks against the transmission control protocol (TCP). RoQ attacks can dramatically degrade the TCP performance with a less number of wireless jamming attacking packets, which makes them rather difficult to detect. We propose a RoQ attack model which exposes the possibility to launch a RoQ attack and illustrates attack conditions. A CTS jamming method is proposed to make it possible to launch RoQ attacks in 802.11b/g wireless networks. The wireless RoQ attacks are evaluated in both NS2 simulation environment and practical wireless networks. Experimental results demonstrate that it is possible to degrade wireless TCP throughput through RoQ attacks with undetectable low-rate attacking traffic.

[1]  Wei Chen,et al.  Defending Against Jamming Attacks in Wireless Local Area Networks , 2007, ATC.

[2]  David K. Y. Yau,et al.  Defending against low-rate TCP attacks: dynamic detection and protection , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[3]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[4]  Xiapu Luo,et al.  Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service Attacks , 2006, 2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006.

[5]  Michalis Faloutsos,et al.  Denial of service attacks at the MAC layer in wireless ad hoc networks , 2002, MILCOM 2002. Proceedings.

[6]  Petri Mähönen,et al.  TCP performance issues over wireless links , 2001, IEEE Commun. Mag..

[7]  Yuting Zhang,et al.  Reduction of quality (RoQ) attacks on Internet end-systems , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[8]  Haiyun Luo,et al.  The impact of multihop wireless channel on TCP throughput and loss , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[9]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[10]  Edward W. Knightly,et al.  Denial of service resilience in ad hoc networks , 2004, MobiCom '04.

[11]  Vern Paxson,et al.  Computing TCP's Retransmission Timer , 2000, RFC.

[12]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[13]  Wenyuan Xu,et al.  Channel surfing and spatial retreats: defenses against wireless denial of service , 2004, WiSe '04.

[14]  Xiapu Luo,et al.  On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[15]  Elaine Shi,et al.  Portcullis: protecting connection setup from denial-of-capability attacks , 2007, SIGCOMM 2007.

[16]  Elaine Shi,et al.  Detection of denial-of-message attacks on sensor network broadcasts , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[17]  Maxim Raya,et al.  DOMINO: a system to detect greedy behavior in IEEE 802.11 hotspots , 2004, MobiSys '04.

[18]  William A. Arbaugh,et al.  Security problems in 802.11-based networks , 2003, CACM.

[19]  H. Balakrishnan,et al.  A comparison of mechanisms for improving TCP performance over wireless links , 1999, SIGCOMM '96.