Partial Deafness: A Novel Denial-of-Service Attack in 802.11 Networks

We present a new denial-of-service attack against 802.11 wireless networks. Our attack exploits previously discovered performance degradation in networks with substantial rate diversity. In our attack, the attacker artificially reduces his link quality by not acknowledging receptions (which we call “partial deafness” because an attacker pretends to have not heard some of the transmission), thereby exploiting the retransmission and rate adaptation mechanisms to reduce Medium Access Control (MAC)-layer performance. As compared to previously proposed attacks, the partial deafness attack is particularly strong because the attacker does not necessarily need any advantage over normal users in terms of transmission power, computation resources, or channel condition.

[1]  Martin Heusse,et al.  Performance anomaly of 802.11b , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[2]  Voon Chin Phua,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1999 .

[3]  Massimo Bernaschi,et al.  Access points vulnerabilities to DoS attacks in 802.11 networks , 2008, Wirel. Networks.

[4]  Seungjoon Lee,et al.  Maranello: Practical Partial Packet Recovery for 802.11 , 2010, NSDI.

[5]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[6]  John V. Guttag,et al.  Time-based Fairness Improves Performance in Multi-Rate WLANs , 2004, USENIX Annual Technical Conference, General Track.

[7]  Leo Monteban,et al.  WaveLAN®-II: A high-performance wireless LAN for the unlicensed band , 1997, Bell Labs Technical Journal.

[8]  Maxim Raya,et al.  DOMINO: a system to detect greedy behavior in IEEE 802.11 hotspots , 2004, MobiSys '04.

[9]  Lars Richter,et al.  Untersuchung und Bewertung von Netzzugangssteuerungen auf Basis des Standards 802.1x (Port-Based Network Access Control) , 2005 .

[10]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[11]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[12]  Mark Handley,et al.  The final nail in WEP's coffin , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[13]  John S. Baras,et al.  Performance Comparison of Detection Schemes for MAC Layer Misbehavior , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[14]  John C. Bicket,et al.  Bit-rate selection in wireless networks , 2005 .

[15]  Nitin H. Vaidya,et al.  Selfish MAC layer misbehavior in wireless networks , 2005, IEEE Transactions on Mobile Computing.

[16]  John Ioannidis,et al.  A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP) , 2004, TSEC.