Authentication in 802.11 LANs Using a Covert Side Channel

We present a covert side channel technique that uses the 802.11 MAC rate switching protocol as cover for covert authentication messages. Covert authentication prevents an attacker from knowing when a user is authenticating and protects user credentials from malicious software attacks. Similar to port knocking, a remote client sends authentication messages to an access point in order to access a protected service. The technique uses a one-time password algorithm to protect against replay attacks. We investigate how the covert side channel affects node throughput in mobile and non-mobile scenarios. We also investigate the covertness of the covert side channel using standardized entropy. The results show that the performance impact is minimal and increases slightly as the authentication frequency increases. We further show that we can authenticate with 100% accuracy with minimal impact on rate switching entropy.

[1]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[2]  Michael Loiacono,et al.  The Snowball Effect: Detailing Performance Anomalies of 802.11 Rate Adaptation , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[3]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[4]  Haitao Wu,et al.  A Practical SNR-Guided Rate Adaptation , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[5]  Peng Ning,et al.  Tracing Traffic through Intermediate Hosts that Repacketize Flows , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[6]  Raheem A. Beyah,et al.  A Passive Approach to Wireless NIC Identification , 2006, 2006 IEEE International Conference on Communications.

[7]  Leo Monteban,et al.  WaveLAN®-II: A high-performance wireless LAN for the unlicensed band , 1997, Bell Labs Technical Journal.

[8]  Zhi-Li Zhang,et al.  Profiling internet backbone traffic: behavior models and applications , 2005, SIGCOMM '05.

[9]  John Aycock,et al.  Improved port knocking with strong authentication , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[10]  Paramvir Bahl,et al.  A rate-adaptive MAC protocol for multi-Hop wireless networks , 2001, MobiCom '01.

[11]  Jing Deng,et al.  Mutual Anonymous Communications: A New Covert Channel Based on Splitting Tree MAC , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[12]  Kihong Park,et al.  Cross-Layer Analysis of Rate Adaptation, DCF and TCP in Multi-Rate WLANs , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[13]  Markus Jakobsson,et al.  Tamper-Evident Digital Signature Protecting Certification Authorities Against Malware , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[14]  Kevin Borders,et al.  Web tap: detecting covert web traffic , 2004, CCS '04.

[15]  Douglas S. Reeves,et al.  Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays , 2003, CCS '03.

[16]  Jana Dittmann,et al.  WLAN steganography: a first practical review , 2006, MM&Sec '06.

[17]  Kwangsue Chung,et al.  Channel Quality-based Rate Adaptation Scheme for Wireless Networks , 2008, 2008 International Conference on Information Networking.

[18]  Dan Boneh,et al.  Covert channels in privacy-preserving identification systems , 2007, CCS '07.

[19]  Thierry Turletti,et al.  IEEE 802.11 rate adaptation: a practical approach , 2004, MSWiM '04.