Abstract:
The IEEE 802.11 protocols are used by millions of smartphone and tablet devices to access
the Internet via Wi-Fi wireless networks or communicate with one another directly in a
peer-to-peer mode.
Insider attacks are those originating
from a trusted node that had initially passed all the authentication steps to access the
network and then got compromised. A trusted node that has turned rogue can easily perform
Denial-of-Service (DoS) attacks on the Media Access Control (MAC) layer by illegally
capturing the channel and preventing other legitimate nodes from communicating with one
another. Insider attackers can alter the implementation of the IEEE 802.11 Distributed
Coordination Function (DCF) protocol residing in the Network Interface Card (NIC) to
illegally increase the probability of successful packet transmissions into the channel at
the expenses of nodes that follow the protocol standards. The attacker fools the
NIC to upgrade its firmware and forces in a version containing the
malicious code.
In this paper, we present a distributed solution to detect and
isolate the attacker in order to minimize the impact of the DoS attacks on the
network. Our detection algorithm enhances the DCF firmware to enable honest nodes to monitor
each other's traffic and compare their observations against honest
communication patterns derived from a
two-dimensional Markov chain. A channel hopping scheme is then used on the physical layer
(PHY) to evade the attacker. To facilitate communication among the honest member stations
and minimize network downtime, we introduce two isolation algorithms, one based on
identity-based encryption and another based on broadcast
encryption. Our simulation results show that the latter enjoys
quicker recovery time and faster network convergence.
Publication Info:
In the 11th International Conference on Provable (ProvSec '17). Xi'an,
China, October 23-25, 2017. Springer LNCS ?, pages ?-?
Download: [pdf] [bibtex entry]