Wenyuan Xu,Timothy Wood,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1145/1023646.1023661

2004-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to launch denial of service (DoS) attacks. One form of denial of service is targeted at preventing sources from communicating. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this paper we present two strategies that may be employed by wireless devices to evade a MAC/PHY-layer jamming-style wireless denial of service attack. The first strategy, channel surfing, is a form of spectral evasion that involves legitimate wireless devices changing the channel that they are operating on. The second strategy, spatial retreats, is a form of spatial evasion whereby legitimate mobile devices move away from the locality of the DoS emitter. We study both of these strategies for three broad wireless communication scenarios: two-party radio communication, an infrastructured wireless network, and an ad hoc wireless network. We evaluate several of our proposed strategies and protocols through ns-2 simulations and experiments on the Berkeley mote platform.

Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1145/3536423

2022-01-01

ACM Transactions on Sensor Networks

Abstract:The broadcast nature of wireless media makes WLANs easily attacked by rogue Access Points (APs) . Rogue AP attacks can potentially cause severe privacy leakage and financial loss. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP but also depend on the client, significantly limiting their application scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint . These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model, and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication in typical indoor environments. We have also proposed a threshold-improved authentication scheme to improve the robustness of our system in dynamic environments. Our schemes can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 18 million WiFi packets. Results show that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate. Moreover, the threshold-improved authentication scheme can further reduce the false alarm rate by 13.0%-44.8% for dynamic environments.

Wade Trappe,Wenyuan Xu

DOI: https://doi.org/10.7282/t3rj4jw7

2007-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming attacks, which effectively cause a denial of service (DoS) of either transmission or reception functionalities. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this thesis, we examine the issue of jamming wireless networks, and sensor networks in particular, by studying both the attack and defense side of the problem. On the attack side, we present four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. For detection, we show that single measurement statistics are not enough to reliably classify the presence of a jamming attack, and propose multimodal detection methods. To cope with jamming, we propose a technique, channel surfing, which involves evading the interferer in the spectral domain. Several different channel surfing models are presented, and we evaluate their effectiveness using a testbed of MICA2 motes. Beyond channel surfing, we overview a second defense strategy whereby it is possible to establish a low data rate jamming resistant communication channel by modulating the interarrival times between jammed packets.

Zang Li,Wenyuan Xu,Robert D. Miller,Wade Trappe

DOI: https://doi.org/10.1145/1161289.1161297

2006-01-01

Abstract:Although conventional cryptographic security mechanisms are essential to the overall problem of securing wireless networks, these techniques do not directly leverage the unique properties of the wireless domain to address security threats. The properties of the wireless medium are a powerful source of domain-specific information that can complement and enhance traditional security mechanisms. In this paper, we propose to utilize the fact that the radio channel decorre-lates rapidly in space, time and frequency in order to to establish new forms of authentication and confidentiality that operate at the physical layer and can be used to facilitate cross-layer security paradigms. Specifically, for authentication services, we illustrate two channel probing techniques that can be used to verify the authenticity of a transmitter. Similarly, for confidentiality, we examine several strategies for establishing shared secrets/keys between two communicators using the wireless medium. These strategies range from extracting keys from channel state information, to utilizing the channel variability to secretly disseminate keys. We then validate the feasibility of using physical layer techniques for securing wireless systems by presenting results from experiments involving the USRP/GNURadio software defined radio platform.

Haider Salim,Zhitang Li,Hao Tu,Zhengbiao Guo

DOI: https://doi.org/10.1007/978-3-642-31020-1_30

2012-01-01

Abstract:Address Resolution Protocol (ARP) is the network part that is responsible for identifying a Media Access Control (MAC) address of each other, through mapping an IP address to the corresponding MAC address. Unfortunately, ARP is a stateless protocol, the weakness in ARP effects directly on the security standards of the network and especially in Ethernet. In this paper, we propose a new architecture; named a CSIDS Client/Server based Intrusion Detection System designed to detection and defense against ARP spoofing attacks. The main idea behind this approach is to implement a real-time analyzing for received ARP packets and in case of detection a suspicious ARP packet a resolution message will be exchanged between system parts on the same network. This system is resilience by making at most two objects (client/server) to work efficiently; on the other hand, just one client is capable of defending on himself.

Yang Liu,Ke Dong,Liang Dong,Bin Li

2008-01-01

Abstract:During the network communication process, attacker carry on ARP spoofing by using the disadvantage of the ARP(Address Resolution Protocol) protocol, this phenomenon is seriously threaten the LAN security. This paper will introduce the commonly used ARP spoofing methods such as internal/external network sniffing, interception, malicious attack and so on. It presents the Matching IP method, Data monitor method, Echo time method, ARP response analysis method, software tools detecting method as well as the new method of ARP cache updating, using switching equipment to control and other strategy and presents the algorithm to keep ARP spoofing away and maintain network security.

Fabrice Mvah,Vianney Kengne Tchendji,Clémentin Tayou Djamegni,Ahmed H. Anwar,Deepak K. Tosh,Charles Kamhoua

DOI: https://doi.org/10.1016/j.cose.2023.103696

IF: 5.105

2024-01-06

Computers & Security

Abstract:The Address Resolution Protocol (ARP) spoofing is a form of attack typically used by attackers to cause a denial of service or man-in-the-middle attacks. This attack comes from ARP weaknesses and aims to compromise victims' ARP caches by sending ARP packets containing fake IP-MAC pairs. To overcome ARP spoofing attacks, several approaches leverage the advantages of software-defined networking (SDN) to detect malicious users in the network. To achieve their goal, the SDN controller consecutively checks the characteristics of each ARP packet to ensure its correctness. However, this verification method can lead to latency and congestion at the controller level or render the system unusable for large-scale networks. To address this drawback, we propose a game-theoretic approach to provide an optimal verification method that considers the intelligent attackers' decision-making process during an ARP cache poisoning attempt. This approach is a zero-sum game between the attacker who wants to poison the victims' ARP caches and the defender who must avoid this poisoning. The game model results in mixed-strategy Nash equilibria that identify optimal verification methods to prevent control plane latency and congestion during attacker detection. The results show that an intelligent attacker will refrain from poisoning ARP caches with a high-impact strategy because the defender frequently checks such a strategy. In addition, the attacker's penalty value can deter both rational and irrational attackers from poisoning ARP caches. Simulations in the Mininet simulator have shown that the proposed approach can significantly mitigate control plane latency and congestion during the attacker's characteristic checking.

computer science, information systems

Ming-Wei Wu,Yennun Huang,Ing-Yi Chen,Shyue-Kung Lu,Sy-Yen Kuo

DOI: https://doi.org/10.1007/11814856_5

2006-01-01

Abstract:A few killer applications that rocked the Internet community these years are peer-to-peer (P2P) file-sharing applications and VoIP (voice over Internet Protocol) telephony services. Unlike traditional client-and-server applications in which servers are services provider and by default should be public addressable, each peer in P2P networks can play both roles (client and server). However, legacy usage of the network address translation (NAT) module on most wireless access points (APs) causes new problems with emerging P2P communications especially in opposing APs (both peers of an Internet connection are behind AP) where each peer uses private Internet Protocol (IP) address and neither side has global visibility to each other. This article therefore examines such issue from three approaches, 1) leveraging the complexity of client application, 2) introducing additional intermediate gateways and protocols and 3) enhancing the wireless AP itself. Client-based solutions such as UDP/TCP hole-punching suffer from race condition while gateway-based solutions tend to incur overhead for interoperability and deployment. This paper proposes a scalable port forwarding (SPF) design for wireless AP, which introduces little or negligible time and space complexity, to significantly improve the connectivity and scalability of a conventional AP by 1) lessening the race condition of P2P traversals in opposing APs, 2) multiplexing the port numbers to exceed theoretical upper bound 65,535 and 3) allowing more servers to bind to a specific port.

XING Jinge,LIU Yang

DOI: https://doi.org/10.3969/j.issn.1005-9369.2012.08.016

2012-01-01

Abstract:Attackers using ARP spoofing attack network segment host In the LAN,which threaten the LAN security seriously.This paper analyzed the common tricks such as monitor,intercept,and malicious attacks which attackers used,and summarized the IP matched methods based on ARP cheat theory,data frame detection method,Echo time method,ARP response analysis method,tools detection method and so on.A prevent ARP spoofing algorithm is proposed in this paper,which made use of ARP cache update policy,switching equipment control and other strategies to prevent ARP spoofing.This algorithm can reject ARP spoofing,achieve the goals of maintaining network security.

B. Issac

DOI: https://doi.org/10.48550/arXiv.1410.4398

2014-10-16

Abstract:For network computers to communicate to one another, they need to know one another's IP address and MAC address. Address Resolution Protocol (ARP) is developed to find the Ethernet address that map to a specific IP address. The source computer broadcasts the request for Ethernet address and eventually the target computer replies. The IP to Ethernet address mapping would later be stored in an ARP Cache for some time duration, after which the process is repeated. Since ARP is susceptible to ARP poisoning attacks, we propose to make it unicast, centralized and secure, along with a secure design of DHCP protocol to mitigate MAC spoofing. The secure protocol designs are explained in detail. Lastly we also discuss some performance issues to show how the proposed protocols work.

Cryptography and Security

Zhiping Jiang,Kun Zhao,Rui Li,Jizhong Zhao,Junzhao Du

DOI: https://doi.org/10.1186/s13677-020-0154-7

2020-01-01

Journal of Cloud Computing Advances Systems and Applications

Abstract:Delivering service intelligence to billions of connected devices is the next step in edge computing. Wi-Fi, as the de facto standard for high-throughput wireless connectivity, is highly vulnerable to packet-injection-based identity spoofing attacks (PI-ISAs). An attacker can spoof as the legitimate edge coordinator and perform denial of service (DoS) or even man-in-the-middle (MITM) attacks with merely a laptop. Such vulnerability leads to serious systematic risks, especially for the core edge/cloud backbone network.In this paper, we propose PHYAlert, an identity spoofing attack alert system designed to protect a Wi-Fi-based edge network. PHYAlert profiles the wireless link with the rich dimensional Wi-Fi PHY layer information and enables real-time authentication for Wi-Fi frames. We prototype PHYAlert with commercial off-the-shelf (COTS) devices and perform extensive experiments in different scenarios. The experiments verify the feasibility of spoofing detection based on PHY layer information and show that PHYAlert can achieve an 8x improvement in the false positive rate over the conventional signal-strength-based solution.

Haider Salim,Zhitang Li,Hao Tu,Zhengbiao Guo

DOI: https://doi.org/10.1109/dcabes.2012.71

2012-01-01

Abstract:Owing to its great need for mapping an IP address to the corresponding MAC address over an Ethernet topology, Address Resolution Protocol (ARP) has been, and still is, capable of accomplishing this task efficiently. At the same time, it suffers from some security shortcomings, because of the malicious hosts have the possibility of poisoning the ARP cache for another host on the same LAN. In this paper, by gratuitous ARP request packets, we propose a solution to the problem of ARP poisoning. Our suggested mechanism which is named a Gratuitous Decision Packet System (GDPS) seeks to achieve two main goals: (1) Detection of suspicious ARP packets, by implementing a real-time analyzing for received ARP packets. (2) The distinction between a legitimate and malicious host through sending a modified request packet of the gratuitous ARP packets. Furthermore, the experiments show that the presented design has the efficiency and accuracy, as well as it does not require any additional software or hardware.

Dalia Nashat,Sabah M. Morsy

DOI: https://doi.org/10.1109/ACCESS.2022.3172329

IF: 3.9

IEEE Access

Abstract:Nowadays, cyber-attack is a severe criminal violation, and it is one of the most active fields of research. Man-in-the-middle attack (MITM) is a type of cyber-attack in which an unauthorized third party secretly accesses the communication between two hosts in the same network to read=modify the transferred data between them. ARP spoofing-based MITM attack exploits ARP protocol weakness where the attacker associates its MAC address with the IP address of an intended legitimate host. Although there are many defense approaches for ARP spoofing based-MITM attacks, these methods are uncompleted or have a performance overhead since they modify the original ARP protocol. Also, some of these approaches depend on the centralized server which leads to a single point of failure. This paper presents a detection scheme for ARP spoofing-based MITM attack called D-ARP which is compatible with the original ARP protocol. The main idea of D-ARP is to send an ARP packet signed with a key in parallel with the original ARP packets to make a correlation between requests and replies. Each host records the signed ARP packets whether it is a request or a reply in a log file. Based on this correlation, D-ARP matches the injected key to detect ARP spoofing if there is a duplicate or conflict in the MAC address. For more reliability, D-ARP uses the DHCP server and the Nmap feature to detect the MAC addresses of MITM attackers. Moreover, this scheme also offers a module for Admin to create a trusted list of hosts. The experimental results show that D-ARP is very effective to detect and prevent ARP spoofing with zero false positives and zero false negative probabilities without any modifications in the original ARP protocol.

Computer Science

Lei Yang,Lejun Chi,Dongjie Zhu,Chengwen Tang,Kun Wang

2006-01-01

Abstract:During the network communication process, attacker carry on ARP spoofing by using the disadvantage of the ARP(Address Resolution Protocol) protocol, this phenomenon seriously threatens the LAN security. This paper will introduce the commonly used ARP spoofing methods such as internal/external network sniffing, interception, malicious attack and so on. It presents the Matching IP method, Data monitor method, Echo time method, ARP response analysis method, software tools detecting method as well as the new method of ARP cache updating, using switching equipment to control and other strategy and presents the algorithm to keep ARP spoofing away and maintain network security.

Xuewei Feng,Qi Li,Kun Sun,Yuxiang Yang,Ke Xu

DOI: https://doi.org/10.1109/sp46215.2023.10179441

2023-01-01

Abstract:Modern Wi-Fi networks are commonly protected by the security mechanisms, e.g., WPA, WPA2 or WPA3, and thus it is difficult for an attacker (a malicious supplicant) to hijack the traffic of other supplicants as a man-in-the-middle (MITM). In traditional Evil Twins attacks, attackers may deploy a bogus wireless access point (AP) to hijack the victim supplicants' traffic (e.g., stealing credentials). In this paper, we uncover a new MITM attack that can evade the security mechanisms in Wi-Fi networks by spoofing the legitimate AP to send a forged ICMP redirect message to a victim supplicant and thus allow attackers to stealthily hijack the traffic from the victim supplicant without deploying any bogus AP. The core idea is to misuse the vulnerability of cross-layer interactions between WPAs and ICMP protocols, totally evading the link layer security mechanisms enforced by WPAs. We resolve two requirements to successfully launch our attack. First, when the attacker spoofs the legitimate AP to craft an ICMP redirect message, the legitimate AP cannot recognize and filter out those forged ICMP redirect messages. We uncover a new vulnerability (CVE-2022-25667) of the Network Processing Units (NPUs) in AP routers that restrict the AP routers from blocking fake ICMP error messages passing through the router. We test 55 popular wireless routers from 10 well-known AP vendors, and none of these routers can block the forged ICMP redirect messages due to this vulnerability. Second, we develop a new method to ensure the forged ICMP redirect message can evade the legitimacy check of the victim supplicant and then poison its routing table. We conduct an extensive measurement study on 122 real-world Wi-Fi networks, covering all prevalent Wi-Fi security modes. The experimental results show that 109 out of the 122 (89%) evaluated Wi-Fi networks are vulnerable to our attack. Besides notifying the vulnerability to the NPU manufacturers and the AP vendors, we develop two countermeasures to throttle the identified attack.

Paul Staat,Simon Mulzer,Stefan Roth,Veelasha Moonsamy,Markus Heinrichs,Rainer Kronberger,Aydin Sezgin,Christof Paar

DOI: https://doi.org/10.48550/arXiv.2112.01967

2022-04-07

Abstract:Wireless radio channels are known to contain information about the surrounding propagation environment, which can be extracted using established wireless sensing methods. Thus, today's ubiquitous wireless devices are attractive targets for passive eavesdroppers to launch reconnaissance attacks. In particular, by overhearing standard communication signals, eavesdroppers obtain estimations of wireless channels which can give away sensitive information about indoor environments. For instance, by applying simple statistical methods, adversaries can infer human motion from wireless channel observations, allowing to remotely monitor premises of victims. In this work, building on the advent of intelligent reflecting surfaces (IRSs), we propose IRShield as a novel countermeasure against adversarial wireless sensing. IRShield is designed as a plug-and-play privacy-preserving extension to existing wireless networks. At the core of IRShield, we design an IRS configuration algorithm to obfuscate wireless channels. We validate the effectiveness with extensive experimental evaluations. In a state-of-the-art human motion detection attack using off-the-shelf Wi-Fi devices, IRShield lowered detection rates to 5% or less.

Cryptography and Security

Novi Aryani Fitri

DOI: https://doi.org/10.31763/iota.v4i3.805

2024-08-15

Abstract:This study explores network security within a simulated environment built using VirtualBox, focusing on comparing the HTTP and HTTPS protocols in protecting data from eavesdropping. The research follows the PPDIOO model (Prepare, Plan, Design, Implement, Operate, and Optimize), including system requirements mapping and the setup of a virtual network environment that supports VLAN and data security. Two main scenarios were tested: an authorized user securely accesses a server using HTTPS, and another where an attacker attempts to intercept communication between the client and server using HTTP. The results indicate that HTTPS effectively protects data from eavesdropping attempts by attackers, while HTTP leaves security vulnerabilities that can be exploited to steal sensitive information. This study underscores the importance of using secure protocols like HTTPS in VLAN-based networks to protect data from eavesdropping and other threats. Additionally, the research paves the way for developing further security measures in network management, such as firewalls, intrusion detection systems (IDS), and more advanced encryption.

Yihao Jia,Ying Liu,Gang Ren,Lin He

DOI: https://doi.org/10.1109/pccc.2017.8280451

2017-01-01

Abstract:IP spoofing, which is prevalently used for anonymity and reflection attacks, has shown increasing destructive power in recent years. Although certain source address validation solutions have been standardized by the Internet Engineering Task Force, few networks are willing to adopt them in view of the deficiency of deployment benefits. Actually, all the source address validation solutions face the problem of a lack of deployability. In this paper, we summarize the key points describing deployability and propose a new security service-inter-autonomous-system (AS) Source Address Protection (iSAP). Technically, by increasing the possibility of keeping the source address belonging to one AS from being the victim of reflection flooding, iSAP improves the deployers ability to prevent IP spoofing and increases incremental deployability. In reality, such a service can also be regarded as a new profit opportunity for ASes and it could progress gradually once it is well commercialized. Based on simulations with real Internet topology data, the results illustrate that iSAP can protect ASes from being reflected with only a few deployers, exhibiting a high potential to mitigate reflection flooding with modest resource consumption.

Xiuping Han,Zhi Wang,Dan Pei

DOI: https://doi.org/10.1109/ICC.2018.8422764

2018-01-01

Abstract:Mobile devices adopt probe requests to discover nearby Wi-Fi access points (APs) and set up fast Wi-Fi connections. Preferred Network Lists (PNLs) are used to store the lists of connected Wi-Fi APs in the past. Previous studies have shown that such mechanism can lead to serious privacy leakage, for example, attackers can infer users' identity information and movement histories. In this paper, we investigate the privacy issue and propose a data-driven protection strategy. First, we conduct extensive measurement studies based on 27 million users associating with 4 million Wi-Fi APs in 4 cities. We show that probe requests can be used to identify and profile users. Despite that some actions have been taken to reduce privacy leakage (e.g., MAC address randomization), users' PNLs can still be inferred by attackers. Second, we propose a novel privacy protection method, in which users' PNLs are "blurred" by adding faked SSIDs generated using a collaborative filtering algorithm, such that nearby users' PNLs are similar to each other. Finally, we evaluate the performance of our design using real-world Wi-Fi association traces. Our trace-driven simulation shows that the refined PNLs can effectively protect user privacy and ensure fast Wi-Fi connection at the same time.

秦丰林,段海新,郭汝廷

DOI: https://doi.org/10.3969/j.issn.1001-3695.2009.01.008

2009-01-01

Abstract:Up to now,many schemes have been proposed to protect against ARP spoofing which can be classified into three categories as detecting,preventing and avoiding techniques according to their functions.This paper summarized and analyzed each of these schemes,identified their advantages and weaknesses,presented some factors that have to be considered in improving ARP protocol.