Hao Han,Fengyuan Xu,Chiu Chiang Tan,Yifan Zhang,Qun Li

DOI: https://doi.org/10.1109/INFCOM.2011.5934960

2011-01-01

Abstract:This paper considers vehicular rogue access points (APs) that rogue APs are set up in moving vehicles to mimic legitimate roadside APs to lure users to associate to them. Due to its mobility, a vehicular rogue AP is able to maintain a long connection with users. Thus, the adversary has more time to launch various attacks to steal users' private information. We propose a practical detection scheme based on the comparison of Receive Signal Strength (RSS) to prevent users from connecting to rogue APs. The basic idea of our solution is to force APs (both legitimate and fake) to report their GPS locations and transmission powers in beacons. Based on such information, users can validate whether the measured RSS matches the value estimated from the AP's location, transmission power, and its own GPS location. Furthermore, we consider the impact of path loss and shadowing and propose a method based on rate adaption to deal with advanced rogue APs. We implemented our detection technique on commercial off-the-shelf devices including wireless cards, antennas, and GPS modules to evaluate the efficacy of our scheme.

Kexiong (Curtis) Zeng,Shinan Liu,Yuanchao Shu,Dong Wang,Haoyu Li,Yanzhi Dou,Gang Wang,Yaling Yang

2018-01-01

Abstract:Mobile navigation services are used by billions of users around globe today. While GPS spoofing is a known threat, it is not yet clear if spoofing attacks can truly manipulate road navigation systems. Existing works primarily focus on simple attacks by randomly setting user locations, which can easily trigger a routing instruction that contradicts with the physical road condition (i.e., easily noticeable). In this paper, we explore the feasibility of a stealthy manipulation attack against road navigation systems. The goal is to trigger the fake turn-by-turn navigation to guide the victim to a wrong destination without being noticed. Our key idea is to slightly shift the GPS location so that the fake navigation route matches the shape of the actual roads and trigger physically possible instructions. To demonstrate the feasibility, we first perform controlled measurements by implementing a portable GPS spoofer and testing on real cars. Then, we design a searching algorithm to compute the GPS shift and the victim routes in real time. We perform extensive evaluations using a trace-driven simulation (600 taxi traces in Manhattan and Boston), and then validate the complete attack via real-world driving tests (attacking our own car). Finally, we conduct deceptive user studies using a driving simulator in both the US and China. We show that 95% of the participants follow the navigation to the wrong destination without recognizing the attack. We use the results to discuss countermeasures moving forward.

Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1145/3536423

2022-01-01

ACM Transactions on Sensor Networks

Abstract:The broadcast nature of wireless media makes WLANs easily attacked by rogue Access Points (APs) . Rogue AP attacks can potentially cause severe privacy leakage and financial loss. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP but also depend on the client, significantly limiting their application scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint . These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model, and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication in typical indoor environments. We have also proposed a threshold-improved authentication scheme to improve the robustness of our system in dynamic environments. Our schemes can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 18 million WiFi packets. Results show that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate. Moreover, the threshold-improved authentication scheme can further reduce the false alarm rate by 13.0%-44.8% for dynamic environments.

Shinan Liu,Xiang Cheng,Hanchao Yang,Yuanchao Shu,Xiaoran Weng,Ping Guo,Kexiong (Curtis) Zeng,Gang Wang,Yaling Yang

2021-01-01

Abstract:The GPS has empowered billions of users and various critical infrastructures with its positioning and time services. However, GPS spoofing attacks also become a growing threat to GPS-dependent systems. Existing detection methods either require expensive hardware modifications to current GPS devices or lack the basic robustness against sophisticated attacks, hurting their adoption and usage in practice. In this paper, we propose a novel GPS spoofing detection framework that works with off-the-shelf GPS chipsets. Our basic idea is to rotate a one-side-blocked GPS receiver to derive the angle-of-arrival (AoAs) of received signals and compare them with the GPS constellation (consists of tens of GPS satellites). We first demonstrate the effectiveness of this idea by implementing a smartphone prototype and evaluating it against a real spoofer in various field experiments (in both open air and urban canyon environments). Our method achieves a high accuracy (95%-100%) in 5 seconds. Then we implement an adaptive attack, assuming the attacker becomes aware of our defense method and actively modulates the spoofing signals accordingly. We study this adaptive attack and propose enhancement methods (using the rotation speed as the "secret key") to fortify the defense. Further experiments are conducted to validate the effectiveness of the enhanced defense.

Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1109/percom45495.2020.9127375

2020-01-01

Abstract:The broadcast nature of wireless medium makes WLANs easily be attacked by rogue Access Points (APs). Rogue AP attacks can potentially cause severe privacy leakage and financial lost. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs, since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP, but also depend on the client, significantly limiting their applicable scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint. These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication. Our scheme can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 12 million WiFi packets. Results shows that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate.

Jiangyi Deng,Xiaoyu Ji,Beibei Wang,Bin Wang,Wenyuan Xu

DOI: https://doi.org/10.1109/tifs.2023.3311964

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The market for consumer drones is growing and drones are becoming ever more pervasive than before in our life. However, drones have also brought about severe privacy violations and even safety issues. Especially, drones with cameras can snap pictures or take private videos. Researchers have designed drone detection mechanisms by passively inspecting the radio frequency (RF) signal in the communication channel between a drone and its controller. However, passive detection solutions shall fail when drones are in autopilot mode without control signals from controllers. In this paper, we seek to detect autopilot drones that transmit no RF signals by developing a proactive detection system named Dr. Defender. To this end, we resort to the Wi-Fi signals prevalent at each house and propose a proactive drone detection mechanism. To facilitate the detection of drones with Wi-Fi, we first study the motion characteristics of drones, including the shifting, moving, and spinning of propellers that can uniquely represent a drone. Then we investigate the physical layer information of Wi-Fi signals, i.e., the channel state information (CSI), to reveal specific motions of a drone. Finally, we implement our CSI-based proactive drone detection system, which requires no signal transmission from a drone or its controller. We extensively validate the feasibility and performance of our solution under different distances and directions of drones relative to a window. Results show that Dr. Defender can accurately detect drones 10 meters away.

Gorkem Kar,Hossen Mustafa,Yan Wang,Yingying Chen,Wenyuan Xu,Marco Gruteser,Tam Vu

DOI: https://doi.org/10.1145/2660267.2660336

2014-01-01

Abstract:The Global Positioning System (GPS) is widely used in critical infrastructures but is vulnerable to radio frequency (RF) interference. A common source of interference are commercial drivers that use GPS jammers to circumvent vehicle tracking systems. Existing mechanisms to detect and identify such interference emitting vehicles on roadways require a large number of specialized detectors or a manual observation process. In this paper, we design a practical, automated system to facilitate enforcement actions. Our system combines information from roadside monitoring points at key locations along the roadway as well as mobile detectors (e.g., smartphones and other mobile GPS systems). Rather than attempting precise localization at a given time, the system exploits the inherent variation in driving speeds and the resulting diverging trajectories of vehicles to uniquely identify the interfering vehicle. Through our experiments on a local highway with a vehicle transmitting interference in the 900MHz ISM band, we found that the vehicle identification rate of our mechanism is 65% for a single-point setup and 100% for a two-point setup. We performed 200 hours of passive monitoring of GPS L1 band on roadways and found two episodes of real interference. We also demonstrate that our mobile detector-based crowdsourced smartphone profiles are sufficiently consistent in time and space to enable reliable interference detection.

Hao Han,Bo Sheng,Chiu C. Tan,Qun Li,Sanglu Lu

DOI: https://doi.org/10.1109/tpds.2011.125

2009-01-01

Abstract:This paper considers a category of rogue access points (APs) that pretend to be legitimate APs to lure users to connect to them. We propose a practical timing based technique that allows the user to avoid connecting to rogue APs. Our method employs the round trip time between the user and the DNS server to independently determine whether an AP is legitimate or not without assistance from the WLAN operator. We implemented our detection technique on commercially available wireless cards to evaluate their performance.

Tong Zhou,Romit Roy,Choudhury Peng Ning,Krishnendu Chakrabarty

DOI: https://doi.org/10.1109/jsac.2011.110308

IF: 16.4

2011-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Vehicular ad hoc networks (VANETs) are being increasingly advocated for traffic control, accident avoidance, and management of parking lots and public areas. Security and privacy are two major concerns in VANETs. Unfortunately, in VANETs, most privacy-preserving schemes are vulnerable to Sybil attacks, whereby a malicious user can pretend to be multiple (other) vehicles. In this paper, we present a lightweight and scalable protocol to detect Sybil attacks. In this protocol, a malicious user pretending to be multiple (other) vehicles can be detected in a distributed manner through passive overhearing by s set of fixed nodes called road-side boxes (RSBs). The detection of Sybil attacks in this manner does not require any vehicle in the network to disclose its identity; hence privacy is preserved at all times. Simulation results are presented for a realistic test case to highlight the overhead for a centralized authority such as the DMV, the false alarm rate, and the detection latency. The results also quantify the inherent trade-off between security, i.e., the detection of Sybil attacks and detection latency, and the privacy provided to the vehicles in the network. From the results, we see our scheme being able to detect Sybil attacks at low overhead and delay, while preserving privacy of vehicles.

Kexiong (Curtis) Zeng,Yuanchao Shu,Shinan Liu,Yanzhi Dou,Yaling Yang

DOI: https://doi.org/10.1145/3032970.3032983

2017-01-01

Abstract:High value of GPS location information and easy availability of portable GPS signal spoofing devices incentivize attackers to launch GPS spoofing attacks against location-based applications. In this paper, we propose an attack model in road navigation scenario, and develop a complete framework to analyze, simulate and evaluate the spoofing attacks under practical constraints. To launch an attack, the framework first constructs a road network, and then searches for an attack route that smoothly diverts a victim without his awareness. In extensive data-driven simulations in College Point, New York City, we managed to navigate a victim to locations 1km away from his original destination.

Nilesh Chakraborty,Yao Chao,Jianqiang Li,Sumit Mishra,Chengwen Luo,Ying He,Jie Chen,Yi Pan

DOI: https://doi.org/10.1109/jiot.2021.3051293

IF: 10.6

2022-04-15

IEEE Internet of Things Journal

Abstract:Unmanned aerial vehicles (UAVs) are being used in different emerging domains for accomplishing many critical tasks. However, due to the various constraints, such as battery life, computational resources, etc., a UAV under a mission (M-UAV) often needs assistance from an edge/cloud server that is reachable from the M-UAV's location. A connection between an M-UAV and edge server can be established via an access point or AP. Therefore, before sharing any sensitive information with the edge server, it is essential for an M-UAV to determine the legitimacy of the selected AP. Recently, some works in this direction indicate that a rogue UAV (R-UAV) can successfully mimic a legitimate AP for intercepting the communication channel. Hence, there should be a robust detection mechanism in place for addressing such a threat scenario. In this article, considering one of the emerging domains—the Internet of Vehicle (IoV) networks, at first, we show that communication in the IoV networks can get benefit from the presence of M-UAVs. However, as the link between the M-UAV and edge server can be intercepted by an R-UAV, the adversary may access the sensitive information from the IoV networks. Followed by this, we propose a timing-based algorithm for identifying the presence of rogue APs (or R-UAVs) in the channel. The M-UAV executes the timing-based algorithm, and the detection method does not require any auxiliary hardware or any modification to the network protocols for meeting the objective. Supported by an extensive evaluation study, we show that without any rigid restriction on the M-UAV's speed (e.g., by limiting it to almost static) the proposed approach significantly enhances the detection accuracy (at least by a margin of 29.7% and 16.65%) compared to the state-of-the-art methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wenjie Liu,Panos Papadimitratos

2024-06-04

Abstract:Rogue Wi-Fi access point (AP) attacks can lead to data breaches and unauthorized access. Existing rogue AP detection methods and tools often rely on channel state information (CSI) or received signal strength indicator (RSSI), but they require specific hardware or achieve low detection accuracy. On the other hand, AP positions are typically fixed, and Wi-Fi can support indoor positioning of user devices. Based on this position information, the mobile platform can check if one (or more) AP in range is rogue. The inclusion of a rogue AP would in principle result in a wrong estimated position. Thus, the idea to use different subsets of APs: the positions computed based on subsets that include a rogue AP will be significantly different from those that do not. Our scheme contains two components: subset generation and position validation. First, we generate subsets of RSSIs from APs, which are then utilized for positioning, similar to receiver autonomous integrity monitoring (RAIM). Second, the position estimates, along with uncertainties, are combined into a Gaussian mixture, to check for inconsistencies by evaluating the overlap of the Gaussian components. Our comparative analysis, conducted on a real-world dataset with three types of attacks and synthetic RSSIs integrated, demonstrates a substantial improvement in rogue AP detection accuracy.

Cryptography and Security

Dror Peri,Avishai Wool

2024-10-08

Abstract:Autonomous driving and advanced driver assistance systems (ADAS) rely on cameras to control the driving. In many prior approaches an attacker aiming to stop the vehicle had to send messages on the specialized and better-defended CAN bus. We suggest an easier alternative: manipulate the IP-based network communication between the camera and the ADAS logic, inject fake images of stop signs or red lights into the video stream, and let the ADAS stop the car safely. We created an attack tool that successfully exploits the GigE Vision protocol. Then we analyze two classes of passive anomaly detectors to identify such attacks: protocol-based detectors and video-based detectors. We implemented multiple detectors of both classes and evaluated them on data collected from our test vehicle and also on data from the public BDD corpus. Our results show that such detectors are effective against naive adversaries, but sophisticated adversaries can evade detection. Finally, we propose a novel class of active defense mechanisms that randomly adjust camera parameters during the video transmission, and verify that the received images obey the requested adjustments. Within this class we focus on a specific implementation, the width-varying defense, which randomly modifies the width of every frame. Beyond its function as an anomaly detector, this defense is also a protective measure against certain attacks: by distorting injected image patches it prevents their recognition by the ADAS logic. We demonstrate the effectiveness of the width-varying defense through theoretical analysis and by an extensive evaluation of several types of attack in a wide range of realistic road driving conditions. The best the attack was able to achieve against this defense was injecting a stop sign for a duration of 0.2 seconds, with a success probability of 0.2%, whereas stopping a vehicle requires about 2.5 seconds.

Cryptography and Security

Qifan Xiao,Xudong Pan,Yifan Lu,Mi Zhang,Jiarun Dai,Min Yang

DOI: https://doi.org/10.48550/arXiv.2303.09731

2023-03-17

Abstract:Automated driving systems rely on 3D object detectors to recognize possible obstacles from LiDAR point clouds. However, recent works show the adversary can forge non-existent cars in the prediction results with a few fake points (i.e., appearing attack). By removing statistical outliers, existing defenses are however designed for specific attacks or biased by predefined heuristic rules. Towards more comprehensive mitigation, we first systematically inspect the mechanism of recent appearing attacks: Their common weaknesses are observed in crafting fake obstacles which (i) have obvious differences in the local parts compared with real obstacles and (ii) violate the physical relation between depth and point density. In this paper, we propose a novel plug-and-play defensive module which works by side of a trained LiDAR-based object detector to eliminate forged obstacles where a major proportion of local parts have low objectness, i.e., to what degree it belongs to a real object. At the core of our module is a local objectness predictor, which explicitly incorporates the depth information to model the relation between depth and point density, and predicts each local part of an obstacle with an objectness score. Extensive experiments show, our proposed defense eliminates at least 70% cars forged by three known appearing attacks in most cases, while, for the best previous defense, less than 30% forged cars are eliminated. Meanwhile, under the same circumstance, our defense incurs less overhead for AP/precision on cars compared with existing defenses. Furthermore, We validate the effectiveness of our proposed defense on simulation-based closed-loop control driving tests in the open-source system of Baidu's Apollo.

Cryptography and Security,Artificial Intelligence

Oscar Amador,Erik Ronelöv,Katarina Boustedt,Jesper Blidkvist,Alexey Vinel

DOI: https://doi.org/10.48550/arXiv.2312.14059

2023-12-21

Networking and Internet Architecture

Abstract:The use of reactive detection technologies such as passive and active sensors for avoiding car accidents involving pedestrians and other Vulnerable Road Users (VRU) is one of the cornerstones of Cooperative, Connected, and Automated Mobility (CCAM). However, CCAM systems are not yet present in all roads at all times. The use of currently available technologies that are embedded in smartphones, such as location services and Internet access, are enablers for the early detection of VRUs. This paper presents the proof-of-concept of a system that provides vehicles with enough information about the presence of VRUs by using public cellular networks, an MQTT broker, and IEEE 802.11p-enabled hardware (a roadside unit and an on-board unit). The system was tested in an urban environment and in a test track, where its feasibility was evaluated. Results were satisfactory, proving the system is reliable enough to alert of the sudden appearance of a VRU in time for the driver to react.

Sagar Dasgupta,Abdullah Ahmed,Mizanur Rahman,Thejesh N. Bandi

2024-01-03

Abstract:Autonomous vehicles (AVs) rely on the Global Positioning System (GPS) or Global Navigation Satellite Systems (GNSS) for precise (Positioning, Navigation, and Timing) PNT solutions. However, the vulnerability of GPS signals to intentional and unintended threats due to their lack of encryption and weak signal strength poses serious risks, thereby reducing the reliability of AVs. GPS spoofing is a complex and damaging attack that deceives AVs by altering GPS receivers to calculate false position and tracking information leading to misdirection. This study explores a stealthy slow drift GPS spoofing attack, replicating the victim AV's satellite reception pattern while changing pseudo ranges to deceive the AV, particularly during turns. The attack is designed to gradually deviate from the correct route, making real-time detection challenging and jeopardizing user safety. We present a system and study methodology for constructing covert spoofing attacks on AVs, investigating the correlation between original and spoofed pseudo ranges to create effective defenses. By closely following the victim vehicle and using the same satellite signals, the attacker executes the attack precisely. Changing the pseudo ranges confuses the AV, leading it to incorrect destinations while remaining oblivious to the manipulation. The gradual deviation from the actual route further conceals the attack, hindering its swift identification. The experiments showcase a robust correlation between the original and spoofed pseudo ranges, with R square values varying between 0.99 and 1. This strong correlation facilitates effective evaluation and mitigation of spoofing signals.

Cryptography and Security

Chen Wang,Rui Huang,Jian Shen,Jianwei Liu,Pandi Vijayakumar,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2021.3068268

IF: 10.6

2021-09-15

IEEE Internet of Things Journal

Abstract:The delay of vehicle emergency has led to many serious consequences. A series of studies has been carried out in the field of information security in vehicular ad hoc networks (VANETs). However, open issues such as the authentication of emergency vehicle (EV) avoidance are remaining unsolved. In this article, we propose a novel lightweight authentication protocol to avoid EVs in VANETs. In our protocol, after completing the first mutual authentication with the nearest roadside unit (RSU), EV can complete the mutual identity authentication with the subsequent RSUs without repeating cumbersome calculations. Additionally, EV is required to verify the legitimacy of the driver's identity when starting to avoid some illegal driving behavior. The RSUs will broadcast avoidance information to ordinary vehicles in their jurisdiction to remind them to clear a temporary emergency lane for EVs in advance. With temporary emergency lanes, emergent mission delays due to traffic congestion could be reduced. The security analysis and efficient analysis prove that our protocol is practical and efficient against attacks, such as impersonation attacks, device theft attacks, reputation attacks, etc.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xumin Huang,Rong Yu,Miao Pan,Lei Shu

DOI: https://doi.org/10.1109/access.2018.2868002

IF: 3.9

2018-01-01

IEEE Access

Abstract:Edge computing-based Internet of Vehicles (EC-IoV) has emerged when computing environment is extended to vehicular network edge for supporting compute-intensive applications. To implement EC-IoV, roadside units (RSUs) are enhanced and upgraded toward edge computing infrastructures with hardware improvements. RSU is a crucial component to communicate with and serve vehicles in EC-IoV. However, RSUs easily suffer from potential network attacks. The attacks lower the quality of user experience, disrupt RSU workload scheduling and even result in user information leakage. Due to the open deployment environment, network traffic among all RSUs may be eavesdropped by a global adversary. When a hotspot phenomenon causes heavy traffic to an RSU, the adversary could take advantage of traffic statistics to locate the RSU. After that, the adversary may concentrate to attack the RSU and try to interrupt on-going services. As a consequence, RSU hotspot attack with traffic eavesdropping is launched. In this paper, we focus on such a new adversary model in EC-IoV and discuss the attack and its defence. To prevent from the attack, we propose a proactive scheme by generating dummy traffic delivery. The local vehicles are collaborative and encouraged to send dummy packets to specified RSUs. This dummy traffic will mislead the traffic statistics and protect hospot RSUs. Stackelberg game approach is used to build an incentive mechanism in the scheme. Numerical results demonstrate that our scheme is effective and efficient to secure EC-IoV against RSU hotspot attack.

Fuad A. Ghaleb,Faisal Saeed,Eman H. Alkhammash,Norah Saleh Alghamdi,Bander Ali Saleh Al-rimy

DOI: https://doi.org/10.3390/s22072810

IF: 3.9

2022-04-06

Sensors

Abstract:A vehicular ad hoc network (VANET) is an emerging technology that improves road safety, traffic efficiency, and passenger comfort. VANETs’ applications rely on co-operativeness among vehicles by periodically sharing their context information, such as position speed and acceleration, among others, at a high rate due to high vehicles mobility. However, rogue nodes, which exploit the co-operativeness feature and share false messages, can disrupt the fundamental operations of any potential application and cause the loss of people’s lives and properties. Unfortunately, most of the current solutions cannot effectively detect rogue nodes due to the continuous context change and the inconsideration of dynamic data uncertainty during the identification. Although there are few context-aware solutions proposed for VANET, most of these solutions are data-centric. A vehicle is considered malicious if it shares false or inaccurate messages. Such a rule is fuzzy and not consistently accurate due to the dynamic uncertainty of the vehicular context, which leads to a poor detection rate. To this end, this study proposed a fuzzy-based context-aware detection model to improve the overall detection performance. A fuzzy inference system is constructed to evaluate the vehicles based on their generated information. The output of the proposed fuzzy inference system is used to build a dynamic context reference based on the proposed fuzzy inference system. Vehicles are classified into either honest or rogue nodes based on the deviation of their evaluation scores calculated using the proposed fuzzy inference system from the context reference. Extensive experiments were carried out to evaluate the proposed model. Results show that the proposed model outperforms the state-of-the-art models. It achieves a 7.88% improvement in the overall performance, while a 16.46% improvement is attained for detection rate compared to the state-of-the-art model. The proposed model can be used to evict the rogue nodes, and thus improve the safety and traffic efficiency of crewed or uncrewed vehicles designed for different environments, land, naval, or air.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Dawei Yan,Yubo Yan,Panlong Yang,Wen-Zhan Song,Xiang-Yang Li,Pengfei Liu

DOI: https://doi.org/10.1109/jiot.2022.3223682

IF: 10.6

2023-03-25

IEEE Internet of Things Journal

Abstract:WiFi connections are vulnerable to simulated attacks from rogue access points (AP) or devices whose SSID and/or MAC/IP address are the same as legitimate devices. This kind of attack is difficult to counter with traditional network security mechanisms. In this paper, we propose a new security mechanism that uses environment-independent features extracted from channel state information (CSI) to detect and identify rogue WiFi devices or APs, and reject their connections. We find that due to the I/Q imbalance and imperfect oscillator of each WiFi network card (NIC), the nonlinear phase error of different subcarriers will vary with the NIC. Through our experimental verification, this cross-subcarrier phase feature is invariant to the location and the environment. We deploy systems on two platforms that can extract constant phase errors from the constantly changing CSI in less than one second, which is at least 8× faster than that of the state-of-the-art solution. Extensive experiments on commercial routers and end devices in different scenarios show that based on the Industral Platform Computer (IPC) platform, where only non-encrypted rogue connections can be detected, the detection accuracy rate reaches 96%, and the false alarm rate is less than 2%. Based on the ASUS router platform (a commercial WiFi router), WiFi channels and smart device types are not restricted, which greatly improved universality, and the accuracy of device connection detection can even reach more than 99%. We improve a device-type identification method based on the communication traffic features of the device when connected to WiFi. Experiments show that even if there are multiple similar devices from the same manufacturer, the accuracy of device type detection exceeds 99%.

computer science, information systems,telecommunications,engineering, electrical & electronic