TY - GEN
T1 - SIGTAM
T2 - 2022 IEEE Conference on Communications and Network Security, CNS 2022
AU - Zhang, Zhengguang
AU - Krunz, Marwan
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - The preamble is crucial for frame reception and interpretation in Wi-Fi networks. It carries essential information (e.g., length, rate, etc) in multiple Signal (SIG) fields that are needed to decode the payload portion of the frame. In this paper, we first use measurements and security analysis to identify the vulnerabilities of the SIG fields in terms of confidentiality, predictability, and integrity. Then, we introduce the SIG tampering attack (SIGTAM) in which the adversary exploits these vulnerabilities to craft and transmit a signal that tampers with legitimate SIG fields. This smart attack can pass the integrity validation including the even parity and cyclic redundancy check (CRC), hence deceiving the receiver(s). The resulting SIG fields not only lead to frame discard or decoding error at the receiver(s) but also channel access disorder at neighboring devices. We further strengthen this attack by making it robust to channel impairments and synchronization errors. The attack is quite stealthy in that it targets fewer than 20% of the subcarriers for a duration of 4μ s only. Simulations and over-The-Air (OTA) experiments are conducted on IEEE 802.11a/ax networks, which show that the proposed attack achieves almost 100% packet drop and packet error rates. Finally, we propose and evaluate schemes that detect the attack, identify impacted subcarriers, and retrieve the legitimate SIG fields based on their equalized frequency-domain symbols.
AB - The preamble is crucial for frame reception and interpretation in Wi-Fi networks. It carries essential information (e.g., length, rate, etc) in multiple Signal (SIG) fields that are needed to decode the payload portion of the frame. In this paper, we first use measurements and security analysis to identify the vulnerabilities of the SIG fields in terms of confidentiality, predictability, and integrity. Then, we introduce the SIG tampering attack (SIGTAM) in which the adversary exploits these vulnerabilities to craft and transmit a signal that tampers with legitimate SIG fields. This smart attack can pass the integrity validation including the even parity and cyclic redundancy check (CRC), hence deceiving the receiver(s). The resulting SIG fields not only lead to frame discard or decoding error at the receiver(s) but also channel access disorder at neighboring devices. We further strengthen this attack by making it robust to channel impairments and synchronization errors. The attack is quite stealthy in that it targets fewer than 20% of the subcarriers for a duration of 4μ s only. Simulations and over-The-Air (OTA) experiments are conducted on IEEE 802.11a/ax networks, which show that the proposed attack achieves almost 100% packet drop and packet error rates. Finally, we propose and evaluate schemes that detect the attack, identify impacted subcarriers, and retrieve the legitimate SIG fields based on their equalized frequency-domain symbols.
KW - IEEE 802.11
KW - Wi-Fi networks
KW - preamble signaling
KW - stealthy attack
KW - wireless security
UR - http://www.scopus.com/inward/record.url?scp=85150374046&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85150374046&partnerID=8YFLogxK
U2 - 10.1109/CNS56114.2022.10059317
DO - 10.1109/CNS56114.2022.10059317
M3 - Conference contribution
AN - SCOPUS:85150374046
T3 - 2022 IEEE Conference on Communications and Network Security, CNS 2022
BT - 2022 IEEE Conference on Communications and Network Security, CNS 2022
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 3 October 2022 through 5 October 2022
ER -