SIGTAM: A Tampering Attack on Wi-Fi Preamble Signaling and Countermeasures

Zhengguang Zhang, Marwan Krunz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

The preamble is crucial for frame reception and interpretation in Wi-Fi networks. It carries essential information (e.g., length, rate, etc) in multiple Signal (SIG) fields that are needed to decode the payload portion of the frame. In this paper, we first use measurements and security analysis to identify the vulnerabilities of the SIG fields in terms of confidentiality, predictability, and integrity. Then, we introduce the SIG tampering attack (SIGTAM) in which the adversary exploits these vulnerabilities to craft and transmit a signal that tampers with legitimate SIG fields. This smart attack can pass the integrity validation including the even parity and cyclic redundancy check (CRC), hence deceiving the receiver(s). The resulting SIG fields not only lead to frame discard or decoding error at the receiver(s) but also channel access disorder at neighboring devices. We further strengthen this attack by making it robust to channel impairments and synchronization errors. The attack is quite stealthy in that it targets fewer than 20% of the subcarriers for a duration of 4μ s only. Simulations and over-The-Air (OTA) experiments are conducted on IEEE 802.11a/ax networks, which show that the proposed attack achieves almost 100% packet drop and packet error rates. Finally, we propose and evaluate schemes that detect the attack, identify impacted subcarriers, and retrieve the legitimate SIG fields based on their equalized frequency-domain symbols.

Original languageEnglish (US)
Title of host publication2022 IEEE Conference on Communications and Network Security, CNS 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665462556
DOIs
StatePublished - 2022
Event2022 IEEE Conference on Communications and Network Security, CNS 2022 - Austin, United States
Duration: Oct 3 2022Oct 5 2022

Publication series

Name2022 IEEE Conference on Communications and Network Security, CNS 2022
Volume2022-January

Conference

Conference2022 IEEE Conference on Communications and Network Security, CNS 2022
Country/TerritoryUnited States
CityAustin
Period10/3/2210/5/22

Keywords

  • IEEE 802.11
  • Wi-Fi networks
  • preamble signaling
  • stealthy attack
  • wireless security

ASJC Scopus subject areas

  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Information Systems

Fingerprint

Dive into the research topics of 'SIGTAM: A Tampering Attack on Wi-Fi Preamble Signaling and Countermeasures'. Together they form a unique fingerprint.

Cite this