Detecting identity spoofs in IEEE 802.11e wireless networks

  • Authors:

  • Gayathri Chandrasekaran;John-Austen Francisco;Vinod Ganapathy;Marco Gruteser;Wade Trappe

  • Affiliations:

  • Rutgers University, North Brunswick, NJ;Rutgers University, North Brunswick, NJ;Rutgers University, North Brunswick, NJ;Rutgers University, Piscataway, NJ;Rutgers University, Piscataway, NJ

  • Venue:
  • GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

Wireless networks are vulnerable to identity spoofing attacks, where an attacker can forge the MAC address of his wireless device to assume the identity of another victim device on the network. Identity spoofing allows an attacker to avail network services that are normally restricted to legitimate users. Prior techniques to detect such attacks rely on characteristics such as progressions of MAC sequence numbers. However, these techniques can wrongly classify benign flows as malicious with newer 802.11e wireless devices that allow multiple progressions of MAC sequence numbers from the same device. Several other techniques that rely on physical properties of transmitting devices are ineffective when the attacker and the victim are mobile. In this paper, we propose an architecture to robustly detect identity spoofing attacks under varying operating conditions. Our architecture employs a series of increasingly powerful detectors to identify or eliminate the possibility of an attack, culminating in a powerful, RSSI-based per-packet localizer that reliably detects identity spoofing attacks. We implemented this architecture and used it to detect a variety of identity spoofing attacks. Our experiments show that it can effectively detect identity spoofs with a low false positive rate of 0.5%.