Detecting forged management frames with spoofed addresses in IEEE 802.11 networks using received signal strength indicat
- PDF / 1,211,427 Bytes
- 7 Pages / 595.276 x 790.866 pts Page_size
- 85 Downloads / 222 Views
ORIGINAL ARTICLE
Detecting forged management frames with spoofed addresses in IEEE 802.11 networks using received signal strength indicator Davar Ahmadpour1 · Peyman Kabiri1 Received: 2 December 2018 / Accepted: 30 January 2020 © Springer Nature Switzerland AG 2020
Abstract IEEE 802.11 Wireless LAN networks are vulnerable to MAC address spoofing attacks and to sending forged management frames to disconnect or disturb existing connections. The main reason behind this vulnerability is that the management frames are sent as a plain text with no built-in authentication or encryption mechanism. In this paper, intention is to address problem of detecting forged management frames with spoofed source addresses. Using a distributed architecture and Received Signal Strength Indicator (RSSI), the paper proposes a signature-based detection scheme. Employing a set of monitoring points, RSSI is used as a non-counterfeiting feature to extract a signature for each node. The proposed approach uses majority voting as an ensemble method to aggregate the local judgments of the monitoring points. The simulation results show that when the attacker is far enough from the victim, this approach can detect spoofing attacks with a high detection rate. Keywords IEEE 802.11 · Forged management frames · MAC spoofing · Received signal strength
1 Introduction In recent years, IEEE 802.11 wireless LAN is widely used in homes, industry and public places. Use of such networks in sensitive places such as hospitals and military environments where availability and reliability are the key factors is increasing. IEEE 802.11 uses three types of frames: data, management and control frames. Management frames are used for finding the network, connection establishment, synchronizing the network nodes with the Access Point (AP), power management and terminating the existing connections. However, two security weaknesses of the protocol have led to creation of a significant number of attacks using the management frames. First, it is easily possible to sniff and spoof the MAC address of any device in the network. Second, lack of a built-in encryption or authentication mechanism for the management frames makes it possible to forge these frames and to inject them into the network.
B
Peyman Kabiri [email protected] Davar Ahmadpour [email protected]
1
Various methods have been proposed to deal with forgery attacks. These methods are categorized into two groups: prevention and detection. Methods that belong to the former group try to use encryption and authentication mechanisms to make sure the management frames cannot be forged. Extracting unique features for each node in the network, the detection methods let the attack to be executed and consequently they detect it. The problem with preventive methods is that they need to make changes in the existing protocols. In addition, these methods need a way to manage keys. Detection methods have the advantage of eliminating the need to alter protocols, thus, they have greater scalability and compatibil
Data Loading...