Securing Wi-Fi 6 Connection Establishment Against Relay and Spoofing Threats

• URL: http://arxiv.org/abs/2501.01517v1
• Date: Thu, 02 Jan 2025 19:49:24 GMT
• Title: Securing Wi-Fi 6 Connection Establishment Against Relay and Spoofing Threats
• Authors: Naureen Hoque, Hanif Rahbari,
• Abstract summary: Current Wi-Fi security protocols fail to fully mitigate attacks like man-in-the-middle, preamble spoofing, and relaying. We design a backward-compatible scheme using a digital signature interwoven into the preambles at the physical (PHY) layer with time constraints. We show that our relay attack detection achieves 96-100% true positive rates.
• Score: 8.770626974296949
• License:
• Abstract: Wireless local area networks remain vulnerable to attacks initiated during the connection establishment (CE) phase. Current Wi-Fi security protocols fail to fully mitigate attacks like man-in-the-middle, preamble spoofing, and relaying. To fortify the CE phase, in this paper we design a backward-compatible scheme using a digital signature interwoven into the preambles at the physical (PHY) layer with time constraints to effectively counter those attacks. This approach slices a MAC-layer signature and embeds the slices within CE frame preambles without extending frame size, allowing one or multiple stations to concurrently verify their respective APs' transmissions. The concurrent CEs are supported by enabling the stations to analyze the consistent patterns of PHY-layer headers and identify whether the received frames are the anticipated ones from the expected APs, achieving 100% accuracy without needing to examine their MAC-layer headers. Additionally, we design and implement a fast relay attack to challenge our proposed defense and determine its effectiveness. We extend existing open-source tools to support IEEE 802.11ax to evaluate the effectiveness and practicality of our proposed scheme in a testbed consisting of USRPs, commercial APs, and Wi-Fi devices, and we show that our relay attack detection achieves 96-100% true positive rates. Finally, end-to-end formal security analyses confirm the security and correctness of the proposed solution.

Related papers

• Securing 5G Bootstrapping: A Two-Layer IBS Authentication Protocol [4.087348638056961]
  Lack of authentication during the initial bootstrapping phase between cellular devices and base stations allows attackers to send malicious messages to the devices. We propose E2IBS, a novel and efficient two-layer identity-based signature scheme for seamless integration with existing cellular protocols. Compared to the state-of-the-art Schnorr-HIBS, E2IBS reduces attack surfaces, enables fine-grained lawful interception, and achieves 2x speed in verification.
  arXiv  Detail & Related papers  (2025-02-07T13:32:48Z)
• TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments [25.43682473591802]
  We show how a spoofing attack is able to cause a production-ready O-RAN and 5G-compliant private cellular base station to catastrophically fail within 2 seconds of the attack. To counter this, we design a Machine Learning-based monitoring solution capable of detecting various malicious attacks with over 97.5% accuracy.
  arXiv  Detail & Related papers  (2024-12-17T16:13:37Z)
• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• Securing Distributed Network Digital Twin Systems Against Model Poisoning Attacks [19.697853431302768]
  Digital twins (DTs) embody real-time monitoring, predictive, and enhanced decision-making capabilities. This study investigates the security challenges in distributed network DT systems, which potentially undermine the reliability of subsequent network applications.
  arXiv  Detail & Related papers  (2024-07-02T03:32:09Z)
• Poisoning Prevention in Federated Learning and Differential Privacy via Stateful Proofs of Execution [8.92716309877259]
  Federated Learning (FL) and Local Differential Privacy (LDP) have attracted much attention over the past few years. They share the common limitation of being vulnerable to poisoning attacks. We propose a system-level approach to remedy this issue based on a novel security notion of Proofs of Stateful Execution.
  arXiv  Detail & Related papers  (2024-04-10T04:18:26Z)
• FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids [53.2306792009435]
  FaultGuard is the first framework for fault type and zone classification resilient to adversarial attacks. We propose a low-complexity fault prediction model and an online adversarial training technique to enhance robustness. Our model outclasses the state-of-the-art for resilient fault prediction benchmarking, with an accuracy of up to 0.958.
  arXiv  Detail & Related papers  (2024-03-26T08:51:23Z)
• A Zero Trust Framework for Realization and Defense Against Generative AI Attacks in Power Grid [62.91192307098067]
  This paper proposes a novel zero trust framework for a power grid supply chain (PGSC) It facilitates early detection of potential GenAI-driven attack vectors, assessment of tail risk-based stability measures, and mitigation of such threats. Experimental results show that the proposed zero trust framework achieves an accuracy of 95.7% on attack vector generation, a risk measure of 9.61% for a 95% stable PGSC, and a 99% confidence in defense against GenAI-driven attack.
  arXiv  Detail & Related papers  (2024-03-11T02:47:21Z)
• Domain-Agnostic Hardware Fingerprinting-Based Device Identifier for Zero-Trust IoT Security [7.8344795632171325]
  Next-generation networks aim for comprehensive connectivity, interconnecting humans, machines, devices, and systems seamlessly. To address this challenge, the Zero Trust (ZT) paradigm emerges as a key method for safeguarding network integrity and data confidentiality. This work introduces EPS-CNN, a novel deep-learning-based wireless device identification framework.
  arXiv  Detail & Related papers  (2024-02-08T00:23:42Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• Mixture GAN For Modulation Classification Resiliency Against Adversarial Attacks [55.92475932732775]
  We propose a novel generative adversarial network (GAN)-based countermeasure approach. GAN-based aims to eliminate the adversarial attack examples before feeding to the DNN-based classifier. Simulation results show the effectiveness of our proposed defense GAN so that it could enhance the accuracy of the DNN-based AMC under adversarial attacks to 81%, approximately.
  arXiv  Detail & Related papers  (2022-05-29T22:30:32Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.