hidden terminal based attack, diagnosis and detection yao zhao, leo zhao, yan chen lab for internet...
Post on 21-Dec-2015
215 views
TRANSCRIPT
Hidden Terminal based Attack, Diagnosis and Detection
Yao Zhao, Leo Zhao, Yan Chen
Lab for Internet & Security Tech, Northwestern Univ.
Outline
• Motivation
• Background on Hidden Terminal Problem
• Hidden Terminal based DoS attacks in WLAN
• Current Work on Diagnosis and Detection
Motivation
• Hidden terminal problem is usually studied in wireless ad hoc networks
• Hidden terminal problem for WLAN– HT exists in large WLAN
• Limited channels: only 3 out of 11 channels are orthogonal to each other
• To cover a large hotspot, hidden terminal problems may occur because of the deployment of APs
– Easy to launch DoS attack to WLAN
Outline
• Motivation
• Background on Hidden Terminal Problem
• Hidden Terminal based DoS attacks in WLAN
• Current Work on Diagnosis and Detection
What’s Hidden Terminal Problem
S D H
• S sends a packet to D
• H doesn’t know D is receiving packet and broadcast a packet to another node during S’s sending
• Two packets are collided at D
Mitigation of HT Problem• RTS-CTS-DATA-ACK procedure• NAV is included in RTS and CTS
S D HRTSCTS CTSDATAACK
Problem of RTS-CTS
• WLAN doesn’t enable RTS-CTS by default– RTS and CTS are overhead– In single AP scenario, no HT at all since
every clients only communicate with the AP
• RTS-CTS cannot totally solve HT problem– A packet may not be correctly received
if there’s interference whose strength is much weaker than the packet (1/10)
HT Problem Still Exists• CTS can’t be received by H• H can send P to interfere with DATA
S D HRTSCTS CTSDATA P
Interference
Outline
• Motivation
• Background on Hidden Terminal Problem
• Hidden Terminal based DoS attacks in WLAN
• Current Work on Diagnosis and Detection
• Hard to deploy WLAN to avoid HT
• No global deployment in some environments
HT Problem in WLAN
12
3
3
2
2
3
1A B
Example of HT in WLAN
HT based DoS• Use two laptops in ad hoc mode• Simple: no extra hardware or change of MAC
needed• Powerful• Stealthy
Powerful Attack: Cover Range (1)
• P~dα, α=4 (usually 2<α<4)• Packet can’t be received correctly if interferin
g packets’ power > 1/10 power of the packet
AP H1
0.56
Powerful Attack: Cover Range (2)
• AP as sender• Receivers in shaded area suffer HT
problem
AP H
x 1.78x
Conclusion on HT Based Attack
• Powerful– About ½ of the coverage of an AP is
affected by HT
• Stealthy– The victim cannot receive packets from HT– The packets from HT are legal packets– Several factors have the same symptoms:
low signals but normal noises• Long distance between AP and clients• Hidden terminal• Phone/Microwave/Bluetooth interference
Current Work on Diagnosis
• Preliminary ideas:– Pre-define the coverage area– Strategic walk from different directions
V H
Q&A
Thanks!
Future Works
• Identify the reason of low throughput – Long distance between AP and clients– HT problem– Phone/Microwave interference
• Locate the HT– The victim cannot receive packets from
HT– Triangulation approach may not work in
indoor environment