<p>One of the advanced Man-in-the-Middle (MitM) attacks is the Multi-Channel MitM (MC-MitM) attack, which is capable of manipulating encrypted wireless frames between clients and the Access Point (AP) in a Wireless LAN (WLAN). MC-MitM attacks are possible on any client no matter how the client authenticates with the AP. Key reinstallation attacks (KRACK) in 2017-18, and the latest FragAttacks in 2021 are frontline MC-MitM attacks that widely impacted millions of Wi-Fi systems, especially those with Internet of Things (IoT) devices. Although there are security patches against some attacks, they are not applicable on every Wi-Fi or IoT device. In addition, existing defense mechanisms to combat MC-MitM attacks are not feasible because of two reasons: they either require stringent firmware modifications on all the devices in a system, or they mandate the use of several advanced hardware and software for deployment. On top of that, high technical overhead is imposed on users in terms of network setup and maintenance. In this paper, we present a lightweight and signature-based intrusion detection system framework to detect MC-MitM attacks. Our solution is a centralized, online passive monitoring system for Wi-Fi-based IoT environments without modifying any network settings or existing devices. The evaluation results show that our proposed framework can detect MC-MitM attacks with a maximum delay of 60 seconds and a minimum accuracy of 90% by short-distance detectors and 84% by long-distance detectors under normal network scenarios. Lastly, we identify our future research works to conclude this paper.<br> <br> </p>
<p>One of the advanced Man-in-the-Middle (MitM) attacks is the Multi-Channel MitM (MC-MitM) attack, which is capable of manipulating encrypted wireless frames between clients and the Access Point (AP) in a Wireless LAN (WLAN). MC-MitM attacks are possible on any client no matter how the client authenticates with the AP. Key reinstallation attacks (KRACK) in 2017-18, and the latest FragAttacks in 2021 are frontline MC-MitM attacks that widely impacted millions of Wi-Fi systems, especially those with Internet of Things (IoT) devices. Although there are security patches against some attacks, they are not applicable on every Wi-Fi or IoT device. In addition, existing defense mechanisms to combat MC-MitM attacks are not feasible because of two reasons: they either require stringent firmware modifications on all the devices in a system, or they mandate the use of several advanced hardware and software for deployment. On top of that, high technical overhead is imposed on users in terms of network setup and maintenance. In this paper, we present a lightweight and signature-based intrusion detection system framework to detect MC-MitM attacks. Our solution is a centralized, online passive monitoring system for Wi-Fi-based IoT environments without modifying any network settings or existing devices. The evaluation results show that our proposed framework can detect MC-MitM attacks with a maximum delay of 60 seconds and a minimum accuracy of 90% by short-distance detectors and 84% by long-distance detectors under normal network scenarios. Lastly, we identify our future research works to conclude this paper.<br> <br> </p>
<p>Multi-Channel Man-in-the-Middle (MitM) attacks are special MitM attacks capable of manipulating encrypted wireless frames between two legitimate endpoints. Since its inception in 2014, attackers have been targeting Wi-Fi networks to perform different attacks, such as cipher downgrades, denial of service, key reinstallation attacks (KRACK) in 2017, and recently FragAttacks in 2021, which widely impacted millions of Wi-Fi devices, especially IoT devices. To the best of our knowledge, there are no studies in the literature that holistically review the different types of Multi-Channel MitM enabled attacks and analyze their potential impact. To this end, we evaluate the capabilities of Multi-Channel MitM and review every reported attack in the state of the art. We examine practical issues that hamper the total adoption of protection mechanisms, i.e., security patches and Protected Management Frames (PMF), and review available defense mechanisms in confronting the Multi-Channel MitM enabled attacks in the IoT context. Finally, we highlight the potential research problems and identify future research lines in this field.</p>
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.