Investigation of Signal and Message Manipulations on the Wireless Channel

Pöpper, Christina; Tippenhauer, Nils Ole; Danev, Boris; Čapkun, Srđjan

doi:10.1007/978-3-642-23822-2_3

Cited by 58 publications

(61 citation statements)

References 25 publications

(44 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FORMAL ANALYSIS Previous formal models capture Distance Hijacking to an insufficient extent. Specifically, they do not capture overshadowing parts of a message (see [22]), e. g., by sending bits using a stronger signal. Several of our Distance Hijacking attacks involve such overshadowing.…”

Section: Dishonest Prover Pmentioning

confidence: 99%

“…We extend the formal framework of Basin et al [3] to capture all known types of Distance Hijacking attacks and use the resulting framework to analyze several protocols. The new framework enables us to model bit-level manipulations of messages by considering overshadowing parts of a message [22], as well as flipping some bits of a message. We use our framework to formally prove for specific protocols that our fixes indeed prevent the found attacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Distance Hijacking Attacks on Distance Bounding Protocols

Cremers

Rasmussen

Schmidt

et al. 2012

2012 IEEE Symposium on Security and Privacy

Self Cite

120

View full text Add to dashboard Cite

After several years of theoretical research on distance bounding protocols, the first implementations of such protocols have recently started to appear. These protocols are typically analyzed with respect to three types of attacks, which are historically known as Distance Fraud, Mafia Fraud, and Terrorist Fraud.We define and analyze a fourth main type of attack on distance bounding protocols, called Distance Hijacking. This type of attack poses a serious threat in many practical scenarios. We show that many proposed distance bounding protocols are vulnerable to Distance Hijacking, and we propose solutions to make these protocols resilient to this type of attack.We show that verifying distance bounding protocols using existing informal and formal frameworks does not guarantee the absence of Distance Hijacking attacks. We extend a formal framework for reasoning about distance bounding protocols to include overshadowing attacks. We use the resulting framework to prove the absence of all of the found attacks for protocols to which our countermeasures have been applied.

show abstract

Section: Dishonest Prover Pmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Distance Hijacking Attacks on Distance Bounding Protocols

Cremers

Rasmussen

Schmidt

et al. 2012

2012 IEEE Symposium on Security and Privacy

Self Cite

120

View full text Add to dashboard Cite

show abstract

“…Our simulations in Section IV are most similar to [7], [10], [29], [33], [41], which consider the effect of interference for different time and phase offset of the sender and receiver. However, these works only consider the temporal displacement at the frame preamble level [33]; focus on different technologies (IEEE 802.15.4) [41]; analyze the effects of jamming at the bit level when neither spreading or other explicit error detection and correction techniques are in use [29]; and consider only the relative time offset ignoring the relative power of the interfering signals [10]. What makes our analysis different from previous works is that we focus on IEEE 802.11 modulations and encoding schemes, we consider a scenario in which the receiver is already synchronized with the attack frame when the intentional interference starts and we take into account both the power ratio and the temporal displacement between interfering signals.…”

Section: Systemmentioning

confidence: 99%

Friendly Jamming on Access Points: Analysis and Real-World Measurements

Berger

Gringoli

Facchi

et al. 2016

IEEE Trans. Wireless Commun.

View full text Add to dashboard Cite

Frequency jamming is known as an efficient attack tool to disrupt wireless communication. This efficiency can also be exploited for the benefit of a network - an idea often referred to as friendly jamming. A prominent application case is the blocking of unauthenticated or malicious communication, such as injection attacks. In this paper, we propose access points as a natural place to implement friendly jamming functionality. We analyze this proposal using simulations, introduce an implementation on customer-grade access points, and report measurement results from the first real-world study of friendly jamming in an IEEE 802.11 campus network. We discover a fundamental tradeoff between the effectiveness of friendly jamming and the orthogonal aspect of having minimal side-effects to the campus network's traffic. In particular, we observed what we call the power amplification phenomenon. This effect aggravates the known hidden station problem when the number of jammers increases. We also find evidence that the collaboration between jammers can enable friendly jamming, which is both effective and minimally invasive

show abstract

“…This gives us a fair comparison where the intruder is present only in one time slot for all schemes. An example for networks with an intruder can be a wireless network with static wireless nodes, quasi-free-space channel properties such as the ones observed in wireless sensor networks deployed in large areas [28]. Another common scenario can be described with an example in a wireless network for TWRC model where two users (cell phones) try to communicate via a base station (relay).…”

Section: Network Modelmentioning

confidence: 99%

“…Digital wireless attacks for signals such as Bluetooth and Wi-Fi are possible with very low power. For the transmission power of the intruder (P I ), the example of reactive (or responsive) attacker can be used where the intruder looks for ongoing transmissions in order to compose their attack signal (the intruder applies power management to identify the appropriate direction of transmission, power, and timing for its attack) [28]. Through the transmission of a high power signal on the same frequency of a user, the intruder can create a competing signal that collides with and, in effect, cancels out the users' signal.…”

Section: Network Modelmentioning

confidence: 99%

On robustness of physical layer network coding to pollution attack

Razfar

Castro

Abedi

2017

J Wireless Com Network

View full text Add to dashboard Cite

Link layer network coding (LLNC) promises to provide high throughput in relay networks through combining packets at the relays and trading communication for computation. The emerging area of physical layer network coding (PLNC) exploits the electromagnetic nature of signals and eliminates the need for addition at the packet level, while making signal design and coding schemes adaptable to the channel conditions. Although network coding has been extensively studied recently, physical layer network coding has not received the attention it deserves. Several recent works introduced the pollution attack at the network layer; however, the network performance at the physical layer with pollution attacks has not been evaluated before. The main challenge with the pollution attack involves propagation of the corrupted packets in an epidemic manner, which degrades performance of the network. As PLNC schemes boost up the network throughput, a thorough study evaluating this superiority to the LLNC scheme in presence of an intruder is necessary. The robustness of both schemes towards an attack have been studied in this article.

show abstract

Investigation of Signal and Message Manipulations on the Wireless Channel

Cited by 58 publications

References 25 publications

Distance Hijacking Attacks on Distance Bounding Protocols

Distance Hijacking Attacks on Distance Bounding Protocols

Friendly Jamming on Access Points: Analysis and Real-World Measurements

On robustness of physical layer network coding to pollution attack

Contact Info

Product

Resources

About