Cascading attacks in Wi-Fi networks: demonstration and counter-measures

Xin, Liangxiao

23 October 2018

Wi-Fi (IEEE 802.11) is currently one of the primary media to access the Internet. Guaranteeing the availability of Wi-Fi networks is essential to numerous online activities, such as e-commerce, video streaming, and IoT services. Attacks on availability are generally referred to as Denial-of-Service (DoS) attacks. While there exists signif- icant literature on DoS attacks against Wi-Fi networks, most of the existing attacks are localized in nature, i.e., the attacker must be in the vicinity of the victim. The purpose of this dissertation is to investigate the feasibility of mounting global DoS attacks on Wi-Fi networks and develop effective counter-measures. First, the dissertation unveils the existence of a vulnerability at the MAC layer of Wi-Fi, which allows an adversary to remotely launch a Denial-of-Service (DoS) attack that propagates both in time and space. This vulnerability stems from a coupling effect induced by hidden nodes. Cascading DoS attacks can congest an entire network and do not require the adversary to violate any protocol. The dissertation demonstrates the feasibility of such attacks through experiments with real Wi-Fi cards, extensive ns-3 simulations, and theoretical analysis. The simulations show the attack is effective both in networks operating under fixed and varying bit rates, as well as ad hoc and infrastructure modes. To gain insight into the root-causes of the attack, the network is modeled as a dynamical system and its limiting behavior is analyzed. The model predicts that a phase transition (and hence a cascading attack) is possible when the retry limit parameter of Wi-Fi is greater or equal to 7. Next, the dissertation identifies a vulnerability at the physical layer of Wi-Fi that allows an adversary to launch cascading attacks with weak interferers. This vulnerability is induced by the state machine’s logic used for processing incoming packets. In contrast to the previous attack, this attack is effective even when interference caused by hidden nodes do not corrupt every packet transmission. The attack forces Wi-Fi rate adaptation algorithms to operate at a low bit rate and significantly degrades network performance, such as communication reliability and throughput. Finally, the dissertation proposes, analyzes, and simulates a method to prevent such attacks from occurring. The key idea is to optimize the duration of packet transmissions. To achieve this goal, it is essential to properly model the impact of MAC overhead, and in particular MAC timing parameters. A new theoretical model is thus proposed, which relates the utilization of neighboring pairs of nodes using a sequence of iterative equations and uses fixed point techniques to study the limiting behavior of the sequence. The analysis shows how to optimally set the packet duration so that, on the one hand, cascading DoS attacks are avoided and, on the other hand, throughput is maximized. The analytical results are validated by extensive ns-3 simulations. A key insight obtained from the analysis and simulations is that IEEE 802.11 networks with relatively large MAC overhead are less susceptible to cascading DoS attacks than networks with smaller MAC overhead.

Computer engineering

Chain reaction

Congestion collapse

A Fuzzy Logic Based Controller to Provide End-To-End Congestion Control for Streaming Media Applications

Pavlick, Bay

05 July 2005

The stability of the Internet is at risk if the amount of voice and video traffic continues to increase at the current pace. While current transport layer protocols do work well for most applications, they still present some problems. TCP is reliable, tracks the state of some network conditions and reacts drastically to an indication of congestion. TCP serves data-oriented applications very well but it can lead to unacceptably low quality for streaming applications by multiplicatively reducing the congestion window upon a sign of congestion. The other main transport layer protocol, UDP, provides good service for streaming applications but is not friendly to TCP and can cause the well-known existing congestion collapse problem in the Internet. This thesis proposes a new protocol to provide a good service for voice and video applications while being friendly to TCP and solving the congestion collapse problem. The protocol utilizes a fuzzy logic controller that considers network related information to govern the applications sending rate while satisfying the users needs. Using network information such as the available bandwidth, Packet Loss Rates (PLR), and Round Trip Times (RTT) a fuzzy inference system optimizes the applications send rate to meet the requested rate in a smooth manner without wasting network resources unnecessarily. The fuzzy logic controller is designed and its performance evaluated using MATLAB model simulations. The results indicate that the fuzzy controller solves the congestion collapse problem by reducing the number of undelivered packets into the network by nearly 100%. It provides smooth transition changes as demonstrated by the controlled UDP flow utilizing an estimated 44% more of the available bandwidth to smooth the send rate than the TCP flow in a highly varying bandwidth environment. The controller also remains friendly with TCP which was demonstrated to share the bandwidth at nearly 50% with one other competing controlled UDP flow.

Fuzzy inference system

Congestion collapse

Tcp friendliness

Udp

Voice and video applications

American Studies

Arts and Humanities