Covert DCF - A DCF-Based Covert Timing Channel In 802.11 Networks

Holloway, Russell

22 November 2010

Covert channels are becoming more popular as security risks grow in networks. One area that is promising for covert channels is wireless networks, since many use a collision avoidance scheme such as carrier sense multiple access with collision avoidance (CSMA/CA). These schemes often introduce randomness in the network, which provides good cover for a covert timing channel. In this thesis, we use the 802.11 standard as an example to demonstrate a wireless covert channel. In particular, most 802.11 configurations use a distributed coordinated function (DCF) to assist in communications. This DCF uses a random backoff to avoid collisions, which provides the cover for our covert channel. Our timing channel provides great improvements on other recent covert channels in the field of throughput, while maintaining high accuracy. We are able to achieve throughput over 8000 bps using Covert DCF, or by accepting a throughput of 1800 bps we can achieve higher covertness and 99% accuracy as well.

covert channel

mac misbehavior

steganography

802.11 DCF

wireless LANs

Attacking and Securing Beacon-Enabled 802.15.4 Networks

JUNG, SANG SHIN

04 May 2011

The IEEE 802.15.4 has attracted time-critical applications in wireless sensor networks (WSNs) because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS scheme’s security still leave the 802.15.4 MAC vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 either focus on non beacon-enabled 802.15.4 or cannot defend against insider attacks for beacon-enabled 802.15.4. In this thesis, we illustrate this by demonstrating attacks on the availability and integrity of the beacon-enabled 802.15.4. To proof the attacks, we implement the attacks using Tmote Sky motes for a malicious node along with regular nodes. We show that the malicious node can freely exploit the beacon frames to compromise the integrity and availability of the network. For the defense, we present beacon-enabled MiniSec (BCN-MiniSec) and analyze its cost.

Insider attacks

Beacon-enabled 802.15.4

Wireless sensor networks

MAC misbehavior

802.11 Fingerprinting to Detect Wireless Stealth Attacks

Venkataraman, Aravind

20 November 2008

We propose a simple, passive and deployable approach for fingerprinting traffic on the wired side as a solution for three critical stealth attacks in wireless networks. We focus on extracting traces of the 802.11 medium access control (MAC) protocol from the temporal arrival patterns of incoming traffic streams as seen on the wired side, to identify attacker behavior. Attacks addressed include unauthorized access points, selfish behavior at the MAC layer and MAC layer covert timing channels. We employ the Bayesian binning technique as a means of classifying between delay distributions. The scheme requires no change to the 802.11 nodes or protocol, exhibits minimal computational overhead and offers a single point of discovery. We evaluate our model using experiments and simulations.

802.11 MAC protocol

Distributed coordination function

Rogue access points

MAC misbehavior

Covert channel.

Computer Sciences