Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet...
-
date post
21-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet...
![Page 1: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/1.jpg)
Hidden Terminal based Attack, Diagnosis and Detection
Yao Zhao, Leo Zhao, Yan Chen
Lab for Internet & Security Tech, Northwestern Univ.
![Page 2: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/2.jpg)
Outline
• Motivation
• Background on Hidden Terminal Problem
• Hidden Terminal based DoS attacks in WLAN
• Current Work on Diagnosis and Detection
![Page 3: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/3.jpg)
Motivation
• Hidden terminal problem is usually studied in wireless ad hoc networks
• Hidden terminal problem for WLAN– HT exists in large WLAN
• Limited channels: only 3 out of 11 channels are orthogonal to each other
• To cover a large hotspot, hidden terminal problems may occur because of the deployment of APs
– Easy to launch DoS attack to WLAN
![Page 4: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/4.jpg)
Outline
• Motivation
• Background on Hidden Terminal Problem
• Hidden Terminal based DoS attacks in WLAN
• Current Work on Diagnosis and Detection
![Page 5: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/5.jpg)
What’s Hidden Terminal Problem
S D H
• S sends a packet to D
• H doesn’t know D is receiving packet and broadcast a packet to another node during S’s sending
• Two packets are collided at D
![Page 6: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/6.jpg)
Mitigation of HT Problem• RTS-CTS-DATA-ACK procedure• NAV is included in RTS and CTS
S D HRTSCTS CTSDATAACK
![Page 7: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/7.jpg)
Problem of RTS-CTS
• WLAN doesn’t enable RTS-CTS by default– RTS and CTS are overhead– In single AP scenario, no HT at all since
every clients only communicate with the AP
• RTS-CTS cannot totally solve HT problem– A packet may not be correctly received
if there’s interference whose strength is much weaker than the packet (1/10)
![Page 8: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/8.jpg)
HT Problem Still Exists• CTS can’t be received by H• H can send P to interfere with DATA
S D HRTSCTS CTSDATA P
Interference
![Page 9: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/9.jpg)
Outline
• Motivation
• Background on Hidden Terminal Problem
• Hidden Terminal based DoS attacks in WLAN
• Current Work on Diagnosis and Detection
![Page 10: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/10.jpg)
• Hard to deploy WLAN to avoid HT
• No global deployment in some environments
HT Problem in WLAN
12
3
3
2
2
3
1A B
![Page 11: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/11.jpg)
Example of HT in WLAN
![Page 12: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/12.jpg)
HT based DoS• Use two laptops in ad hoc mode• Simple: no extra hardware or change of MAC
needed• Powerful• Stealthy
![Page 13: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/13.jpg)
Powerful Attack: Cover Range (1)
• P~dα, α=4 (usually 2<α<4)• Packet can’t be received correctly if interferin
g packets’ power > 1/10 power of the packet
AP H1
0.56
![Page 14: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/14.jpg)
Powerful Attack: Cover Range (2)
• AP as sender• Receivers in shaded area suffer HT
problem
AP H
x 1.78x
![Page 15: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/15.jpg)
Conclusion on HT Based Attack
• Powerful– About ½ of the coverage of an AP is
affected by HT
• Stealthy– The victim cannot receive packets from HT– The packets from HT are legal packets– Several factors have the same symptoms:
low signals but normal noises• Long distance between AP and clients• Hidden terminal• Phone/Microwave/Bluetooth interference
![Page 16: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/16.jpg)
Current Work on Diagnosis
• Preliminary ideas:– Pre-define the coverage area– Strategic walk from different directions
V H
![Page 17: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/17.jpg)
Q&A
Thanks!
![Page 18: Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.](https://reader030.fdocuments.us/reader030/viewer/2022032521/56649d5f5503460f94a3edb0/html5/thumbnails/18.jpg)
Future Works
• Identify the reason of low throughput – Long distance between AP and clients– HT problem– Phone/Microwave interference
• Locate the HT– The victim cannot receive packets from
HT– Triangulation approach may not work in
indoor environment