Pourquoi fait-on la guerre? - PowerPoint PPT Presentation

About This Presentation
Title:

Pourquoi fait-on la guerre?

Description:

How to distinguish between jamming & collision. Even if jamming is detected, the cheater remains unknown. Downlink jamming is not detectable near the AP. ... – PowerPoint PPT presentation

Number of Views:97
Avg rating:3.0/5.0
Slides: 28
Provided by: cgt7
Category:

less

Transcript and Presenter's Notes

Title: Pourquoi fait-on la guerre?


1
Doctoral School ICI
Course Project Self Organized Networks
CLASS a Cross-Layer Attack, Subtle and Simple
Alaeddine EL-FAWAL
LCA Laboratory for computer Communications and
Applications
February 6th, 2004
2
(No Transcript)
3
Facts Objectives
  • Facts
  • Hotspots anywhere
  • 24,000 world-wide soon
  • 100 so far in Switzerland
  • Given the limited bandwidth
  • Attacks are benificial!! (Gain in banwidth and
    money )
  • At the network layer (well discussed in the
    literature)
  • What about MAC layer ? (Rarely discussed)
  • MAC layer protocol 802.11
  • Objectives
  • Find vulnerabilities in 802.11.
  • Protect 802.11.
  • We are concerned in rational behavior.

4
Misbehavior scenario
Facts Objectives
Well-behaved node
Cheater
Well-behaved node
5
OUTLINE
Facts and Objectives
Related Work
Motivation for our Proposal
Our Attack
Simulation
Detection
Perspectives
Conclusions
6
Related Work
Existing Attacks (Rational Cheater)
  • Specially based on manipulating backoff time
    /DIFS
  • Decreasing Backoff / DIFS ? Increasing Priority
  • A cheater can
  • Change his own Parameters
  • Reduce Contention Windows.
  • Transmit before DIFS
  • ...
  • increase cheaters priority
  • Act directly against other nodes
  • Selectively scramble others Pkts .
  • Others will increase their Contention Windows.
  • decrease other nodes priorities

7
Related Work
Existing Solutions
1 - Proposed by Kyasanur and Vaidya
Concept the receiver assigns backoff values to
the sender Detection compare expected and
observed backoffs Correction assign penalty to
the cheater
  • Drawbacks
  • Modification of IEEE 802.11
  • The receiver can control the sender
  • Only one traffic pattern
  • Only one type of misbehavior

8
Related Work
Existing Solutions
2 DOMINO Solutions
  • Station sends before DIFS
  • Easily detectable after few packets
  • CTS/ACK scrambling
  • Detectable using the number of retransmissions
  • Manipulated backoff more subtle
  • Detection metrics
  • Throughput and delay ? NO because
  • Traffic dependent
  • Subject to many factors
  • Backoff ? YES but
  • Cannot be distinguished if the sender has large
    delays
  • Collisions lead to confusing situations

9
Related Work
Existing Solutions
2 DOMINO Solutions
  • Actual backoff test
  • Consecutive backoff test

10
DS Distribution System AP Access Point DA
Destination Address SA Source Address BSSID
Basic Service Set Identifier - infrastructure BSS
MAC address of the Access Point - ad hoc BSS
(IBSS) random number RA Receiver Address TA
Transmitter Address
11
OUTLINE
Facts and Objectives
Related Work
Motivation for our Proposal
Our Attack
Simulation
Detection
Perspectives
Conclusions
12
Motivation for our Proposal
The Above Attacks
The Above Attacks are Uplink (Cheater ?
AP) Realistic traffic Downlink AP belongs to
ISP Trusted Node. The above Attacks are not
relevant anymore
Furthermore
90 of traffic TCP (http, FTP, ...) To kill TCP
connections network layer Attacks
(dsniff) BUT Fail in presence of Authentication
(IPsec)
13
Motivation for our Proposal
Our Proposal
Efficient Smart Attack against TCP on the
downlink.
At the MAC Layer.
First Attack that combines 802.11 and TCP
Vulnerabilities
  • Transparent to TCP and MAC
  • Hard to detect.
  • Efficient even when using IPsec

14
OUTLINE
Facts and Objectives
Related Work
Motivation for our Proposal
Our Attack
Simulation
Detection
Perspectives
Conclusions
15
Our Attack
Uses the following 802.11 vulnerability
MAC Frame Header
Copying of transmitter address (AP)
MAC-ACK
No Authentication, No source Address
16
Our Attack
Attack Description
Simple Scenario
Well-behaved nodes Pkts
AP Queue
Cheaters Pkts
TCP
AP
TCP
  • TCP Pkt is lost.
  • AP knows nothing about this loss.
  • It dequeues the frame. (No retransmissions)
  • TCP decreases its window.
  • Repeated loss ? killed TCP connection

17
Our Attack
Attack Description
General Case
  • Jam all TCP Pkts or TCP-ACKs that dont belong
    to the cheater.
  • Send MAC-ACK to the transmiter.
  • Prob. of jamming X (X1, jamming all other
    nodes Pkts)

Cheaters Benefits
Killing TCP Connections ? reducing load at AP
Wireless Channel. Decreasing Delay (No
retransmission due to collision) Minimizing Loss
Prob. (No Drop at AP)
Result increasing the cheaters Throughput
18
OUTLINE
Facts and Objectives
Related Work
Motivation for our Proposal
Our Attack
Simulation
Detection
Perspectives
Conclusions
19
Simulation
Simulator
  • Implementation of the attacks in ns-2.27.
  • To be completely transparent, only TCP traffic
    is jammed (ctrl. Pkts. are saved)
  • Results are averaged over 5 simulations.

20
Simulation
Simulated Scenario
  • DCF
  • TCP traffic on the downlink (FTP connections).
  • Channel capacity 1Mbps
  • TCP Pkt size 1000 Bytes
  • 2 cases
  • Immediate jamming.
  • Delayed jamming (after a warmup period).

21
Simulation
Immediate Jamming
22
Simulation
Delayed Jamming (warmup period)
23
OUTLINE
Facts and Objectives
Related Work
Motivation for our Proposal
Our Attack
Simulation
Detection
Perspectives
Conclusions
24
Detection
Problems
  • How to distinguish between jamming collision.
  • Even if jamming is detected, the cheater remains
    unknown.
  • Downlink jamming is not detectable near the AP.
  • AP signal strength is larger than the jamming
    signal strength near the AP.
  • Placing sensors near the AP is useless.
  • Existing DOMINO procedures cannot detect it

This attack is completely Transparent to MAC
and TCP.
25
OUTLINE
Facts and Objectives
Related Work
Motivation for our Proposal
Our Attack
Simulation
Detection
Perspectives
Conclusions
26
Perspectives
  • To make detection more difficult, the cheater
    may use On/Off jamming periods.
  • Multiple cheaters.
  • Network collapses.
  • Pareto-optimal point.
  • Applying game theory the move is to change the
    jamming prob.
  • BUT We need to detect the attack.
  • To avoid this attack
  • Without modifying 802.11.
  • Here is the challenge!!
  • Modifying 802.11.
  • NACK.
  • Authentication.

27
OUTLINE
Facts and Objectives
Related Work
Motivation for our Proposal
Our Attack
Simulation
Detection
Perspectives
Conclusions
28
Conclusions
  • First attack that combines 802.11 TCP
    vulnerabilities.
  • Completely transparent
  • Jamming collision.
  • MAC-ACK is not authenticated.
  • Very efficient on the downlink as well as on the
    uplink.
  • More harmful to TCP than UDP flows.

29
MERCI DE VOTRE ATTENTION
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Pourquoi fait-on la guerre?" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!