SIGTAM: A Tampering Attack on Wi-Fi Preamble Signaling and Countermeasures

Zhang, Z; Krunz, M

SIGTAM: A Tampering Attack on Wi-Fi Preamble Signaling and Countermeasures

Zhang, Z Krunz, M

Permalink

Publisher:: Institute of Electrical and Electronics Engineers (IEEE)
Publication Type:: Conference Proceeding
Citation:: 2022 IEEE Conference on Communications and Network Security, CNS 2022, 2022, 2022-January, pp. 1-9
Issue Date:: 2022-01-01

Closed Access

	Filename	Description	Size
	SIGTAM_A_Tampering_Attack_on_Wi-Fi_Preamble_Signaling_and_Countermeasures.pdf	Published version	857.34 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Zhang, Z
dc.contributor.author	Krunz, M
dc.date	2022-10-03
dc.date.accessioned	2023-04-13T04:12:10Z
dc.date.available	2023-04-13T04:12:10Z
dc.date.issued	2022-01-01
dc.identifier.citation	2022 IEEE Conference on Communications and Network Security, CNS 2022, 2022, 2022-January, pp. 1-9
dc.identifier.isbn	9781665462556
dc.identifier.uri	http://hdl.handle.net/10453/169772
dc.description.abstract	The preamble is crucial for frame reception and interpretation in Wi-Fi networks. It carries essential information (e.g., length, rate, etc) in multiple Signal (SIG) fields that are needed to decode the payload portion of the frame. In this paper, we first use measurements and security analysis to identify the vulnerabilities of the SIG fields in terms of confidentiality, predictability, and integrity. Then, we introduce the SIG tampering attack (SIGTAM) in which the adversary exploits these vulnerabilities to craft and transmit a signal that tampers with legitimate SIG fields. This smart attack can pass the integrity validation including the even parity and cyclic redundancy check (CRC), hence deceiving the receiver(s). The resulting SIG fields not only lead to frame discard or decoding error at the receiver(s) but also channel access disorder at neighboring devices. We further strengthen this attack by making it robust to channel impairments and synchronization errors. The attack is quite stealthy in that it targets fewer than 20% of the subcarriers for a duration of 4μ s only. Simulations and over-The-Air (OTA) experiments are conducted on IEEE 802.11a/ax networks, which show that the proposed attack achieves almost 100% packet drop and packet error rates. Finally, we propose and evaluate schemes that detect the attack, identify impacted subcarriers, and retrieve the legitimate SIG fields based on their equalized frequency-domain symbols.
dc.language	en
dc.publisher	Institute of Electrical and Electronics Engineers (IEEE)
dc.relation.ispartof	2022 IEEE Conference on Communications and Network Security, CNS 2022
dc.relation.ispartof	2022 IEEE Conference on Communications and Network Security (CNS)
dc.relation.isbasedon	10.1109/CNS56114.2022.10059317
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	SIGTAM: A Tampering Attack on Wi-Fi Preamble Signaling and Countermeasures
dc.type	Conference Proceeding
utslib.citation.volume	2022-January
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
utslib.copyright.status	closed_access	*
dc.date.updated	2023-04-13T04:12:09Z
pubs.finish-date	2022-10-05
pubs.publication-status	Published
pubs.start-date	2022-10-03
pubs.volume	2022-January

Abstract:

The preamble is crucial for frame reception and interpretation in Wi-Fi networks. It carries essential information (e.g., length, rate, etc) in multiple Signal (SIG) fields that are needed to decode the payload portion of the frame. In this paper, we first use measurements and security analysis to identify the vulnerabilities of the SIG fields in terms of confidentiality, predictability, and integrity. Then, we introduce the SIG tampering attack (SIGTAM) in which the adversary exploits these vulnerabilities to craft and transmit a signal that tampers with legitimate SIG fields. This smart attack can pass the integrity validation including the even parity and cyclic redundancy check (CRC), hence deceiving the receiver(s). The resulting SIG fields not only lead to frame discard or decoding error at the receiver(s) but also channel access disorder at neighboring devices. We further strengthen this attack by making it robust to channel impairments and synchronization errors. The attack is quite stealthy in that it targets fewer than 20% of the subcarriers for a duration of 4μ s only. Simulations and over-The-Air (OTA) experiments are conducted on IEEE 802.11a/ax networks, which show that the proposed attack achieves almost 100% packet drop and packet error rates. Finally, we propose and evaluate schemes that detect the attack, identify impacted subcarriers, and retrieve the legitimate SIG fields based on their equalized frequency-domain symbols.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/169772