Formal Modeling and Analysis of Multi-Rogue Backoff Manipulation Attacks in Unlicensed Networks

Abstract

Security vulnerabilities that are unique to unlicensed (secondary) networks have been well studied in literature. However, the nature and impact of traditional wireless network threats, such as backoff manipulation when applied to secondary networks, require further investigation in particular for multiple rogue station scenarios. In this paper, we perform modeling and analysis of multi-rogue backoff manipulation attack strategies in secondary wireless networks using the PRISM probabilistic model checker. Our secondary network implementation in PRISM includes scenarios where: a) sub-band (channel) occupancy by licensed (primary) nodes follows an ON-OFF model with parameters derived from real measurement data and b) the secondary network consists of up to three rogue secondary stations out of eight total with all following CSMA/CA like contention process for channel access. Unlike honest secondary stations, the rogues carry out a backoff-manipulation strategy of selecting a backoff timer that deviates from the backoff-selection process mandated by the secondary network. Unlike simulation based analysis, our analysis using PRISM model checker considers all possible combinations of system parameters and proves that for any set of primary ONOFF parameters and for any density of rogues in the network, a fixed backoff selection (instead of random) maximizes the channel access probability of a particular rogue irrespective of other rogues’ selection strategy. The results from this work will help generate deeper understanding of medium access threat landscape of secondary networks and foster design of more resilient access control strategies.