Desynchronization and MitM Attacks Against Neighbor Awareness Networking Using OpenNAN

Abstract

The Neighbor Awareness Networking (NAN) specification, also known as Wi-Fi Aware, offers a quick and energy efficient way of forming wireless ad-hoc networks. It includes ranging capabilities based on Fine Timing Measurements (FTM) and can sustain connectivity to a Wi-Fi network while participating in a NAN cluster. Android is currently the only operating system to support it, offering a limited and proprietary interface. NAN shares many fundamental properties with Apple's Wireless Direct Link protocol, which is used by millions of devices today. To facilitate research in this area, we present OpenNAN: the first open source NAN stack. It supports Linux and requires just common and cheap off-the-shelf Wi-Fi hardware. Using OpenNAN we perform a security analysis of NAN and identify three attacks. First, any malicious node can manipulate the Anchor Master Selection to become the Anchor Master. Second, a malicious Anchor Master can desynchronize individual nodes by sending synchronization beacons as unicast. And finally, we show a Machine-in-the-Middle (MitM) on the NAN Service Discovery Protocol. We successfully perform all attacks against different Android versions and NAN stacks.